Slashdot Mirror

r3lody writes "Finding a single book that encompasses what you want to learn can be difficult. Most cover a few portions of a subject in depth and skim over (or omit) others. Other books will cover each topic at about the same level: high enough to give an impression of what can be done, but not with enough depth to do it without a lot of effort. In A Practical Guide to Ubuntu Linux, Mark G. Sobell has created a single volume that gives the reader enough information to effectively install, configure and run workstations and servers using Ubuntu Linux. He has come the closest I have seen to containing all of the necessary information without being too shallow. Granted, to include everything you would want to know about Ubuntu Linux would take several books of this size, but this particular one provides most users the best bang for the buck. A DVD with the Gutsy Gibbon release of Ubuntu in a directly bootable form is included with the book." Read below for the rest of Ray's review. A Practical Guide to Ubuntu Linux author Mark G. Sobell pages 1200 publisher Prentice Hall PTR rating 10/10 reviewer Ray Lodato ISBN 013236039X summary A complete guide to installing and running Ubuntu Linux for beginning to intermediate users With over two decades of experience related to Unix and Linux, Mark G. Sobell has authored almost two dozen books on the subject. I had previously read and reviewed his book A Practical Guide to Red Hat Linux: Fedora Core and Red Hat Enterprise Linux (Second Edition) and found it the highest quality book I had yet read on Linux. This, his latest book, bears many similarities to the other text, including its high quality. The overall structure is like that of a textbook, providing a summary and exercises at the end of each chapter, as well as copious cross-references.

A Practical Guide to Ubuntu Linux is broken up into five parts containing 27 chapters in all. After providing the now obligatory history of Linux and the GPL, Part I uses two chapters to provide an overview of, and step-by-step instructions for, installing Linux. The overview provides information about the process including how to try Linux with the Live DVD supplied, planning your hard disk layout, acquiring a newer version of Ubuntu, and the install process in general. The step-by-step chapter goes into great detail on each step of the process, using both the graphical and textual installation paths. It also throws in additional detail on how to configure the X server.

Now that you have Linux in a runnable form, Part II provides higher-level information that shows newer Linux users what they can do. Four chapters serve to introduce basic Linux to the user. Topics include how to update, install and remove program packages, how to use the command line (and some basic utilities such as cat, ls, more, less, etc.), how the filesystem is laid out, shell concepts such as pipes and job control, and where to find additional documentation.

Part III uses another four chapters to dive deeper into the Bourne Again Shell (BASH), the GUIs, and networking. First the X Window System is described, followed by the GNOME and KDE desktops. BASH is covered in two separate chapters, inexplicably separated by the chapter on networking. The first BASH chapter provides the reader with information on startup files, command history, redirection, etc. The other BASH chapter goes into depth regarding programming BASH scripts. The intervening networking chapter provides a basic understanding of network protocols and some utilities such as ping, traceroute, host and dig.

Up to this point, Mark has been showing the user how to use Ubuntu Linux with little modification. Starting with Part IV, he describes how to perform the more common configuration tasks. Using seven chapters and over 200 pages, Part IV provides a great deal of detail regarding system administration. Starting with some core concepts (running as root, sudo, startup scripts, wrappers, recovery mode, etc.), Mark then leads the reader into the nooks and crannies of the filesystem. The following chapter shows how to add and remove applications using apt, aptitude, dpkg, wget and BitTorrent. Printing using CUPS is given its own chapter next, as is the (at least to me) daunting task of rebuilding the system kernel. The last two chapters in Part IV cover the miscellaneous administration tasks of adding, changing, and deleting users and groups, backing up and restoring files, managing the various logs, and setting up your network connections (both wired and wireless).

The final section, Part V, uses nine chapters to go into depth on set up various servers and use their clients. OpenSSH, FTP, exim4 (for mail), NIS, NFS, Samba, DNS/BIND, the firewall (firestarter and iptables), and finally Apache. Each of the chapters provides Jumpstart sections to help you install and configure each server quickly, and enough detail to handle the more common configuration changes.

There are five appendices covering regular expressions, where to get help, general security considerations, the Free Software Definition, and a bullet list of major items added to the 2.4 kernel to form the 2.6 kernel. These are followed by a fairly comprehensive glossary and index.

Overall, A Practical Guide to Ubuntu Linux by Mark G. Sobell provides all of the information a beginner to intermediate user of Linux would need to be productive. The inclusion of the Live DVD of the Gutsy Gibbon release of Ubuntu makes it easy for the user to test-drive Linux without affecting his installed OS. I have no doubts that you will consider this book money well spent.

You can purchase A Practical Guide to Ubuntu Linux from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Don Wolf writes "Computer forensics is a rapidly growing discipline and an even faster growing business. Whether it's the natural progression of technological science pertaining to crime or perhaps the digression of a few elite information security professionals, computer forensics is every so slowly gaining credibility in the otherwise PhD dominated field of criminal science. Computer evidence continues to be showcased in some of the most high-profile and controversial court cases in history, from the murder case of Lasie Peterson to the multi-billion dollar Enron scandal. Whether society will allow it or not, computer forensics geeks will play pivotal roles in the prevalence of justice." Keep reading for the rest of Don's review. Windows Forensic Analysis DVD Toolkit author Harlan Carvey pages 416 publisher Syngress rating 9 reviewer Don Wolf ISBN 9781597491563 summary Incident Response and Cybercrime Investigation Secrets While on the road to computer forensic enlightenment I realized early on that many parallels existed between computer forensics and incident response. A number of great authors have published books on incident response, one of which is a gentleman by the name of Harlan Carvey. So when a friendly but cleverly personalized bookstore email rolled in with Harlan's newest book showcased, I thought it might be worthwhile to see what he's been up to.

The book titled "Windows Forensic Analysis", takes a hands-on and in-depth approach to forensic discovery of Windows systems. Some may scoff at the mere suggestion that a point-and-click operating system necessitates the granular analysis of forensics, but make no mistake, beyond Windows' simplicity are numerous complex elements, sometimes cryptic, and many undocumented.

Always looking for a tip here and there, I found more Windows forensics tips here than I have anywhere else. While I've read only about half-a-dozen books on operating system forensics, this one stands out because the material is clearly drawn from the author's experience which, in my opinion, lends real credibility to the book. Granted, technical books are always reviewed for accuracy and truthfulness, but this one carries its own weight with the sheer amount of tips and real-life sidebars. No hash tables, no unnecessary screen dumps, and certainly no reprinted Microsoft documentation. The author does a great job on footnoting and includes plenty of links to additional information. Additionally, there are sections dedicated for FAQ's, as well as "tools and traps".

Having read the book through, I can tell you it flows well from chapter to chapter and continues to draw you in, somewhat unusual for a technical reference — when was the last time you were drawn into a textbook? I'm not sure how one decides to organize the chapters, but I suspect it was not a random decision. Looking back I can see that there is a logical order to the chapter sequence, perhaps suggesting an order in which to forensically process a Windows computer. The book starts with 'live' response, followed by memory analysis, registry analysis, file analysis, and finally rootkit detection — analysis in order of volatility I suppose.

I've heard a lot of praise regarding this books chapter on registry analysis, some claiming it to be worth the price of the book alone. Don't be mislead to believe that it is the crux or single focus of the book, it's not. In my opinion the reason the chapter stands out is because most forensics analysts I've met aren't particularly strong in the area of registry analysis and therefore may find the chapter a revelation. It's true, the chapter is strong and offers exceptional insight, however, I found the book to be almost equally weighted chapter by chapter.

I personally found the chapter regarding memory analysis to be a stand-out. RAM has the potential to store a ton of evidence, however, it's always been viewed as extremely volatile. Not only is it likely to be flushed with a power-cycle, but it's also susceptible to be purged simply through the normal actions of a computer user, or in our case, forensic analysts. I was happy to see a good section on the pros and cons of dumping the many different areas of physical memory. The author proves that there is life after a reboot and demonstrates how to recover at least partial RAM contents from various areas.

Overall there is plenty of theory, plenty of technique, and plenty of command-line examples. On the subject of command-line examples, the author provides a great collection of scripts and examples on the accompanying DVD. The examples all appear to work as describe, a rarity given the many possible computer configurations, just the same the author is thoughtful enough to point out possible exceptions and explanations when there is an opportunity for a particular command or technique to fail.

If I can quote a comment made by one of my associates, he said "The book provided more than just tips and techniques, it provides food for thought and helps one develop their own personal approach to Windows forensics". I totally agree. Furthermore, I found that while I learned a few new things, I also finished the book with lots of questions in mind. Is that a shortcoming of the book? No. Based on the detailed coverage of the book, I was able to identify my own shortcomings and areas I need to explore further. If you want to pursue Windows forensics and already have a good understanding of the principals and ethics of computer forensics, I highly suggest starting with this book.

You can purchase Windows Forensic Analysis DVD Toolkit from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "Head First JavaScript is one of the latest entries in O'Reillys Head First series. Like the other Head First books, it takes a somewhat unique approach in conveying information. The stated intent of the series is to help readers learn and retain material by formatting it in a manner that assists in meeting those goals. This means that the book is full of graphics, exercises and humor. There is also a refreshing note on who will benefit from the book. I've pretty much always thought of these sections in books as entertaining, in that I get to see what new way a publisher has found to say, "Everyone should buy this book!". Head First Javascript actually does a decent job of describing who this book will help, and who it will not help. That alone had me intrigued right from the start." Read on for the rest of JR's review. Head First JavaScript author Michael Morrison pages 615 publisher O'Reilly Media Inc. rating 9/10 reviewer JR Peck ISBN 0-596-52774-8 summary A Brain-Friendly Guide Who is this book for? It is for someone looking to learn JavaScript, with access to a computer and a desire to learn the material through writing code and working through a variety of written exercises. The book begins with the very basics of scripting and as it states, is probably not going to be enjoyed by an experienced programmer who is looking for a JavaScript reference guide. There is a lot of white space, drawings, pictures and opportunities to do the exercises I mentioned as well as the answers to those exercises. For the experienced coder just looking for an api or methods and properties, this will probably feel like a bloated waste of time.

Someone like me on the other hand, who would like to take a JavaScript class but just doesn't have the time, this book was just what I needed. I have done some programming, so I did breeze through some portions of the book, but in others I didn't mind the review. I like having new information and ideas soak in over time. This book is paced just for that kind of learning. It is possible though for someone to be too new to the topic. Some understanding of html and css would really be helpful. Someone who doesn't have at least an idea of how those technologies work may struggle a bit. Though I would think a little time with google would provide everything necessary to be up to speed.

There is an 8 page introduction that explains the reasoning and methods behind the books approach. The "Read Me" portion gives some great insight into just what this book is like. It begins, "This is a learning experience, not a reference book." and follows that up with seven main points. To summarize them, the book teaches what someone needs to know to get up and running. It is not exhaustive, it does not go over the history of the language. There are many finer points not addressed. Using multiple browsers would be helpful to the reader working through the book. Skipping activities will greatly reduce the value of the experience. There is quite a bit of redundancy, it is on purpose and beneficial. The examples are as slim as possible to focus on what matters and finally, not all exercises have definitive answers. If any of that turns your stomach, this really may not be for you.

The format does pretty much make reading straight through the book without working the exercises a waste of time. This was my biggest challenge with the book. If I wanted to read it I needed a pencil, my laptop, free time and somewhere I could work through at least a whole exercise at a time. This wasn't something I could fit in 20 minutes a night before bed. The authors recommend making it the last thing read before bed, but the end of my days are too busy to fit an exercise in. I found that a lunch hour, or a quiet week-end afternoon were my best opportunities for learning.

When I found those times, the book was thoroughly enjoyable. The humor was corny at times but almost always funny. I even chuckled out loud more than once. The exercises are widely varied as are the interspersed scenarios and stories that accompany the examples. I downloaded the necessary images for examples from the books web site though I avoided using downloaded code. It caused more errors due to typos, but I felt like I did better typing in the examples myself. I enjoyed working the cross-word puzzles and reading the 'interviews' with various pieces of technology. The time invested was much greater than for any other tech book covering similar ground, but I felt like the return justified the added time.

The style and humor reminded me quite a bit of the Dietel and Dietel How to Program books. I think that the scope is similar as well, as far as beginning from the very basics and building with each chapter. Head First starts with a basic description of just what JavaScript is and what it adds in the form of interactivity and finishes with a chapter that gives a good introduction to Ajax. In between the reader learns about all the basics like variables, looping, user input, validation, control flow, functions, code reuse, objects, etc.

As a hobbyist I felt like this was a great introduction to JavaScript. I think it gave me a foundation to build on and the ability to use more of the materials freely available on the web. Sometimes there is just so much of that out there, that it is difficult to know where to start. One of my primary goals in reading this book was to put together a couple simple web apps for myself as well as to get a better understanding of using the DOM for some Firefox plugins I would like to write. This book met those needs.

I think it is good to mention though, one last time, this is not a no-nonsense reference manual. In fact there is lots of non-sense and it is actually quite a bit of fun. But if the idea of 2 or 3 pages of big pictures to get across a couple simple ideas about data types bothers you, don't spend the money on this book. It will just annoy you and you will probably feel ripped off. On the other hand, if you've picked up hefty programming manuals and found that you didn't make it a quarter of the way through, and didn't remember much of the quarter you did finish, this approach may be much more friendly and give you a taste of success. And what good is a more information dense book if you don't read it or learn from it?

The table of contents gives a short summary of each chapter and a breakdown by section. The section titles are good for finding a place you read or stopped but wont always help find a topic. They are often named with the name of the exercise, not the subject they address. The index is good though and will help quickly track down topics. Like many new O'Reilly books, this one comes with 45 days free access to the electronic version of the book on Safari. The books site, linked above, has the table of contents, index, code examples and the complete second chapter available for viewing and/or download.

You can purchase Head First JavaScript from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "When software developers need to manipulate text programmatically — such as finding all substrings within some text that match a particular pattern — the most concise and flexible solution is to use "regular expressions," which are strings of characters and symbols that can look anything but regular. Nonetheless, they can be invaluable for locating text that matches a pattern (the "expression"), and optionally replacing the matched text with new text. Regular expressions have proven so popular that they have been incorporated into most if not all major programming languages and editors, and even at least one Web server. But each one implements regular expressions in its own way — which is reason enough for programmers to appreciate the latest edition of Regular Expression Pocket Reference, by Tony Stubblebine." Read below for the rest of Michael's review. Regular Expression Pocket Reference, Second Edition author Tony Stubblebine pages 126 publisher O'Reilly Media rating 9/10 reviewer Michael J. Ross ISBN 0596514271 summary A pithy guide to regular expressions in many languages. The second edition of the book was published by O'Reilly Media on 18 July 2007, under the ISBNs 0596514271 and 978-0596514273. On the book's Web page, the publisher makes available the book's table of contents and index, as well as links for providing feedback and any errata. As of this writing, there are no unconfirmed errata (those submitted by readers but not yet checked by the author to see whether they are valid), and no confirmed ones, either. In fact, in my review of the first edition, published in 2004, it was noted that there were no unconfirmed errata, despite the book being out for some time prior to that review. The most likely explanation is that the author — in addition to any technical reviewers — did a thorough job of checking all of the regular expressions in the book, along with the sample code that make use of them. These efforts have paid off with the apparent absence of any errors in this new edition — something unseen in any other technical book with which I am familiar.

Before discussing this particular book, it may be of value to briefly discuss the essential concept of regular expressions, for the benefit of any readers who are not familiar with them. As noted earlier, a regular expression (frequently termed a "regex") is a string of characters intended for matching substrings in a block of text. A regex pattern can match literally, such as the pattern "book" matching both "book" and "bookshelf." A pattern can also use special characters and character combinations — often termed metasymbols and metasequences — such as \w to indicate a single word character (A-Z, a-z, 0-9, or '_'). Thus, the regex "b\w\wk" would match "book," but not "brook."

Here is a simple example to show the use of regexes in code, written in Perl: The statement "$text =~ m/book/;" would find the first instance of the string "book" inside the scalar variable $text, which presumably contains some text. To substitute all instances of the string with the word "publication," you could use the statement "$text =~ s/book/publication/g;" ('g' for globally search) or use "$text =~ s/bo{2}k/publication/g;". In this simplistic example, the second statement makes use of a quantifier, {2}, indicating two of the preceding letter.

These examples employ only one metacharacter (\w) and one quantifier ({2}). The total number of metacharacters, metasymbols, quantifiers, character classes, and assertions (to say nothing of capturing, clustering, and alternation) that are available, in most regex-enabled languages, is tremendous. However, the same cannot be said for the readability of all but the simplest regular expressions — especially lengthy ones not improved by whitespace and comments. As a consequence, when using regexes in their code, many programmers find themselves repeatedly consulting reference materials that do not focus on regular expressions. These resources comprise convoluted Perl books, incomplete tutorials on the Internet, and confusing discussions in technical newsgroups. For too many years, there was no published book providing the details of regexes for the various languages that utilize them, in addition to a clear explanation of how to use regexes wisely.

Fortunately, O'Reilly Media offers two titles in hopes of meeting that need: Mastering Regular Expressions, by Jeffrey Friedl, and Regular Expression Pocket Reference, by Tony Stubblebine. In several respects, the books are related — particularly in that Stubblebine bases his slender monograph upon Friedl's larger and more extensive title, justifiably characterized by Stubblebine as "the definitive work on the subject." In addition, Stubblebine's book follows the structure of Friedl's book, and contains page references to the same. Another major difference is that Regular Expression Pocket Reference is, just as the title indicates, for reference purposes only, and not intended as a tutorial.

At first glance, it is clear that Stubblebine's book packs a great deal of information into its modest 126 pages. That may partly be a result of the terseness of most, if not all, of the regular expression syntax; a metasymbol of more than two characters would be considered long-winded! Yet the high information density is likely also due to the manner in which Stubblebine has distilled the operators and rules, as well as the meaning and usage thereof, down to the bare bones. But this does not imply that the book is bereft of examples. Most of the sections contain at least one, and sometimes several, code fragments that illustrate the regex elements under discussion.

The book begins with a brief introduction to regexes and pattern matching, followed by an even briefer cookbook section, with Perl-style regexes for a dozen commonly-needed tasks, e.g., validating dates. The bulk of the book's material is divided into 11 sections, each one devoted to the usage of regexes within a particular language, application, or library: Perl 5.8, Java,.NET and C#, PHP, Python, Ruby, JavaScript, PCRE, the Apache Web server, the vi programmer's editor, and shell tools.

Each of these sections begins with a brief overview of how regexes fit into the overall language covered in that section. Following this is a subsection listing all of the supported metacharacters, with a summary of their meanings, in tabular format. In most cases, this is followed by a subsection showing the usage of those metacharacters — either in the form of operators or pattern-matching functions, depending upon how regular expressions are used within that language. Next is a subsection providing several examples, which is often the first material that most programmers turn to when trying to quickly figure out how to use one aspect of a language. Each section concludes with a short listing of other resources related to regexes for that particular language.

There are no glaring problems in this book, and I can only assume that all of the regular expressions themselves have been tested by the author and by previous readers. However, there is a minor weakness that should be pointed out, and could be corrected in the next edition. In most of the sections' examples, Stubblebine wisely formats the code so that every left brace ("{") is on the same line as the beginning of the statement that uses that brace, and each closing brace ("}") is lined up directly underneath the first character of the statement. This format saves space and makes it easier to match up the statement with its corresponding close brace. However, in the.NET / C# and PCRE library sections, the open braces consume their own lines, and also are indented inconsistently, as are the close braces, which makes the code less readable, as well as less consistent among the sections.

Some readers may fault the book's sparse index. Admittedly, an inadequate index in any sizable programming book can make it difficult if not impossible to find what one is looking for. As a result, one ends up flipping through the book's pages hoping to luckily spot the desired topic. This is the rather unpleasant method to which a reader must resort when a technical book has no index, or one that is inadequate — which is far too often the case. Stubblebine's index offers only several dozen entries for all the letters of the alphabet, and only two symbols. Some readers might demand that all of the metacharacters and metasequences be listed in the index, so they can be found even faster than otherwise. But given the large number of metacharacters and metasequences, as well as method names, module functions, and everything else relevant, creating an exhaustive index would almost double the size of the book, and be largely redundant with the language-specific sections. Within each language, there is typically a limited enough number of pages that scanning through them to find a particular topic, would not be onerous. On the other hand, some of the index's inclusions and omissions are odd. For instance, two symbols are listed, and yet no others; why bother with those two? Also, a few key concepts are missing, such as grouping and capturing.

Yet aside from these minor blemishes, Regular Expression Pocket Reference is a concise, well-written, and information-rich resource that should be kept on hand by any busy software developer.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Regular Expression Pocket Reference, Second Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

sdedeo writes "Less known than he deserves to be among American science fiction readers is Iain M. Banks. In his native United Kingdom, Banks' work is released in hardcover at the front of bookshops; here, those seeking his science fiction work, at least, must dig down into the trade paperbacks — and often find things out of print. Those who do discover him in the States are usually pleasantly surprised to find the writing far more clever and engagingly written than the low-budget production values imply. With Orbit's release of his latest work, Matter, as well as its planned re-release of some of his earlier classics, things look to change." Read below for the rest of Simon's review. Matter author Iain M. Banks pages 593 publisher Orbit rating 8 reviewer Simon DeDeo ISBN 0316005363 summary Iain M. Banks latest space opera Banks is one of the leading authors of what might be called the Space Opera Renaissance. While the 1980s saw the creation of the cyberpunk genre, and the 1990s were for many the great era of "Hard SF" — science-centered masterworks such as Kim Stanley Robinson's Martian trilogy and Gregory Benford's Timescape — the 21st century seems to perhaps be an era impatient for the sometimes comical, sometimes tragic galaxy-wide sweep of writers such as John Meaney and Peter Hamilton.

The space opera is not a science-driven work. Unlike the harder stuff, quantum mechanics rarely makes more than a parenthetical and deus ex machina appearance, and relativity's time-bending constraints do not apply. Unlike the cyberpunk genre, epitomized by Neal Stephenson, it is rarely "idea driven"; McGuffins remain solidly unexplained, and society drives technology, not the other way around.

If the hero of Hard SF is a scientist, and the hero of cyberpunk is the wildcat entrepreneur, the hero of the Space Opera would be quite familiar to readers of myth and legend — the Quixotian wanderer, the deposed prince, the second son. Indeed, to the less sympathetic, the space opera can seem closer to the fantasy genre, following the usual dictum that sufficiently advanced technology is indistinguishable from magic.

Which brings us to the particular flavor of opera in Matter. Over the course of nearly a dozen novels, Banks has tuned and fine-tuned his own version of the Milky Way, one crowded by a huge number of species of wildly differing technologies and abilities. In a largish corner is the Culture, a kind of humanoid amalgam of different species whose point-of-view forms the center of Banks' vision.

This far in the future, technology renders scarcity obsolete, leaving the Culture free to practice a kind of anarchistic benevolence towards less developed species. Emphasis on the anarchistic: this is no Star Trek chain-of-command, but a strange, sometimes disturbing group characterized by a near-fanatical individualism and occasional pangs of guilt. Some of Banks' most charming stories are about various offshoots of the Culture, including the strange choices made by the many sentient AIs.

Banks' prose is free-flowing and liberally dosed with a kind of cynical, post-colonial British humanism; as the Culture meddles and blunders Banks' narrators look on with a sad half-smile. The British charm appears also in his characterization of the artificially intelligent machines, who often play Jeeves to more fallible, biological, Bertie Woosters.

Meanwhile, death and suffering accumulates liberally as the usual plot drivers — competing species at the Culture's level of development, or far less advanced places that hack away with swords, guns and terribly retro fission devices, observed by grains of spy-dust that entertain or horrify the more advanced.

The wide scope of Banks' world gives him plenty of space to play out, in miniature, a number of different genre conventions. Steampunk makes something of an appearance in Matter as the central story putters along with steam engines — beneath an artificial sky created eons ago by a vastly superior race that has long-disappeared.

Matter is perhaps not Banks' best — earlier novels such as Excession or Look to Windward might be a better place for newcomers to Banks. In Matter, things drag from time to time and perhaps fifty of the five hundred pages could be cut without pain. One wishes occasionally for a North-by-Northwest cut past some of the plot development that feels a bit dutiful near the end.

But the sparkle of Banks is largely undimmed, both in the grand sweeps of plot and the dozen-page grace-notes that for a less-talented writer would be the germ of a novella. Neglected since the era of E. E. "Doc" Smith, the space opera is back. And Banks has been there all the time.

Although currently 30,000 feet over the Atlantic, Simon DeDeo is usually at home in Chicago, Illinois, where he works as an astrophysicist at the University of Chicago and moonlights as a literary critic. He last wrote for slashdot on the politics of blogging.

You can purchase Matter from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

yukster writes "As Ruby on Rails rocketed into the development community's hearts and minds a few years ago, the number of books on the subject climbed with it. However, a lot of these books were introductory in nature (Agile Web Development with Rails, Beginning Rails, Build Your Own Rails Applications, etc.). What's a budding Rails-head to do once they've gotten the basics down? Books like Advanced Rails, which was released late last year by O'Reilly, aim to fill this void." Keep reading below for the rest of Ben's review. Advanced Rails author Brad Ediger pages 357 publisher O'Reilly rating 10 reviewer Ben Munat ISBN 0596510322 summary Extensive reference for advanced topics in Ruby on Rails development Author Brad Ediger has been kicking around the Rails scene since the pre-1.0 days. Though not a Rails "luminary" necessarily, he certainly qualifies as an advanced user. He is CTO for a Real Estate tech company called Tasman Labs and runs a web design (and Rails consulting) firm called Madriska Media Group. He seems like a sharp cookie and a decent writer.

Advanced Rails covers quite a bit of territory, going for breadth rather than depth most of the time. Each chapter covers a classic, pivotal development concern... well, at least most of them do. The chapters are as follows:

1. Foundational Techniques
2. ActiveSupport and RailTies
3. Rails Plugins
4. Database
5. Security
6. Performance
7. REST, Resources, and Web Services
8. i18n and L10n
9. Incorporating and Extending Rails
10. Large Projects

By "Foundational Techniques", Ediger is referring to Ruby and Rails techniques, principals and patterns like Metaprogramming, Don't Repeat Yourself, and Functional Programming techniques. The chapter also goes into a fair amount detail about the Object/Class/Module relationship. A bunch of this may not be particularly new material for most Rails users who've been at it for at least a few months. However, it's still nice to have all this stuff in one forty page chapter... good to have handy to refer to. Also, there are some nice nuggets in there that could save you some head-scratching. For example, what's the difference between Kernel#lambda and Proc.new? The answer is that, if you *return* a value from the block passed to Proc.new, the calling method is exited as well, abandoning any code that you might have after it.

If the first chapter feels like it's leaning towards a reference work, the second chapter — which digs into all the goodies offered by ActiveSupport and RailTies — pretty much falls over right into reference-land, complete with a method-by-method listing of features added to standard library classes. This may seem even more like just putting api docs available online into print, but Eidger definitely adds a bit more explanation. And, I haven't really seen anyone give a rundown of just what the heck RailTies does. That's the library that provides the glue to pull together the more famous Rails libraries to make it all work together as rails: generators, initializers, etc. There is definitely some interesting and not necessarily readily available information here.

Chapter three covers Rails Plugins, and is quick and painless. It explains the common files and directory structure in a plugin and talks about how Rails loads them. It also talks about using Piston instead of svn:externals to manage plugins and show some example plugins.

The following three chapters cover more of the classic eternal problems faced in running high-traffic sites: databases, security, and performance. These really make the most sense in an "advanced" book; they are the "brass tacks" that everyone must get down too if they go beyond the "toy app" stage. Ediger talks about the strengths and weaknesses of the various popular database systems. He also goes into the benefits of using the filesystem to store data, which is largely because web servers can make use of fast system calls to dump files straight into the TCP socket. He also covers some advanced db features like composite keys, stored procedures and clustering.

The security chapter isn't all that long and a lot of the info it covers can be found in beginner Rails books... SQL injection, cross-site scripting etc. However, the book would be remiss to not include this material and it is presented in a concise and complete manner. This would be good to refer back to now and then to make sure you haven't slipped in your security awareness. Ediger also doesn't hesitate to make specific recommendations, like "whitelist rather than blacklist".

