Slashdot Mirror

maiden_taiwan asks: "We're constructing a free groupware application by integrating well-known open source components: apache webserver, inn news server, ircd chat, scp for file transfer, etc. Unfortunately, each app has its own incompatible concept of a 'user identity.' Apache has the htpasswd module, IRC has nicknames, scp has public keys, NetNews has the poster's email address, and so forth. Has anyone managed to integrate a similar suite of apps using a single sign-on model, where a user has a single identity that is understood and carried through all these apps?"

maiden_taiwan asks: "We're constructing a free groupware application by integrating well-known open source components: apache webserver, inn news server, ircd chat, scp for file transfer, etc. Unfortunately, each app has its own incompatible concept of a 'user identity.' Apache has the htpasswd module, IRC has nicknames, scp has public keys, NetNews has the poster's email address, and so forth. Has anyone managed to integrate a similar suite of apps using a single sign-on model, where a user has a single identity that is understood and carried through all these apps?"

smarks writes "Java Development with Ant effectively shows the reader how Ant can be used as the foundation for the most complex Java software configuration solutions. The book is divided into beginner, intermediate and advanced sections, which makes it appropriate for a variety of audiences. The book has a comprehensive survey of tools that can be used with Ant such as JUnit, CheckStyle, Middlegen and XDoclet Even the experienced Ant user will find these sections helpful. Overall, Java Development with Ant is an excellent resource." Read on for the rest of Spencer's review. Java Development with Ant author Eric Hatcher, Steve Loughran pages 634 publisher Manning rating 8.5 reviewer Spencer Marks ISBN 1930110588 summary How to use Ant to meet all (or most of) your poject's software configuration needs

Pros:

• Excellent coverage of optional Ant tasks
• Good division of beginner, intermediate and advanced content
• Thorough discussion of how to use Ant to solve a variety of software configuration management situations
• Shows how to use Ant for tasks outside of typical configuration management roles such as the automated code generation of EJB and Application Server deployment descriptors
• Shows how Ant helps with a variety of software development methodologies including XP's suggested best practices of continual integration and JUnit testing
• Catalogs IDEs that integrate well with Ant including my personal favorite, Intellij's IDEA development environment

Cons:

• Some of the examples could have benefited from more detail. For example, the section on the PropertyFile task could have shown how to solve the problem of platform specific path separators in Java property files.
• At the time of this review, the book's accompanying website was a bit meager. For example, a comprehensive list of Ant on-line resources would have been helpful.

What the book offers

I consider myself an intermediate Ant user and when books on Ant first appeared I thought they would add little to the excellent free documentation and examples readily available. With its clean, straight forward syntax and structure, Ant has a low of cost of entry, and being rooted in Java and XML it is extremely flexible and extensible. I found Ant refreshingly easy to use as part of a configuration management system that included continual integration and a unit testing strategy. It was much better suited for Java development than the tool I previously used which was make. So when I agreed to do this review, I was skeptical that I would find the book useful. However, the book proved to be rich in valuable information that is well organized and clearly presented. Java Development with Ant, written by Erik Hatcher and Steve Loughran who are both committers to the Apache Ant project, is a great resource for anyone wishing to learn how to integrate Ant into his personal set of best practices for software configuration management solutions.

Coming to the book as a long time Ant user, I was glad to see that it offered material appropriate for others than just those approaching Ant for the first time. The book is divided into three sections each of which could probably find a niche as useful (and thinner) separate book: Learning Ant, Apply Ant, and Extending Ant. Only the first section of the book is devoted to first-time users, or those Learning Ant. The reminder of the book is about Ant in action. It covers an interesting variety of third-party Ant tasks, various ways of applying Ant to software development projects, and an in-depth section on how to extend Ant writing your own Java classes.

After a short but helpful introduction to the general topic of software configuration management, the first section, Learning Ant, launches into a thorough explanation of Ant's fundamental concepts and operation. JUnit test integration is treated as part of of the basic operation of Ant, which I was happy to see because unit testing should be a fundamental part of any software configuration management process.

Despite having used Ant on a number of projects since the summer 2000, at no point have I had to become truly expert with it in order to solve the wide range of software configuration problems I encountered. This is because Ant is easy to use. Typically, I figure out what I want the software configuration management to do, and then look for Ant examples that I can easily tweak to get the job done. I think it is a great credit to the Ant and its designers that I can do this successfully. Even though I've had this success with Ant, the introductory material filled in some of the gaps I had in my understanding of Ant's operation. For example, I was introduced to the PropertyFile taskdef which up until then had escaped my notice but which solved a problem for which I previously had a less elegant solution.

The most interesting part of the book was the second section that talked about a variety of Ant add on programs (called taskdefs) like Middlegen (an EJB descriptor tool) and XDoclet. XDoclet had been on the periphery of my radar for a while now, so I welcomed the book's thorough discussion of it in both a general and Ant specific sense. In addition there are helpful chapters devoted to using Ant as an aide to production deployment, web site generation including the compilation of JSP pages and the automatic generation of EJB descriptors. There are also chapters on working with Web Services using SOAP and a section on how Ant can be used as part of a continuous integration process complete with email notification. There is even a section on using Ant for Java projects that have a native code component. (Ant can be used to compile native code and the book shows how it can be helpful in dealing with the complexities surrounding JNI.) The book works well as a reference text. There's no need to read it from cover to cover in order for it to be extremely helpful.

The third part of the book also looks interesting, but it is intended for a more hardcore audience than myself. I've been fortunate to find ready made solutions for all the configuration management services I wanted to provide my clients. So, learning how to extend Ant has never been an issue. Every time I think I might have to develop my own answer, I find that someone else has already beaten me to it. Such is the nature of successful Open Source projects. However, I am glad this section exists, because I am sure at some point I will use it myself or refer a student or client to it.