He also jumps right into recommendations while writing about performance optimization in the next chapter: "Algorithmic improvements always beat code tweaks", "As a general rule, maintainability beats performance", "Only optimize what matters", "Measure twice, cut once". He then goes on to cover specific tools and techniques for uncovering your bottlenecks, from a quick explanation of basic statistics to using httpperf, benchmark, and Rails Analyzer Tools, improving database calls (using indexes and "include" on finders), and the various caching solutions. There is plenty of good information in this chapter; also a good bit of reference next time you need to track down a logjam.

Chapter seven covers RESTful Rails, from the very basic theory as outlined by Roy Fielding to exactly how Rails has chosen to use these concepts, and is the longest chapter in the book. The amount of coverage REST gets seems questionable since Rails has been very heavily into the RESTful approach for over a year and embraced the philosophy so thoroughly that it's hard to imagine anyone using Rails today without being exposed to the concepts.

On the other hand, one can still wire up verb-oriented actions in routes.rb and might be able to get away with ignoring all the RESTful goodness. So maybe there are some out there that can benefit from this chapter. Plus, having such thorough, theory-to-practice coverage allows the chapter to stand on its own as a solid reference to the whys and hows of RESTful Rails. It also has one of the better sections on RESTful routing that I have seen (routes being one of the more mysterious and sometimes frustrating pieces of Rails).

Rails has gotten plenty of grief for its lack of official support for Internationalization and Localization, but in Chapter eight, Ediger lays out the options, such as gettext, Gibberish, and Globalize. He is most enthusiastic about this last library and it does appear to be quite powerful, including support for translating strings, translating model fields, localizing numbers and dates, and even recording what needs to be translated by saving them in the database. Creating multi-lingual websites is a hard problem in any web-development framework and most other frameworks have plenty of head start. However, Ruby and Rails certainly isn't without options and it will only get better.

The next to last chapter of Advanced Rails runs through a number of alternatives to the standard components of the Rails framework. On the database end, it covers DataMapper, Ambition, and Og, giving this last one the most attention. For alternatives to ERB templates, Ediger talks about Markaby, Liquid and Haml, all in a very brisk fashion. He also talks about using traditional Rails components — like ActiveRecord and ActionMailer — outside of Rails applications. The chapter closes with a discussion of how to contribute to Rails (hint: submit a patch... don't just bitch!).

The last chapter is called "Large Projects" and covers some useful information about working on a Rails project with a team, beginning with version control (though anyone who is writing code that covers more than a single file and *not* using version control is just plain insane). This starts with a quick overview of Subversion, however this feels like it is really a set up for making a case for "decentralized version control". Ediger does a good job of explaining these concepts, using Mercurial for his examples. This seems a bit unfortunate, since many people on the Rails core team have embraced Git and it is looking like Rails will eventually move its repository to Git. However, Mercurial has a reputation of being more user-friendly, so that may have influenced his decision. And it's useful information regardless.

Chapter ten continues on to discuss avoiding migration numbering collisions, issue tracking, keeping Rails and required gems within a project, web servers, load balancers, production architecture and deployment tools like Capistrano. This is all covered in a fairly quick fashion so don't expect a lot of depth.

That last sentiment came up often while reading this book. It often felt like Ediger was trying to get every possible Rails-related topic into the book that he could, but didn't want to come out with some 1000-page behemoth. Plenty of the topics mentioned don't have much more coverage than you could get with a quick "googling". However, there is something to be said for being exposed to a lot of tools, projects and concepts in one go, even if the exposure is sometimes superficial. I definitely found reading this book worthwhile and will keep it around to refer back to now and then. I don't know if I'd go so far as to label it required reading, but then again books on web frameworks rarely are.

You can purchase Advanced Rails from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "Throughout much of his life, J.R.R. Tolkien worked on a series of stories set in his well known middle earth. A few he considered his "Great Tales" and he would return to them often, writing them multiple times and in multiple forms. One story that he worked on often over many years was the tale of Hurin and his children Turin and Nienor. Following his death, Tolkien's youngest son Christopher has worked to collect, edit and publish much of what his father wrote but never published. The tale of Hurin's children has been told in part already in some of those works. But it is in this book that for the first time the complete tale is told from start to finish of The Children of Hurin." Read below for the rest of JR's review. The Children of Hurin author J.R.R. Tolkien pages 313 publisher Houghton Mifflin rating 7/10 reviewer JR Peck ISBN 0-618-89464-0 summary The complete tale of the children of Hurin Some insight from what I think of this book is revealed in the fact that I preordered a copy before it was published last year. I was very excited when it arrived, made it about a third of the way through and then set it aside for quite a while. It was just recently that I saw my copy sitting on a book shelf and decided that I would finish it. It really didn't take too much time. The story is not very long. The reason I had trouble was because I had been hoping for something along the lines of "The Hobbit" or "The Lord of the Rings", Tolkien's most widely read efforts. They read like most modern novels, whereas much of the material published since Tolkien's death is written in a more classical and frankly, difficult to read style. Christopher acknowledges that those works are perceived in this manner in his preface by stating, "It is undeniable that there are a very great many readers of 'The Lord of the Rings' for whom the legends of the Elder Days (as previously published in varying forms in 'The Silmarillion', 'Unfinished Tales', and 'The History of Middle-earth') are altogether unknown, unless by their repute as strange and inaccessible in mode and manner." I have read the first two from that list of three and would say that yes, they are in many ways work to read.

Unfortunately I didn't find "The Children of Hurin" to be much more approachable or easy to enjoy. I think that Christopher's motivation is to bring these tales to a wider audience, but I doubt very much he succeeded. There are a few problems that plague the book. The first is that there is a constant use of proper names, for places and people, that for most readers will be unfamiliar. Not only that, they will be difficult to pronounce. The book does have a small pronunciation guide in the beginning, but the bottom line is that often I felt like I was reading a book written in another language. To some extent it is, Tolkien's own elvish tongue. But without some familiarity or explanation much of it just slides past and makes reading the story difficult. Main characters change names throughout the story and keeping track of it all can be difficult. Here is a short paragraph about Hurin's wife Morwen.

"Hurin wedded Morwen, the daught of Baradund son of Gregolas of the House of Beor, and she was thus of close kin to Beren One-hand. Morwen was dark-haired and tall, and for the light of her glance and the beauty of her face men called her Eledhwen, the elfen-fair; but she was somewhat stern of mood and proud. The sorrows of the house of Beor saddened her heart; for she came as an exile to Dorlomin from Dorthonion after the ruin of the Bragollach."

That isn't an unusual passage. That is the style and much like most of the entire book. Antiquated english with an immense amount of proper names and relationships constantly spread throughout.

The setting is Beleriand, some 6500 years before the events of "The Lord of the Rings". This land would eventually be mostly destroyed in a war that would end the First Age. So the places do not correspond to the landscape of middle-earth in "The Hobbit" or "The Lord of the Rings." The main evil in the land is Morgoth. He has come to middle-earth and set up shop in Angband. Hurin, a man, dares to defy Morgoth. Morgoth captures him and binds him to watch what befalls his wife and children that Morgoth has cursed.

This curse and how it works itself out is the redeeming quality of the story. The vast majority of the book focuses on Turin. He is an amazing warrior and leader of men. At the same time he is incredibly proud and rarely listens to anyone else. This failure of character on his part is pushed along by the malevolence of Morgoth and so a flawed man is also trapped in the machinations of an evil power. The working of the story brought to mind the great Greek tragedies. The reader confronts issues of fate and free will. It is a beautiful story, it is just not written in a manner that is going to connect well with a modern audience. And I doubt J.R.R. Tolkien would have ever released it in the present state. This may sound presumptuous on my part. In fact I know it is, but in the first appendix Christopher gives a history of how this tale developed as well as snippets from the other versions that existed.

J.R.R. had begun to tell the story in verse. The small sections of that poetry that are given in the appendix to this work, and that go beyond what was published in "The Lost Tales" is much more descriptive and beautiful than what is given in "The Children of Hurin". Often Children reads more like a history book than a novel. The facts are all there, and at times the life is too. But too often it just feels like a listing of facts about events, people and places.

So how can I rate the book as a 7 out of 10 with all these issues? Well for some people, nothing that gives them more information about middle-earth and its history can be bad. They are probably cursing my name in the tongue of Mordor at this very moment. They loved "The Silmarillion" and they probably adored this work too. I share some of their passion, and despite its weakness, I did enjoy this story, especially once I had moved fully through the telling and could look at the arc of the entire story. It is a work of great skill and though I don't think it is Tolkien's best, it is still much better than many others.

For someone who is a casual fan or answers "I've seen the movies" when you ask them about "The Lord of the Rings", this is not something they would probably enjoy. Getting them "The Hobbit" to read would probably be a more pleasant experience for everyone involved. Or just wait and see if New Line can ever get done with the legal barriers and make a film of that was well.

The edition that I bought and matches the ISBN I've given is a hard-cover with beautiful art by Alan Lee. The cover dust jacket is gorgeous and there are full color illustrations throughout. The appendixes include the history of the tales as I've mentioned, genealogies, a list of names and a map of Beleriand. There is also a preface, slightly longer introduction and pronunciation guide. The preface, introduction and appendixes were all written by Christopher Tolkien.

You can purchase The Children of Hurin from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "Let there be no doubt — Douglas Wolk loves comics, and his is a tough love, the sort of love that leaves comics out in the rain pounding on the door because they snuck out after curfew again and wrecked the car. I've never dived deep enough into the industry to form a strong opinion of it one way or the other, but Wolk is both a fan and a critic of comic books, and his insights make Reading Comics: How Graphic Novels Work and What They Mean an interesting, engaging read, both because of and in spite of his enthusiasm." Read below for the rest of Michael's review. Reading Comics: How Graphic Novels Work and What They Mean author Douglas Wolk pages 405 publisher Da Capo Press rating 7 reviewer Michael Fiegel ISBN 9780306815096 summary A critical, often insightful look at graphic novels and how to read them

Reading Comics is billed by its publisher as "the first serious, readable, provocative, canon-smashing book of comics theory and criticism by the leading critic in the field." At the very least this is somewhat pretentious and misleading, insofar as it would seem to imply that all previous attempts at comics theory were apparently written by clowns; Will Eisner and Scott McCloud would no doubt take some minor umbrage at that assertion. This is not to say that Wolk's credentials are in question; he's written extensively for Rolling Stone, The New York Times, Salon.com and other publications on the subject of comics. To see Wolk's thoughts coalesced into book form is a welcome sight, because this is how I tend to enjoy media: in large chunks rather than in installments, be it a graphic novel collection of Transmetropolitan, or an entire season of Buffy on DVD.

Reading Comics is broken into two-parts, with the first third of the book given over to an exploration of comic book history and theory, and the remainder consisting of a series of essays about specific comic book authors, artists and titles. The title of the book is accurate enough, since it does serve not only as a general guide to how to read comics, but as a chronicle of how Douglas Wolk reads them. The subtitle, however, is at best misleading; the book doesn't really offer a definitive answer to the questions posed, nor can it. Rather, this is a book about how Douglas Wolk thinks graphic novels work, and what specific examples of graphic novels mean to him.

All of this might seem to go without saying, but it's important to recognize that Wolk's voice is quite omnipresent throughout the book. This is especially true in the second part, where Wolk's essays deconstruct and interpret a series of comics through his eyes, but is also a factor in the book's earlier pages as Wolk offers his blunt and honest opinion of the state of the industry. This first part of the book — divided into five chapters — is devoted to "Comic Book Theory and History". Herein, Wolk attempts to first define comic books, and then to lay out a theory for how one might interpret and critique them using what Wolk dubs "harsh criticism."

Chapter 1, "What Comics Are and What They Aren't", briefly explores the progression of comics from their original golden age, through the silver age and the origin of the Comics Code, and into the current modern era of comic books spawned, it seems, in 1986 with the publication of titles such as The Dark Knight Returns, Maus: A Survivor's Tale, and Watchmen. Wolk declares this current age the real golden age — aesthetically, financially and commercially — and spends the remainder of the chapter more or less trying to support that assertion by definition, comparison to other media, and an extensive straw man argument that includes a few slapshots toward Scott McCloud's side of the ice.

Wolk doesn't pull punches in Chapter 2 either, where he discusses "Auteurs, the History of Art Comics, and How to Look at Ugly Drawings". In discussing style, content, expressiveness and plot he (perhaps deservedly) lambastes Liefeld ("a god-awful hack with no tonal range at all, and his flailing attempts at storytelling are inevitably derailed by his inability to think beyond the next dramatic full-page shot") and even takes aim at Jack Kirby, whose "final years were an embarrassing mess" according to Wolk.

"What's Good About Bad Comics and What's Bad About Good Comics" is the subject of Chapter 3, which sees Wolk first trying to sort out differences between comics, comic books, periodicals and graphic novels by comparing the argument to the difference between movies, films and cinema; this is to say, it's mostly semantics. Wolk also explores the culture of comics and the problems associated with it (bandwagoneers, nostalgia, sexism), and comes to the conclusion that he loves comics "because comic books are awesome," providing seven pages of personal "favorite" moments from the history of comics. Enlightening, but only as a window into Wolk's closet, rather than a vision of any universal truth.

Chapter 4, "Superheroes and Superreaders", attempts to answer the question of why Superhero comics have formed the baseline from which all other comic books seem to stem, but while it touches on the underlying themes and allegories involved I was left thinking that better (or at least more interesting) explanations and explorations have been provided elsewhere, as in Shyamalan's Unbreakable and Chaban's The Amazing Adventures of Kavalier & Clay.

The final chapter of part 1, "Pictures, Words and the Space Between Them", explores the notion of what cartooning is and how it works, the difference between drawing and cartooning (static images vs implied action), and the importance of white space and gutters in conveying time. And what conclusions, if any, can be drawn at the end of part 1? Says Wolk: "McCloud likes to make categories; I like to make generalizations and excuses."

It is on that note that we enter the second part of the book, "Reviews and Commentary", a collection of 18 mini-reviews and essays about selected titles and authors, chosen for no reason other than that Wolk thought they were interesting to discuss. They are not presented as a recommended reading list, nor are they intended to be representative or comprehensive, nor are they presented in any logical order, such as alphabetically by title or last name. At first I thought that they were progressing in order of complexity (that is, complexity of the comic titles being discussed), but even this apparent structure falls apart towards the end, especially when one realizes that ranking comic titles by complexity is entirely subjective.

Books and artists covered in these essays include both well-known authors (Will Eisner and Frank Miller, Alan Moore and Grant Morrison) and titles (Sin City, Daredevil, Watchmen, Maus) as well as more obscure names, including David B (Epileptic), Chester Brown (The Little Man) and Carla Speed McNeil (The Finder).

Each one of the essays (several of which are reprinted from Salon.com) lays out Wolk's feelings about the works and the authors discussed, including both praise and criticism — ofttimes in the same paragraph. Most of the essays are accompanied by ample art that is relevant to the topic being discussed, but there are some cases where an essay is a bit art-light, which is annoying and somewhat maddening in a book about comic books — in particular, the essay on David B. doesn't have any artwork at all, and the essay on Chris Ware could benefit from a little more Jimmy Corigan or Final Report. Also somewhat questionable is the grouping of some subjects within or between essays; Will Eisner and Frank Miller are relegated to one chapter, while two successive chapters are given to Gilbert and Jamie Hernandez of Love & Rockets fame. I'm sure Wolk had his reasons of course, but as a reader the structure seems a bit random.

The book's Afterward gives some brief mention of online comic strips (including Diesel Sweeties and Little Dee), as well as newer anthologies and artists, and then concludes with Wolk's assertion that while there's not much further for comics to go as a medium, that's ultimately a good thing since it represents maturity. Assertions like this are hard to argue with, which is both a blessing and a curse for Reading Comics. So much of what's within is phrased as opinion and generalization that ultimately the book reads something like a memoir, more of a peek into Wolk's basement than into the history of comics.

To Wolk, comics appear to be a sort of ugly girlfriend. He seems to appreciate the cheerleader superhero types, but he's much more into the chicks with tattoos, the Suicide Girls and American Apparel ads of the comic book industry, the ones that stem from "a conscious choice to incorporate a lot of distortion and avoid conventional prettiness in style." He loves them for what's inside, for their intelligence and depth, and acknowledges their surface flaws, never hesitating to refer to them as ugly. It makes one wonder; if a graphic novel asks you if they look fat, do you say yes?

You can purchase Reading Comics: How Graphic Novels Work and What They Mean from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "The Apache web server has been the number one http server on the internet since 1996. It has also become an integral part of many open source and proprietary software systems. It runs on diverse hardware, in locations all over the globe, hosting sites large and small. In November of 2003 Ken Coar and Rich Bowen had their "Apache Cookbook" published by O'Reilly. The duo brought years of experience in working with and documenting the Apache server to the plate. Now, over 4 years later they have published the second edition. Four years is a long time, but it would be reasonable to ask if this new edition is worth purchasing, especially if one already owns the first edition." Read below for the rest of JR's review. Apache Cookbook 2nd Edition author Ken Coar and Rich Bowen pages 285 publisher O'Reilly Media, Inc. rating 8 reviewer JR Peck ISBN 0-596-52994-5 summary Solutions and examples for Apache Administrators The answer is of course, it depends. After I read the new edition I sat down with a copy of the first edition so that I could compare the two. The most obvious and easily noticed difference is that the second edition is larger. Including the index, the second edition is 51 pages longer. This does not mean that they just tacked on 51 more pages of material. A small amount of material was dropped from the first, sections were added to almost every chapter in the second, and an entirely new chapter was added to the second. I think that this bodes well for the new edition as it indicates that the authors did not just slap a few new pages in place to cover some new features, or do a quick search and replace on version numbers. There is a decent amount of repeated material, but only where there have been no changes needed.

The authors state that every recipe comes from real world needs, either working problems on their own or helping others. I am sure that this approach is what drove many of the changes. Sections that are no longer applicable or don't seem to come up as often could be dropped to make room for new issues, or issues that have come up with a higher frequency. The new content as I mentioned is spread out throughout the book. For example, the first chapter "Installation" originally had 7 sections and now has 13. This is due to additional sections on things like installing on Debian based machines, which version of Apache to use, and more sections on downloading and then installing Apache from source.

The new chapter is "Directory Listings". There are 20 sections or 'recipes' that deal with displaying directory/folder listings and modifying the same. Only four chapters do not add more sections in the second edition. Of those only two still contain the same recipes, the other two have had some dropped and others added. Of those two, I checked the various problem solutions and found that while there were many similarities, links to documentation and resources had been updated as well as fixing the recipe if needed. This book has been very thoroughly overhauled.

While the information given is often new, the format, layout and writing are very consistent with the first edition. This means the strengths of the first book carry over as well as some of the weaknesses. The issues I had with the book are that much of it will seem rather simple or basic to the admin who likes to dig into documentation, or is already familiar with installing and managing software. This may be a great thing for the novice or someone trying to install Apache on a platform they don't normally use. (Whether that is Linux or Windows. The Linux install instructions are very brief; the Windows instructions include screen shots and take up more room but cover the whole process. Might be handy for anyone who must install Apache on Windows, but unfamiliar with the OS.) But for the experienced Apache or System Admin it may feel unnecessarily simplistic at times. For example, a new section from the first chapter has added how to download the source along with installing from the source.

Another thing I found awkward is when problems were presented with no solution. I guess the question has come up enough for the authors to feel it deserved being addressed in the book, but in both editions there are times when the solution is literally, "No solution is available with standard Apache features." The authors do take the time to explain why this is so, and the issues involved, but it felt odd nonetheless. The discussion and "See Also" sections will probably be helpful, but this just brought to the forefront that often administration of software is a lot more than just recipes in a cook-book.

I think it is safe to say that if you have or have read the first edition and are still using it, it may be worth your time to check out the full table of contents on the second edition. There may be some new things here that could really come in handy and make it worth picking up this new volume. If you didn't like the first edition, I doubt you will be too crazy about the new one. If you haven't been exposed to the first edition but are new to Apache, or find yourself struggling with Apache, this may really be a great help. For the experienced Apache admin, I would again recommend checking out the table of contents. It shouldn't be too difficult to see if there is something worthwhile here. With such knowledgeable authors, I think that readers will find good advice if there is an area where they need it.

I really doubt there is anything here that can't be found online. Apache's popularity and wide use mean that there is a lot of information out there. The problem is of course that this abundance of information makes it difficult at times to track down what is best or at times what is even accurate. In this book the reader gets the experience and knowledge of two experts in the subject matter, nicely laid out before them. For the person who values quick and accurate information over spending time sifting, this book provides just the time saver that they want.

The index is solid, and the table of contents really breaks things down so finding things is very easy. Like many new O'Reilly titles, this comes with 45 days of access to the book in electronic format through Safari.

You can purchase Apache Cookbook 2nd Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

bdelacey writes "In January 2008, just in time for Ruby's 15th birthday, O'Reilly published The Ruby Programming Language. The co-authors make a strong writing team. Yukihiro (Matz) Matsumoto created Ruby. David Flanagan previously wrote Java In a Nutshell and JavaScript: The Definitive Guide — he has a CS degree from MIT with a concentration in writing. Drawings are the work of Rubyist-extraordinaire why the lucky stiff and technical reviewers include well known Rubyists David A. Black, Charles Oliver Nutter, and Shyouhei Urabe." Read on for the rest of Brian's review. The Ruby Programming Language author David Flanagan & Yukihiro Matsumoto with drawings by why the lucky stiff pages 444 publisher O'Reilly rating 9/10 reviewer Brian DeLacey ISBN 0-596-51617-7 summary A classic and comprehensive guide to Ruby. According to the Preface, Flanagan and Matz modeled this book after the K&R "white book" — The C Programming Language by Brian Kernighan and Dennis Ritchie. Like the "white book", The Ruby Programming Language has a simple structure and provides complete coverage. Just as K&R served as the de facto standard for "C", The Ruby Programming Language will likely be seen as the most authoritative language book for Ruby. Flanagan and Matz provide the following guidance for their readers:

"Because this book documents Ruby comprehensively, it is not a simple book (though we hope that you find it easy to read and understand). It is intended for experienced programmers who want to master Ruby and are willing to read carefully and thoughtfully to achieve that goal. ... [T]his book takes a bottom-up approach to Ruby: it starts with the simplest elements of Ruby's grammar and moves on to document successively higher-level syntactic structures from tokens to values to expressions and control structures to methods and classes. This is a classic approach to documenting programming languages." (p. 17)

You'll read all about boolean flip-flops, duck typing, lambdas, maps, metaprogramming, reflection and patterns of rhyming methods (collect, select, reject, and inject!). You'll also learn about new features in Ruby 1.9, like fundamental changes to text for Unicode support and the introduction of fibers fo coroutines. If it's in Ruby, it's almost certainly in this book. Chapters flow together nicely, although some could even stand on their own as educational materials for a computer science course (e.g. Chapter 7: Classes and Modules covers object-oriented programming and Chapter 8: Reflection and Metaprogramming elaborates on concepts like hooks, tracing, and thread safety).

In Ruby programming, difficult tasks are typically not only possible but often easy. It seems the authors take the same approach in their writing. For example, the complex topic of Domain Specific Languages (DSLs) sometimes creeps into deep discussions involving Ruby. Flanagan and Matz describe it simply and clearly: "A DSL is just an extension of Ruby's syntax (with methods that look like keywords) or API that allows you to solve a problem or represent data more naturally than you could otherwise." (p. 296)

During Ruby's first ten years, nearly two dozen books were in print in Japan but very few were available in English. That changed in 2004 when the introduction of Ruby on Rails created momentum for the language. A flood of new books followed, including Programming Ruby (2004, 2nd edition), The Ruby Way (2006, 2nd edition), Ruby for Rails (2006), and Learning Ruby (2007).

Programming Ruby, with lead author Dave Thomas, is self-described as a "tutorial and reference for the Ruby programming language." The Ruby Way, by Hal Fulton, was intended to complement Programming Ruby. Fulton noted: "There is relatively little in the way of introductory or tutorial information." Ruby for Rails, by David A. Black, has a clearly defined audience: "This book is an introduction to the Ruby programming language, purpose-written for people whose main reason for wanting to know Ruby is that they're working with, or are interested in working with, the Ruby on Rails framework." Learning Ruby, by Michael Fitzgerald, is a 238-page survey for "experienced programmers who want to learn Ruby, and new programmers who want to learn to program."

Programming Ruby and The Ruby Way each weigh in at over 800 pages. The binding on my copy of The Ruby Way came unglued and split in the middle after a year of use. The Ruby Programming Language is a slim, more manageable 444 pages and, in contrast, is the only one to cover Ruby version 1.9. In general, this is a great example of "less is more". Informative text boxes are sprinkled across the book with brief highlights on key technical thoughts. The first chapter's text box on "Other Ruby Implementations" (e.g. JRuby, IronRuby, Rubinius) could, however, be expanded into a several-page discussion of Ruby's various interesting architectures. Inclusion of IDEs and development tools (e.g. Eclipse, NetBeans, and TextMate) might also be helpful. These topics would nicely round out Chapter 10: The Ruby Environment.

The Ruby Programming Language has excellent cross-referencing. Section signs () feel like embedded HTML links that enable you to easily follow your coding curiosity around the book. Or you can just read it the old fashioned way, straight through. As an example, Chapter 3: Datatypes and Objects has subheadings (e.g. 3.1 Numbers) and well defined sections (e.g. 3.1.3 Arithmetic in Ruby.) The page-footers, table of contents and index also provide efficient navigational aids.

Artwork at the "edge of abstract expressionism" is something you might expect from The New Yorker magazine, but a computer book? The Ruby Programming Language introduces readers to "the edge of graphite expressionism". Original "smudgy residue" pencil drawings by why the lucky stiff creatively start each chapter.The Beatles' album cover for Sgt. Pepper's Lonely Hearts Club Band sparked intrigue and investigations into coded messages with hidden meanings. The same could happen here.

In Words and Rules: The Ingredients of Language, author Steven Pinker asks a simple question: "How does language work?" When I think about a new programming language, I have the same type of question in mind: "How does this language work?" Flanagan and Matz provide the answers in outstanding fashion. The Ruby Programming Language should help seasoned programmers who want to master Ruby. In addition, there is enough structure and sample code for determined novices to begin their programming explorations. Better than any other, this book defines the language. It is a classic and comprehensive guide for Ruby and a great 15th birthday present.

One long-time Rails developer sent me an email with their first impressions of The Ruby Programming Language: "I have been finding the book very useful, and I'm glad I did get it sooner rather than later." Matz said "Ruby is designed to make programmers happy." It looks like similar design thinking went into this book.

Brian DeLacey volunteers for the Boston Ruby Group

You can purchase The Ruby Programming Language from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

jsuda writes "The preeminent general reference source for Mac OS X has always been the Missing Manual Series written by David Pogue. The latest iteration in the series is its Mac OS X Leopard Edition, completely revised, and it is the biggest, most comprehensive, and most useful of all the editions in the series. It covers the Mac OS X desktop and file system, the free applications included with the Mac OS X installation, the system components and technologies, networking and online features and components, and includes welcome appendices on installation, troubleshooting, Windows/Mac comparisons, and a Master Keystroke list." Read on for the rest of John's review. Mac OS X Leopard Edition: The Missing Manual author David Pogue pages 893 publisher O'Reilly Media Inc. rating 10 reviewer John Suda ISBN 9780596529529 summary Great Manual for all levels of users Every one of the editions has been exceedingly well-designed and written combining serious treatment of subject content with style, wit, and humor, as well as honest evaluation and critique of features of the Mac operating system. All of the OS X Missing Manuals have addressed issues for a broad range of users, from the lightly experienced, the intermediate, and for power users. For the most part, however, the primary focus of each edition has been on the less experienced users. This has changed with the Leopard edition.

There seems to have been a deliberate effort to make the book more appealing and useful to upper-end users without losing any utility at all for others. There seems to be more material for power users- -there are more Power Users Guides providing advanced information and techniques, more UNIX references for those willing and able to take avail of the UNIX kernel underlying the operating system, more identifications of keyboard shortcuts, and more disclosure of undocumented and advanced features than in previous editions.

For example, Pogue itemizes and describes at least 20 UNIX utilities that only power users would want to use, explains how to configure preferences for the Terminal application, explains how to deal with the file and folder permissions system using UNIX commands, and even notes the existence of the venerable Eliza therapist emulator program hidden in a part of the emacs text editor. At each juncture of describing operating system features, Pogue explains from the perspective of different levels of users, including the power user, like himself. Unlike in many other books purporting to cover a broad range of users, this one does not short on the higher-end.

This is all well and good as casual users are still widely well-taken care of by the thorough and well-organized explanations of nearly every feature of OS 10.5. The book is illustrated profusely with screenshots of system features, configuration processes, comparison of the Mac OS X versions, comparisons of Mac OS X to Windows features, and more. Nearly every page is loaded with Tips, Notes, FAQs, lists, tables, and sidebars. Throughout, there are nuggets of insight and technical arcana that even Mac veterans will be surprised to learn about. I learned, for example, that the one-button Apple Mighty Mouse has a secret 2-button feature. Also there is a similar way to operate a laptop with a two finger trackpad technique. There are a lot of tips and tricks like that in the book. Even beyond description and explanation, Pogue provides useful recommendations for configurations of the Dock, recovery from common errors, and using Automator to design practical workflows for common tasks.

The subject content builds upon that of previous editions and updates it with material relating to the 300-plus new features of Leopard. Much of the new material covers the Leopard update highlights the backup program called Time Machine, a desktop switching application called Spaces, the Stacks organizing feature, the file previewer, QuickLook, and the feature enhancements in iChat, Mail, and especially Spotlight, the search tool.

Spotlight is much more than a mere search tool although it is a great one. A whole chapter is devoted to it alone. Pogue explains how to use it not just for casual and advanced searching (using over 125 types of data and metadata) but as a quick launcher of files, folders, and applications; as a calculator; and as a dictionary. Sophisticated query languages can be used and Pogue lists a series of power user keyboard shortcuts for Spotlight use.

I see the book as especially useful for those Windows users of all levels gravitating to the Mac platform. Not only is the treatment of the Mac OS done well, but at nearly every juncture, Pogue takes the perspective of a Windows user and provides practical comparisons and contrasts of operating systems.

Weaving all of these perspectives into a harmonious, readable manual is a fine achievement. The content discussions and explanations are never abstract but written from the viewpoint of the thoughtful and practical user and no one is better at this than David Pogue who has been cited before as one of the worlds best (technical) communicators. The denseness of the treatment of the subject content diminishes somewhat from the readability of the book compared to prior editions and there is a bit less wit, humor and style. That is the trade-off, I presume, for the increased breadth and depth of the content treatment but this Missing Manual is still as well written as a computer manual can be expected to be.

You can purchase Mac OSX Leopard Edition: The Missing Manual from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Web 2.0 applications and sites commonly employ a number of technologies: PHP, MySQL, XHTML, CSS, JavaScript/Ajax, microformats (standard formats for HTML data), tags (keywords for categorizing site content), and Web feeds (formatted and streamed Web content, usually in XML, such as an RSS feed). Because learning and using most of these technologies can be rather challenging to a Web developer, perhaps the best way to get started doing so is by using all of them to create a single Web-based application, with no pretense at mastering any one of them. This is the approach taken in Quentin Zervaas's book, Practical Web 2.0 Applications with PHP." Read on for the rest of Michael's review. Practical Web 2.0 Applications with PHP author Quentin Zervaas pages 569 publisher Apress rating 7/10 reviewer Michael J. Ross ISBN 1590599063 summary An example-based guide to PHP and Web 2.0 technologies. The book was published by Apress, on 20 December 2007, under the ISBNs 1590599063 and 978-1590599068. On the book's Web page, visitors can read and submit errata (apparently none, as of this writing), read the online table of contents, download Chapter 11 ("A Dynamic Image Gallery") as a PDF file, and purchase an electronic version of the book.

Given the number and complexity of the technologies discussed in the book, it is little wonder that it is 569 pages long. There is certainly a generous amount of material, and it is grouped into 14 chapters: planning and designing the sample application; application framework setup; user authentication, authorization, and management; user registration, login, and logout; Prototype and Scriptaculous; page styling using CSS; creating a blogging system; extending the blog manager; personalized user areas; Web 2.0 features (tags, Web feeds, microformats, and public profiles); the image gallery; site search functionality; integrating Google Maps; deploying and maintaining the site.

The first two chapters set the stage for the rest of the book. Chapter 1 provides a brief overview of Web 2.0, the sample Web-based application to be developed in the book, database connectivity, search engine optimization, PHPDoc, templating, and security, as well as the major features of the sample application, namely, a blog site. Chapter 2 describes how the reader can set up the application framework needed to follow along as the author explains how to build the sample application. This includes brief descriptions of how to install Apache, MySQL, PHP, and the Zend Framework. In fact, the book makes so much use of the Zend Framework that, after reading it from cover to cover, the reader will have gained a strong understanding of how some of the most popular components of that framework can be employed in their own projects. The chapter describes the file system structure the author has chosen, how to configure your Web server, how to set up the database, and how to connect to that database. It also provides an introduction to the Model-View-Controller (MVC) design pattern, as well as the Smarty template engine — both of which are used later.

While the introductory material in the first two chapters is essential — particularly to any inexperienced programmer — and generally spot on, some of the material could use a significant amount of expansion and clarification. For instance, in Chapter 2, the instructions on how to configure one's Web server, could easily prove confusing to most readers, because the author refers to the IP address 192.168.0.80, with no explanation as to what it is and how it relates to the usual local Web server address, 127.0.0.1 (localhost). His recommendation for a "hosts" file entry, "192.168.0.80 phpweb20," certainly does not help clarify matters. Furthermore, the author does not explain why "phpweb20" should be used instead of "localhost." In the subsequent discussion on virtual hosting and Linux, in a "Note," he mentions that the reader "must have previously included the NameVirtualHost 192.168.0.80 in your main Web server configuration..." In another note on the same page, he provides instructions on the PHP setup that should have been included earlier, in the section on installing PHP. In general, there are too many instances in the early chapters where key information is presented not where the reader would need it, but pages later. This can be especially exasperating to readers who are fairly new to the technologies, and are trying their best to follow the author's examples, every step of the way.

Chapter 3 discusses user authentication, authorization, and management. Unlike most PHP books, this one does not limit the reader to using MySQL as the relational database management system in conjunction with the sample application. The downloadable code for the book makes it possible for the reader to use PostgreSQL, even though the text itself focuses on MySQL. This flexibility is made possible by the author's use of the Zend_Db class. Admittedly of little significance, some of the book's SQL code looks a bit puzzling in some places. For instance, on pages 46-47, unneeded blank lines are contained within the "create table users" statement, with no reason given. Of greater importance, the chapter includes a short but valuable section describing the potential problems of date and datetime values in MySQL caused by server time zones, daylight savings, etc. — a topic well worth reading up on. The fourth chapter explores user registration, login, and logout functionality. Crucial topics such as password reset are covered, while some others, such as password strength, are not — no doubt due to space limitations.

Ajax is considered a central part of the new Web 2.0 trend, and for doing Ajax, the author recommends Scriptaculous, which is based on Prototype — both introduced in Chapter 5. The basic CSS styling of the sample application's Web pages, is covered in Chapter 6. The only flaw in the sample CSS code is that the author formats the declarations within each rule inconsistently, with some rules having multiple declarations on a single line, and others having each declaration on a separate line, which most people find easier to read and maintain. A highlight of the chapter is the author's comparison of the advantages and disadvantages to using a print-only CSS stylesheet versus a dedicated secondary print page — a topic not even seen in Web programming books that focus on design and CSS. The chapter concludes with a discussion of client-side form validation using JSON.

Chapters 7 through 13 focus much more on the sample application's functionality: implementing the user blogging system, and supplementing it with a blog manager index, Ajax capabilities, and a WYSIWYG editor (FCKeditor); creating user areas that can be customized by the users themselves; implementing the aforesaid Web 2.0 features (tags, Web feeds, microformats, and public profiles); implementing a dynamic image gallery, using GD for resizing, etc.; adding site search capabilities using Zend_Search_Lucene; incorporating Google Maps into the users' public blogs. All of these chapters are chock full of sample code, which the energetic reader may want to test out in their own development environments — particularly if they want to follow the author in creating the sample application. Fortunately, the reader will not have to waste any of that energy typing in code, because it can all be downloaded from the author's book site.

Specifically, Chapters 7 and 8 are devoted to the blogging capabilities of the sample application. While the discussion of permanent links, filtering, and the FCKeditor WYSIWYG editor may be of interest to a reader not implementing blogging themselves, the book at this point becomes more narrow in the information that it conveys — focusing even more on the code of the sample application. After reading through dozens of pages listing the code for blog entry management, readers may begin asking themselves, "Why not just use a CMS, instead of reinventing the wheel?" It should be borne in mind that the point of the book is not to advocate reinventing the wheel, but rather to show how a sturdy and reliable wheel can be built. Nonetheless, readers will need fortitude to plow through the many pages of code.

Despite the obvious expertise of the author, readers should be alert and open-minded to potential pitfalls. In the sample application's code, for generating passwords, the author uses only a hash function, md5(), despite its vulnerability to rainbow tables. The reader is advised to use an encryption function instead of — or in conjunction with — any hash function. The book contains another example of inattention to data security: In Chapter 4, as part of the user registration process, the user's password is e-mailed to the new registrant, naturally in plaintext, making it visible to anyone who intercepts the e-mail message. Years ago, all sorts of online organizations were following this lamentable practice; fortunately, "nasty grams" from security-savvy users seem to be turning the tide.

After exploring the possibilities of dynamic image galleries and Google Maps, the last chapter may appear relatively uninteresting to the reader, because it discusses application logging, error handling., and Web site deployment and maintenance, including backups. These topics may not seem too exciting, but failing to take the lessons to heart, and then experiencing a heart-stopping crisis on one's production site, will be the kind of excitement no Web programmer wants to experience.

What distinguishes this book from the majority of other PHP titles — for better or for worse — is that the author makes extensive use of specific frameworks and other tools, such as the Smarty templating engine and the Zend Framework, as well as classes that he has written, which are freely available in the source code. As a result, the value of the book to the reader is, to a certain extent, proportional to how much that reader wants to learn and possibly use those components. For example, if the reader chooses, for whatever reason, to not use the MVC design pattern and the Zend_Controller class for implementing MVC in their application, then the author's use of these will appreciably reduce the value of the book to that particular reader. In fact, given how lengthy Chapter 2 is, such a reader may mistakenly conclude that the rest of the book would be of no greater interest to them, and consequently become discouraged and quit reading. Other examples include the homebrew DatabaseObject and Profile classes, discussed in Chapter 3. Regardless, some readers may find that even if they do not use the author's chosen tools for their own applications, there is enough other programming and application-focused information that makes the book worthwhile to them. Other readers will be disappointed in the overall value of the book should they choose not to follow the author's recommended approaches. In addition, some programmers may be quite hesitant to base one of their own applications — particularly for paying clients — on classes created by a single developer, with no accompanying unit testing code to verify its soundness.

In terms of the production of the book, it is definitely up to par, with a font that is readable and yet small enough to get plenty of information on each page — in conjunction with the bottom margins being utilized better than in other books. However, at least for my particular copy of the book, several blocks of pages were cut with different widths, making it appear as if one or two blocks had become detached from the glue binding, when in fact they were all well attached. Within the binding glue, they were all attached at an equal depth, indicating that it was the cutting of the pages that caused the problem, and not how the blocks were set in the binding.

Even though some readers may find the book overly focused on particular frameworks and other tools, Practical Web 2.0 Applications with PHP is an instructive and expert demonstration of how to use PHP, MySQL, the Zend Framework, Smarty, Ajax, and other powerful technologies for creating robust Web sites.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Practical PHP Web 2.0 Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Firebones writes "In 1986, the book Programmers at Work presented interviews with 19 programmers and software designers from the early days of personal computing including Charles Simonyi, Andy Hertzfeld, Ray Ozzie, Bill Gates, and Pac Man programmer Toru Iwatani. Leonard Richardson tracked down these pioneers and has compiled a nice summary of where they are now, 22 years later."

David Martinjak writes "Hacking: The Art of Exploitation is authored by Jon Erickson and published by No Starch Press. It is the anticipated second edition of Erickson's earlier publication of the same title. I can't think of a way to summarize it without being over-dramatic, so it will just be said: I really liked it. The book, which will be referred to as simply Hacking, starts by introducing the author's description of hacking. Erickson takes a great approach by admitting that the common perception of hacking is rather negative, and unfortunately accurate in some cases. However, he smoothly counters this antagonistic misunderstanding by presenting a simple arithmetic problem. A bit of creativity is needed to arrive at the correct solution, but creativity and problem-solving are two integral aspects of hacking, at least to Erickson. The introduction chapter sets an acceptable tone and proper frame of mind for proceeding with the technical material." Below you'll find the rest of David's review. Hacking: The Art of Exploitation, 2nd Edition author Jon Erickson pages 472 publisher No Starch Press rating 9 reviewer David Martinjak ISBN 1-59327-144-1 summary An informative, and authoritative source on hacking and exploit techniques. Chapter 2 enters the subject of programming. The first few sections in the chapter may feel a bit slow to readers who have been coding for any legitimate length of time. Erickson explains some fundamental, yet essential, concepts of programming before finally moving into some actual code. Some readers may choose to skip these few pages, but they are necessary for brave new adventurers in the dark realm of development. The remainder of the chapter certainly compensates for any perceived slow-start. Each of the remaining sections presents a sufficient quantity of technical information, accompanied by descriptive, yet straightforward explanations.

I don't mean to disrupt the chronological progression of the book review, but it is important to highlight the excellence of the explanations provided in Hacking. Throughout the book, the writing provides adequate details and the content is to the point. Many sources on exploit techniques supply sparse information, or are too wordy and often miss the relevant and important concepts. Erickson does a phenomenal job in Hacking of explaining each subject in just the right manner.

The third chapter is the staple of the book. This chapter covers buffer overflows in both the stack and the heap, demonstrates a few different ways that bash can aid in successfully exploiting a process, and provides an essentially all-encompassing elaboration of format string vulnerabilities and exploits. As I said, this is the main portion of the book so I don't want to give away too much material here. Undoubtedly, though, this chapter has the best explanation of format string attacks that I have ever read. The explanations in Chapter 3, like the rest of the book, are of substantial value.

Chapter 4 focuses on a range of network-related subjects. At first I wondered why the chapter starts with rather basic concepts like the OSI model, sockets, etc. Then I realized it was consistent with the earlier chapters. Hacking presents some core concepts, then moves on to utilizing them in exploits. In this case, these specific concepts and techniques just hadn't been covered yet. The exploit toward the end of this chapter includes some of the concepts in the previous chapter, which also helps to cement the reader's understanding.

I will mention two main shortcomings. First, the material in the "Denial of Service" section of the Networking chapter was unnecessary for this book. Attacks like the Ping of Death, and smurfing were interesting developments when they were first discovered, and effective on a large scale. Now in 2008, almost all of the items in the "Denial of Service" section are either outdated or have been covered to an excessive extent. Rather than denial of service, I would have preferred to see a section on integer attacks. This would have fit perfectly with the book's theme as there are several issues surrounding numeric types in C of which many programmers are unaware. Considering the fact that the book is about hacking and much of the code is in C; integer attacks seem like a natural component to include. The second pitfall in this review is through a fault of my own. I cannot compare this second edition of Hacking with its original, first edition release as I unfortunately do not own the first edition. Hacking finishes out the second half of the book with chapters on shellcode, countermeasures, and cryptology. The chapter on cryptology is especially interesting as it contains a good mix of information without being too hardcore on the mathematics involved. There are plenty of gems in the shellcode and countermeasures chapters, as well. Specifically, Erickson does a stellar job of explaining return-(in)to-libc attacks, and dealing with the address space layout randomization in Linux. He covers the exploit technique for linux-gate.so in a randomized memory space before it was fixed in 2.6.18, then proceeds to demonstrate a different technique for successful exploitation on kernels at 2.6.18 and later.

Undeniably, Hacking: The Art of Exploitation is one of the quintessential books for its subject. A book this good is a rare find, and certainly worth the read for any individual interested in security.

David Martinjak is a programmer, GNU/Linux addict, and the director of 2600 in Cincinnati, Ohio. He can be reached at david.martinjak@gmail.com.

You can purchase Hacking: The Art of Exploitation, 2nd Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "The X Window System has been around for over twenty years and is the display system for an incredibly wide range of operating systems. With the number of Linux users growing, there are more people working with X than ever before. Most modern desktop environments provide user friendly interfaces that make modifying X rather simple. There is not a need to dig into config files and settings as in the past. For those environments without such tools or for the user who loves to dig deep into their environment, this book can be a simple way to understand how X works and how to tweak it in any number of ways. If you want things that 'just work' and have no interest in digging around below the surface this book is not for you. On the other hand, if you think the best thing to do with a shiny new tool is to take it apart, well "X Power Tools" by Chris Tyler may be just for you." Read on for the rest of JR's thoughts on this book. X Power Tools author Chris Tyler pages 254 publisher O'Reilly Media, Inc. rating 9/10 reviewer JR Peck ISBN 0-596-10195-3 summary The author, Chris Tyler, is a professor at Seneca College in Toronto as well as a programmer and Linux user. His first book published by O'Reilly was "Fedora Linux: A Complete Guide to Red Hat's Community Distribution", published in 2006. He cites the growth in X users, combined with active development and the lack of existing books that address X as the motivation for writing "X Power Tools."

X is the windowing system on a wide range of Unix and Unix like systems. Chris is obviously most familiar with Linux and so the material is heavily Linux oriented. This is most apparent when the book deals with Session Managers, Desktop Environments and Window Managers. The material focuses on Gnome, KDE and Xfce and their associated components in regards to X. For the Linux user this could be a valuable resource.

When I've had issues in working with X locally and over the network, I've found that while what I need is available on the web, getting just what I need can be very labor intensive at times. Usually just what I want is spread across tutorials, on-line man pages and forum posts. Sorting out what applies to my situation can be especially difficult when I'm not even sure just how things work for my setup. Chris makes this kind of guessing unnecessary and provides the locations and function of key files. He also spells out how the most important files and tools can be best used.

For the sysadmin on another platform, these Linux specific sections are not going to be much help. Most of the book though, deals with X itself. I've already loaned my copy to one of our AIX admins more than once and I think he plans on picking up a copy of his own.

When Gnome and KDE provide an interface for modifying or customizing X functionality, the book gives at least the name of the program and sometimes screen shots and explanations of how the tool works. This is always after an illustration of how to get the job done with the tools that are a part of X itself. From fonts to keyboard layouts, multi-display to kiosks, everything required is laid out in straight forward terms.

For me, as a Fedora user, this means that having read this book I approach my work environment with a new level of confidence. Behaviors that used to puzzle me, now make complete sense. Quirks that bothered me, no longer need to be tolerated as I know have the tools to get things working just the way I want, rather than using defaults.

The book has just come out, so it was being written before the release of KDE 4. I've looked through the documentation and I don't think any of the changes to programs like KDM or KWin make the information in the book out of date. In fact, according to the KWin release notes, when discussing KWins new compositing support, "...manual configuration of X may be required for proper results..." So if you are a KDE user that likes to live on the edge, this book may come in handy.

O'Reilly says that their "Power Tool" books are comprised of a series of stand-alone articles that are cross-referenced to one another. To be honest, it didn't feel much different from reading any other tech book. Topics flowed naturally and the articles are analogous to sections that divide up chapters in other books. One nice navigation feature is that page numbers are on the bottom of the pages while chapter and article numbers are at the top corner in a decimal notations. For example at the top of page 58 there is a grey square containing the number 3.13 which means that it is the 13th article in chapter 3.

The book has a thorough index. It also comes with 45 days free access to an electronic version through O'Reilly Safari.

For me the only real weakness of the book is that I would like to have seen more information on working with X on Unix. When reference is made to specific implementation of X it is almost always in regards to Linux. I wouldn't want to lose that, but I think a mixed environment of Unix, Linux and Windows is more the rule than the exception today. It would be more work to include other operating systems, but it would have also made the book much more valuable.

All tech books face the danger of becoming quickly useless as progress marches forward. X is actively being developed, but at the same time, looking back on its history I think this book will be useful for sysadmin and user for some time to come.

You can purchase X Power Tools from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

The Knife writes "Amazon secretly canceled orders for a large jazz CD set after realizing that it had mis-priced the item at $31 instead of its MSRP of $499. At first, inventory shortages caused the online merchant to string customers along for over a month after they placed their orders. But when Amazon realized that the box set was under-priced by $470, it simply erased all records of customers' order in their account history. No emails were sent to customers informing them of the price change or of the order cancellation. Probably because it violates Amazon's highly publicized price guarantee policy. A customer who called to complain and request the CD set at the $31 price was given a $20 discount off of his next Amazon order." A caveat: there is no external confirmation that Amazon did what is claimed here.

Michael J. Ross writes "For any Web site based upon Drupal, an increasingly popular CMS, the styling of the site is controlled by whatever Drupal "theme" has been installed, enabled, and chosen, by the site administrator. Out of the box, Drupal offers only a handful of themes, and thus site administrators oftentimes will instead opt for a theme developed by a third-party. However, if the administrator cannot find one that exactly matches their needs or those of their client, then they will either have to pay someone to custom-build a theme, or learn how to do it themselves. Fortunately, creating a new theme or modifying an existing one, is not that difficult, as demonstrated in Drupal 5 Themes, by Ric Shreves." Read below for the rest of Michael's review. Drupal 5 Themes author Ric Shreves pages 260 publisher Packt Publishing rating 6/10 reviewer Michael J. Ross ISBN 1847191827 summary A guide to modifying Drupal themes, and creating new ones. The book was published on 22 December 2007, by Packt Publishing, under the ISBNs 1847191827 and 978-1847191823. It is a slender volume, at only 260 pages, and yet covers most of the basics, in eight chapters and one appendix: the basic elements of a Drupal theme, including the files involved; finding, installing, configuring, managing, and uninstalling themes; theme engines, with a focus upon the most commonly used one, PHPTemplate; style sheets and themeable functions; overriding CSS rules, Drupal functions, and template files; modifying an existing theme, using the popular Zen theme as an example; creating a new PHPTemplate-based theme from scratch, and how to extend it; creating a theme not based upon an engine; theming Drupal forms. On the book's Web page, visitors can download most of the sample code presented in the book, send the publisher feedback, ask the publisher a question, and download a sample chapter (number 3, "Working with Theme Engines") as a PDF file.

On the positive side of the ledger, Drupal 5 Themes is a solid introduction to Drupal theming, and the author takes his time in explaining the key concepts. Extensive use is made of sample code, in addition to screenshots of themed pages, admin pages, directory trees, and more.

On the negative side of the ledger, the book contains many small errors — even for a first edition. There are far too many misspellings: "new-comer" (page 8), "where ever" (page 10), "blocks manager" (on the same page — even the same paragraph!), "in depth" (as an adjective, on pages 23 and 24), "jump start," "down side" (both on page 27), "sites" (as a possessive, page 54), "some where" (page 87), and one that undermines the technical credibility of the author, "FavIcon" (page 50). Sadly, there are numerous other errata. For instance, on page 47, we stumble over "to the tailoring an existing theme." On page 10, "assemble to core" should instead read "assemble the core." In several instances, "comprise" is mistaken for "compose." The alert reader will spot other signs of sloppy editing: One pages 18-19, the author should have chosen either "Tables Free" or "CSS-based," and be consistent. The penultimate paragraph on page 123 has double periods. The synonym of "theme" that is posited, "template," is related, but not synonymous; but the common term "skin" isn't even mentioned. On page 188, "page-blog-tpl.php" contains a typo.

Some of the author's phrasing is quite awkward, e.g., "Dev Server" (page 120) apparently means a local Web server. In fact, throughout the book he flip-flops on using lowercase or title case for such terms as "block" and "region." The overuse of title case is also found throughout the book, with some of it almost laughable, e.g., "... the Big Picture." In terms of the writing style, it could certainly be improved, such as judicious use of commas where needed — particularly in the countless run-on sentences. In general, this book contains more errata and style gaffes than any other computer book I have ever seen, on an absolute basis — even worse per page, considering it has perhaps half the number of pages of the typical computer book.

Turning to the technical material itself, there are inconsistencies as well. For instance, some URLs contain root directory slashes, while others do not. Some menu breadcrumbs use ">" as a delimiter, while others use "|." Furthermore, the Drupal menu breadcrumbs (e.g., "administer>themes") should be in sentence case, not lowercase, to match Drupal's names. Fortunately, none of the aforementioned flaws prevent the reader from understanding the book's material, but they reveal insufficient effort in the writing and editing phases, and suggest that other, less obvious, mistakes were possibly made.

In terms of the book's production, it could be improved. Some of the images are highly pixelated — especially the screenshots of directory trees. What will perhaps be most annoying to some readers, is the publisher's use of a glossy black ink that causes each page to reflect one's reading light. One might initially hope that this is an unavoidable disadvantage of the publisher perhaps choosing an environmentally friendly ink, or some similar reason, but nowhere in the book is the type or choice of ink mentioned. This suggests the poor choice was made for economic and not ecologic reasons.

The chapter summaries add nothing to the discussion, and could be removed without loss.

We now turn to specific chapters. In Chapter 2, the author discusses how to install and configure themes, and also touches upon global configuration settings, as well as module and block management. This information is put to use in the second part of the chapter, which covers the customization of Garland, the default Drupal theme. Some of the material in this chapter could prove puzzling or even misleading to many readers. The author states that enabling a theme and setting it as the default, applies it to "both front end and back end of the site" (page 31). Actually, it only changes the front-end theme; the back-end theme is set via Administer > Site configuration > Administration theme; oddly, he actually acknowledges this much later. In the theme configuration screenshots in Chapter 2, the "gagarin" theme is missing, even though it was supposedly installed earlier. On page 40, the author instructs, "To access all the user permissions and configuration screens in one place, view your administrator console by module." But Administer > Site building > Modules is not where the administrator sets user permissions and blog configurations. In the discussion of page specific visibility settings, the third radio button option (entering PHP code to control the visibility of the block) is only displayed if the user has enabled "use PHP for block visibility" in Administer > User management > Access control. The figure caption on page 50 could give a reader the mistaken idea that Drupal renames the custom logo image to "garland_logo.gif" automatically, prior to the configuration settings being saved, which is mentioned afterwards. On page 58, the illustration shows PHP code that appears to contain an extraneous tag, , which is probably a holdover from the illustration on page 56; in fact, it breaks the code, because the presence of that string always effectively returns TRUE. On pages 86 and 87, the PHP code contains four back ticks, which should be replaced with straight apostrophes.

Theme engines, specifically PHPTemplate, is explored in Chapter 3. The author explains the primary functionality of the six files that constitute this built-in theme engine. These are illustrated by comparing two PHPTemplate themes — Garland versus Gagarin. The chapter concludes with brief overviews of three other theme engines, PHPTAL, Smarty, and PHP XTemplate.

Modifying a theme to customize a Drupal site, can be done in one of two ways, or a combination of the two, which is the typical approach: overriding default CSS rules, and overriding themeable functions. Chapters 4 and 5 explain how to do so, with the former containing a list of themeable functions organized by functionality. Chapter 5 covers the details of overriding Drupal CSS and functions, including a valuable discussion of the various options open to the developer for overriding functions, including step-by-step instructions. The chapter concludes with a brief explanation as to how to intercept template files.

Chapters 6 and 7 form the heart of the book, because they explain the details of modifying an existing theme and building a new one from scratch. Anyone interested in learning how to style their Drupal-based Web site with maximum flexibility, will find these two chapters of value. However, there are several pitfalls the reader will want to watch for: Early in Chapter 6, the author instructs the reader who is following along to rename the theme-specific functions in the template.php file from "zen_" to "tao_." Yet this is insufficient, because the page formatting for this new theme, tao, already differs from Zen's. This is likely due to the theme PHP files not finding one or more CSS files that still contain the name "zen." In fact, to completely replace the old theme name throughout Zen's code, one needs to change nine other PHP files. In the section describing how to set up the menus, the weights for the "Home" and "Contact Us" links are supposedly set to 10 and -10, respectively, which would place the former to the left of the latter; yet the illustration on page 148 shows the opposite. The "Blog Entries" weight should be -10 instead of 10. The weights for the footer navigation menu links appear to be equally messed up. In addition, both instances of "yourdomain" is followed by an erroneous space. Frankly, it is as if the book had never been technically edited.