The book even has some material on using Ant outside of the context of Java. Not having much experience with these technologies, I didn't pay close attention to these sections. (I am sure I'll be amused when I encounter my first .NET project that is using Ant for its configuration management solution).

In closing, if you are more than casually interested in software configuration management for Java projects then I recommend this book with enthusiasm. Beginners will be up and running with Ant in short order, while the book contains many interesting and useful nuggets for more experienced Ant users.

Ant on the web

• The Ant Project -- be sure to see their resources section.
• Ant FAQ at jguru.com (moderated by the book's co-author: Erik Hatcher)
• Ant forum at jguru (moderated by the book's co-author: Erik Hatcher)
• JUnit: A regression testing framework written by Erich Gamma and Kent Beck. It is used to implement unit tests in Java.
• CheckStyle: A development tool to help programmers write Java code that adheres to a coding standard.
• Middlegen:A general-purpose database-driven code generation engine.
• XDoclet: An extended Javadoc Doclet engine. It's a generic Java tool that lets you create custom Javadoc @tags and based on those @tags generate source code or other files (such as xml-ish deployment descriptors) using a template engine it provides.
• Intellij's IDEA "Develop with Pleasure" with this award winning Java IDE featuring full Ant integration that Marin Flower says: has succeeded in really moving forward the state of the art...
• The NetBeans and Eclipse Open Source IDEs also integrate nicely with Ant.

You can purchase Java Development with Ant from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

smarks writes "Java Development with Ant effectively shows the reader how Ant can be used as the foundation for the most complex Java software configuration solutions. The book is divided into beginner, intermediate and advanced sections, which makes it appropriate for a variety of audiences. The book has a comprehensive survey of tools that can be used with Ant such as JUnit, CheckStyle, Middlegen and XDoclet Even the experienced Ant user will find these sections helpful. Overall, Java Development with Ant is an excellent resource." Read on for the rest of Spencer's review. Java Development with Ant author Eric Hatcher, Steve Loughran pages 634 publisher Manning rating 8.5 reviewer Spencer Marks ISBN 1930110588 summary How to use Ant to meet all (or most of) your poject's software configuration needs

Pros:

• Excellent coverage of optional Ant tasks
• Good division of beginner, intermediate and advanced content
• Thorough discussion of how to use Ant to solve a variety of software configuration management situations
• Shows how to use Ant for tasks outside of typical configuration management roles such as the automated code generation of EJB and Application Server deployment descriptors
• Shows how Ant helps with a variety of software development methodologies including XP's suggested best practices of continual integration and JUnit testing
• Catalogs IDEs that integrate well with Ant including my personal favorite, Intellij's IDEA development environment

Cons:

• Some of the examples could have benefited from more detail. For example, the section on the PropertyFile task could have shown how to solve the problem of platform specific path separators in Java property files.
• At the time of this review, the book's accompanying website was a bit meager. For example, a comprehensive list of Ant on-line resources would have been helpful.

What the book offers

I consider myself an intermediate Ant user and when books on Ant first appeared I thought they would add little to the excellent free documentation and examples readily available. With its clean, straight forward syntax and structure, Ant has a low of cost of entry, and being rooted in Java and XML it is extremely flexible and extensible. I found Ant refreshingly easy to use as part of a configuration management system that included continual integration and a unit testing strategy. It was much better suited for Java development than the tool I previously used which was make. So when I agreed to do this review, I was skeptical that I would find the book useful. However, the book proved to be rich in valuable information that is well organized and clearly presented. Java Development with Ant, written by Erik Hatcher and Steve Loughran who are both committers to the Apache Ant project, is a great resource for anyone wishing to learn how to integrate Ant into his personal set of best practices for software configuration management solutions.

Coming to the book as a long time Ant user, I was glad to see that it offered material appropriate for others than just those approaching Ant for the first time. The book is divided into three sections each of which could probably find a niche as useful (and thinner) separate book: Learning Ant, Apply Ant, and Extending Ant. Only the first section of the book is devoted to first-time users, or those Learning Ant. The reminder of the book is about Ant in action. It covers an interesting variety of third-party Ant tasks, various ways of applying Ant to software development projects, and an in-depth section on how to extend Ant writing your own Java classes.

After a short but helpful introduction to the general topic of software configuration management, the first section, Learning Ant, launches into a thorough explanation of Ant's fundamental concepts and operation. JUnit test integration is treated as part of of the basic operation of Ant, which I was happy to see because unit testing should be a fundamental part of any software configuration management process.

Despite having used Ant on a number of projects since the summer 2000, at no point have I had to become truly expert with it in order to solve the wide range of software configuration problems I encountered. This is because Ant is easy to use. Typically, I figure out what I want the software configuration management to do, and then look for Ant examples that I can easily tweak to get the job done. I think it is a great credit to the Ant and its designers that I can do this successfully. Even though I've had this success with Ant, the introductory material filled in some of the gaps I had in my understanding of Ant's operation. For example, I was introduced to the PropertyFile taskdef which up until then had escaped my notice but which solved a problem for which I previously had a less elegant solution.

The most interesting part of the book was the second section that talked about a variety of Ant add on programs (called taskdefs) like Middlegen (an EJB descriptor tool) and XDoclet. XDoclet had been on the periphery of my radar for a while now, so I welcomed the book's thorough discussion of it in both a general and Ant specific sense. In addition there are helpful chapters devoted to using Ant as an aide to production deployment, web site generation including the compilation of JSP pages and the automatic generation of EJB descriptors. There are also chapters on working with Web Services using SOAP and a section on how Ant can be used as part of a continuous integration process complete with email notification. There is even a section on using Ant for Java projects that have a native code component. (Ant can be used to compile native code and the book shows how it can be helpful in dealing with the complexities surrounding JNI.) The book works well as a reference text. There's no need to read it from cover to cover in order for it to be extremely helpful.

The third part of the book also looks interesting, but it is intended for a more hardcore audience than myself. I've been fortunate to find ready made solutions for all the configuration management services I wanted to provide my clients. So, learning how to extend Ant has never been an issue. Every time I think I might have to develop my own answer, I find that someone else has already beaten me to it. Such is the nature of successful Open Source projects. However, I am glad this section exists, because I am sure at some point I will use it myself or refer a student or client to it.

The book even has some material on using Ant outside of the context of Java. Not having much experience with these technologies, I didn't pay close attention to these sections. (I am sure I'll be amused when I encounter my first .NET project that is using Ant for its configuration management solution).

In closing, if you are more than casually interested in software configuration management for Java projects then I recommend this book with enthusiasm. Beginners will be up and running with Ant in short order, while the book contains many interesting and useful nuggets for more experienced Ant users.

Ant on the web

• The Ant Project -- be sure to see their resources section.
• Ant FAQ at jguru.com (moderated by the book's co-author: Erik Hatcher)
• Ant forum at jguru (moderated by the book's co-author: Erik Hatcher)
• JUnit: A regression testing framework written by Erich Gamma and Kent Beck. It is used to implement unit tests in Java.
• CheckStyle: A development tool to help programmers write Java code that adheres to a coding standard.
• Middlegen:A general-purpose database-driven code generation engine.
• XDoclet: An extended Javadoc Doclet engine. It's a generic Java tool that lets you create custom Javadoc @tags and based on those @tags generate source code or other files (such as xml-ish deployment descriptors) using a template engine it provides.
• Intellij's IDEA "Develop with Pleasure" with this award winning Java IDE featuring full Ant integration that Marin Flower says: has succeeded in really moving forward the state of the art...
• The NetBeans and Eclipse Open Source IDEs also integrate nicely with Ant.

You can purchase Java Development with Ant from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

e8johan writes "Avaya Labs Research has presented a paper studying the open source process in the cases of Apache and Mozilla. They reach a number of interesting conclusions, the ones I find most interesting are: * Open source projects tend to have a core team of 10-15 coders, producing almost all code. The next layer is a set of developers submitting new features and bugfixes. The next layer is a set of advanced users submitting bug reports. * Open source projects tend to have a lower bug-rate than commercial projects. * Open source projects are generally quicker to respond to user requests. The article also discusses the differences between projects that have always been open source (such as Apache) and projects having a proprietary history (such as Mozilla)."

jgeelan writes "The original glorious premise behind a J2EE container was to abstract multithreading issues, server memory management, wire protocols, and so on, from Java programmers and allow them to focus on implementing solutions, not server infrastructure. Yet in the current issue of Java Developer's Journal, the director of technology at Personified Technologies, Jason Weiss, has lit a flame under J2EE, the jewel of the Java specification crown. The spec, writes Weiss, is too complex. As a community Java developers must pay attention to the beleaguered JCP process and realign it with creating solutions, like those routinely released by the Apache Software Foundation. Weiss argues that by taking steps now, Java developers would be investing in the future both of Java and the community that has grown up around Java. 'The entire JCP process must thematically reflect our desire to build solutions that simplify complex technologies for programmers,' Weiss continues. 'In fact, the JCP process should continue to use the JSR acronym, but with new meaning: "Java Solution Request," he adds. 'Somewhere during this journey the JCP has shifted from its solution-oriented roots to merely implementing specifications. This trend must be reversed ... for the sake of our community.'"

Triumph The Insult C writes "Apache 1.3.27 is out, addressing 3 security problems and includes some other updates. Check out cve.mitre.org for CAN-2002-0839, CAN-2002-0840 and CAN-2002-0843. You can grab .27 from the mirrors. Details on the security problems and the other updates to .27 can be found here."

Triumph The Insult C writes "Apache 1.3.27 is out, addressing 3 security problems and includes some other updates. Check out cve.mitre.org for CAN-2002-0839, CAN-2002-0840 and CAN-2002-0843. You can grab .27 from the mirrors. Details on the security problems and the other updates to .27 can be found here."

jimmy writes ""A vulnerability exists in the SSI error pages of Apache 2.0 that involves incorrect filtering of server signature data. The vulnerability could enable an attacker to hijack web sessions, allowing a range of potential compromises on the targeted host." This Cross site scripting (or XSS) hole has been found in all versions of apache prior to 2.0.43. The advisory can be found here and users are urged to upgrade to address this problem."

David Kennedy writes: "This is a review of Brett McLaughlin's new O'Reilly title, Building Java Enterprise Applications. Volume 1: Architecture, subtitled Designing with EJBs, Databases, and Directory Servers." Read David's in-depth review, below. Building Java Enterprise Applications, Volume I: Architecture author Brett McLaughlin pages 300 publisher O'Reilly rating 9 reviewer David Kennedy ISBN 0596001231 summary Practical guide, with examples, for building a J2EE application from scratch.

Summary: Building Java Enterprise Applications is an excellent book, and ought to be on the bookshelf of every J2EE programmer working on the mid- and back-tier. If you are like me, then you then have a series of books on various parts of the J2EE alphabet soup -- a few on EJB/JNDIs, one on JMS, one on RMI, one on JDBC, a database/SQL primer, a J2EE patterns book (I recommend Depur et al. by the way), maybe even some hyped-up case studies from Sun's press etc -- but nothing on how to design an entire J2EE application from scratch. There is nothing scarier than a blank piece of paper at the beginning of a project -- this book provides a combination of a tutorial and worked example, along with an insight into the thought processes of the designer.

There are not enough books of this type for the J2EE platform; the emphasis on tying together disparate technologies to build a coherent system is exactly what I need at this stage of my career, and I found the author's constant revisions and tweaking of his design fascinating and reassuring. I'm going to pre-order Vols. II and III.

Check your sources.