Chapter 7, the longest in the book, is possibly the one that will receive the most study by readers who wish to learn the intricacies of making their own theme from the ground up. The author provides a step-by-step explanation as to what is involved in creating a new theme, and the advantages and disadvantages to alternative approaches. He uses a sample theme, "Bluewater," to illustrate the ideas. The problems with this material are fairly minor: The diagram caption on page 152 states that the elements within the CSS are ordered alphabetically, and yet no alphabetical ordering is apparent. In fact, the ordering doesn't even match that in the page.tpl.php file. In addition, page.tpl.php contains a couple curly quotes, though this does not affect its functionality. Aside from these issues, the discussion is quite thorough, and the reader ends up with a fully functional — though not especially attractive — Drupal theme. The chapter concludes with coverage of template variables, the use of multiple templates, dynamic theming, and developing a theme without the use of any theme engine. However, on page 188, the author states where you can find an example page but there's almost nothing on that page — as of this writing — aside from links to pornographic photos and video. Did the author intend for readers to find them? Either way, it signifies poor judgment on the part of the author.

For many PHP developers, working with form pages is oftentimes the most problematic part of creating a Web site. Fortunately, this book tackles the topic, in Chapter 8, as it pertains to Drupal sites.

In spite of the terribly sloppy writing and editing (both narrative and technical), Drupal developers interested in creating their own themes, or modifying those created by other developers, will find straightforward and detailed coverage in Drupal 5 Themes.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Drupal 5 Themes from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "It has been well documented that the reception for Microsoft's Windows Vista has not been all that warm. Yet, visiting the web site of many PC manufacturers or visiting a retail outlet selling computers will show that most new hardware is being offered with Vista as the primary if not only option. O'Reilly's newest in their Annoyances series, "Windows Vista Annoyances", by David A. Karp, seeks to alleviate some of the pain for new Vista users. For the Vista owner who is able to put the book's suggestion into place, the edge should be taken off. For the individual considering a purchase of Vista and wondering if it can really be that bad, this book seems to indicate that yes, it is that bad." Read below for the rest of JR's review. Windows Vista Annoyances author David A. Karp pages 641 publisher O'Reilly Media, Inc. rating 8 reviewer JR Peck ISBN 0-596-52762-4 summary Tips, Secrets and Solutions. I've read a decent number of O'Reilly titles over the years. My bookshelf for technical books is a rainbow of the various volumes, each with their wood carving style cover. I don't think in all those years I've ever read an introduction like the one in annoyances. O'Reilly authors tend to be enthusiastic about their topic and are often well known proponents of the technology discussed. I can only guess that Karp is not a huge fan of Vista. The preface begins with a section labeled "Why am I annoyed?" and that section concludes with the question, "Would Microsoft be making decisions like these if it had to compete fairly for your business?" The first sentence of the first chapter is, "Windows Vista is like a papaya: sleek on the outside, but a big mess on the inside." And Karp never lets up. Throughout the book, from start to finish, he never tries to gloss over the ugliness of Vista. This book may be hazardous to the health of Microsoft fanboys. I would imagine that too much time reading would lead to high blood pressure at the very least.

In view of the mess that is Vista, Karp informs the reader that, "Whether it goes down smoothly or gives you heartburn is up to you." The point of the book is to give the reader the information that they need to make Vista palatable. This may sound simple but it brings up what I thought was the most difficult issue for Karp. Vista Annoyances is written with a level of detail and explanation that marks it clearly for the user with casual knowledge of personal computers and how they work. Karp takes the time to explain things like what it means to zip a file, what happens when defrag is run on a hard drive, networking basics and so on. This is great for someone like me, who is sure to start getting a slew of calls from friends and family as some of them move to Vista. The problem is, many of the solutions revolve around steps that are not necessarily a good idea for the pc novice. A large portion of the solutions revolve around editing the registry. The third chapter of the book deals solely with the registry. How it works, how to navigate within it and how to alter it. For some people this could be a great route to take, for many it could lead to much more serious problems than they had in the first place.

For the technically proficient, this book will seem a bit bloated. They don't need all the explanation given for the beginner. Many of the books solutions are not just Vista specific. They give information and work arounds for Windows issues that have existed in XP and possibly back to 98. The saving grace is a thorough index. The person who buys this as a reference to help out others, or deal with some specific issue will find that the extensive index helps to not waste time working through what could feel like a lot of extra material.

I don't think this issue of complexity is necessarily the author's fault. Many of the changes users will want to make to Vista just can't be made any other way than through the registry. Where it is possible to use a programitic interface (gui or command line) Karp gives thorough and detailed instructions, with screen shots on how to do so. But for many options those tools don't exist or have been removed, leaving direct editing of the registry as the only solution left. Another issue, that is somewhat similar, is that for most home users, some of the better solutions wont be available as they wont have access to tools available in Vista Ultimate and Business editions. This isn't Karps fault again, but it means for many the book will have a lot of information that they just can't use.

Dealing with the various editions and their features is handled immediately in the first chapter. That chapter, "Get Started with Windows Vista", also covers installation. Karp goes over the various types of installs and gives tips on how to deal with failed installs, how to best set up prior to an install and how to deal with licensing. Throughout the book, Karp makes note when he is talking about a feature, choice or tool that is limited to a subset of the Vista family. Keeping track of it all can be a bit confusing. Once again, I don't really see this as a shortcoming on the part of the author. It's just the nature of the beast.

The title of the second chapter threw me at first. It is, "Shell Tweaks." When I hear the word shell my mind immediately brings up bash or ksh. In this case Karp is talking about Windows Explorer. As this is the primary interface for users working with the Vista file system, the chapter holds some vital information for attaining a sane and consistent user experience. Karp points out that many of the defaults are not going to endear themselves to many users and in many cases do not make much sense. When Karp discusses explorer he explains how to modify it when opened to various folders and also in the context of the desktop and taskbar.

Karp points out many third party tools that he feels will help the user. Many are free, some are not. The tools mentioned more than any other are Creative Element's Powertools. Powertools can be downloaded for a free 45 day trial period but costs $18 to license beyond that time frame. This is important as many of Karps solutions can be managed without this software but would be very cumbersome. This is especially true of all the editing done in the registry.

The registry chapter is thorough and offers a detailed explanation of what the registry is and how it works. This material could be useful for anyone using any version of windows. The issue of trying to make Vista useful for non-technical users rears its head here quite a bit, as I mentioned. I found myself reading explanations of hex and binary as well as reading how to create a patch file for the registry. This could be useful information for me, in helping others with Windows issues. But when I consider my parents, there is no way I would want them trying out half of what is in this chapter. They would in all likelihood need a complete reinstall in no time. What reading this said to me, more than anything was that most people are going to just have to settle for Vista the way Microsoft gives it to them.

The chapter on dealing with multimedia was interesting and could prove helpful for users with less experience. There are solid explanations on codecs, players and how to get the most out of media, especially video. There is very little said about Vista and DRM. There is no mention of possible problems with hardware due to DRM. In fact the discussion on DRM was primarily limited to a short mention of Tunebite and MyFair Tunes for DRM removal. I assume that this is because finding and explaining such issues would have required a lot more time, research and hardware. Vista annoyances pretty much sticks to the basics of media use.

I had to chuckle a bit as I read the chapter on performance as many of the recommendations involve turning off much of what differentiates Vista from XP. It is useful though, as Karp explains what the configurable options are and how much one can expect in gains. He does make it clear that the initial defaults are less than ideal and it is worth the time to dig in and make adjustments. The same can be said for security and in that regard the chapters on networking and users are indispensable. Once again, getting all the tools will involve having Ultimate/Business and installing third party tools to bring Vista into line.

I've rated the book 8 out of 10. This is due to two issues. The first negative I have explained quite a bit and that is the book speaks to the novice but requires someone with more experience in many cases. While this is may not be the fault of the author and a necessity brought on by the subject matter, it still makes the book less useful. The second is that quite often I found the author bringing up points only to say that he would explain more later in the same chapter or in another chapter. This is because the chapters themselves are built around topics like performance and troubleshooting. But when Karp is working his way through each option of a menu it branches out into other topics, as many options in Vista are spread all over the place. Once again, this seems to be more of a Vista issue, but hinders learning none the less.

After finishing this book, my first thought was that I am going to do all I can to make sure that no family or friends buy a machine with Vista if possible. Service Pack 1 will address just a few of the issues that Vista brings to the table. From what I've read about it fixing activation 'loopholes' it could make some things worse. Should I find myself approached by someone who already has Vista and wants help, I would recommend this book if they have some idea of what they are doing or can learn without getting into too much trouble. For that classic parent or grandparent always brought up as an example, I think I would just tell them Visa is the way it is and hope that they adjust. If I like them enough, I'll pull this book off the shelf and head on over to help them out.

You can purchase Windows Vista Annoyances from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

r3lody writes "There are many households that have high-speed Internet connections, yet most people are simply not doing enough to protect themselves from the many exploits that exist. The Symantec Guide to Home Internet Security by Andrew Conry-Murray and Vincent Weafer was written to speak to those people. Symantec Press is the publisher, yet it remains reasonably vendor-neutral. This book is for non-technical people. Its ten chapters cover a relatively slim 240 pages, so it should not intimidate someone who is not a computer professional. Also, you do not really have to read the book front-to-back, but you can focus in on the chapter or chapters that interest you and have fairly complete information." Read on for the rest of Ray's review. The Symantec Guide to Home Internet Security author Andrew Conry-Murray and Vincent Weafer pages 240 publisher Symantec Press rating 8/10 reviewer Ray Lodato ISBN 0321356411 summary A slim volume packed with valuable information for non-technical Internet users. The first chapter gives the reader a basic overview of the risks of using the Internet without some steps to protect yourself. Fraudsters, those who ply you with get-rich-quick schemes and other spam-delivered scams, are distinguished from hijackers who compromise your machine for local data or to make it part of a “bot farm”. The remaining chapters discuss various aspects of security exposures, how to protect yourself from them, and conclude with a checklist of high points and “Helpful Resources” that contain web sites, phone numbers, and occasional additional side-bars with more in-depth examples.

The next chapter is a very informative chapter on preventing identity theft. This part of the book is worthwhile, even if you don’t use the Internet for financial transactions. The authors mention how your personal data can be stolen from company databases, despite precautions you yourself have taken. There are discussions on social engineering and dumpster-diving, as well as phishing scams and keyloggers. The best part of the chapter is the “Recovering from Identify Theft” section. Hopefully you will never need the information there, but it’s very helpful to see it collected in a simple bulleted list. The second side-bar at the end discusses a personal account of a brush with identity theft.

Chapter 3 covers firewalls, which most people think is the only protection they need. It discusses the basics of Internet Protocol (IP), and what firewalls can and can’t do. Lists of both free and commercial firewall products are provided. It wraps up with a few sites that can test your firewall settings to see if you are really protected or not. There were a couple of minor errors (for example, 192.101.432.156 is offered as an IP address, but the third number can’t be more than 255), but most non-technical people need the product lists provided.

The following two chapters cover the various forms of “malware” (viruses, worms, adware, spyware, and Trojans). Conry-Murray and Weafer provide several preventative actions you can take to avoid infection — the most important involves using your common sense (e.g. “Use a firewall” and “Don’t Open Strange E-Mail”) They wrap up by describing how to remove malware via the available anti-spyware programs.

The final category of unwanted Internet debris is spam. The authors state that for most people “spam is an annoyance rather than a plague.” However, they go on to disclose figures that estimate anywhere from 50 to 90% of the 30 billion e-mails sent each day are spam. To explain why spam works, a side-bar talks about Jeremy Jaynes, who was convicted in November 2004 for spamming. He generated about 10,000 credit card sales per month. Two-thirds of those were returned, yet he still netted more that $100,000 a month.

Chapter 7 covers securing Windows XP. At the time of publishing, Microsoft had come out with XP Service Pack 2, with the Windows Security Center. A large section deals with installing SP2 and configuring the Security Center. It’s kept at a level that most users can comprehend and follow, making it another very worthwhile chapter. The following section describes securing Internet Explorer 6 in great detail. The authors do suggest, however, that you might want to use a different browser, such as Firefox or Opera. The thinking is that Firefox and Opera will be more secure because fewer exploits are targeted towards them.

Locking down Windows and IE is not enough to keep your family safe. That’s why they devote the next chapter to “Keeping Your Family Safe Online.” Pitched mostly to parents of younger kids, chapter 8 starts by talking about blocking objectionable content using IE’s Content Adviser. Sexual predators is the next topic, and the authors give the reader good information on how to monitor your children’s online activities, as well as how to report solicitations to the authorities. The final topic revolves around file-sharing software. While they mention the prospect of downloading viruses, the legal ramification of potentially housing illegal downloads is the most important lesson to take away from this section.

Many homes are now using wireless access points. Unfortunately, poor configurations open them up for eavesdroppers and bandwidth hijackers. The simple precautions of changing and hiding the network name (SSID) and changing the password will do a lot, but encryption using WEP, WPA, or WPA2 will help a lot more. They also go into the security issues of public hotspots, including the prospect of “Evil Twins” (user computers that offer a look-alike access point just to steal your personal information).

The book wraps up with a chapter on “Privacy and the Internet.” Anyone who conducts any transactions over the Internet has their personal data stored on a computer that might be accessed online. The key precaution is to not divulge any information you don’t absolutely have to. Data Brokers collect amazing amounts of information on each of us. Three major companies, Acxiom, ChoicePoint and LexisNexis are individually described, with information on how to get reports on what information they’ve recorded, and possibly how to opt-out of having it stored.

Andrew Conry-Murray and Vincent Weafer conclude the book by giving the reader five basic steps to protect themselves online. However, I prefer their final, single simple rule: Use Your Common Sense.

The Symantec Guide to Home Internet Security, though a slim book, is packed with a lot of valuable information pitched to the non-technical user. I believe that anyone with a computer connected to the Internet would benefit from reading this book.

You can purchase The Symantec Guide to Home Internet Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Despite being perhaps the most popular Web language in use, PHP has for much of its history been criticized for not offering the full capabilities of object-oriented programming (OOP). But with the release of version 5, PHP introduced a robust object model, and made it easier for its proponents to create well-architected Web sites and applications. In turn, the new OOP capabilities have facilitated additional best practices, such as design patterns, test-driven development, continual refactoring, and HTML templates. These topics and more are explored in the book PHP in Action: Objects, Design, Agility." PHP in Action: Objects, Design, Agility author Dagfinn Reiersol, Marcus Baker, Chris Shiflett pages 552 publisher Manning Publications rating 8/10 reviewer Michael J. Ross ISBN 1932394753 summary A pragmatic guide to object-oriented PHP development. Authored by Dagfinn Reiersøl, with Marcus Baker and Chris Shiflett, the book was published on 3 July 2007 by Manning Publications, under the ISBNs 1932394753 and 978-1932394757. Its subtitle accurately reflects the major themes of the work: creating PHP applications built upon objects, utilizing Web-oriented design patterns, and incorporating agile programming techniques such as refactoring and test-driven development. Also covered are methods for effective form handling, database extraction, date and time representation, and more.

As a result of trying to adequately cover such a large number of major topics in a single book, the amount of material is considerable, and the book is certainly longer than the typical Web programming book in general, and PHP book in particular. Spanning 552 pages, the material is organized into 21 chapters, grouped into four parts: In Part 1 ("Tools and concepts"), the authors discuss PHP 5, its strengths and weaknesses, and how well it can be used with advanced programming principles; an overview of objects, exception handling, and references; visibility, abstract classes, and interfaces; effective use of classes and object-oriented design; inheritance, composition, and more on interfaces; advanced object-oriented principles; six design patterns that are especially appropriate for Web-based systems (Strategy, Adapter, Decorator, Null Object, Iterator, and Composite); and lastly, date and time handling using objects.

For developers well-versed in OOP, Part 1 may be more of a review, while Part 2 ("Testing and refactoring") could be the most valuable portion of the book. In the four chapters, the authors dig into the details of test-driven programming, refactoring, and Web testing. These chapters and all that follow take a very pragmatic approach to conveying ideas, which is consistent with the theme of Manning's "In Action" series, based upon the idea that programmers tend to learn best by reading sample code instead of generic discussion. For instance, test-driven development (TDD) is demonstrated by showing how to implement database transactions, a contact manager, and e-mail functionality. Mock objects and top-down testing are illustrated through the creation of an e-mail class, and further extended with a discussion of faking the mail server. Given that testing is the primary theme of the entire part, one might expect a more lengthy discussion of TDD, but Reiersøl correctly notes that this particular book is not trying to replace the many manuscripts and articles already published on agile development; also, the database examples adequately demonstrate the general principles discussed prior. The chapter on refactoring is well worth reading, and touches upon the controversial topic of how much one's PHP code should be separated from the HTML code — a topic later revisited in the chapter on templates. Also explored is a topic critical to maintenance programmers — refactoring versus rewriting. Two different testing frameworks are discussed, PHPUnit and SimpleTest; the latter is used throughout the book. The final chapter in this part explains how to test Web pages programmatically, by faking interaction, and other techniques. The chapter ends with a section providing steps on how to deal with "the horror of legacy code," when the unfortunate programmer has inherited a nightmare of a live Web site.

The third part of the book, "Building the web interface," begins with an examination of templates, the arguments for and against them, and three of the most commonly used template engines: Smarty, PHPTAL, and XSLT. One of the previously discussed design patterns, Composite, is utilized for combining templates to create complex Web pages. The chapter on user interaction makes use of the Model-View-Controller architecture, with the subsequent chapter delving deeper into the topic of controllers for Web pages. The next two chapters cover an area of site development that is a frequent cause of uncertainty, "bandage coding," and security risks: user forms and input validation. The book's coverage of the PEAR package HTML_QuickForm, alone makes it worth reading. Part 3 concludes with a chapter on abstracting database resources through objects and the Singleton pattern.

The fourth and last part of the book ("Databases and infrastructure") is relatively brief, comprising two chapters on marrying SQL with object orientation. The authors present a number of techniques for shoehorning SQL transactions into object-based code, including encapsulating queries inside of methods, building SQL statements dynamically, substituting SQL elements such as column and table names, using SQL aliases, and using SqlGenerator.

It is clear that the lead author, Dagfinn Reiersøl, has put a tremendous amount of time (three years, as noted in the preface) and effort into creating this work. The discussions are wide-ranging and in-depth, and there is just enough sample code to illustrate the ideas being discussed and also break up the visual monotony. The illustrations are limited in number, and consist mostly of class diagrams and UML sequence diagrams. Overall, the treatment of each topic clearly reveals that he has considerable experience with them, and has given thought to the pros and cons of some possible approaches, though not all of them.

However, there are still some weaknesses in the book. For example, in all of the material discussing how to separate the SQL code from the PHP code, I found no mention of stored procedures, such as those made possible in MySQL. All of the sample code appeared to be solid, though there was no clear reason for the inconsistent use of print() versus echo() is different code samples. All of the chapter summaries could be excised without any loss of value, and many of the chapter introductions could be eliminated as well or condensed.

On a more mechanical level, the book had many minor weaknesses: It was not encouraging to see the first erratum even before reaching page 1: "raising own level" on page xix, in the second paragraph. Readers may initially be confused by such attributions as "Uncle Bob [Uncle Bob]" (on page 77). In a future edition, it should be explained that names in square brackets are biographical references listed in the Resources section, which follows Appendix B. In the first sentence in Chapter 12, the reference to "Jackass" will probably be confusing to many readers — particularly non-Americans — and is not in the best of taste. In the text and the table of contents, the chapter and part titles are written in sentence case, instead of title case, for no obvious reason. It is not clear whether this is meant as an unsuccessful attempt at literary hipness, or just an unfortunate reflection of the current text messaging generation, which is eschewing rules of grammar that for centuries have made text easier to read. Finally, there was one problem in the production of the book, and not its writing: Several of the pages had light brown spots on them that were apparently part of the paper, and not a result of post-production staining. But these may be limited to my particular (brand-new) copy of the book.

Readers interested in learning more about the book could start at the publisher's Web page, which features an online table of contents and index, all of the book's source code, two sample chapters (7 and 21) in PDF format, and a link for purchasing the electronic version of the book, also as a PDF file. Any road/code warriors who do development on their laptops, on the go, will appreciate having this book readily available.

Yet most of these objections are minor and easily fixable, and do not detract from the value of this book. I especially liked the depth of experience brought to each topic, and the authors' consideration of differing viewpoints. PHP in Action is a competent, engaging, and detailed discussion of object-oriented and agile programming principles that can help PHP developers boost their effectiveness and the quality of their code.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase PHP in Action: Objects, Design, Agility from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "First the good news — in a fascinating and timely new book Geekonomics: The Real Cost of Insecure Software, David Rice clearly and systematically shows how insecure software is a problem of epic proportions, both from an economic and safety perspective. Currently, software buyers have very little protection against insecure software and often the only recourse they have is the replacement cost of the media. For too long, software manufactures have hidden behind a virtual shield that protects them from any sort of liability, accountability or responsibility. Geekonomics attempts to stop them and can be deemed the software equivalent of Unsafe at Any Speed. That tome warned us against driving unsafe automobiles; Geekonomics does the same for insecure software." Read on for Ben's take on this book. Geekonomics: The Real Cost of Insecure Software author David Rice pages 362 publisher Addison-Wesley rating 9 reviewer Ben Rothke ISBN 978-0321477897 summary How insecure software costs money and lives Now the bad news — we live in a society that tolerates 20,000 annual alcohol-related fatalities (40% of total traffic fatalities) and cares more about Brittany Spears' antics than the national diabetes epidemic. Expecting the general public or politicians to somehow get concerned about abstract software concepts such as command injection, path manipulation, race conditions, coding errors, and myriad other software security errors, is somewhat of a pipe dream.

Geekonomics is about the lack of consumer protection in the software market and how this impacts economic and national security. Author Dave Rice considers software consumers to be akin to the proverbial crash test dummy. This combined with how little recourse consumers have for software related errors, and lack of significant financial and legal liability for the vendors, creates a scenario where computer security is failing.

Most books about software security tend to be about actual coding practices. Geekonomics focuses not on the code, but rather how insecurely written software is an infrastructure problem and an economic issue. Geekonomics has 3 main themes. First — software is becoming the foundation of modern civilization. Second — software is not sufficiently engineered to fulfill the role of foundation. And third — economic, legal and regulatory incentives are needed to change the state of insecure software.

The book notes that bad software costs the US roughly $180 billion in 2007 alone (Pete Lindstrom's take on that dollar figure). Not only that, the $180 billion might be on the low-end, and the state of software security is getting worse, not better, according the Software Engineering Institute. Additional research shows that 90% of security threats exploit known flaws in software, yet the software manufacturers remain immune to almost all of the consequences in their poorly written software. Society tolerates 90% failure rates in software due to their unawareness of the problem. Also, huge amount of software problems entice attackers who attempt to take advantage of those vulnerabilities.

The books 7 chapters are systematically written and provide a compelling case for the need for security software. The book tells of how Joseph Bazalgette, chief engineer of the city of London used formal engineering practices in the mid-1800's to deal with the city's growing sewage problem. Cement was a crucial part of the project, and the book likens the development of secure software to that of cement, that can without decades of use and abuse.

One reason software has significant security vulnerabilities as noted in chapter 2, is that software manufacturers are primarily focused on features, since each additional feature (whether they have real benefit or not) offers a compelling value proposition to the buyer. But on the other side, a lack of software security functionality and controls imposes social costs on the rest of the populace.

Chapter 4 gets into the issues of oversight, standards, licensing and regulations. Other industries have lived under the watchful eyes of regulators (FAA, FDA, SEC, et al) for decades. But software is written removed from oversight by unlicensed programmers. Regulations exist primarily to guard the health, safety and welfare of the populace, in addition to the environment. Yet oversight amongst software programmers is almost nil and this lack of oversight and immunity breeds irresponsibility. The book notes that software does not have to be perfect, but it must rise to the level of quality expected of something that is the foundation of an infrastructure. And the only way to remove the irresponsibility is to remove the immunity, which lack of regulation has created a vacuum for.

Chapter 5 gets into more detail about the need to impose liability on software manufacturers. The books premise is that increased liability will lead to a decrease in software defects, will reward socially responsible software companies, and will redistribute the costs consumers have traditionally paid for protecting software from exploitation, shifting it back to the software manufacturer, where it belongs.

Since regulations and the like are likely years or decades away, chapter 7 notes that short of litigation, contracts are the best legal option software buyers can use to leverage in address software security problems. Unfortunately, most companies do not use this contractual option to the degree they should which can benefit them.

Overall, Geekonomics is an excellent book that broaches a subject left unchartered for too long. The book though does have its flaws; its analogies to physical security (bridges, cars, highways, etc.) and safety events don't always coalesce with perfect logic. Also, the trite title may diminish the seriousness of the topic. As the book illustrates, insecure software kills people, and I am not sure a corny book title conveys the importance of the topic. But the book does bring to light significant topics about the state of software, from legal liability, licensing of computer programmers, consumers rights, and more, that are imperatives.

It is clear the regulations around the software industry are inevitable and it is doubtful that Congress will do it right, whenever they eventually get around to it. Geekonomics shows the effects that such lack of oversight has caused, and how beneficial it would have been had such oversight been there in the first place.

To someone reading this review, they may get the impression that Geekonomics is a polemic against the software industry. To a degree it is, but the reality is that it is a two-way street. Software is built for people who buy certain features. To date, security has not been one of those top features. Geekonomics notes that software manufacturers have little to no incentive to build security into their products. Post Geekonomics, let's hope that will change.

Geekonomics will create different feelings amongst different readers. The consumer may be angry and frustrated. The software vendors will know that their vacation from security is over. It's finally time for them to get to work on fixing the problem that Geekonomics has so eloquently written about.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Geekonomics: The Real Cost of Insecure Software from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "First the good news — in a fascinating and timely new book Geekonomics: The Real Cost of Insecure Software, David Rice clearly and systematically shows how insecure software is a problem of epic proportions, both from an economic and safety perspective. Currently, software buyers have very little protection against insecure software and often the only recourse they have is the replacement cost of the media. For too long, software manufactures have hidden behind a virtual shield that protects them from any sort of liability, accountability or responsibility. Geekonomics attempts to stop them and can be deemed the software equivalent of Unsafe at Any Speed. That tome warned us against driving unsafe automobiles; Geekonomics does the same for insecure software." Read on for Ben's take on this book. Geekonomics: The Real Cost of Insecure Software author David Rice pages 362 publisher Addison-Wesley rating 9 reviewer Ben Rothke ISBN 978-0321477897 summary How insecure software costs money and lives Now the bad news — we live in a society that tolerates 20,000 annual alcohol-related fatalities (40% of total traffic fatalities) and cares more about Brittany Spears' antics than the national diabetes epidemic. Expecting the general public or politicians to somehow get concerned about abstract software concepts such as command injection, path manipulation, race conditions, coding errors, and myriad other software security errors, is somewhat of a pipe dream.

Geekonomics is about the lack of consumer protection in the software market and how this impacts economic and national security. Author Dave Rice considers software consumers to be akin to the proverbial crash test dummy. This combined with how little recourse consumers have for software related errors, and lack of significant financial and legal liability for the vendors, creates a scenario where computer security is failing.

Most books about software security tend to be about actual coding practices. Geekonomics focuses not on the code, but rather how insecurely written software is an infrastructure problem and an economic issue. Geekonomics has 3 main themes. First — software is becoming the foundation of modern civilization. Second — software is not sufficiently engineered to fulfill the role of foundation. And third — economic, legal and regulatory incentives are needed to change the state of insecure software.

The book notes that bad software costs the US roughly $180 billion in 2007 alone (Pete Lindstrom's take on that dollar figure). Not only that, the $180 billion might be on the low-end, and the state of software security is getting worse, not better, according the Software Engineering Institute. Additional research shows that 90% of security threats exploit known flaws in software, yet the software manufacturers remain immune to almost all of the consequences in their poorly written software. Society tolerates 90% failure rates in software due to their unawareness of the problem. Also, huge amount of software problems entice attackers who attempt to take advantage of those vulnerabilities.

The books 7 chapters are systematically written and provide a compelling case for the need for security software. The book tells of how Joseph Bazalgette, chief engineer of the city of London used formal engineering practices in the mid-1800's to deal with the city's growing sewage problem. Cement was a crucial part of the project, and the book likens the development of secure software to that of cement, that can without decades of use and abuse.

One reason software has significant security vulnerabilities as noted in chapter 2, is that software manufacturers are primarily focused on features, since each additional feature (whether they have real benefit or not) offers a compelling value proposition to the buyer. But on the other side, a lack of software security functionality and controls imposes social costs on the rest of the populace.