You might recognise the author's name -- Brett McLaughlin is the author of another O'Reilly title, Java & XML*, and writes for flashline.com, IBM Developer Works, JavaWorld and others. You can either Google for these or visit the web-site newInstance. In my opinion he knows his onions, is aware of what other root vegetables are out there, and, most important, he can communicate well.

What's the book about? I'll give you a bit of the blurb first, as it's a fair description of the material:

"Java has many enterprise APIs: JNDI, EJB, JMS, JAXP, and the other XML APIs, JDBC and more. But how do you as a developer put the pieces together and build something that works? How do these components integrate with back-end servers (databases and directories) and with front-end platforms (web servers and web services)?"

"[This] is Volume I of that series; it covers the business logic and back-end of an enterprise system, including entity EJBs, JDBC, JNDI (...), and JMS. Volume II will discuss architectures for web applications; Volume III will venture into the still-uncharted territory of web services."

That's quite an ambitious series; and something of a departure in style for O'Reilly, who have built their enviable reputation by providing definitive titles on one technology at a time. This more a book on when to use a tool, and which tool to use, rather than how to use a tool. I think it's good to see O'Reilly branching out in this way, but it brings them into the preserve of other publishers. It might be interesting to see how this new type of title does.

So what is covered in detail? Let's have a detailed look at the contents:

1. Introduction
2. Blueprints
   This chapter outlines the case study that the author uses for the remainder of the book. This takes the form of a simple, but not trivial, financial-services tool. The blueprints are high-level sketches of the business need, the Data Layer, the Business Layer, and the Presentation Layer.
3. Foundation
   This covers designing the data stores, databases and directory servers.
4. Entity Basics
   Basic design patterns, coding and deploying beans.
5. Advanced Entities
   IDs and CMP, data modeling and the nasty details.
6. Managers
   Managers, in the facade sense, for entity beans and the LDAP directory.
7. Completing the data layer
   Nasty details, populating the data store.
8. Business Logic
   The facade pattern and stateful/stateless design.
9. Messaging and packaging
   JMS on the client and server. Packaging.
10. Beyond flexibility
    The wrap-up chapter, covers the major design points, discusses adapting the material to your own projects, and hints and what presentation layers may be added as a teaser for Vols. II and III.

As you can see there are no surprises in the contents. Once the high-level problem and solution is laid out, there's just a sensible progression through the layers. I particularly liked the practice of stopping and reviewing at regular checkpoints -- it helped tie the material together and emphasize the layering in the design.

There are some detailed appendices giving vendor specific instructions for databases, containers etc. This section also contains all the non-unique code for each layer, e.g., all the entity beans that weren't discussed in detail.

• SQL Scripts
  Cloudscape, InstantDB, MySQL, Oracle, PostgreSQL.
• SQL Deployment
  Ditto.
• Directory server setup
  iPlanet, OpenLDAP.
• Application server setup
  BEA Weblogic only.
• Supplemental code listings
  All code also available in completed final form on the associated web-site.

Sounds wordy... It's not. This is a short book, only about 300 pages including appendices and index. (Compare that to something like Roman's classic EJB book ...) Chapter content is only 200 pages. Fully a third of the content of the book is code; this is definitely one for the programmer, those of you who delight in detailed breakdowns of requirements, user stories, schedules, etc will find little or nothing of interest here.

Equally, there is little in the way of explicit (non-coding) high-level design discussion -- all the code is evolved directly from the well-written text. This is not a bad thing at all -- the design seems sensible and straightforward, always a good sign, and mostly presents an admirable example to any young programmers watching.

All this doesn't mean you are reading a listing though. As on any project involving EJBs, there is a lot of more-of-the-same code between beans -- most of this code is concentrated in the appendices, and only the material under discussion is presented. New code is always presented in full, from package declaration to closing brace. This is refreshing and permits you to actually get something working as you read through the text, although you'll need to be prepared to set up app servers, databases etc to get maximum benefit.

Target audience? Experienced Java programmers who have started using the J2EE platform and are fairly comfortable with all the bean types, JMS, JNDI etc. This book states several times that it is not a primer on any one technology, and provides ample references to more detailed texts when appropriate.

This is very much a book for a wannabe J2EE developer who can't quite figure out how to fit the pieces together, or, like me, just has a gap in his/her skillset when it comes, to, say, LDAP.

What's good? Lots of it. Mainly, the best thing is the clear presentation of a LOT of code via a well partitioned example application (which will also be re-used in Vols II and III). The code is of good quality too, and presents several idioms that while obvious now, were unknown to me when I started EJB work... with the usual reworking-over-a-weekend later on. In particular, there are some commonsense pieces of code -- like a nested exception class for those of us still using pre-1.4 (and remember, you're tied to what your app server supports), some simple session and entity bean Adapter classes, simple Value Object classes etc. As I said, nothing earth-shatteringly novel, but it's nice to see a lot of these idioms used together to simplify the code.

Another admirable thing about the book is the handling of the detail. I've read several books which follow the practice of putting in Gotcha! box-outs, and to be honest, few of them are that useful unless you are a novice. I'm been programming for a few years now, and was amazed at the silly difficulties I've had with my first EJB project -- as a result I'm pleased to say that the box-outs indicating problem areas sound like the voice of bitter experience. For example, there is discussion on following the correct style for accessors/mutators under CMP (getId works, getID cheerfully fails), advice on the very fixed order in the deployment descriptor XML, problems with case-sensitive searches in JNDI, etc. Those of you who've worked with, particularly, EJB1.0/1.1, will undoubtedly have groaned as you realised the problem de jour was something simple-but-outside-your-code like those examples.

Admittedly it's not my area really, but I also found the whole treatment of directory servers very clear and useful. For the first time I understood (a) how they work (b) when they complement databases (c) how to use them easily from my code. Again, I admire the level of detail achieved without being confusing -- I don't see many introductory books include things like the default port number for directory servers using SSL (636 - well, I didn't know that!).