Chapter 4 gets into the issues of oversight, standards, licensing and regulations. Other industries have lived under the watchful eyes of regulators (FAA, FDA, SEC, et al) for decades. But software is written removed from oversight by unlicensed programmers. Regulations exist primarily to guard the health, safety and welfare of the populace, in addition to the environment. Yet oversight amongst software programmers is almost nil and this lack of oversight and immunity breeds irresponsibility. The book notes that software does not have to be perfect, but it must rise to the level of quality expected of something that is the foundation of an infrastructure. And the only way to remove the irresponsibility is to remove the immunity, which lack of regulation has created a vacuum for.

Chapter 5 gets into more detail about the need to impose liability on software manufacturers. The books premise is that increased liability will lead to a decrease in software defects, will reward socially responsible software companies, and will redistribute the costs consumers have traditionally paid for protecting software from exploitation, shifting it back to the software manufacturer, where it belongs.

Since regulations and the like are likely years or decades away, chapter 7 notes that short of litigation, contracts are the best legal option software buyers can use to leverage in address software security problems. Unfortunately, most companies do not use this contractual option to the degree they should which can benefit them.

Overall, Geekonomics is an excellent book that broaches a subject left unchartered for too long. The book though does have its flaws; its analogies to physical security (bridges, cars, highways, etc.) and safety events don't always coalesce with perfect logic. Also, the trite title may diminish the seriousness of the topic. As the book illustrates, insecure software kills people, and I am not sure a corny book title conveys the importance of the topic. But the book does bring to light significant topics about the state of software, from legal liability, licensing of computer programmers, consumers rights, and more, that are imperatives.

It is clear the regulations around the software industry are inevitable and it is doubtful that Congress will do it right, whenever they eventually get around to it. Geekonomics shows the effects that such lack of oversight has caused, and how beneficial it would have been had such oversight been there in the first place.

To someone reading this review, they may get the impression that Geekonomics is a polemic against the software industry. To a degree it is, but the reality is that it is a two-way street. Software is built for people who buy certain features. To date, security has not been one of those top features. Geekonomics notes that software manufacturers have little to no incentive to build security into their products. Post Geekonomics, let's hope that will change.

Geekonomics will create different feelings amongst different readers. The consumer may be angry and frustrated. The software vendors will know that their vacation from security is over. It's finally time for them to get to work on fixing the problem that Geekonomics has so eloquently written about.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Geekonomics: The Real Cost of Insecure Software from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stoolpigeon writes "As a dba, I'm constantly looking to learn more about networking and system administration. Both can have quite an impact on the performance of my piece of the puzzle. A welcome addition to the materials to help me learn about networking is Carla Schroder's "Linux Networking Cookbook". This book is just right for the person like myself who enjoys learning by getting hands-on experience with the technology. The scope is wide and so someone with a great depth of networking experience may find that the treatments of each is a bit shallow. On the other hand, that wide scope means this book may hold something new, even for someone with some level of experience." Read on for the rest of JR's review. Linux Networking Cookbook author Carla Schroder pages 632 publisher O'Reilly Media Inc. rating 9 reviewer JR Peck ISBN 0-596-10248-8 summary From asterisk to zebra with easy to use recipes. This is not the kind of book that one sits and reads in the evening to gain new knowledge. I think of it more as a lab book or exercise guide. The user who has this open on the desk beside them, as they work through the 'recipes' is the one who will gain the most. The cookbook also assumes a basic level of ability in working with Linux from the command line.

The book follows a consistent format throughout the chapters. It truly is a cook book with the recipes taking the form of problems and solutions. There are eighteen chapters containing these recipes, the first chapter is a brief overview of networking in general. I think that Schroder's experience in implementing Linux networks or working with Linux in heterogenous networks really shows in the types of solutions and scenarios presented in the book.

Often as I worked through exercises, I kept thinking that what this book gave me was what I would have after hours of Googling and sifting through the results. Schroder has boiled that kind of hunting down to the necessary steps from installation, through configuration and use. For the person who values their time, or is not sure where to start searching for answers, this is a great resource.

The limitation of a recipe format is that modifying the solution or moving away from the detailed plan requires more experience and knowledge the further the reader departs from the given formula. Schroder has dealt with this issue in many chapters by giving instructions appropriate to Fedora and Debian. There are a couple exceptions to this which I will explain below.

I think that a strength of the book is that Schroder has not limited herself to desktop PC hardware. She is presenting a true overview of networking and so if the reader intends to work through every solution in the book, they are going to need to purchase some hardware. Some may object to this, and it is not absolutely necessary. Someone with enough experience or willing to do the research could shift things around and use say, an old desktop machine, but at that point they would be really doing things on their own and not needing the book.

There are 2 chapters that focus on building network devices with Pyramid Linux on a Single-Board computer. The hardware Schroder uses to write the solutions is a Soekris 4521, which retails for about $150. I think it is good that a person who might want to use this book knows that up front. To me, this is a much more economical solution than suggesting that one get their hands on a commercial device, and allows much more flexibility. Schroder could have shied away from asking for the reader to go to this step, but I think the choice reflects her commitment to making the book useful in real world situations.

The chapter on building an Asterisk VoIP system would probably also work best with some nice headphone/microphone sets that may be a necessary purchase for many. They are not required, a soundcard, microphone and speakers would work as well.

Having parallel solutions for Fedora and Debian side by side is very nice. After each solution there is also discussion of pertinent issues and reference to applicable resources. The other resources include pointing out appropriate man pages, web sites and other books. Schroder's style throughout is relaxed and very succinct. The nineteen chapters do cover such a wide array of technologies and issues, this book could easily be twice as large if she were wordy, instead it is very portable.

The chapters on network devices, routing, network monitoring and using linux to manage a network would be most valuable I think to network administrators or the person wearing that hat in a smaller shop. The chapters that revolve around connecting to systems remotely and using linux to manage windows machines could be a real boon to anyone who works in a mixed environment that includes more than just Linux machines. I've found all of it to be of value because I interact with all these pieces every day. It is nice to have a better grasp of how subnets are built and how routers work. I look forward to not relying on a gui or searching endless forums to get a good grasp on managing my iptables firewall.

Following the body, the book has three appendices. The first is a list of other resources. This is primarily other O'Reilly books, but there are books from other publishers and some resources available on the web. The second is a glossary of networking terms. The most useful to me was the third, a kernel building reference. I found the index to be decent. It isn't great, but it isn't bad either. The book comes with free access to it through Safari for 45 days, I thought that was a nice plus. O'Reilly has all of the examples available for download and the author's website is also a good launch point for related articles and information.

Slashdot often posts questions about Linux training. This book is a great way for the self learner to have a relatively unobtrusive guide while they gain direct experience in networking. Reading it alone wont do it, and there is still much to learn after completing each exercise, but a large part of the core competencies are there and thoroughly covered. I think there is also a lot here for that reader who has lobbied to get Linux in the door and now faces the task of getting their Linux machine to play nice with the rest of the network.

You can purchase Linux Networking Cookbook from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

kabz writes "Refactoring (as I'll refer to the book from here on in) is a heavy and beautifully produced 418 page hardback book. The author is a UK-based independent consultant who has worked on many large systems and has written several other books including UML-Distilled. Refactoring is a self-help book in the tradition of Code Complete by Steve McConnell. It defines its audience clearly as working programmers and provides a set of problems, a practical and easily followed set of remedies and a rationale for applying those techniques." Read below for the rest of Johnathan's review. Refactoring: Improving the Design of Existing Code author Martin Fowler with Kent Beck, John Brant, William Opdyke and Don Roberts. pages 431 publisher Addison-Wesley rating 9/10 reviewer Jonathan Watmough ISBN 0201485672 summary expands and formalizes the idea of applying explicit refactorings Code refactoring is the process of restructuring code in a controlled way to improve the structure and clarity of code, whilst maintaining the meaning of the code being restructured. Many maintenance problems stem from poorly written code that has become overly complex, where objects are overly familiar with each other, and where solutions implemented expeditiously contribute to the software being hard to understand and hard to add features to.

Typically refactorings are applied over a testable or local scope, with existing behavior being preserved. Refactoring as defined in this book is not about fixing bad designs, but instead should be applied at lower levels.

Testing a la Extreme Programming is emphasized as a control for ensuring that program meaning is not changed by refactoring. It is not over emphasized, and this is not a book about testing, but it is often mentioned and stays in the background through the book.

The refactorings presented in the book are not intended as a comprehensive solution for all problems, but they do offer a means to regain control of software that has been implemented poorly, or where maintenance has been shown to simply replace old bugs with newer ones.

The book is divided into two main sections, introductory material that introduces and discusses refactorings, and a lengthy taxonomy of refactorings that includes both examples and further discussion. The introductory material consists of a long worked example through simple Java code that implements printing a statement for a video store. Despite the simplicity of the code, Fowler shows in clear detail where improvements can be made, and how those improvements make the code both impressively easy to understand, and easy to maintain and add features.

Several key refactorings are demonstrated in the opening chapter including Extract Method, Move Method and Replace Conditional with Polymorphism. This is a book about programming in the object oriented paradigm, so as you might expect, the first two refactorings refer to extracting and moving object methods either into new methods, or between objects. The third example provides a means to replace special cased behavior in a single object type by deriving a sub type of the object and moving type specific code to the sub types. This is a fundamental technique in object oriented programming, and is discussed here in practical terms.

Now that several actual refactorings have been introduced, Fowler provides a solid and well thought-out discussion of the why's, when's and when not's of refactoring. For example, code can decay as features are added, and programmers special-case, or bodge additional functionality into existing objects. Fowler argues that the bitrot and decay makes software more unreliable, leads to bugs and can accelerate as the problem gets worse. Faced with these problems, refactoring should be used to improve local design and clean up and improve code, leading to better software, that is easier to maintain, easier to debug, and easier to improve with new features as requirements change.

However, there is a caveat, in that since software functionality should remain unchanged during refactoring, the process of refactoring consumes resources, but provides no easily measurable value. Fowler confronts this issue in a section that discusses how to communicate with managers, that you are performing refactoring work. He denies being subversive, but his conclusion is that refactoring should essentially be folded in with normal work as it improves the overall result.

This is a bit like goofing off on the basis that you'll think better after 20 minutes of fooseball. I'd definitely subscribe to that theory, but many others may not.

Kent Beck guests in Chapter Three for a review of the issues in typical software that suggest a refactoring may be needed. This chapter is entitled Bad Smells in Code, and most of the smells presented will be familiar to any reasonably experienced programmer, and they will be a great learning experience for less experienced programmers. I got the same feeling reading this chapter as I did when I first read Code Complete. Here was someone writing down names and describing problems that I had a vague unease about, but was too inexperienced to really articulate or do something about. Typically the refactorings address the same kind of issues that a code review with a skilled experienced programmer would address. Long parameter lists, too long methods, objects delving about in each others private variables, case statements, related code spread across different objects etc. None of these problems are debilitating in themselves, but added up, they lead to software that can be prone to error and difficult to maintain.

Most of the remaining substance of the book, 209 pages, is given over to a taxonomy of refactorings. These 72 refactorings are covered in detail with comprehensive simple examples presented in Java. Each refactorings is given a clear name, a number and a line or two of descriptive text. The motivation for the refactoring is then discussed, often including caveats and cautions. The mechanics of implementing the refactoring are then listed, with 1 or more (and often more) examples of implementing the refactoring. Refactorings range from the very simple to more complex examples such as Convert Procedural Design to Objects.

Due to the difficulties of reproducing large and complex sections of code, Fowler sticks with relatively simple examples. These seem to grate on him more than the reader, and he can come across as somewhat embarrassed when we look at the employee, programmer, manager pay example for the tenth time. I certainly didn't have a problem with it though.

This is a very well written and fun to read book. I personally feel that much of the material is implied by from Code Complete, but Fowler does a fantastic job of expanding and formalizing the idea of applying explicit refactorings. Much like Code Complete gave a motivation for keeping code well commented and laid out, this book presents the case for care and feeding of how to structure software. To fight bitrot and technical debt, poorly structured and unclear code should be targeted and refactored to improve structure and clarity. This gives a very real payback in terms of less required maintenance, and ease in adding features later on down the line.

Despite the fact that all the examples are in Java, the ideas are easily transferable to C++ or any procedural object oriented language. I highly recommend this book.

You can purchase Refactoring: Improving the Design of Existing Code from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

David Martinjak writes "Linux Firewalls, authored by Michael Rash and published by No Starch Press, covers five main topics: traditional packet filtering with iptables, port scan detection, snort rule translation, port knocking, and log visualization. At first I considered only skimming the chapters regarding iptables packet filtering. I have a good amount of experience with iptables, and have been running it for several years. Thankfully I decided to give the first chapter a good read. Right from the start, the book presented valuable information and pulled me in." Read on for the rest of David's review. Linux Firewalls author Michael Rash pages 336 publisher No Starch Press rating 9 reviewer David Martinjak ISBN 1-59327-141-7 summary Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel. The chapters about iptables packet filtering are crucial for any reader new to networking or firewall administration. Experienced users might pick up a tip or two, as well. Linux Firewalls contained a wealth of knowledge about packet structure in addition to a solid explanation of iptables usage. I was rather impressed by the variety of information presented in the early chapters. The book of course detailed the syntax and logistics of iptables, but also provided detailed examples of attacks at the network, transport, and application layers.

Packet filtering was followed by port scan detection. When I first started using GNU/Linux, one application in my toolbox was PortSentry. PortSentry was designed to counter-act port scans, and minimized the amount of information that could be discovered from a scan. I lost track of PortSentry for some reason, but was glad to have almost re-discovered it in a new form. PSAD is the Port Scan Attack Detector and was developed by the book's author, Michael Rash, along with contributions from the open source community.

PSAD was created as a lightweight network intrusion detection component. The book explained how PSAD can quickly react to port scans by analyzing iptables log entries; and effectively reduce the surface area exposed to the attacker. The differences between PSAD and PortSentry were also enumerated, which showed several advantages for using PSAD.

Linux Firewalls did a fantastic job of detailing how to install and configure PSAD. This seems to be par for the course with No Starch Press as each book I have read from them was meticulous with regards to installation and configuration specifics. Additionally, the topics of installing and configuring the book's other two main applications, fwsnort and fwknop, were also properly addressed.

I don't want to give away too much of the material in Linux Firewalls; so I will just say that the chapters on fwsnort, fwknop, and log visualization were all on par with the earlier sections of the book. The information did not let up at any point — there were useful examples and details throughout each chapter. Additionally, there was a good amount of consistency with regard to how the chapters progressed, and the type of information that was presented along the way. All together, Linux Firewalls was an impressive read.

There were no real disappointments with this book. The reading did get a bit tedious at times with regard to configuration specifics, but it was only due to the depth of helpful explanation. Had I been working with the applications while reading (instead of just reading), the content would have been much more relevant. In the end, however, the variety resulted in a rather impressive and enjoyable book. The coverage of psad, fwsnort, and fwknop were welcomed additions. Each of the central topics were thoroughly explained in an informative, yet engaging manner. Essentially, I did not want to stop reading.

The netfilter/iptables software is licensed under the GNU General Public License, and can be found at http://netfilter.org. The psad, fwsnort, and fwknop applications are licensed under the GNU General Public License Version 2, and can be downloaded from http://cipherdyne.org.

The publisher hosts a Web page which contains an online copy of the table of contents, portions of reviews, links to purchase the electronic and print versions of the book, and a sample chapter ("Chapter 10: Deploying fwsnort") in PDF format.

David Martinjak is a programmer, GNU/Linux addict, and the director of 2600 in Cincinnati, Ohio. He can be reached at david.martinjak@gmail.com.

You can purchase Linux Firewalls from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "Information security is a hot career area and is among the strongest fields within IT for growth and opportunity. With excellent long-term career prospects, increasing cybersecurity vulnerabilities and an increase in security & privacy regulations and legislation, the demand for security professionals is significant. Even with a bright future, that does not necessarily mean that a career in information security is right for everyone. What differentiates an excellent security professional from a mediocre one is their passion for the job. With that, IT Security Interviews Exposed is a mixed bag of a book. For those that are looking for an information security spot and have the requisite passion for the job, much of the information should already be known. For someone who lacks that passion and simply wants a security job, their lack of breadth will show and the information in the book likely won't be helpful, unless they have a photographic memory to remember all of the various data points." Read below for the rest of Ben's review. IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job author Chris Butler pages 218 publisher Wiley rating 8 reviewer Ben Rothke ISBN 0471779873 summary Good review for a pro, but not for newbies. If you find information security challenging and either want a job in the field or are looking for a better job in the field, the book will be quite valuable. But for those looking for a hot security job, their lackings will likely show through on in interview, even with the help of this book.

As to the actual content, chapter 1 provides a good overview of how to find, interview and get a security job. The chapter contains many bits of helpful information, especially to those whose job seeking skills are deficient. A good piece of advice the author's state is that one should never pay a fee for headhunting services. There are many people that call themselves recruiters, but are nothing more than fax servers who charge for the service. The burden to pay is always on the hiring firm, and a job seeker should be extremely suspicious of anyone requesting a fee to find them a position.

I would hope that in future editions of the book, the authors expand on chapter one. The chapter itself in fact could easily me made into a book in its own right. As part of the job search process, many job searchers often do not ask themselves enough fundamental questions if they are indeed in the right place in their career. Such an approach is taken by Lee Kushner, founder and CEO of the information security recruitment firm LJ Kushner and Associates. Kushner formulated the following 7 questions that every information security job candidate should ask themselves:

1. What are my long and short term plans?

2. What are my strengths and weaknesses?

3. What skills do I need to develop?

4. Have I acquired a new skill during the past year?

5. What are my most significant career accomplishments and will I soon achieve another one?

6. Have I been promoted over the past three years?

7. What investments have I made in my own career?

The other 9 chapters of the book all have the same format; an overview of the topic, and then various questions and interviewer may pose. The reality that these topics of network and security fundamentals, firewalls, regulations, wireless, security tools, and more, are essential knowledge for a security professional. Anyone trying to go through a comprehensive information security interview and wing it by reviewing the material will likely only succeed if the interviewer is inept. Anyone attempting to mimic the questions and answers in the book in a real-world interview will immediately be found to be a sham if the interviewer deviates even slightly from the script, which should be expected.

What really separates a good candidate from a great candidate is hands-on, practical and real-world security experience. Such a candidate won't need a question and answer format to showcase themselves in an interview. Their experience should shine, and not their ability to rattle of security acronyms.

If a company is serious about hiring qualified people, the interview process should not be about short technical questions and acronym definitions. It should entail an open discussion with significant give and take. Having a candidate detail their methodology for deploying and configuring a firewall should be given more credence than their ability to define the TCP the three-way handshake.

Ultimately, the efficacy of the book is in the disposition of the reader. For the security newbie who wants a crash course in security in order to quickly land a security job, heaven help the company that would hire such a person. While one should indeed not judge a book by its cover; this book's cover and title may lead some readers to think that the book is their golden ticket to a quick landing into a great career. The breadth of information that a security professional needs to know precludes and short of cramming or quick introductions. Those with a lack of security experience attempting to use this book to hide their shortcomings will only embarrass themselves on an interview.

On the other hand, for the reader who has a background in information security who wants an update on network and security fundamentals, they will find IT Security Interviews Exposed a helpful title. The book contains a plethora of valuable information written in a clear and easy to read style. In a little over 200 pages, the book is able to provide the reader with a good review of what they know or may have forgotten. Used in such a setting by such a reader makes the book a most helpful tool for the serious security professional looking to advance their career.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "Information security is a hot career area and is among the strongest fields within IT for growth and opportunity. With excellent long-term career prospects, increasing cybersecurity vulnerabilities and an increase in security & privacy regulations and legislation, the demand for security professionals is significant. Even with a bright future, that does not necessarily mean that a career in information security is right for everyone. What differentiates an excellent security professional from a mediocre one is their passion for the job. With that, IT Security Interviews Exposed is a mixed bag of a book. For those that are looking for an information security spot and have the requisite passion for the job, much of the information should already be known. For someone who lacks that passion and simply wants a security job, their lack of breadth will show and the information in the book likely won't be helpful, unless they have a photographic memory to remember all of the various data points." Read below for the rest of Ben's review. IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job author Chris Butler pages 218 publisher Wiley rating 8 reviewer Ben Rothke ISBN 0471779873 summary Good review for a pro, but not for newbies. If you find information security challenging and either want a job in the field or are looking for a better job in the field, the book will be quite valuable. But for those looking for a hot security job, their lackings will likely show through on in interview, even with the help of this book.

As to the actual content, chapter 1 provides a good overview of how to find, interview and get a security job. The chapter contains many bits of helpful information, especially to those whose job seeking skills are deficient. A good piece of advice the author's state is that one should never pay a fee for headhunting services. There are many people that call themselves recruiters, but are nothing more than fax servers who charge for the service. The burden to pay is always on the hiring firm, and a job seeker should be extremely suspicious of anyone requesting a fee to find them a position.

I would hope that in future editions of the book, the authors expand on chapter one. The chapter itself in fact could easily me made into a book in its own right. As part of the job search process, many job searchers often do not ask themselves enough fundamental questions if they are indeed in the right place in their career. Such an approach is taken by Lee Kushner, founder and CEO of the information security recruitment firm LJ Kushner and Associates. Kushner formulated the following 7 questions that every information security job candidate should ask themselves:

1. What are my long and short term plans?

2. What are my strengths and weaknesses?

3. What skills do I need to develop?

4. Have I acquired a new skill during the past year?

5. What are my most significant career accomplishments and will I soon achieve another one?

6. Have I been promoted over the past three years?

7. What investments have I made in my own career?

The other 9 chapters of the book all have the same format; an overview of the topic, and then various questions and interviewer may pose. The reality that these topics of network and security fundamentals, firewalls, regulations, wireless, security tools, and more, are essential knowledge for a security professional. Anyone trying to go through a comprehensive information security interview and wing it by reviewing the material will likely only succeed if the interviewer is inept. Anyone attempting to mimic the questions and answers in the book in a real-world interview will immediately be found to be a sham if the interviewer deviates even slightly from the script, which should be expected.

What really separates a good candidate from a great candidate is hands-on, practical and real-world security experience. Such a candidate won't need a question and answer format to showcase themselves in an interview. Their experience should shine, and not their ability to rattle of security acronyms.

If a company is serious about hiring qualified people, the interview process should not be about short technical questions and acronym definitions. It should entail an open discussion with significant give and take. Having a candidate detail their methodology for deploying and configuring a firewall should be given more credence than their ability to define the TCP the three-way handshake.

Ultimately, the efficacy of the book is in the disposition of the reader. For the security newbie who wants a crash course in security in order to quickly land a security job, heaven help the company that would hire such a person. While one should indeed not judge a book by its cover; this book's cover and title may lead some readers to think that the book is their golden ticket to a quick landing into a great career. The breadth of information that a security professional needs to know precludes and short of cramming or quick introductions. Those with a lack of security experience attempting to use this book to hide their shortcomings will only embarrass themselves on an interview.

On the other hand, for the reader who has a background in information security who wants an update on network and security fundamentals, they will find IT Security Interviews Exposed a helpful title. The book contains a plethora of valuable information written in a clear and easy to read style. In a little over 200 pages, the book is able to provide the reader with a good review of what they know or may have forgotten. Used in such a setting by such a reader makes the book a most helpful tool for the serious security professional looking to advance their career.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "For Web developers who appreciate the value of separating Web content from its presentation, Cascading Style Sheets (CSS) has proved a godsend, because it allows all of the styling of a Web site to be organized in CSS files separate from the site's semantic content, in HTML files (possibly dynamically generated). Yet to make this styling power possible, CSS must incorporate a long list of syntax elements, including hundreds of selectors, properties, and values. Thus it can be quite handy for the developer to have on hand a concise summary of CSS, such as the CSS Pocket Reference, authored by Eric A. Meyer." Read on for the rest of Michael's review. CSS Pocket Reference, 3rd Edition author Eric A. Meyer pages 168 publisher O'Reilly Media rating 8/10 reviewer Michael J. Ross ISBN 0596515057 summary A concise reference book for CSS. The book was published by O'Reilly Media on 5 October 2007, under the ISBNs 0596515057 and 978-0596515058. CSS itself has evolved along with other Web technologies, and this book is now in its third edition, having been updated to reflect the ongoing changes in CSS; the book now covers CSS2 and CSS2.1. On the book's Web page, O'Reilly offers an online table of contents, as well as ways for the visitor to view and submit errata (none as of this writing) and reviews for the book. Unlike most technical publishers, O'Reilly now makes available previews of their books' contents, in the form of a table of contents with links to the first few paragraphs of each section, including tables and illustrations.

Despite the growth in the number of elements in CSS, and the attention paid to each one of them by the author of CSS Pocket Reference, the book is still small enough to fit in a pocket, at only 168 pages. The book's material is organized into 18 unnumbered sections, preceded by some notes on the book's typographical conventions, and followed by an essential index. The bulk of the material is found in the Property Reference section. Other sections explain how to add styles to HTML and XHTML pages; CSS rule structure and style precedence, including inheritance and the cascade; element classification and display roles; visual layout; rules on floating and positioning; and table layout. Subsequent sections cover CSS value types and units, and selectors, including some of the newest additions to CSS, such as the adjacent sibling selector and the language attribute selector. Just before getting into the details on properties, Eric Meyer discusses pseudo-classes and pseudo-elements, which have made it possible for Web developers to create rather robust and attractive site navigation using CSS exclusively, without any need to resort to images and JavaScript for rollover effects and other navigation eye candy.

For each element of CSS that is covered in all of the sections mentioned above, the types of information presented to the reader can vary, depending upon the category of element. But they generally include the element's possible values, a default value, what elements it can apply to, whether it is inherited, its computed value, a brief description of the element, at least one example illustrating its usage, what browsers support it, and oftentimes a note on its usage. Consequently, this new edition of the book, like its predecessors, should prove more than adequate for most CSS reference needs.

As with any computer book, there are several ways in which this one could be improved. Any reader using the book to look up a particular element, has two possible ways of doing so: They could first consult the index, and, assuming the element is listed there, go straight to the page indicated. But most readers, knowing that the elements in each section are listed alphabetically, will probably open up the book near the front or the back, and begin flipping backward or forward, respectively, hoping to spot the element of interest as quickly as possible, given its alphabetical ordering. That individual will likely immediately spot an obvious problem with the book: The pages have no running titles (the words that indicate the first element discussed on that page, and typically listed at the very top of each page). Inclusion of such running titles in the next edition of the book, would make it much faster to use.

Another valuable addition would be some sort of table listing all of the CSS elements and their level of support within the most commonly used Web browsers and, in the case of Internet Explorer, the most commonly used versions of the browser. Also, on page 48 of the book, at the beginning of the Property Reference section, it has a subhead of "Visual Media," which suggests that there are other subheads within that section, for other media types; but I was unable to find any.

All of these problems concern the publisher's choice of material. My last criticism concerns the layout of that material in the print version of the book. Because this diminutive volume has narrow pages, and they are tightly glued together in the binding, it is imperative that the publisher of such a book provide plenty of white space in the inner margins (those closest to the binding), so the reader does not have to crack open the book too much in order to read the text closest to the binding. Repeatedly opening up the book far enough to read those inmost words, will over time weaken and eventually destroy the binding. In contrast, a small reference book like this has no need for much outer margin. Sadly, O'Reilly got it backwards with this volume, with relatively wide and useless outer margins, and inadequate inner margins.

Aside from the aforementioned flaws — all of which can be remedied in the future — CSS Pocket Reference is a compact and neatly organized gem of a book, packed with information of value to busy Web programmers.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase CSS Pocket Reference, 3rd Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Craig Maloney writes "Throughout the years, there have been many clones and re-implementations of the venerable vi editor. One variant of vi that emerged and stayed with us is VIM. Since its introduction, VIM has proven itself a worthy successor to the traditional vi editor. VIM has rightfully taken the place of standard vi implementations as the spiritual successor to vi, completely replacing the vi editor on many, if not all of the current Linux distributions. Many improvements have been made to VIM such as tabs, spell checking, folding, and many, many more. However many of these new enhancements may still remain hidden to anyone who isn't keeping up on the cutting edge of VIM development. Hacking VIM is a good resource for becoming more familiar with the new features of VIM and how to make them work best for you." Read below for the rest of Craig's review. Hacking VIM author Kim Schultz pages 210 publisher Packt Publishing rating 7/10 reviewer Craig Maloney ISBN 978-1-847190-93-2 summary A good way to wring more productivity out of an already excellent editor Hacking VIM is a short book, weighing in at a scant 210 pages. The book contains six chapters, and two appendices. The first chapter covers the history of VIM, and the lineage of vi clones that preceded it. Chapter 2 covers personalizing VIM. This chapter covers how to really take VIM and customize it for your own needs, from changing the fonts and colors for GVIM to personalizing the status bar, and using tabs. Chapter 3 deals with navigating better in VIM, whether it's in a singular file, or a group of files (which is especially important for several programming environments). Chapter 4 discusses the many productivity enhancements of VIM, such as templates, auto-completion, code folding, sessions, and the built in diff mode. Advanced formatting is covered in chapter 5, which has a few interesting tips on making code look better. Rounding out the book (and weighing in as the largest chapter of the book) is scripting VIM. VIM has excellent scripting capabilities, and this chapter covers them in great detail, from finding scripts to writing your own. Lastly, the Appendix covers some of the neat scripts available for VIM, such as a minesweeper game, and the obligatory Towers of Hanoi puzzle and mail client (because no software is considered done until it reads mail and news. :) )

Hacking VIM prefaces each tip with which version of VIM will work with each function. There were only a few instances where I noticed that a particular function was mis-marked as requiring a later version of VIM that actually worked with earlier versions. The book also contains good images which help demonstrate some of the more visual components of VIM, like tabs, folding, and the spell checker.

It is full of useful tips for getting the most out of VIM. The book is aimed at those who have already gained some familiarity with the VIM editor, and is by no means a tutorial for the novice user. There is clearly a bias in this book to the intermediate and advanced VIM users. Unfortunately, this is at odds with the first chapter, which starts with a history of the VIM editor. This wastes some of the space of the book, and would have been best used with more unique and different tips. Also, having some experience with VIM, I found certain tips weren't worth the trouble, and others quite confusing. The section on signs was a bit confusing, and I'm still unclear on why they're worth the trouble. There were several instances where I wondered what the productive benefit of a tip would be. On the other hand, I did find several tips invaluable. It's easy to overlook new functions in the CHANGELOGs, so I missed that newer versions of VIM had integrated spell-checking. Overall, Hacking VIM had enough good tips in it that I hadn't discovered on my own to make it worth the read.

Like most editors, VIM can induce editor fiddling sessions that result in little work being done, and Hacking VIM contains lots of fodder to make even the most ardent tweaker happy. Unless you carefully follow the mailing lists for VIM, and try every new feature as it is released, you might miss some really helpful productivity enhancers. My only wish for this book would be more focus on really productive tips, and less history about the other versions of vi that didn't survive. The book may have lots of "of course" items for the truly seasoned VIM user, but for those of us who don't keep up-to-date with the latest features, it is an excellent way to get more familiar with some of the truly great features that have been introduced in later VIM versions.

You can purchase Hacking VIM from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "As a content writer I was not heavily involved in the level design process at my last game industry job, but Phil Co's Level design For Games: Creating Compelling Game Experiences accompanied me to work every day. Not only is it a good introduction to the world of level design, but it also provides an excellent overview of the entire game design process." Read below for the rest of Michael's thoughts on this book. Level Design For Games: Creating Compelling Game Experiences author Phil Co pages 352 publisher New Riders rating 10 reviewer Michael Fiegel ISBN 0321375971 summary An excellent introduction to the art of game level design In the past I've been rather verbose when reviewing books about game design, as I wished to provide evidence that justified the often less than stellar score I gave the book in question. I'm pleased that I don't have to do that with this book, which as far as I can tell is a nearly flawless introduction to level design. As such, this review will be more of a recap, so as to help you decide if the book's content is right for you.

Chapter 1, "How Do You Make a Game?," discusses the game development process from Pre-Production through Gold Master by way of showing how level design fits into the overall scheme of things. Also discussed are design documents, basic level geometry, and the difference between alpha and beta, and A, B, C and D bugs (A being "fix this now" and D being "nice to have, maybe later").

Chapter 2, "Defining the Game," focuses on the various types of games on the market and the differences between them, from first-person shooters to platformers, action RPGs to MMORPGs. Also discussed in some depth are themes (fantasy, sci-fi), ESRB ratings and audience age, and system limitations.

Chapter 3, "Enemies and Obstacles: Choosing Your Challenges," is where the book really begins to get into the nitty-gritty of the level design process. This third chapter covers the placement of enemies ("mobs") and objects within the level, the types of levels (hubs, boss levels, etc.), skill trees and the application of skills to obstacles within each level.

With an idea of what needs to go where, Chapter 4, "Brainstorming Your Level Ideas," delves into the creation of concept sketches and reference images, the creation of a level's storyline, the drafting of a level description and the design of the puzzles and scripted sequences within the level (which incorporate the mobs and objects discussed previously).

Chapter 5, "Designing With a Diagram," is where all those ideas and brainstorming begin to take concrete shape. A primary concern here is the scope and order of levels within the game, particularly in terms of a player's progress through each level. Once you know where your level fits into the overall schema, the author tells you to lay it out in diagram format by creating a grid; this is not unlike a Dungeon Master carving out 10' by 10' dungeon corridors on graph paper for a D&D game. You know who you are.

Chapter 6, "The Template," introduces the reader to UnrealEd, a level editor for which a demo is provided in the back of the book. The author walks through the basics of using UnrealEd, from the basic creation of a room and the placement of an NPC within it to slightly more advanced topics such as vertex editing and static meshes. It's a fairly technical chapter, but is laid out clearly with numbered instructions and plenty of screenshots to guide the reader along.

Chapter 7, "Improving Your Level," jumps ahead in time a bit, assuming that you've already mastered the basics from Chapter 6 and have created a level template that can now be play-tested. It focuses mostly on that play-testing process and how to adjust and balance one's level based on feedback in order to make it fun and functional.

The next chapter, "Taking It to 11," is more concerned with polish and quality. Topics include architectural style, the addition of details like trim and borders, the appropriate use of textures and props, and the like. The second third of the chapter takes the reader back into UnrealEd to practice some of these skills, including the creation of new shapes and a radial building technique to create curved hallways an rounded rooms. Finally, the chapter discusses the addition of other game elements, including scripted sequences, ambient sounds and music, and other special effects such as fog.

The final chapter, "Ship It!," revisits the concept of Alpha, Beta and Gold Master in more depth, discussing optimization, the creation of zones (with an UnrealEd tutorial to help the reader along), game balance, and bug testing. It closes off with some discussion of helpful skills and practices one might pick up, including how to file a good bug, why you should archive data, and how to take good screenshots.

On the subject of screenshots, it is worth noting here that the book contains one such shot from Flagship Studio's Hellgate: London, a game which I am downloading from the EA store as I write this review, and which is scheduled for official release on Halloween, 2007. In my experience, many books on game design tend to incorporate screenshots and examples from older games, and it's rare to find a book that includes a screenshot from a game that is not only current, but as of the book's publication was yet unreleased. Indeed, most of the examples in the book are of games released in the past several years (Psychonauts, Half-Life 2, Doom 3), and this gives the book added relevance, appeal and longevity.

Aside from the more technical language involved with the UnrealEd tutorials, the book's clear language and friendly tone makes it quite accessible, even for those not of a technical persuasion. While I can't speak to how much the book would help a more experienced LD, it definitely seems appropriate for a beginner who's eager to learn the craft, or anyone interested in the game industry as a whole. I highly recommend it.

You can purchase Level Design For Games: Creating Compelling Game Experiences from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "When veteran PHP developers have specific and nontrivial functionality that they want to implement in their code, they can do so from scratch, but this can be time-consuming or essentially reinventing the wheel. They can adopt completed code posted in an online discussion forum, but such code tends to be buggy. They can use an open source library or other packaged code, but this approach can oftentimes prove to be overkill. Consequently, many developers prefer focused solutions found in PHP cookbooks, such as The PHP Anthology: 101 Essential Tips, Tricks & Hacks." Read on for the rest of Michael's review. The PHP Anthology: 101 Essential Tips, Tricks & Hacks, 2nd Edition author Davey Shafik, Matthew O'Phinney, Ligaya Turmelle, Harry Fuecks, and Ben Balbo pages 542 publisher SitePoint rating 9/10 reviewer Michael J. Ross ISBN 0975841998 summary A tasty cookbook of PHP recipes The second edition of this book was published by SitePoint on 23 October 2007, under the ISBNs 0975841998 and 978-0975841990. On the book's Web page, the publisher makes available an overview of the book, links to the authors' sites, chapter descriptions, the table of contents, the index, editorial and customer reviews, the book's sample code, and errata (there are none as of this writing). In addition, there is a link for downloading three sample chapters (2, 10, and 11), in PDF format. The pop-up window for entering an e-mail address for receiving the download link, also gives one a chance to subscribe to SitePoint's Web development newsletters.

All of the authors of The PHP Anthology — Davey Shafik, Matthew O'Phinney, Ligaya Turmelle, Harry Fuecks, and Ben Balbo — appear to have plenty of experience with the language, and probably also have spent time interacting with other PHP programmers in online forums, including SitePoint's own PHP forum. Experience reading the questions posted by programmers of all skill levels, and especially trying to answer them, can give anyone a better understanding of what are the most common challenges encountered by the typical PHP coder. In the book's preface, the authors note that, for choosing the particular problems for their book, they chose ones frequently seen in the SitePoint forum, which is likely representative of all active PHP forums.

This new edition of the book has been updated for PHP version 5, including PHP's major improvements to its implementation of classes and objects, among other aspects of the language. It is one of a growing number of PHP books that depart from the traditional tutorial and reference formats, and is instead written in the increasingly popular "cookbook style." Each section presents first a common problem that Web programmers often encounter, followed by generally complete source code that solves the problem, and commentary that explains the overall solution, along with special considerations that the programmer should watch out for in adapting the given source code to their own situation.

As seen in the majority of cookbook-style programming books, this one groups the problem-and-solution sections into chapters, of which there are 13: an introduction; working with databases using the PHP Data Objects (PDO) extension; strings; dates and times; forms, tables, and clean URLs; files; e-mail; digital images; error handling; access control; client- and server-side caching; XML and Web services; PHP coding best practices. In addition to the preface and index, the book also has four appendices: configuring PHP; a checklist for choosing a Web hosting service; a security checklist; and working with the PHP Extension and Application Repository (PEAR). In total, the book is 542 pages long, and yet it is not visually overwhelming, partly because of the large and readable font chosen by the publisher, as well as the innumerable code snippets and browser screen shots interspersed throughout the narrative.

The primary strength of this book is the significant amount of information provided to the reader, in the form of summaries of critical Web programming problems, working PHP code that addresses those problems, discussion as to why each particular approach was taken, and occasional asides that warn the reader about special difficulties that they might encounter as they implement the solutions within their own development environments and for their own projects. Some of the material may be of little interest to the average reader — such as the chapters on PDO and XML — but most of the material would be of interest and benefit to any conscientious PHP programmer. The chapters on error handling and access control are alone worth the price of the book.

However, this second edition of the book has some weaknesses that may or may not have been introduced since the first edition (which was not readily available for comparison). But none of them are overwhelming or unfixable. Firstly, a reader hoping for a well-edited book will likely become distrustful by the authors' misuse of the term "that" in place of "who." Secondly, there are far too many ambiguous comments in the first-person, e.g., "I would dare to say that..." In a book written by five authors, the reader naturally has no idea who is speaking. Thirdly, there is a fair amount of inconsistency in the formatting of the code throughout the book, including indentation and other spacing, as well as variable naming. Also, every instance of a "{" on its own line (presumably to line up vertically with the corresponding "}"), is an antiquated waste of space, since any decent programmer's editor or integrated development environment (IDE) can do brace matching automatically.

Lastly, almost all of the section titles begin with the phrase "How do I." That is fine within the body of the book, at the beginning of every section. But when dozens of these section titles are listed together in the table of contents, that phrase could be excised so each section's topic would be faster to spot, and there would be fewer unnecessary words. In fact, the section titles don't necessarily have to be posed as questions. For instance, "Using Sessions" would be just as clear as "How do I use sessions?" and faster to read.

It should be noted that this book is best suited for intermediate to advanced PHP programmers, who will certainly get the most out of it. A programmer new to PHP, who would like to begin learning the language, should start with any one of the many tutorial-style PHP books available.

For readers who prefer the portability or environmental benefits of e-books, a PDF version of The PHP Anthology is available from the publisher, on the aforesaid Web page. Any programmer who is — or anticipates — doing PHP work away from their print technical library, should definitely consider obtaining the e-book, which thus can be added to their laptop's development environment, and be readily available for quick reference. The e-book contains all of the content of the print version. It also makes good use of color, for screenshots and other illustrations, as well as using a blue background for the sample code, which is a bit easier to read than the gray used in the print version.

Overall, this new edition of The PHP Anthology offers practical solutions to many common PHP problems, clear explanations of those solutions, and working code — in print and online — that can be quickly used as is or modified as needed. PHP developers should find this book an informative and valuable part of their technical library.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase The PHP Anthology: 101 Essential Tips, Tricks & Hacks, 2nd Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Amazon's Kindle e-book may have sold out in record time, but there's still a lot of discussion about the device's merits. Neil Gaiman likes it well enough, but it's sent Robert Scoble into a fit of apoplectic rage. For a real, meaty, hands-on look at the way the device operates in everyday life, Gamers With Jobs writer Julian Murdoch has a slice of life with the Kindle. He takes us through his Thanksgiving holiday weekend with the device, noting the quirks (good and bad) that cropped up with Amazon's new toy. "Short of reading in the tub, the Kindle is easier to read in more places, positions, and situations than a physical book ... But it's far from perfect. It is expensive. The cover, which I find completely necessary, is in desperate need of more secure attachment (Velcro works great). The book selection is less-than-perfect, although I imagine this will improve with every passing day. And Amazon needs marketing help. The Kindle's launch reeked of 'get it out fast.' The big-picture marketing efforts (like video demonstrations and blurbs from authors) were great, but simple things like communicating how freakin' easy it is to get non-Amazon content on to the device, for free, remain horribly misunderstood."

necro81 writes "As reported on Engadget, Amazon's Kindle e-book reader has sold out. Charlie Rose's interview with Jeff Bezos reveals that the Kindle sold out within just 5-1/2 hours of going on sale. Amazon hasn't revealed how many it had in stock at launch, so it may just be that they didn't anticipate early demand. A check of the Kindle's product page shows that more will be rolling out starting December 3rd." Wired also has a brief head-to-head of the more prominent ebook readers and PCWorld has a review of the new gadget from Amazon.

Anita Kuno writes "On a Sunday, a fellow user-group member suggested I learn SQL. The next day, an opportunity to review Head First SQL arrived in my email. Who was I to question? Prior to opening the couriered package, I had no knowledge of SQL, I knew databases were important, and I had seen the Head First website once or twice. Now, I can design and create databases, use mySQL databases, and understand questions and accompanying code posted to forums. The credit goes to Head First SQL's style, which introduces small bits of information, supported through multiple channels (such as photos with humorous dialogue, stick-men and stick-women, and input from critical personalities whose photos and input pop up throughout the book) regular tests and exercises so the new bit of data can find a home and settle into your memory. The regularly tested pieces of information are now in my brain so I don't have to look up the basic stuff." Read below for the rest of Anita's review. Head First SQL: A Brain-Friendly Guide author Lynn Beighley pages xxxv & 571 publisher O'Reilly Media, Inc. rating 9 reviewer Anita Kuno ISBN 0-596-52684-9 summary A beginners foundation for SQL

Head First SQL is about RDBMS (databases) specifically mySQL (version 5.0 or newer) and includes features of other databases. The book defines a database, demonstrates how to navigate an existing database, and teaches how to create simple and complex databases, as well as how to let a database grow from simple to complex.

Foundational understanding of database construction and navigation is the focus. The target audience is those brand-new to the topic as well as those with an acquaintance with the subject and the need for a greater conceptual understanding of databases.

It focuses on the basics of databases, so the main information should remain pertinent until RMDBS get re-conceived. I think revisions, such as the reprint due out in December, will add to the strength of the book as typos and coding errors will be addressed.

The title accurately describes the contents and the subtitle "A Brain-Friendly Guide" describes the goal of the approach. The only requirements for working with the material are: a computer or access to one, the ability to identify your operating system, familiarity with downloading from the internet (links and instructions are provided in the book and the program mySQL community release is free (download instructions are given for Mac and Windows users, I believe that instructions for Linux are not included with the assumption Linux users can access the mySQL community release page and download the program without a play-by-play)), and the courage to learn a command line window user interface if you don't already know this.

Head First SQL is most useful to those who, like myself, have heard passing references to databases and other than knowing they are important have no grasp of what it is, means, or can do. Also, this will be a helpful tool for those who have some of the verbiage, enough to pass at a cocktail party, but who would feel the cold chill of horror if expected to design, construct, and implement a database in conjunction with any of their paid responsibilities.

This is the first book that I have read on the subject of databases and the first computer book that I have been able to finish. So much of the educational information about program x, language y, or application z, depends on a working knowledge of the other two variables. This is a great book for beginners. It talks about data types, it explains null, and then has null explain himself. It tells me the importance of the semicolon at the end. All basic stuff. All stuff that other books take for granted. Many times when I believed I wasn't absorbing anything, along came questions I could answer, a crossword I could complete and match-column-A-with-column-B exercises that demonstrated that I was actually learning much more than than I was giving myself credit for.

It includes illustrations, photos, clean layout, and bite sized pieces of information. All this comes from the goal of allowing both sides of the brain access to the information. It's exactly the kind of approach that I need to reinforce the terms and concepts as well as provide encouraging feedback to keep me progressing through the material. I'm also grateful that it entertains me and keeps me going back to finish the whole thing long after the first blush of excitement has worn away.

Links, to the mySQL program necessary to work with the material, are included in the book as well as a few other links in the appendices. The Head First website is a must in order to link to the forums, newsletter, blog and downloadable files to create various tables used in the book. Head First came out with a web app called Hands On SQL which I would encourage you to try. It won't work with all of the book's material but it is a good-looking tool.

You are welcome to read my submissions on the Head First SQL forum. My user name is anita. Also, the reprint that I mentioned above is due to be in stock as of December 3rd. I'm told by O'Reilly that it includes corrections for errata submitted thus far. Take a look at the Head First SQL homepage to download a sample chapter.

You can purchase Head First SQL from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "An award-winning science author, Gary Taubes, has written a book that pans the medical community's treatment of the obesity epidemic. What is interesting is that it looks like the medical community is behaving in a very unscientific manner. Taubes points out that the current medical orthodoxy — that consuming fat makes you fat and exercise makes you thin — has no basis in research. In fact, all the available research points in quite another, and more traditional, direction. Here's the (excellent) podcast of an interview with Taubes on CBC's 'Quirks and Quarks.' So, has medicine become a non-science? Is it mostly a non-science? Somewhat?"

Ben Rothke writes "One of the mistakes many organizations make when it comes to information security is thinking that the firewall will do it all. Management often replies incredulously to a hacking incident with the thought "but don't we have a firewall". Organizations need to realize a single appliance alone won't protect their enterprise, irrespective of what the makers of such appliances suggest and promise. A true strategy of security defense in depth is required to ensure a comprehensive level of security is implemented. Defense in depth uses multiple computer security technologies to keep organizations risks in check. One example of defense in depth is having an anti-virus and anti-spyware solution both at the user's desktop, and also at the gateway." Read on for the rest of Ben's review. End-to-End Network Security: Defense-in-Depth author Omar Santos pages 480 publisher Cisco Press rating 9 reviewer Ben Rothke ISBN 1587053322 summary Excellent and comprehensive look at how to secure a Cisco infrastructure End-to-End Network Security: Defense-in-Depth provides an in-depth look at the various issues around defense in depth. Rather than taking a very narrow approach to security, the book focuses on the comprehensive elements of designing a secure information security infrastructure that can really work to ensure an organization is protected against the many different types of threats it will face on a daily basis.

The books 12 chapters provide a broad look at the various ways in which to secure a network. Aside from a minor mistake in chapter 1 where the author confuses encryptions standards and encryption algorithms (but then again, many people make the same mistake), the book provides a clear and to the point approach to the topic at hand. After reading the book, one will have a large amount of the information needed to secure their Cisco-based network.

While it is not in the title, the book is completely centered on Cisco hardware, software, and Cisco IOS. It is a Cisco Press title written by a Cisco employee, as you would expect, it has a heavy Cisco slant. For those that do not work in a Cisco environment, the information in the book will likely be far too Cisco centric for their needs. A review of the index shows that the book provides a near A-Z overview of information security. One of the only missing letters is 'J', but then again, that would require writing about Juniper.

Chapter 1 starts off with a detailed overview of the fundamentals of network security technologies. Chapter 2 details the various security frameworks and methodologies around securing network devices. The six-step methodology that the author writes of is comprised of preparation, identification, classification, traceback, reaction and postmortem.

The author mistakenly writes that manual analysis of complex firewall policies is almost impossible because it is very time-consuming. The truth is that the time-consuming aspect does not make it impossible. It can be done, but the author is correct that the use of automated tools makes such analysis much quicker and easier.

Chapters 5 and 6 provide an excellent overview of reacting to information security incidents. The chapters cover all of the necessary details, from laws, log finals, postmortem and more.

Chapter 9 provides and extensive overview of the various elements of IPT security. It includes various ways to protect the many parts of a Cisco IPT infrastructure. In this chapter and the others, the author does a very good job of detailing the various configurations steps necessary to secure a Cisco device, both at the graphical level and also at the ISO command line level.

Chapter 12 concludes the book with 3 case studies of using defense in depth a small, medium and large enterprise networks. Different size networks have different requirements and constraints and are not secured in the same manner.

Overall, End-to-End Network Security: Defense-in-Depth is an excellent and comprehensive book on how to secure a Cisco infrastructure. It details the many threats such an environment will face, and lists countermeasures to mitigate each of those threats. Anyone involved in securing Cisco-based networks will find this book to be quite helpful in their effort to secure their network.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase End-to-End Network Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "One of the mistakes many organizations make when it comes to information security is thinking that the firewall will do it all. Management often replies incredulously to a hacking incident with the thought "but don't we have a firewall". Organizations need to realize a single appliance alone won't protect their enterprise, irrespective of what the makers of such appliances suggest and promise. A true strategy of security defense in depth is required to ensure a comprehensive level of security is implemented. Defense in depth uses multiple computer security technologies to keep organizations risks in check. One example of defense in depth is having an anti-virus and anti-spyware solution both at the user's desktop, and also at the gateway." Read on for the rest of Ben's review. End-to-End Network Security: Defense-in-Depth author Omar Santos pages 480 publisher Cisco Press rating 9 reviewer Ben Rothke ISBN 1587053322 summary Excellent and comprehensive look at how to secure a Cisco infrastructure End-to-End Network Security: Defense-in-Depth provides an in-depth look at the various issues around defense in depth. Rather than taking a very narrow approach to security, the book focuses on the comprehensive elements of designing a secure information security infrastructure that can really work to ensure an organization is protected against the many different types of threats it will face on a daily basis.

The books 12 chapters provide a broad look at the various ways in which to secure a network. Aside from a minor mistake in chapter 1 where the author confuses encryptions standards and encryption algorithms (but then again, many people make the same mistake), the book provides a clear and to the point approach to the topic at hand. After reading the book, one will have a large amount of the information needed to secure their Cisco-based network.

While it is not in the title, the book is completely centered on Cisco hardware, software, and Cisco IOS. It is a Cisco Press title written by a Cisco employee, as you would expect, it has a heavy Cisco slant. For those that do not work in a Cisco environment, the information in the book will likely be far too Cisco centric for their needs. A review of the index shows that the book provides a near A-Z overview of information security. One of the only missing letters is 'J', but then again, that would require writing about Juniper.

Chapter 1 starts off with a detailed overview of the fundamentals of network security technologies. Chapter 2 details the various security frameworks and methodologies around securing network devices. The six-step methodology that the author writes of is comprised of preparation, identification, classification, traceback, reaction and postmortem.

The author mistakenly writes that manual analysis of complex firewall policies is almost impossible because it is very time-consuming. The truth is that the time-consuming aspect does not make it impossible. It can be done, but the author is correct that the use of automated tools makes such analysis much quicker and easier.

Chapters 5 and 6 provide an excellent overview of reacting to information security incidents. The chapters cover all of the necessary details, from laws, log finals, postmortem and more.

Chapter 9 provides and extensive overview of the various elements of IPT security. It includes various ways to protect the many parts of a Cisco IPT infrastructure. In this chapter and the others, the author does a very good job of detailing the various configurations steps necessary to secure a Cisco device, both at the graphical level and also at the ISO command line level.

Chapter 12 concludes the book with 3 case studies of using defense in depth a small, medium and large enterprise networks. Different size networks have different requirements and constraints and are not secured in the same manner.

Overall, End-to-End Network Security: Defense-in-Depth is an excellent and comprehensive book on how to secure a Cisco infrastructure. It details the many threats such an environment will face, and lists countermeasures to mitigate each of those threats. Anyone involved in securing Cisco-based networks will find this book to be quite helpful in their effort to secure their network.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase End-to-End Network Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Among the hundreds of content management systems (CMSs) available for building Web sites, Plone may not be the most popular; but for the majority of experienced Python developers, it is without equal. This is partly due to Plone being one of the few major CMSs written in Python, and partly due to its powerful extensibility. Customizing and extending Plone, however, are not for the faint of heart. Fortunately, help is at hand, in Professional Plone Development, a book written by seasoned Plone developer Martin Aspeli." Read below for the rest Of Michael's review. Professional Plone Development author Martin Aspeli pages 420 publisher Packt Publishing rating 7/10 reviewer Michael J. Ross ISBN 1847191983 summary A practical exploration of how to extend the CMS Plone. Professional Plone Development was put out by Packt Publishing, on 26 September 2007, under the ISBNs 1847191983 and 978-1847191984. On the book's Web page, visitors can order a copy of the book (more on this later), download the sample source code found in the book, submit feedback, ask questions of the publisher, and download a sample chapter — specifically, Chapter 2, which presents the case study used by the author. For anyone who wants to get the most out of this book, downloading and working through the sample code would be extremely valuable.

The book's material is organized into 19 chapters, spanning 420 pages — despite what is reported on the publisher's Web page, which as of this writing indicates that the book comprises 300 pages. The book's chapters are grouped into four parts. The first one, the briefest, sets the stage for what follows, by presenting a context for Plone development, including the CMS's history, its competition, its use as a stand-alone application versus use as a framework, and other foundational matters. It also introduces the case study — a cinema chain's Web site — used throughout the book to illustrate the concepts being taught. Lastly, the first part of the book covers the development environment needed by the reader to follow along, including discussion of Zope, which is an open source application server designed for creating CMSs and other Web-based applications.

The second part of the book covers Plone customization: basic concepts, laying out a site's strategy, security and workflow issues, add-on products, and creating a new theme. The book's third part, the longest, covers how to extend Plone with new functionality: Zope programming essentials, custom content types, standalone views and forms, working with a relational databases, user management, creating user interfaces with KSS, and more. The fourth and last part of the book addresses real world deployment of one's extensions, including Zope server management, production server setup, LDAP authentication, and possibilities for the future. Unlike most technical books, the author provides at the end a brief yet worthwhile section on where the reader can go next to learn more along the same lines as the book. The brevity of the section is certainly not from a lack of knowledge or helpfulness on the part of the author, but rather the dearth of information available to developers interested in learning about how to extend Plone.

There's a great deal to like about this book. The author clearly possesses the expertise and experience needed for providing instruction on a challenging topic such as this. His explanations are not abbreviated, as seen in so many other technical monographs. Furthermore, most programmers learn best by viewing and mentally dissecting sample code. For such people, Martin Aspeli's practical approach — focusing on a substantial sample application — will prove more engaging and instructive than the made-up and oftentimes overly simplistic examples found in many computer programming books — including the increasingly popular cookbook titles. On the other hand, by placing almost all of the discussion within the framework of a single sample application, the author diminishes the potential of the book for reference purposes. To benefit the most from this book, the reader definitely would want to work through all of the chapters, in detail, and in the order presented.

In presenting the many steps of creating the case study application, the author provides a generous amount of information on what he considers to be best practices, to make the Plone development process more reliable, and the resulting code easier to maintain and further extend in the future. The confident authority with which the author covers these principles, and the validity of the examples provided, demonstrates his knowledge of the subject matter, and reassures the reader that the author has the experience to provide reliable technical guidance.