What's bad?

Not much. By nature of the book it doesn't go into huge detail on all technologies used -- there were a few areas where I wanted more. In particular I would have liked to have seen more on testing; now that XP is pretty much mainstream, no one can deny that unit testing is vital on production projects. (When I started using EJBs I had to kludge together a nasty version of JUnit which fitted into the sub-optimal build and client-server framework we were using. I've since found that there are better ways to test EJB layers, but I can still only think of one book, by Richard Hightower, which walks you through examples.) Although the build files in the example use Ant, which makes JUnit and other tools very easy to integrate, there is no mention of unit testing. This is a pity.

The only other things that caught my eye were minor -- coding style in particular. The coding style in the book is very straightforward and Sun-standard, but I have to admit that I'd have liked more JavaDoc'ed code. The code on the website is much more fully commented. I understand that printing this means more paper, and thus a thicker and more expensive book, but on some of the custom methods it would have clarified things for me.

In particular, and I'm being picky here, I didn't find that the authors practice on handling nulls and errors fitted with my own -- admittedly I don't so much practice "defensive coding" as "paranoid coding." Most methods were not null safe, and that can be a nightmare to debug in an n-tier system. Also, he took the line of returning null to indicate failure or error. I understand it's a valid design decision -- my experience says to go with more explicit errors in a larger project, and I would have liked a page or two on the choices here.

Another area where I feel there is room for improvement in the presented style is in the use of hard-coded Strings for lookups - for example, in the AccountManager object there are several lookups of the AccountHome, e.g.:

    AccountHome accountHome = (AccountHome)context.lookup(

        "java:conp/env/ejb/AccountHome";  // Whoops, finding this can be tough!

From experience code reviewing EJB based projects, it's going to save a lot of pain looking for typos if this repeated hard-coded String is (a) extracted as a constant so it can only be mistyped in one place and (b) refactored into a lookup method. It's a fairly minor point, but useful to do right from the start on an EJB project and worth pointing out to someone starting their first one. (Mis-typed meta-data like this is a bit of a weakness in the J2EE framework in my opinion - I always feel that I'd save a lot of time if the compiler or some J2EE aware verifier could check over those Strings to see if they match anything else in the build... I've used vendor tools which claimed to do so, but as they didn't even check that methods/lookup names were in the bean source I wasn't sure what was being verified!)

One last thing: I know it's minor, but why the insistence on importing explicitly? I feel it makes maintenance more difficult -- change one LinkedList to an ArrayList and you're off fiddly with minor imports again. I also didn't find this:

import javax.jms.JMSException;
import javax.jms.Message;
import javax.jms.MessageListener;
import javax.jms.ObjectMessage;
import javax.jms.Session;
import javax.jms.TextMessage;
import javax.jms.Topic;
import javax.jms.TopicConnection;
import javax.jms.TopicConnectionFactory;
import javax.jms.TopicSession;
import javax.jms.TopicSubscriber;

as appropriate for a printed book as this:

import javax.jms.*;

It would have been nice to trade those 10 lines wasted for some custom JavaDoc. However, all told there is remarkably little to grumble about in this book -- I couldn't even spot the obligatory editorial mistake. (That really annoyed me.)

Alternate titles?

Can't think of a good one. (Either a sign that this book is one you might want to look at or else so completely specialised as to be of use to only one person in the world, and that person is probably the author. Luckily, I think it's the former in this case.)

It is however worth a trip to the bookstore for companion, as opposed to alternate, titles before reading this - it assumes detailed knowledge of several J2EE areas, but provides suggested (O'Reilly) titles for reference.

Sounds good -- but what do you know anyway?

Time for the disclaimers. Some material in the book I found useful because I lack experience -- in particular, some database and LDAP stuff.

However, 5 years of getting paid to play^H^H^H^Hcode, and a personal reference library of some 120+ books has made it easier to spot the rare decent title! Most of my J2EE books are from my experience of EJBs for the last year or two, so I know what mistakes are easy to make, as I've made 'em. [I'm actually catching up on my reading, and hence reviewing, due to the Great Telecomms Downturn finally affecting me - anyone want a J2EE developer? :-) ] Finally, I paid for this book (which isn't the case for some of my other reviews).

You can purchase Building Java Enterprise Applications, Volume I from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

(* Bonus mini-review: a useful book, but not easy reading, I found it hard to slog through, but managed my first XLST work in about 10 minutes using it.)

i-got-a-long-name writes "The Apache HTTP Server Project is proud to announce the fifth public release of Apache 2.0. This is primarily a bug-fix release, including updates to the experimental caching module, the removal of several memory leaks, and fixes for several segfaults, one of which could have been used as a denial-of-service against mod_dav. A complete list of the changes since 2.0.40 are available.". Just keep in mind that if you upgrade be prepared to recompile all of your modules since binary-compatibility is no longer the case. Which I am sure will help with the adoption rate.

i-got-a-long-name writes "The Apache HTTP Server Project is proud to announce the fifth public release of Apache 2.0. This is primarily a bug-fix release, including updates to the experimental caching module, the removal of several memory leaks, and fixes for several segfaults, one of which could have been used as a denial-of-service against mod_dav. A complete list of the changes since 2.0.40 are available.". Just keep in mind that if you upgrade be prepared to recompile all of your modules since binary-compatibility is no longer the case. Which I am sure will help with the adoption rate.

i-got-a-long-name writes "The Apache HTTP Server Project is proud to announce the fifth public release of Apache 2.0. This is primarily a bug-fix release, including updates to the experimental caching module, the removal of several memory leaks, and fixes for several segfaults, one of which could have been used as a denial-of-service against mod_dav. A complete list of the changes since 2.0.40 are available.". Just keep in mind that if you upgrade be prepared to recompile all of your modules since binary-compatibility is no longer the case. Which I am sure will help with the adoption rate.

joe writes "Apache has released a security warning in its popular server Tomcat. This security hole allows non authenticated users to retrieve source code of web applications on the server."

joe writes "Apache has released a security warning in its popular server Tomcat. This security hole allows non authenticated users to retrieve source code of web applications on the server."

joe writes "Apache has released a security warning in its popular server Tomcat. This security hole allows non authenticated users to retrieve source code of web applications on the server."

spike666 writes "Apache Axis, the SAX based SOAP server which IBM is building into WebSphere, has hit 1.0RC1! Go download it now and get all SOAPy!"

spike666 writes "Apache Axis, the SAX based SOAP server which IBM is building into WebSphere, has hit 1.0RC1! Go download it now and get all SOAPy!"