In terms of prerequisites, readers should have a solid familiarity with Python and Plone. The book covers Plone version 3.0, but still would be of value to developers who have not yet upgraded from an earlier 2.x release.

Professional Plone Development is definitely best suited for Plone developers and administrators from the intermediate to advanced levels. However, even someone fairly new to Plone, would benefit from what it offers. In fact, carefully working through all of the material, and taking the time to really understand it, could take a developer from the beginner to the intermediate level. With further experience, subsequent rereadings of the book would likely yield further insights. It's that kind of book — meaty and in-depth, and not in any way a shallow "dummies" book.

However, there are some criticisms that should be leveled against this book, although none of them have anything to do with the writing of the author or the sample code. Rather, these are recommendations for future improvement directed to the publisher. First and foremost, the book's print on the page, is quite shiny — and not in the sense of a "Firefly" compliment. Rather, it reflects light as if the ink were extremely glossy. As a result, depending upon the placement of one's reading light, the page being viewed invariably has a large shiny spot, forcing the reader to keep rocking the book back and forth, relative to the light source, in order to shift the glare away from the section on the page that is currently being viewed. Of the hundreds if not thousands of technical books I have read, this is the only one with this type of printing, and I hope it is the last. This problem is not seen with the largest text of all, such as "Part N" at the beginning of each of the book's four major parts.

The images in the book, of which there are few, have a high degree of pixelation, which makes them look cheap, though it certainly does not make them impossible to read. As with the book's text, the pictures suffer from the same annoying shininess.

Earlier it was mentioned that the prospective reader can order a copy of the book from the publisher's Web site. However, I would not recommend this until the publisher improves the way that they package their books for shipping. Rather than enclosing the book in a plastic bag or a piece of clean wrapping paper, to protect it, the book is placed bare inside of the shipping box, in which it bounces around during transit, as it makes its way to the purchaser from the shipping/distribution facility. Consequently, the corners and edges of the book are easily curled, and the outside surfaces of the book's cover are scratched from the imperfections found in the shipping box's interior. This shows what can happen with books that are mailed with no internal protection. Publishers should not assume that what the shipping department sees when they place the book in the box, is what the customer sees days later when they receive it. Fortunately, this book is available from all major online booksellers, including the 11 firms listed on the publisher's Web page, for various countries. While this might not guarantee better protection of the book's cover, I have had far fewer similar problems with Amazon.com, for instance.

Despite these production flaws — all of which can be corrected — Professional Plone Development is a worthy addition to the library of any Plone administrator interested in making the most of their Plone installation, any Python developer who wants to create Web sites without reinventing the wheel, and any professional programmer interested in taking advantage of the growing demand for Plone developers.

Michael J. Ross is a Web developer, writer, and freelance editor.

You can purchase Professional Plone Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Craig Maloney writes "Over the long history of Linux, there have been many different distributions. One of the most famous distributions, love it or hate it, is the Ubuntu distribution. Ubuntu has come quickly from being the new kid on the block with the Warty Warthog release (4.10) to the most recent release Gutsy Gibbon (7.10). In that three year span, Ubuntu has grown from a handful of enthusiasts and developers to a thriving worldwide community. The Official Ubuntu Book is the official book from Canonical, which describes not only the Ubuntu distributions, but also the community from which Ubuntu is derived." Read below for the rest of Craig's review. The Official Ubuntu Book author Benjamin Mako Hill, Jono Bacon, et. al pages 463 publisher Prentice Hall rating 9 reviewer Craig Maloney ISBN 0-13-235413-6 summary An excellent way to get introduced to the Ubuntu distribution and community The Official Ubuntu Book is comprised of 10 main chapters covering various aspects of the Ubuntu project. The first chapter discusses a bit of the history of the Ubuntu project, as well as the relationship of Canonical to the project. Chapter 2 dives into installing Ubuntu from either the Live CD or the Alternative installation CD. Chapter 3 shows how to use the applications that ship with Ubuntu with some detail. Some of the more in-depth programs get more attention, like The GIMP and Firefox. Also covered are the basics of the GNOME interface, such as adding items to the panels, or logging off of the system. Chapter 4 covers basic system administration (printers, upgrades, file sharing), and package management. Chapter 5 introduces the Ubuntu Server variant, covering RAID, LVM, and more package management techniques. Chapter 6 deals with support issues in a question / answer format, and is a great place for readers to get some of their more common questions answered. Chapter 7 covers the Kubuntu variant of Ubuntu in more depth. Chapter 8 and 9 introduce the Ubuntu Community, and the tools that keep the Ubuntu project running. These chapters alone should be required reading for anyone with more than a passing interest in the Ubuntu project. Lastly, Chapter 10 covers the Edbuntu project, and demonstrates how to set up a LTSP network. The appendices include the Ubuntu related documents, a quick tutorial on the command line, and a great Windows / Ubuntu equivalent section for those who are looking for the best alternatives for certain Windows programs. All-in-all, The Official Ubuntu Book covers the main aspects of the Ubuntu project in a very thorough manner.

Included with the book is the Ubuntu 7.04 release (Feisty Fawn) on DVD. This is a solid release, and was current at the time the book was published. It still has 12 months active support even in light of the recent 7.10 (Gutsy Gibbon) release, and should give those looking to try Ubuntu an excellent starting point.

The biggest issue facing a book like The Official Ubuntu Book is determining a target audience. Ubuntu appeals to a wide range of people; from the newest newbie to the hardened UNIX aficionado. Making a book that speaks to both is no easy task. Fortunately, The Book does an admirable job of providing enough to keep both parties interested. New Ubuntu users will find lots of information about how to get things accomplished in Ubuntu, while seasoned UNIX user will find enough information to see what th differences are between Ubuntu and other Linux distributions. Both will find a great introduction to participating with the rest of the Ubuntu community in the later chapters of the book. Any user of Ubuntu would be well served in reviewing those chapters fora sense of what opportunities exist, and how best to participate in the community given their talents and skills. True, the chapters describing specific applications lack much depth, but the omission can be forgiven in light of the shear amount of material covered. Just learning how to navigate what is provided on the live CD could fill a tome the size of this book, leaving no room to discuss the more about the community. The Official Ubuntu Book balances between both extremes, and provides plenty of information about both the Ubuntu distribution, and the community.

The success of the Ubuntu project is due in no small part to the people who spend their time participating with other Ubuntu users. Reading the book not only gives a sense of what Ubuntu is about, but also shows how open and inviting these users are. It may not be the best tutorial for the new Linux user, but it is an excellent book for those who want to take the next step and be a part of putting together and supporting a large Linux distribution. The Official Ubuntu Book captures the spirit of the Ubuntu community well, and brings the excitement in a palpable form to the reader. I can recommend this book to new users of Ubuntu with only the caution that they may need to find other resources to learn the many new programs that ship with Ubuntu. However, I can also highly recommend this book to anyone who has even a passing interest in getting involved with the Ubuntu project, both new and experienced. The Official Ubuntu Book, much like the Ubuntu project, is an ambitious undertaking, and similarly we all benefit from their hard work.

You can purchase The Official Ubuntu Book from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

hal10001 writes "One complaint of just about any book that attempts to teach a new language or technology is a presumed level of expertise by the authors. I found it refreshing that in Learning jQuery the book begins... well, at the beginning, and increases in difficulty along with the concepts. It gives designers and entry-level interface developers the opportunity to come up to speed at an acceptable pace."Read below for the rest of Brian's thoughts on the book. Learning jQuery author Jonathan Chaffer, Karl Swedberg pages 352 publisher Packt Publishing rating 8/10 reviewer Brian Reindel ISBN 978-1-847192-50-9 summary Better Interaction Design and Web Development with Simple JavaScript Techniques While I consider the screenshots to be lacking in quality, overall, this book will definitely leave you satisfied. The essentials required to be successful at developing with jQuery are all touched upon, and the depth of explanation for each piece of code is precise and clear. You will not find yourself flipping through chapters of fluff, added only to beef up the number of pages. Each tutorial and example is carefully planned and executed.

Describing concepts in relation to any JavaScript library can be difficult. Since libraries are in fact JavaScript, it can be easy to confuse beginners. The authors are careful not to allow this to happen. This is especially apparent in Chapter 3, when highlighting the event model, event capturing and event bubbling. A clear distinction is made between browser implementations and the unique facets of jQuery. Official documentation is often wanting in these areas, and the book fills in the gaps nicely.

Throughout Learning jQuery, additional notation is included to subtly remind developers of any potential gotchas, which is a nice feature. For instance, while referencing the clone() method, it was noted that only elements of the DOM are copied, and not the events previously associated with those elements. These tips are always appreciated, since in a development environment they can prevent hours of head-scratching, and help eliminate frustration.

I was also impressed that the authors cover both JSON and XML as data-interchange formats in Chapter 6, AJAX-How to Make Your Site Buzzword-Compliant. This illustrates conformity not to a single standard, but to real-world development scenarios, where you might encounter both formats. My only complaint here is that not enough time was spent specifically on jQuery's $.ajax() method for AJAX implementations, since in my experience this tends to be more popular than the $.get() method.

The only change I would make to the format of the book would be to divide it into two parts. It is obvious that the authors intended to begin with jQuery key concepts, and then move into cookbook mode. This does happen after Chapter 6, but it would have been helpful to make that distinction more evident. If you do buy the book, be aware that in order to digest these great tutorials, that you should dedicate more time for the latter half of the book.

Finally, I would like to add that although this book does not cover jQuery v.1.2, or the UI plugin, it is still worth the purchase. If you use the latest version of jQuery, and still want to implement the same XPath selectors covered in the book, you just need to download a plugin. You will not find a better resource online for getting into the guts of the jQuery JavaScript library than you will offline reading the book Learning jQuery.

You can purchase Learning jQuery from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Martin Ecker writes "Weighing in at fifty pages short of a thousand, NVIDIA has recently released the third installment of its GPU Gems series, aptly titled "GPU Gems 3" published by Addison-Wesley Publishing. Just like the two previous books before it, GPU Gems 3 is a collection of articles by numerous authors from the game development industry, the offline rendering industry, academia, and of course NVIDIA. The 41 chapters of the book grouped into six parts discuss a wide range of topics, all dealing with recent advancements in using graphics processing units (GPUs, for short) to either render highly realistic images in real-time or do high-performance, parallel computation, an area that is called GPGPU (short for General Purpose computation on GPUs). In this latest installment of the series, the focus of a lot of the chapters is on using new hardware features of Direct3D 10-level hardware, such as NVIDIA's GeForce 8 series, to either get more realistic looking results or higher performance." Read on for the rest of Martin's review. GPU Gems 3 author Huber Nguyen (Editor) pages 942 publisher Addison-Wesley Publishing rating 9/10 reviewer Martin Ecker ISBN 0-321-51526-9 summary in-depth discussions of bleeding-edge techniques, tips, and tricks in real-time graphics and GPGPU. The book is aimed at the intermediate and advanced graphics programmer that has a solid background in computer graphics algorithms. The reader is also expected to be familiar with commonly used real-time shading languages, in particular HLSL, which is used in most of the chapters. Familiarity with graphics APIs, such as Direct3D and OpenGL, is also required to get the most out of this book.

The first part of the book is about geometry with the first chapter diving right into generating complex procedural terrains on the GPU. This interesting chapter explains the techniques behind a recent NVIDIA demo that shows very nice, 3-dimensional, procedurally generated terrain using layering of multiple octaves of 3-dimensional noise. An interesting contribution of this chapter is how the authors texture the terrain avoiding the typical, ugly texture stretching that previous techniques exhibit. This is followed by a chapter on rendering a large amount of animated characters using new Direct3D 10 features, in particular the powerful geometry instancing that is now available. The author suggests doing palette skinning by storing bone matrices in animation textures instead of the traditional way where they are stored in shader constant registers. The next chapter is in a similar vein, but uses blend shapes aka morph targets instead of skinning to animate characters. In particular, the main focus is again on how to use Direct3D 10 features to accelerate blend shapes on the GPU. Other chapters in this part of the book are on rendering and animating trees, visualizing metaballs (also useful for rendering fluids), and adaptive mesh refinement in a vertex shader.

Part two of the book deals with light and shadows. For me personally, this is one of the most exciting parts of the book with very practical techniques that we are going to see applied fairly soon in video games. The first chapter is on summed-area variance shadow maps, an extension to the popular variance shadow maps algorithm that provides nice soft shadows without aliasing artifacts. The next chapter is on GPU-based relighting, which is mostly useful for fast previewing in offline rendering. Then we move on to a nice chapter on parallel-split shadow maps, which are a way of doing dynamic, large-scale environment shadows by splitting the view frustum into different parts and having a separate shadow map for each of them. Other chapters in this part of the book are on improved shadow volumes, high-quality ambient occlusion, which is an improvement of a technique previously presented in GPU Gems 2, and volumetric light scattering.

The third part of the book is on rendering techniques and it starts with a very interesting chapter on rendering realistic skin in real-time. This chapter with its more than fifty pages is one of the longest in the book, but it definitely deserves the space. I have never seen such realistic looking skin rendered in real-time before. The result is really astonishing and the authors go into detail of all the various techniques and tricks employed to achieve it. Simply put, they take a diffuse map and apply multiple Gaussian blurs of varying kernel sizes to it. These blurred images are then linearly combined using certain weights to get an approximation to a so-called diffusion profile, which is used to visualize subsurface scattering. Of course, the devil is in the details and the technique is a bit more complicated than what I've described here. Some other chapters in this part of the book are on capturing animated facial textures and storing them efficiently using principal component analysis (PCA) as used in recent EA Sports games, animating and shading vegetation in the upcoming game Crysis, and a way of doing relief mapping without the artifacts of previous methods.

Part four starts out with a chapter on true imposters, i.e. billboards generated by raytracing through a volumetric object on the GPU. It's fairly interesting but I doubt that we'll see it in video games anytime soon because the costs of this technique seem fairly high. Another chapter is on rendering large particle systems to lower resolution, off-screen buffers and then recombining them with the framebuffer as a post process. This technique allows for rendering very fill-rate intensive particle systems with good performance. Other chapters include an appeal to make sure you do your lighting calculations in linear space and be careful when and where gamma correction needs to be applied, followed by some chapters on post processing effects, in particular motion blur and depth of field, and a chapter co-authored by Jim Blinn himself on rendering vector fonts in high quality via pixel shaders.

With part five dealing with physics simulation on the GPU we enter GPGPU territory. While a lot of the techniques in this and the following part of the book are highly interesting and innovative, I doubt we'll be seeing them applied a lot in video games in the next year or two, simply because they use up a lot of GPU processing power and GPU memory that us game developers would rather spend on doing fancy graphics. The first chapter is on doing rigid body simulation on the GPU. The author uses spherical particles to represent rigid bodies, which greatly simplifies the collision detection even between the most complex shapes. The subsequent chapter is on simulating and rendering volumetric fluids entirely on the GPU. The authors apply fluid simulation to create realistic smoke, fire, and water effects. The presented technique is based on running a fluid simulator on a voxelized 3D volume stored in 3D textures. Also solid objects that interact with the fluid are voxelized on the fly on the GPU. To render the fluid a ray-marching algorithm is used. The remaining chapters of this part of the book discuss N-body simulation, broad-phase collision detection and convex collision detection with Lemke's algorithm for the linear complementarity problem. Many chapters of this part of the book use NVIDIA's new language for doing GPGPU called CUDA and the reader is expected to be familiar with it. CUDA is both a runtime system and a language based on C that eliminates the need to have in-depth knowledge of a graphics API in order to implement GPGPU algorithms.

The final part of the book is on GPU computing with chapters that show how to apply the incredible parallel computing power of modern GPUs to classic computation problems that are not directly related to either computer graphics or physics. One chapter demonstrates how to search for virus signatures on the GPU, effectively turning your graphics card into an antivirus scanner. Another chapter shows how to do AES encryption and decryption on the GPU, which is now possible thanks to the new generation of GPUs supporting integer operations in addition to floating-point operations. Other chapters deal with generating random numbers, computing the Gaussian, and using the geometry shader introduced with Direct3D 10 to implement computer vision algorithms on the GPU that previously were not possible with vertex and pixel shaders only, such as histogram building and corner detection.

One of the features that distinguishes the GPU Gems series from other graphics books was kept for GPU Gems 3: the high quality and large number of images and diagrams. All figures in the book are in color, and there are plenty of them. The book also comes with a DVD that has the sample source code to most of the techniques discussed in the book. A lot of these programs require Direct3D 10 hardware (and as consequence Windows Vista) to run. However, for most of these, demo videos are also made available so you can see how a technique looks like without having the latest hardware or operating system. Furthermore, the book's website offers a visual table of content and three sample chapters to download in PDF format.

As with the previous two GPU Gems books, most of the chapters in this book are fairly advanced and ahead of their time. A lot of the presented techniques are not yet practical for video games on current generation GPUs, simply because they use up all the computation power and/or memory that they have to offer. However, a lot of techniques from the previous two books are now commonly used and we can expect the same to be the case for many of the techniques discussed in this book. As such, it is required reading for any serious professional working in the real-time computer graphics industry.

Martin has been involved in real-time graphics programming for more than 10 years and works as a professional game developer for High Moon Studios in sunny California.

You can purchase GPU Gems 3 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Every Internet user's impressions of a Web site is greatly affected by how quickly that site's pages are presented to the user, relative to their expectations — regardless of whether they have a broadband or narrowband connection. Web developers often assume that most page-loading performance problems originate on the back-end, and thus the developers have little control over performance on the front-end, i.e., directly in the visitor's browser. But Steve Souders, head of site performance at Yahoo, argues otherwise in his book, High Performance Web Sites: Essential Knowledge for Frontend Engineers." Read on for the rest of Michael's review. High Performance Web Sites author Steve Souders pages 168 publisher O'Reilly Media rating 9/10 reviewer Michael J. Ross ISBN 0596529309 summary 14 rules for faster Web pages The typical Web developer — particularly one well-versed in database programming — might believe that the bulk of a Web page's response time is consumed in delivering the HTML document from the Web server, and in performing other back-end tasks, such as querying a database for the values presented in the page. But the author quantitatively demonstrates that — at least for what are arguably the top 10 sites — less than 20 percent of the total response time is consumed by downloading the HTML document. Consequently, more than 80 percent of the response time is spent on front-end processing — specifically, downloading all of the components other than the HTML document itself. In turn, cutting that front-end load in half would improve the total response time by more than 40 percent. At first glance, this may seem insignificant, given how few seconds or even deciseconds it takes for the typical Web page to appear using broadband. But any delays, even a fraction of a second, accumulate in reducing the satisfaction of the user. Likewise, improved site performance not only benefits the site visitor, in terms of faster page loading, but also the site owner, with reduced bandwidth costs and happier site visitors.

Creators and maintainers of Web sites of all sizes should thus take a strong interest in the advice provided by "Chief Performance Yahoo!," in the 14 rules for improving Web site performance that he has learned in the trenches. High Performance Web Sites was published on 11 September 2007, by O'Reilly Media, under the ISBNs 0596529309 and 978-0596529307. As with all of their other titles, the publisher provides a page for the book, where visitors can purchase or register a copy of the book, or read online versions of its table of contents, index, and a sample chapter, "Rule 4: Gzip Components" (Chapter 4), as a PDF file. In addition, visitors can read or contribute reviews of the book, as well as errata — of which there are none, as of this writing. O'Reilly's site also hosts a video titled "High Performance Web Sites: 14 Rules for Faster Pages," in which the author talks about his site performance best practices.

The bulk of the book's information is contained in 14 chapters, with each one corresponding to one of the performance rules. Preceding this material are two chapters on the importance of front-end performance, and an overview of HTTP. Together these form a well-chosen springboard for launching into the performance rules. In an additional and last chapter, "Deconstructing 10 Top Sites," the author analyzes the performance of 10 major Web sites, including his own, Yahoo, to provide real-world examples of how the implementation of his performance rules could make a dramatic difference in the response times of those sites. These test results and his analysis are preceded by a discussion of page weight, response times, YSlow grading, and details on how he performed the testing. Naturally, if and when a reader peruses those sites, checking their performance at the time, the owners of those sites may have fixed most if not all of the performance problems pointed out by Steve Souders. If they have not, then they have no excuse, if only because of the publication of this book.

Each chapter begins with a brief introduction to whatever particular performance problem is addressed by that chapter's rule. Subsequent sections provide more technical detail, including the extent of the problem found on the previously mentioned 10 top Web sites. The author then explains how the rule in question solves the problem, with test results to back up the claims. For some of the rules, alternative solutions are presented, as well as the pros and cons of implementing his suggestions. For instance, in his coverage of JavaScript minification, he examines the potential downsides to this practice, including increased code maintenance costs. Every chapter ends with a restatement of the rule.

The book is a quick read compared to most technical books, and not just due to its relatively small size (168 pages), but also the writing style. Admittedly, this may be partly the result of O'Reilly's in-house and perhaps outsource editors — oftentimes the unsung heroes of publishing enterprises. This book is also valuable in that it offers the candid perspective of a Web performance expert, who never loses sight of the importance of the end-user experience. (My favorite phrase in the book, on page 38, is: "...the HTML page is the progress indicator.")

The ease of implementing the rules varies greatly. Most developers would have no difficulty putting into practice the admonition to make CSS and JavaScript files external, but would likely find it far more challenging, for instance, to use a content delivery network, if their budget puts it out of reach. In fact, differences in difficulty levels will be most apparent to the reader when he or she finishes Chapter 1 (on making fewer HTTP requests, which is straightforward) and begins reading Chapter 2 (content delivery networks).

In the book's final chapter, Steve Souders critiques the top 10 sites used as examples throughout the book, evaluating them for performance and specifically how they could improve that through the implementation of his 14 rules. In critiquing the Web site of his employer, he apparently pulls no punches — though few are needed, because the site ranks high in performance versus the others, as does Google. Such objectivity is appreciated.

For Web developers who would like to test the performance of the Web sites for which they are responsible, the author mentions in his final chapter the five primary tools that he used for evaluating the top 10 Web sites for the book, and, presumably, used for the work that he and his team do at Yahoo. These include YSlow, a tool that he created himself. Also, in Chapter 5, he briefly mentions another of his tools, sleep.cgi, a freely available Perl script that tests how delayed components affect Web pages.

As with any book, this one is not perfect — nor is any work. In Chapter 1, the author could make more clear the distinction between function and file modularization, as otherwise his discussion could confuse inexperienced programmers. In Chapter 10, the author explores the gains to be made from minifying JavaScript code, but fails to do the same for HTML files, or even explain the absence of this coverage — though he does briefly discuss minifying CSS. Lastly, the redundant restatement of the rules at the end of every chapter, can be eliminated — if only in keeping with the spirit of improving performance and efficiency by reducing reader workload.

Yet these weaknesses are inconsequential and easily fixable. The author's core ideas are clearly explained; the performance improvements are demonstrated; the book's production is excellent. High Performance Web Sites is highly recommended to all Web developers seriously interested in improving their site visitors' experiences.

Michael J. Ross is a Web developer, freelance writer, and the editor of PristinePlanet.com's free newsletter.

You can purchase High Performance Web Sites from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Jon Allen writes "A glance through any photography magazine will confirm that Adobe Photoshop is the accepted standard image editing software, offering almost unparalleled power and control over your images. However, costing more than many DSLR cameras, for non-professionals it can be a very hard purchase to justify (and of course for Linux users this is a moot point, as Photoshop is not available for their platform). Luckily, the free software community has provided us with an alternative. The GIMP, or Gnu Image Manipulation Program, offers a huge amount of the power of Photoshop but is available at no cost. Additionally GIMP is cross-platform, available for Windows, Mac, Linux, and Unix." Read below for the rest of Jon's review. GIMP 2 for Photographers author Klaus Goelker pages 185 publisher Rocky Nook / O'Reilly rating 9/10 reviewer Jon Allen ISBN 978-1-933952-03-1 summary A great book for anyone with more than a passing interest in improving their photos The one downside to using GIMP is that most magazines and photography books use Photoshop in their articles and tutorials, so if you do choose GIMP there's a bit more of a learning curve. Now once you're used to GIMP you'll find that many of Photoshop's features have equivalents, albeit with a different user interface, but getting that initial level of experience and familiarity with the software can be rather difficult. The GIMP does come with a manual, but it is really more of a reference guide and while very comprehensive it is not particularly friendly for new users. GIMP 2 for Photographers aims to rectify this.

Written clearly from a photographer's point of view (the author is a photographer who also teaches image editing), this book takes a task-oriented approach, looking at the types of editing operations that a photographer would require and then showing how to perform each task in the GIMP.

Rather helpfully, the GIMP software (for Windows, Mac, and Linux) is included on the book's accompanying CD. This means that you can follow each tutorial using the exact same version of software as the author, which really helps to build confidence that you're doing everything right.

I already have GIMP installed on OS X, so to test out the instructions in the book I performed an installation from the CD on a clean Microsoft Windows XP machine.

The exact filenames of the installation packages on the CD differ slightly from those in the accompanying README file, but the instructions in the book do list the correct files and after following this procedure the installation went without a hitch. The setup files do not ask any overly 'techie' questions, so it literally took less than 5 minutes to set up a fully working system.

As well as the GIMP application, the CD also includes all of the sample images used in the book, and for each editing tutorial the "final" image is provided so you can check your own work against the expected result.

Even more usefully, the CD contains an electronic copy of the complete book as a PDF file, so you can keep it on your laptop as a reference guide, invaluable when editing images on location (or on holiday).

I'd have to say that this is without a doubt the most useful CD I've ever received with a book. Providing the applications and example files is good, giving readers instant gratification without needing to deal with downloads and websites (which may well have changed after the book went to press). But including the complete book on the CD as well is nothing short of a masterstroke, and something I'd love to see other publishers adopt.

As for the book itself, the author takes us through basic GIMP operations — opening and saving files, cropping, resizing images, and printing. Once these basics are out of the way, the book moves on to a series of examples based on "real-life" image editing scenarios.

These examples are very well chosen, both in the fact that the vast majority of the techniques shown are genuinely useful, but also in the way that they are ordered. Each example introduces a new feature of the software, building up your knowledge as you work through the book. By the end you can expect to be skilled not only in "standard" editing — adjusting color balance, fixing red-eye, removing dust spots, and so on — but also in compositing, perspective correction, lighting and shadow effects, and building panoramic images.

Between the examples there is a good amount of more "reference" type material, with detailed descriptions of the various menus, tool bars, and dialogs you will encounter while using the software. Combined with lots of well-labelled screenshots this strikes a very good balance, ensuring that even after going through all the tutorials you'll still get value from the book as something to refer back to.

Overall the quality of the writing and general production standard is very high indeed. There are some points where it is noticeable that the book was originally published in German, but this never becomes a stumbling block to the reader's understanding. Most importantly though, the author employs the "show, don't tell" philosophy throughout which is key to successful teaching.

In conclusion, I would have no hesitation in recommending GIMP 2 for Photographers to anyone with more than a passing interest in improving their photos. And even if you already use image editing software, the book is well worth a read — I have been using GIMP for several years and still learned a great deal. The accompanying CD is the icing on the cake, making GIMP 2 for Photographers a simply essential purchase.

You can purchase GIMP 2 for Photographers from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Money plays a key role in modern life; in fact, for some people, nothing is more important than acquiring more of it. Yet most people do not know what money really is, how it is created, how its supply is expanded and contracted, and who benefits from those changes. In the United States, the central figure in this ongoing drama, is our central bank, the Federal Reserve, whose history, power, and effects are explored in G. Edward Griffin's fascinating book The Creature from Jekyll Island: A Second Look at the Federal Reserve." Read on for the rest of Michael's review. The Creature from Jekyll Island author G. Edward Griffin pages 624 publisher American Media rating 9 reviewer Michael J. Ross ISBN 0912986212 summary A compelling history and indictment of the Federal Reserve system For the citizens of the United States and several Latin American countries, the "coin of the realm" is the US dollar, which is, in simple terms, created by the Federal Reserve, a.k.a., the Fed. But who created the Federal Reserve, and why? The subjects of banking in general, and the Federal Reserve in particular, would be considered by most Americans to be dry, boring, and of little importance to their day-to-day life. But those same people are endlessly fascinated by how to make more money (with minimal effort, such as the lottery), how to spend as little of it as possible (coupons never go out of style), and how to maximize one's investment returns. Why this disconnect? Why do Americans care so little about the origins of that which they spend a third of their time pursuing, and seemingly another third spending?

Some of these "salary slaves" may understand that their money serves as a store of wealth and a medium of commercial exchange, which makes possible their daily financial transactions without the need for bartering. But, for the most part, they do not understand the critical importance of what is backing that money, if anything; how that money comes into existence, and what debt offsets it; what entities control the supply and distribution of that money; and how those changes can be used to legally steal purchasing power from victims who may not be entirely unsuspecting, but do not truly comprehend how they are getting ripped off.

The typical American, if he or she has given any thought to the matter, would consider the following statements to be true: The Federal Reserve is federal, i.e., a part of the US government. The Federal Reserve is a reserve, i.e., it has monetary savings of real value. The Federal Reserve serves the public, and is not a cartel of private banks serving itself. The US dollar has real value, i.e., it represents tangible wealth, such as gold securely stored at Fort Knox. Inflation is an increase in prices. Inflation is caused by greedy companies, not the US government or the Federal Reserve.

As G. Edward Griffin makes clear in his book, none of these beliefs are true — regardless of how well entrenched they are in our conventional "wisdom." He also explains why the US government and the Federal Reserve have their own reasons for being in no hurry to eliminate this ignorance. Yet these topics are just a small portion of what is covered in his far-ranging discussion of the theory and history of money and banking, particularly within the United States.

Spanning 624 pages, the material is organized into 26 chapters, which are grouped into six sections: "What Creature Is This?" (the Federal Reserve's shameful birth, and the shenanigans of the Fed, S&Ls, the IMF, and the World Bank), "A Crash Course on Money" (money, gold, debasement, fiat money, fractional-reserve banking, and money creation), "The New Alchemy" (the Rothschilds, J.P. Morgan, and banker financing of wars and revolutions), "A Tale of Three Banks" (America's failed experiments with central banking, and the American Civil War), "The Harvest" (the unconstitutional creation of the Federal Reserve, and its dreadful effects, including the Crash of 1929), "Time Travel into the Future" (current crises caused by central banking, how they can be reversed, future scenarios, and what the individual can do regardless). Every one of the six sections begins with a brief summary, as does every chapter, with every chapter wrapped up with a more extensive summary.

The section summaries also appear in the table of contents, which precedes a preface and the author's acknowledgments. These are followed by a delightful introduction — a piece from the British humor magazine Punch, comprising a rather telling exchange between an unusually honest banker and a soon-to-be-disillusioned bank customer. The book contains three appendices: a summary of the structure and function of the Federal Reserve system; natural laws of human behavior in economics; and whether the M-1 measure of money is subtractive or accumulative. The author also provides an index, as well as an impressive bibliography, reflecting his extensive research on the topics. In addition, the author invites readers to join Freedom Force, an organization dedicated to increasing liberty in the United States, curbing federal totalitarianism, and abolishing the Federal Reserve — all through peaceful participation in government, and the shaping of public policy starting at the grassroots level.

The Creature from Jekyll Island is published by American Media, under the ISBNs 0912986212 and 978-0912986210. It first came out in July 1994, and is now in its fourth edition, and its 19th printing. It also has Japanese and German editions, published in February 2005 and August 2006, respectively. On the book's Web page, visitors will find testimonials and comments from readers, updates to the book, a review of the book by Jane H. Ingraham of The New American, and G. Edward Griffin's response to a critique of his book by Edward Flaherty, who holds a Ph.D. in Economics. On that Web page, interested readers can order audio cassettes or CDs of the author's lecture, based upon this book, and produced in 1998.

My only criticisms of the book concern not the material itself, but its production — more specifically, the printing and layout, presumably chosen and thus fixable in the future by the publisher. The generous font size used throughout the volume, makes it easy to read; but the bold text, such as the subheads found in every chapter, is a bit rough-edged — on some pages worse than others. The subheads, already bolded, do not need to be in all uppercase; the publisher should choose one or the other. In addition, the inside margin length is a bit too small, forcing the reader to crack open the book more than should be needed, in order to comfortably read the text closest to the binding. In future editions, some of the space in the outer margin could be used to solve the problem, without any change to the words on each page, and thus the length of the book.

But aside from these minor flaws, this book is to be highly recommended. The Creature from Jekyll Island is a remarkably thorough, detailed, and challenging critique of central banking and America's latest incarnation of it, the Federal Reserve. G. Edward Griffin's precision of language, and his interweaving of the major players and their motives, makes for a most compelling historical study.

Michael J. Ross is a Web developer, freelance writer, and the editor of PristinePlanet.com's free newsletter.

You can purchase The Creature from Jekyll Island from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

LowSNR writes "Amazon this morning moved their DRM-free music store into open beta. According to the release, 'Since all our digital music downloads are DRM-free, you can play them on anything that plays mp3s including PCs, Macs(tm), iPods(tm), Zunes(tm), Zens(tm), iPhones(tm), RAZRs(tm), and BlackBerrys. Plus, our Amazon MP3 Downloader application makes it easy to add your downloads to iTunes(tm) and Windows Media Player(tm), so you can sync up your devices or burn your music to CD hassle-free.' Not to mention Linux." Of course, without DRM few of the major labels play with them.

Martin Ecker writes "The Red Book, also known as the OpenGL Programming Guide published by Addison-Wesley Professional, returns in its sixth edition with additions covering OpenGL 2.1. The Red Book, so called because of its nice, red cover, is probably the most-well known, standard introduction to the OpenGL graphics API. Let me take you on a tour through the pages of this book to see what it has to offer." Read on for the rest of Martin's review. OpenGL Programming Guide (Sixth Edition) - The Official Guide to Learning OpenGL, Version 2.1 author Dave Shreiner, Mason Woo, Jackie Neider, Tom Davis pages 862 publisher Addison-Wesley Professional rating 8/10 reviewer Martin Ecker ISBN 0-321-48100-3 summary The Red Book is the authoritative guide to OpenGL. Just as the previous, fifth edition of the book, the sixth edition is incredibly complete and thorough. It contains explanations of pretty much every feature of OpenGL, even the rarely used ones. You want to know about the fairly new occlusion query support of OpenGL? It's in this book. You want to know about the accumulation buffer and its uses? It's in this book. You want to know about the (mostly deprecated) use of indexed color buffers? It's in this book. The sixth edition also covers vertex and fragment shaders and recent additions to the GLSL, the OpenGL Shading Language, such as the preprocessor. Even though the coverage was expanded, the authoritative guide to shader programming in OpenGL still remains the Orange Book aka The OpenGL Shading Language (see my previous Slashdot review).

The Red Book is aimed at the beginning to intermediate graphics programmer that is not yet familiar with OpenGL. It assumes a basic background in computer graphics theory and working knowledge of the C programming language. The book consists of 15 chapters and 9 appendices that together span approximately 860 pages.

The first chapter gives a brief introduction to the basic concepts of OpenGL and describes the rendering pipeline model used in the API. GLUT, a cross-platform library that allows easily creating OpenGL applications, is also shortly discussed together with a program that shows GLUT in action. The following chapters proceed to explain the basic geometric primitives, such as lines and polygons, supported by OpenGL and how to render them in different positions and from different viewpoints using the various OpenGL matrix stacks. Also the basics of using colors, fixed-function lighting, framebuffer blending, and fog are discussed.

Chapter seven contains a description of display lists, a unique feature of OpenGL that allows to store OpenGL API calls for efficient multiple uses later on in a program. Chapter eight then moves on to discuss what an image is for OpenGL. Most notably this chapter now covers pixel buffer objects, a fairly recent addition to OpenGL, which the fifth edition of the book did not mention. The discussion of images in chapter eight bring us straight to chapter nine on texture mapping, one of the largest chapters in the book. This chapter discusses everything you need to know about textures, from specifying texture images in uncompressed and compressed form to applying textures to triangles using the various kinds of supported texture filters. Also depth textures and their application in the form of shadow maps and — new in the sixth edition — sRGB format textures added in OpenGL 2.1 are presented.

In chapter ten the authors discuss the buffers that make up the framebuffer, such as the color buffer, depth buffer, and stencil buffer. This chapter summarizes some of the things already presented in the earlier chapters and then describes the various framebuffer operations in more detail. Also the accumulation buffer and its uses, such as motion blur and depth of field effects, are discussed. Chapter eleven and twelve are on the tools provided by GLU, the GL utility library, in particular tesselators, quadrics, evaluators, and NURBs. GLU is nowadays rarely ever used in production code, so these chapters mostly demonstrate just how complete the Red Book is in its coverage of OpenGL. This also applies to chapter thirteen on selection and feedback, which are rarely used features, mostly because of the lack of hardware acceleration in today's GPUs (Graphics Processing Units).

Finally, chapter fourteen is a collection of topics that didn't fit into the other chapters, such as error handling and the OpenGL extension mechanism. Additionally, this chapter presents various higher level techniques and tricks, for example how to implement a simple fade effect, how to render antialiased text, and some examples of using the stencil buffer. The final chapter of the book is a discussion of the OpenGL Shading Language (GLSL, for short). In the sixth edition this chapter has been updated to version 1.20 of GLSL as required by OpenGL 2.1. Even though the OpenGL API functions required to use GLSL are presented, this is only a rough overview of how programmable shaders are used in OpenGL. For a more detailed description of GLSL the reader is referred to the Orange Book.

The book closes with quite a few appendices on the order of operations in the OpenGL rendering pipeline, the state variables that can be queried, the interaction of OpenGL with the operating system-specific windowing systems, a brief discussion of homogeneous coordinates as used in OpenGL, and some programming tips. Also a reference of the built-in GLSL variables and functions is included.

The book contains a large number of images and diagrams, all of them in black and white except for 32 color plates in the middle of the book. The illustrations are of high quality and generally help make the explained concepts and techniques easier to understand. Most of the color plates depict spheres, teapots, and other simple geometric objects, so they aren't overly eye-catching but do serve their purpose of showing what can be achieved with OpenGL.

All in all, the Red Book remains the definitive guide to OpenGL. Apart from being a good introduction, it also contains many interesting tips and tricks that make the experienced OpenGL programmer come back to it often. If you've read through the Red Book and the Orange Book in their entirety you pretty much know everything there is to know about OpenGL.

Martin has been involved in real-time graphics programming for more than 10 years and works as a professional game developer for High Moon Studios in sunny California.

You can purchase OpenGL Programming Guide (Sixth Edition) - The Official Guide to Learning OpenGL, Version 2.1 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

theodp writes "Newsweek's Steven Levy takes a look at how the baby boomer generation formed our tech landscape. Many of the realities boomers grew up with are today's metaphors, including cut-and-paste, the origin of which the 56-year-old Levy had to explain to 20-something Google employees. Levy cites two texts as crucial in pushing the boomers' vision toward power-to-the-people computing — Ted Nelson's Computer Lib/Dream Machines, which inspired Mitch Kapor, and the January 1975 Popular Electronics, which got Bill Gates jazzed. You kids might want to check out Dad's bookshelf — used copies of Computer Lib are going for $130-$225 at Amazon."

sdedeo writes "Republic.com 2.0 is an updated and reworked version of Cass Sunstein's Republic.com, which was reviewed on slashdot back in April 2001. That earlier version was written before blogger was purchased by google, before wikipedia broke "10,000th most popular" on alexa, and — most importantly for Cass — before the terrorist attacks of September 11th unleashed a torrent of political blogging that has yet to peak." Read on for the rest of Simon's review Republic.com 2.0 author Cass R. Sunstein pages 251 publisher Princeton University Press rating 8 reviewer Simon DeDeo ISBN 978-0-691-13356-0 summary Provocative but flawed Cass is one of the few people in the world who holds a senior faculty position in jurisprudence at a law school and yet can be expected to understand crucial notions of internet content creation such as versioning control, trackbacks and google juice.

I was first introduced to Cass in his 2003 book, Why Societies Need Dissent. One of the reasons for his appeal among the geek community is not only his content — he's hardly the first person to write about the internet — but also his reliance on provocative thought experiments. Notably, in Dissent, he uses one to explain why you should be suspicious of group-signed letters — an argument he modifies for Republic.com 2.0, so you won't miss it. You may dispute his applications of such arguments to the real world, but it's certainly the case that they're both new and non-trivial.

Cass is not one to beat around the bush, and one of the first things you'll encounter in Chapter One is the assertion that "the view that free speech is an 'absolute'" is "utterly implausible." I think he does himself a disservice by highlighting this and leaving the explanation to a much later chapter; Cass is opposed to "viewpoint discrimination" by the government, for example, and he's far more mild than you'd expect.

The central argument in Republic.com 2.0 is unchanged: greater control over, and filtering of, the content one receives may have adverse consequences for democracy. By this time, most slashdot readers are familiar with the basic idea — when they're not complaining about troll-ratings and slashdot group-think.

It goes like this: increasingly popular software tools allow you to filter to an unprecedented extent not only the kind of information you receive, but also its political or ideological slant. Fans of a particular idea ("open source is good", "affirmative action is anti-American", "a conservative cabal runs the United States for the benefit of corporations") can choose their news sites and blogcircles so that they will rarely, if ever, encounter the opposition except at second hand and in caricature. This is bad.

Before engaging this idea, it's worth stepping back. The internet — and the software on top of it — has often been referred to as the Platonic ideal of participatory democracy. One of Cass's points is the extent to which it's a half-truth: not every feature is faithfully reproduced, and one crucial one — the "public forum", which he uses in a technical, legal sense — is gone.

I grew up in London, and Hyde Park's Speaker's Corner was for me a touchstone of what democracy should be. Supreme Courts the world over agree, and the "public forum" — a geographical location — emerged as a space where courts could not interfere with public expressive activity. The internet is, of course, awash with such things (an unmoderated comment stream is not hard to find), but the crucial difference is that one need never see them while, in the real world, "public forums" — at least in the United States — include the streets and parks we use every day.

For Cass, the public forum extends to what he refers to as "general interest intermediaries" (GIIs): massive circulation sources that, while not granting the same rights-of-access to the public that a park does, provide regular encounters with facts and points-of-view that can be counted on to surprise the reader. My own view — one echoed by the blogosphere both right and left — is that since 9/11, more and more of these GIIs have failed us. Time after time, outlets such as the New York Times, CNN, Fox News, the New Republic and Time Magazine have not only marginalized legitimate views, but also misreported crucial facts.

While Cass provides fascinating psychological studies of how we turn towards the news that flatters us, I think that one of the reasons for the explosive growth of online communities and online reporting is not that we are polarizing ourselves in a positive-feedback runaway, but rather that more and more people are becoming aware of the structural failures of the GII.

A classic example that friends of mine on the left cite is the "cocktail party" atmosphere of the Washington journalism circuit, where criticizing too aggressively the Bush administration led to a freeze-out on interviews and insider information. (Friends on the right complain to me more often about particular arguments being frozen out.)

Cass pays insufficient attention, in my mind, to these arguments, and his view of the blogosphere is jaundiced at best. For Cass, the blogosphere is the source of urban legends, not their debunking, whereas any glance at the front page of political blogs, slashdot (or, more charmingly, snopes) will reveal plenty of debunking being done on the GII in the comments.

His evidence that blogs — and not just controlled psychological experiments — actually do elicit group polarization is disappointingly thin, and relies on over interpreted linkage studies and anecdotal evidence that show major "hubs" in the political blogging world, like instapundit, Atrios, and talkingpointsmemo, acting as strong filters that reinforce the party line. Chris Bowers and Matt Stoller (also a close friend) have done a more detailed study of linkage patterns and come to very different conclusions.

There are problems with Cass's arguments, and in the end I don't think his snapshot of the internet in 2007 holds up. He's frustrating at times and, ironically, when he frustrates the most he reminds me of a blowhard blogger. The provocative nature of his thought experiments is worth the price of admission alone, however, and his legal-historical background on the nature of free speech in deliberative democracy is fascinating reading. Pundits of the blogosphere would be remiss in not reading his book.

Simon DeDeo is a astrophysicist and literary critic. He lives in Chicago, Illinois.

You can purchase Republic.com 2.0 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

gnalre writes "Every day it seems there is a new publication of a book on perl/python/ruby. Some languages however do not seem to get that sort of attention. One of those under-represented languages is Erlang, however for the first time in 10 years a new Erlang book has been published. As someone who had a brief flirtation with Erlang long ago, I was interested to see how the language had evolved in the intervening decade. I was also curious to re-evaluate Erlang to see what solutions it offered to the present day issues of writing reliable distributed applications." Read on for the rest of Tony's review. Programming Erlang - Software For A Concurrent World author Joe Armstrong pages 515 publisher The Pragmatic Programmers rating 8/10 reviewer Tony Pedley ISBN 1-9343560-0-X summary Parallel programming the easy way

Programming Erlang — Software For A Concurrent World (ISBN 10193435600X) is part of the pragmatic programmer series. As with all the books in this series, it is available in paperback or for a reduced cost you can directly download it in PDF format (which is always useful if you spend a lot of time on the move and you do not like carrying around a dead tree with you). The book's format and layout as with all the books of this series are clear and logical.

The book is written by Joe Armstrong, who co-authored the first Erlang book a decade ago. He was also one of the originators of the Erlang language and has been directly connected to its development ever since. We can therefore be assured about the author's knowledge and insight into the language, if not his impartiality.

The book itself can be roughly split into three main sections: Getting started and Sequential programming, Concurrent Programming and Erlang libraries and advanced Erlang techniques.

In Chapter 1 the author sets out his stall of why Erlang is worthy of your attention. It's clear from this chapter that the author feels Erlang's strength lies in applications requiring an element concurrency and fault tolerance. Another emphasis is made of running Erlang on modern multi-core processors, something that was only a glint in a hardware designer's eye 10 years ago, but is rapidly becoming an issue in all areas of programming. From this chapter you also get a feel on how the author approaches his programming in that he states that he wants the reader to have fun with the language, which is a refreshing change to some language text books whose main purpose appears to be as a cure for insomnia.

Chapter 2 goes through installing Erlang and the Erlang shell (a command line environment similar to ones with languages such as perl). The chapter also starts us into the strange world of functional programming, where variables can only be given a value once (e.g you cannot do i=i+1), recursion replace loops and pattern matching replaces assignments. Fortunately the Erlang language is remarkably concise. For example there are only 4 data types. However to those coming from a purely procedural programming background the learning curve could be a steep one. Saying that the Author does a good job of leading you through the languages intricacies with examples being compared to code from languages such as Java to help keep your feet on solid programming ground.

The next 3 chapters move on to writing simple Erlang programs. As a quick aside, for anyone new to Erlang it is well worth examining the quicksort implementation described in chapter 3. Its conciseness and simplicity was one of the reasons the language won me over when I first met the language.

These chapters also cover error detection and handling. It's worth noting that Erlang has a philosophy of ensuring programs fail hard, so that bugs can be weeded out at an early stage. This idea very much defines how Erlang error handling is defined.

One criticism of the first section is Chapter 6, which describes compiling and running an Erlang program. I would have preferred that this information be covered earlier in the book or be placed in an appendix because it is probably an area you will want to reference repeatedly.

Chapter 7 is where things really get interesting and the true power of Erlang starts to come to the fore. This is where Erlang's concurrency credentials are explained. This chapter begins by providing some useful metaphors of the Erlang concurrent model, but chapter 8 is where the fun begins by describing the Erlang concurrency primitives that allow the creation of processes and the process communication methods. The author here highlights one of the language features, the Erlang light weight process. These are true processes (not threads) but take up very little in the way of resources. Indeed it is not unusual to have 1000's of such processes running in an application.

The next few chapters expand on the available concurrency primitives and how to move from concurrency on your local processor to concurrency utilizing the resources of multiple machines either on a local network or across the web. It finishes the section off by showing the example of a simple IRC application.

Chapter 12 starts the next section by looking at how to interact with the world outside the Erlang environment. First it examines how to interface an Erlang program to applications written in other languages such as C. It then goes onto to look at file and socket handling in Erlang. Chapter 15 looks at two important Erlang storage primitives ETS and DETS before we get to the OTP Erlang libraries in Chapter 16.

The OTP libraries are the standard Erlang libraries and tools. In fact the OTP libraries are worthy of a book in itself. The author highlights the section on the generic Server module as the most important section in the whole book and one to be reread until its importance has sunk in. This is because here are encapsulated many of the lessons learned in writing industrial fault-tolerant applications, such the updating of a running applications code without causing that application to miss a beat. The section is finished off by describing the Erlang distributed database (humorously named Mnesia) and then finishing it off with the example of a simple server application.

The book finishes off by looking at Erlang on multicore systems including its support for SMP. As the author states this is the leading edge of present day Erlang and is still under development.

I would like to thank the pragmatic programmers for publishing this book. Erlang's profile has been in need of highlighting for many years and hopefully this book will help. The book definitely provides a great starting point for anyone who wants to get to grips with the language and takes them to the point where they can start writing useful applications. This book is a worthy successor to the last book published and does a good job of both updating the material and explaining some of the later developments such as SMP. Anyone who has a need for writing fault tolerant applications should at least look at this book. If nothing else you will never be afraid of dealing with recursion ever again.

In many ways the book cuts off just when things are getting interesting. There are hints in the book about real world Erlang's applications and it would have been good if some of these experiences could have been expanded. Hopefully this book is the start of increased exposure for Erlang. If so then someone may get around to writing another Erlang book describing some of the advanced issues about generating robust applications. I just hope it won't take another 10 years this time.

Tony Pedley is a senior engineer specializing in real-time embedded systems. In his spare time he likes to tease windows programmers and confuse managers by telling them it would be a lot easier if we wrote it in Erlang.

You can purchase Programming Erlang - Software For A Concurrent World from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "Server-side computer languages, such as Java, possess numerous advantages over their client-side counterparts — including more robust integrated development environments (IDEs). In contrast, Web-focused languages, such as JavaScript, benefit from the global accessibility of the Internet. Bridging this gap, and leveraging the strengths of both sides, has long been an objective of the software development community — though not all attempts have been successful, e.g., Java applets. The Google Web Toolkit (GWT) is the latest attempt, and shows considerable promise, as illustrated in a new book intended to help programmers learn this new technology: GWT in Action." Read on for the rest of Michael's review GWT in Action author Robert Hanson and Adam Tacy pages 600 publisher Manning Publications rating 6 reviewer Michael J. Ross ISBN 1933988231 summary A practical introduction to programming with the Google Web Toolkit (GWT). Written by Robert Hanson and Adam Tacy, this book was published by Manning Publications on 5 June 2007, under the ISBNs 1933988231 and 978-1933988238. For any prospective reader who would like to learn more about the book, they can first try the book's Web page, where they will find online versions of the "about this book" section, table of contents, preface, and index. The publisher offers two freely downloadable chapters, "Creating the Default Application" and "Communicating with GWT-RPC," in PDF format. In addition, there is a link to purchase the book's electronic version, and a link to the author's forum, where readers can post questions about the book or GWT, and likely receive a response — perhaps even by one of the authors.

The book's 17 chapters are organized into four parts, and cover a generous number of topics: introduction to GWT; creating the default GWT application; building your own application based upon the default one; creating widgets and panels, including composite panels; processing user events; creating JSNI components; modularizing your code; communicating using GWT-RPC; client-side RPC; classic Ajax and HTML forms; using JSON for interoperability; automatically generating code; GWT's native properties; testing and deploying GWT applications; more on the inner workings of GWT itself. The book has no appendices, but a substantial index, which is essential for such a technically detailed subject area.

GWT in Action is clearly intended to be a practical and fairly comprehensive coverage of Google's new toolkit. Almost all of the GWT concepts are explained within the context of developing a substantial sample application, the Dashboard, created by the authors. The reader is encouraged to follow along as the authors build the application, thereby learning from doing — almost always an effective approach. At 600 pages, with almost none of the formatting padding found in far too many technical books nowadays, the authors have not skimped on providing the reader with a lot of information. Furthermore, their treatment of application deployment is far better than any other I have encountered.

Unfortunately, the book has many weaknesses. On an overall basis, the order of presentation is at times disjointed — seemingly dictated more by the Dashboard and less by the most logical order for someone new to GWT. Compounding the problem, the authors frequently refer to advanced topics, covered in greater detail later, and also repeat earlier information, occasionally several times. Despite promises to provide a gentle exposition, it can be difficult at times for the reader to determine if any critical steps were skipped, as a consequence of key instructions for building the sample application being spread out, and interspersed with too many references to general comments covered earlier. In turn, readers will likely find it frustrating to try to get the sample application working at each step of the development process — and not just at the end, with the complete code.

One source of these difficulties, is that in the first few chapters, the authors try to introduce too many topics all at once, and as a result do not thoroughly discuss each one in its own section. Instead, they break up the information over multiple sections, scattered throughout the book. An example of this is internationalization. Section 2.2.4 is titled "Implementing Internationalization," and yet provides almost no details, and is essentially unusable by itself. At the very least, it should mention that later sections 3.2.1 and 15.3 provide a lot more information. Furthermore, internationalization was introduced far too early in the book, and greatly complicates the process. Instead, the authors should have created a simple application using only English for the user interface, and introduce internationalization later, after fully explaining the basics of turning Java code into JavaScript functionality.

Part I of the book is the weakest of all of them, which may, sadly, turn off readers who would otherwise get to the better material later. The authors are clearly enthusiastic about the topics at hand, and the number of moving parts associated with Java/JavaScript/GWT development is certainly not trivial. Nonetheless, those initial chapters would greatly benefit from a rewrite; this would make the material more comprehensible and easier to follow, step-by-step.

We can mention some specific flaws: A book like this that is introducing a new technology, must take care to not leave the unwarned reader wondering if they have been left behind in the steps. People reading some of the earlier material may conclude that those steps have already been assumed by the authors, and will not be covered. The authors do not mention how to obtain and install GWT until page 30; that should be right up front. The authors do not appear to mention which version of GWT they used for the book. (I chose 1.3, not 1.4RC, available as of this writing). Any reader trying to follow along and implement their example application (the Dashboard) will probably find several hurdles. First of all, make sure that you have version 1.4 of GWT installed, and not 1.3.3, which does not include some of the panels and widgets used in their sample code.

In Chapter 1, they modify a "Hello world" application to create another application that shows a tic-tac-toe board that has clickable squares, but does not play the game. Chapter 2 describes this as "a fully functioning Tic-Tac-Toe application," which is like claiming a program works because it compiles. Also in Chapter 2, their discussion of development alternatives is slowed down by repetition of the same information. The sample code in the book has minor inconsistencies. For example, naming a password String "oldPass" in one method, then "old" in another, related method. There are other instances, but these give one an idea of some of the inconsistencies.

The coverage of topics is generally quite thorough, though at times verbose and redundant — particularly in Chapter 2, though it is certainly not limited to that chapter. The second and third paragraphs in Chapter 3, for instance, continue the repetitious style which is found in many places throughout the book, and likely has made it longer than necessary. In Chapter 4, the first two pages explain what widgets are, several times, and conclude with a picture of a button — as if any reader who has made it that far into the book doesn't know what a button is. The book could certainly use some trimming.

The downloadable source code is not complete. For starters, it is missing the code from Chapters 1 and 2, though admittedly none of that is too long. The code provided for Chapter 4 is just a portion of what is displayed in the book. Moreover, the directory paths in the sample code archive files, are not consistently named, and some may even be incorrect. For example, the code for Chapter 5 has a folder named "Dashboard — Chapter 4." That sort of thing does not instill confidence in the typical reader. The authors should revisit the sample code — making it complete and consistently named.

The publisher's page for the book does not appear to have a link for errata; perhaps none have been reported yet. Here are some: On page 75, in Table 3.1, in the left-hand column, "gwt-onLoadErrorFn" should instead read ""gwt:onLoadErrorFn." On page 77, in the second paragraph, the file name extension should be all lowercase, not all uppercase. On page 78, in Listing 3.6, the String parameter in the first label.setText() call should be delimited with straight quotes, not curly quotes. (Microsoft Word strikes again?!) On page 81, in the third paragraph, "comply to" should read "comply with." On pages 87 and 88, the -whitelist and -blacklist option values each contain an extraneous space before the "^." There are undoubtedly more such errata throughout the book, and can be corrected in the next edition; but these are enough to at least get an errata file started. Fortunately, none of them would lead an alert reader astray.

Even though the book could use significant reorganization and streamlining in the next edition, GWT in Action is packed with practical information on a wide range of GWT topics.

Michael J. Ross is a Web developer, freelance writer, and the editor of PristinePlanet.com's free newsletter.

You can purchase GWT in Action from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.