Roullian writes "The first stable version of Tomcat 4.1 is out. This is a long-awaited version, as it includes major improvements: enhanced administration tools, a new JSP compiler, and many many performance and scalability improvements. For all of us using Tomcat in production, it's time to download!"

An anonymous reader writes "A flaw in Apache 2.0's interpretation of the backslash delimiter allows for a remote r00ting on NetWare, Windows, and OS/2. InfoWorld has an overview; the attack was discoverd by PivX's Auriemma Luigi, and he describes it in this technical document. I don't know whether there is such a thing as an OS/2 shop anymore, and most Microsoft shops probably run IIS, but Apache now ships as the default web server for NetWare 6, so Novell shops: Take note. A patch is available from Apache, and Luigi describes a workaround in his article."

rbowen writes "The Apache Server Documentation Team is pleased to announce an overhaul of the Apache 2.0 documentation web site. I addition to new page layout and better navigation, there are a number of new documents, and all of the directive documentation now has helpful examples. Special kudos to Joshua Slive for all of his hard work and leadership."

rbowen writes "The Apache Server Documentation Team is pleased to announce an overhaul of the Apache 2.0 documentation web site. I addition to new page layout and better navigation, there are a number of new documents, and all of the directive documentation now has helpful examples. Special kudos to Joshua Slive for all of his hard work and leadership."

rbowen writes "The Apache Server Documentation Team is pleased to announce an overhaul of the Apache 2.0 documentation web site. I addition to new page layout and better navigation, there are a number of new documents, and all of the directive documentation now has helpful examples. Special kudos to Joshua Slive for all of his hard work and leadership."

Robert Nagle writes: "Apache's HTTP server has been by many measures the most popular web server on the web, and perhaps the primary application that drives people to Linux and open source. Three years ago, Wrox published the definitive book on running the Apache server by Peter Wainwright. Excellent though the book was, it badly needed updating. In May 2002, Wrox published another book, Professional Apache 2.0, which covers the new generation of Apache server, as well as older 1.3x versions that are still running production servers around the world." Robert's review continues, below. Professional Apache 2.0 author Peter Wainwright pages 873 publisher Wrox rating 5 Stars reviewer Robert Nagle, Idiotprogrammer ISBN 1861007221 summary Excellent, comprehensive Guide to the latest version of Apache.

Although Apache changed a great deal in its version 2.0, it is a credit to the Apache folk that the config files and command line options have basically remained the same for sys admins. For this reason, the book seems to include a lot of material (CGI security, building, core modules) from the original book. However, a closer look reveals many changes. Almost every chapter includes a discussion about how features differ in both versions of Apache. The book does a good job of giving an overview of Apache's architectural changes and how the use of multi-processing modules (MPM) allow the admin to choose an optimal implementation of apache. This edition, noticeably bigger than the previous one, contains many more examples of how one can extend apache functionality (configuring for binary distribution, setting up virtual interfaces, load sharing). Many sections have been expanded. The discussion of security and SSL is more detailed, yet more succinct; so is the section on content negotiation, (which is twice as long as the previous book), doing proxy server configurations, rsync and benchmarking performance. The discussion on hardening the server was great and up-to-date, although I wish the book spent more time discussing on patching and upgrading.

What is new to the book? We find a longer discussion of graphic administration tools for Windows and Unix, including webmin (which actually I wanted more of). We also have discussions of newer modules such as mod_ruby, mod_python, mod_dav as well as a brief description on how to install tomcat alongside apache. The discussion of mod_dav was especially helpful and interesting to me (and I was especially glad that the author acknowledged the Subversion DAV module, something which is bound to become more important). The php stuff hasn't changed much (although at the time the book was published, 2.0 compatibility with PHP was still an iffy proposition). The book's discussion of mod_perl isn't significantly different, although it does point out migration issues and some additional features.

Generally, the book is clearly written and contains enough examples to find any configuration you want. A few parts required rereading (especially the part about proxies and proxypasses), and occasionally I needed a better explanation of what the example code was supposed to do.

No book can be everything for everybody, and nobody can accuse the book of not having enough content (it is after all more than 700 pages!). I found myself wishing for other things. The book briefly discussed 2.0's support for ipv6, but I longed for a fuller explanation and a more detailed example (Fortunately, I had seen a good ipv6 tutorial on Linux Journal ). Also, I would have liked more information about other web application servers (like zope that Apache sometimes coexists with, content frameworks (such as cocoon) and other goodies produced by the Apache Foundation. The author might legitimately feel that such subjects lie outside the book's scope, but such topics are becoming more important.

In summary: for newbies who are looking for a guide to start with: this is the definitive book to read. It's definitive and a little imposing, but it is well written and logically arranged.

For people already familiar with Apache 1.3 but looking for more depth about ipv6, php, content frameworks or Tomcat, it might be better to read books on those specific subjects instead of this one. Indeed, Wrox will soon be coming out with a book specifically on Apache and Tomcat.

For experienced system administrators, the material in this book may not be terribly new, but they will still appreciate the variety of configuration examples for managing large numbers of virtual hosts and the convenience of having documentation of the 1.3/2.0 differences at their fingertips.

You can purchase Professional Apache 2.0 from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

BShive writes "Developing Applications with Java and UML focuses on building and modeling industrial-strength Java applications. The book takes you step-by-step through a product lifecycle and software process. You do not need to know UML or OO Design, as both new and experienced Java developers will benefit from reading this book. It is highly focused on process, so developers will have to put aside the 'jump in and code' attitude." Read on below for the remainder of his review. Developing Applications with Java and UML author Paul R. Reed, Jr. pages 463 publisher Addison-Wesley rating 9 reviewer Ben Shive ISBN 0201702525 summary Developing Applications with Java and UML focuses on building and modeling industrial-strength Java applications. The book takes you step-by-step through a product lifecycle and software process.

Each chapter begins with a brief summary and a list of the goals. After reading the book through, both should be useful. Each chapter also closes with a 'checkpoint' that summarizes what has been covered in the chapter and what is to come.

The first chapter sets up the entire book by outlining some of the project problems encountered in software development. Once the author gets into development models, the Unified Process from Rational Software, a huge and detailed software process, is introduced. The book focuses on only using the elements that provide the biggest 'bang for the buck'. The Unified Process is the focal process of the book, but the Synergy Process is a free alternative, only lacking some additional guidelines and how-to's. A short overview of UML is covered, along with its' place is in the software process. He notes that a project that just uses UML in a vacuum without a sound process and plan will fail.

The second chapter briefly discusses the Java language alongside the concept of Object Oriented Programming. Experienced Java programmers could skip this section if they wished. The section is worth skimming as a lead-in to the explanation of how Java and UML are a good fit.

Chapter three, Starting the Project is the first time the book delves into the meat of how to structure a project. The example scenario that is followed through the book is introduced, and throughout the book real-world examples are used that relate to the sample project. Every theory in the book that is translated into some kind of example the reader can pull apart and examine.

Through the next few chapters use-cases and class diagrams are covered, leading up to building a user interface (UI) prototype. Personally, I've never used UML for anything but sculpting class diagrams for export. This is the point in the book where I started to see how the rest of the project is able to use UML and tie it all together. Being able to model the classes and easily export them is very powerful, but even more so when combined with the rest of the ways you can employ UML in your project.

The following chapters are much like the first few that began to talk about the sample project. There is no Java code until chapter 9, halfway through the book. This is not the book to get if you are only interested in how to use UML as a base to dump out some code.

Throughout the book the content remained interesting, and relevant. Do not expect to sit down and read it from beginning to end. There is a great deal of material covered and no topic that was inadequately explored. Using the sample project consistently throughout the process was invaluable, along with the samples and source code provided. Alongside the process, the real life anecdotes and comments provided were a welcome addition instead of an intrusion. The author is someone who's seen the mistakes that could be avoided. For example, an application with 70,000 lines of Java code that only contained two classes.

Having talked about the depth and detail of the book, this was also one of the bad points as well simply since it takes so long to get through. People already well experienced in running a project with similar phases will find it much faster reading. The other issue is the expense of the tools and products involved. Rational Rose, the Rational Unified Process and WebLogic are rather expensive products. Thankfully there are alternatives that he mentions in the book, and others as well. Visio, the Synergy Process and Tomcat are all possible alternates. Surprisingly, Tomcat is used in his example setup.

I had left the rating at 8 throughout most of my reading while considering the positives and negatives. However, when I finished the book I bumped the rating up to 9 simply because of the wealth of information I learned. Anyone aspiring to run a team project with Java should read this book. In the corporate arena, most of the battle is not the code, but understanding what the users want and what will be created. Following any kind of process will improve the result, even if only a few key elements are used.

Chapters:
1. The Project Dilemma
2. Java, Object-Oriented Analysis and Design, and UML
3. Starting the Project
4. Use-Cases
5. Classes
6. Building a User Interface Prototype
7. Dynamic Elements of the Application
8. The Technology Landscape
9. Data Persistence: Storing the Objects
10. Infrastructure and Architecture Review
11. Constructing a Solution: Servlets, JSP and JavaBeans
12. Constructing a Solution: Servlets, JSP and Enterprise JavaBeans

Appendix:
A. The Unified Project Plans
B. The Synergy Process Project Plan
C. Estimating Projects on the Basis of Use-Cases
D. Sample Project Output
E. BEA WebLogic Application Server

You can purchase Developing Applications with Java and UML from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cliffwoolley writes "On August 7, the Apache Software Foundation was notified of a significant vulnerability that affects the Win32, OS/2, and Netware ports of Apache 2.0. It has the potential to allow an attacker to inflict serious damage to a server and/or reveal sensitive data on those platforms. To fix this vulnerability in addition to a number of cross-platform issues (a pair of path exposures and a number of bugs), Apache 2.0.40 has been released. It is considered the best currently available version of Apache, and all users are urged to upgrade."

cliffwoolley writes "On August 7, the Apache Software Foundation was notified of a significant vulnerability that affects the Win32, OS/2, and Netware ports of Apache 2.0. It has the potential to allow an attacker to inflict serious damage to a server and/or reveal sensitive data on those platforms. To fix this vulnerability in addition to a number of cross-platform issues (a pair of path exposures and a number of bugs), Apache 2.0.40 has been released. It is considered the best currently available version of Apache, and all users are urged to upgrade."

cliffwoolley writes "On August 7, the Apache Software Foundation was notified of a significant vulnerability that affects the Win32, OS/2, and Netware ports of Apache 2.0. It has the potential to allow an attacker to inflict serious damage to a server and/or reveal sensitive data on those platforms. To fix this vulnerability in addition to a number of cross-platform issues (a pair of path exposures and a number of bugs), Apache 2.0.40 has been released. It is considered the best currently available version of Apache, and all users are urged to upgrade."

cliffwoolley writes "On August 7, the Apache Software Foundation was notified of a significant vulnerability that affects the Win32, OS/2, and Netware ports of Apache 2.0. It has the potential to allow an attacker to inflict serious damage to a server and/or reveal sensitive data on those platforms. To fix this vulnerability in addition to a number of cross-platform issues (a pair of path exposures and a number of bugs), Apache 2.0.40 has been released. It is considered the best currently available version of Apache, and all users are urged to upgrade."

tarun asks: "I am creating the next version of my open source UDDI registry and decided to use an XML database backend - if I can find any good ones. The reason to make this choice was that I was impressed by oracle and db2's xml capabilities in my past lives. However, when I tried looking for an open-source alternative it seems there is nothing around except perhaps xindice -which clearly is less then perfect. I am looking for something that can work with more than one existing databases (I will ship my software with MySQL but if a large organization wants to deploy it, it should be able to do it using Oracle, DB2 or whatever they want to use) and xindice currently only works with Berkley-DB. Also, I am looking for something that can create database tables for me given an XML schema (I can tweak it later to create indexes, stored procedures etc) and given an XML document - write it to these tables. If it supports something standard like Xupdate or XQuery, that is even better."

"There are some other XML Database projects but either they have too few features or are not open-source. What is the XML-aware portion of the Slashdot community using? Have you ever run across such problems? Do you guys create your database schemas by pain-stackingly copying every element in every XML schema you have to handle to database tables and write huge amount of parsing/deparsing code both ways?"

totallygeek writes: "One year ago today (July 19, 2001), more than 359,000 computers were infected with the Code Red worm in less than 14 hours. At the peak of infection, more than 2,000 new machines were infected each minute. Servers running Internet Information Services from Microsoft were propagating this worm across the Internet faster than anything has up to then or since. For the first time, systems running the Apache web server were getting requests for a document called "default.ida". Here we are a year later, and my web log shows an average of forty-two requests per day for default.ida over the last five days. To really appreciate the spread of this program, look at this animated image."

VanMan writes "IBM is offering a free download of their WebSphere SDK for Web Services. It's based on open specifications for Web services such as SOAP, WSDL, and UDDI and runs on both Linux and Windows operating systems. The IBM WebSphere SDK for Web Services includes software developed by the Apache Software Foundation, so it merits a look-see."

codewolf writes "It has been reported to bugtraq by Domas Mituzas that a worm that exploits the Apache chunk bug has been found in the wild. Information on the worm can be found here. More information on the Apache bug can be found here, and patches can either be made by modifying your config file or upgrading your Apache version."

SharkaRockz writes "IBM recently donated the Web Service Invocation Framework (WSIF) to Apache.org. This article explains the WSIF donation and what it can do. WSIF is a simple Java API that allows both SOAP and non-SOAP services to be described and used in a common way thus allowing developers to make Web services without the constraints of SOAP."

MartinB asks: "I help out running evolt.org, and one of the things we provide is a comprehensive browser archive, with over 100 different browsers, some in multiple platforms and versions, going right back to Mosaic 0.4. This is both a piece of web history, and a resource that lets developers test their sites on browsers which vendors don't offer for download any more. We have an expensive problem - the browser archive chews through 140GB of bandwidth a month and growing, even though we've throttled the FTP server and restricted the maxclients. How do we find people who provide mirrors like these and get browsers.evolt.org spread across lots of hosts?" If you would like to mirror this valuable net resource, please volunteer here (or drop a line to the original submitter)

cliffwoolley writes "The Apache Software Foundation has released new versions of both Apache 1.3 and 2.0. These versions are both security and bug-fix releases. They address and fix the issues noted in CAN-2002-0392 [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. You can download the new releases here." This of course is for the exploit that we reported yesterday. It is hard to complain about a 24-hour response time for a bug.

cliffwoolley writes "The Apache Software Foundation has released new versions of both Apache 1.3 and 2.0. These versions are both security and bug-fix releases. They address and fix the issues noted in CAN-2002-0392 [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. You can download the new releases here." This of course is for the exploit that we reported yesterday. It is hard to complain about a 24-hour response time for a bug.

cliffwoolley writes "The Apache Software Foundation has released new versions of both Apache 1.3 and 2.0. These versions are both security and bug-fix releases. They address and fix the issues noted in CAN-2002-0392 [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. You can download the new releases here." This of course is for the exploit that we reported yesterday. It is hard to complain about a 24-hour response time for a bug.

cliffwoolley writes "The Apache Software Foundation has released new versions of both Apache 1.3 and 2.0. These versions are both security and bug-fix releases. They address and fix the issues noted in CAN-2002-0392 [CERT VU#944335] regarding a vulnerability in the handling of chunked transfer encoding. You can download the new releases here." This of course is for the exploit that we reported yesterday. It is hard to complain about a 24-hour response time for a bug.

Thread writes "This group is getting together slashdot readers all over the world. Check out slashdot.meetup.com to meet up with Slashdot readers in your town." The meetup.com site is pretty much brand new, and it's a fun idea. We thought this was kind of a cool idea and something a bunch of people have asked for in email and in past stories so we thought "let's see what happens."

chrisv writes "It appears that mod_perl 1.27 has been released Saturday, something that apparently went unnoticed or unmentioned until now. Change list here." While you are at it, go and try out mod_perl 1.99 for Apache 2.0.

chrisv writes "It appears that mod_perl 1.27 has been released Saturday, something that apparently went unnoticed or unmentioned until now. Change list here." While you are at it, go and try out mod_perl 1.99 for Apache 2.0.

chrisv writes "It appears that mod_perl 1.27 has been released Saturday, something that apparently went unnoticed or unmentioned until now. Change list here." While you are at it, go and try out mod_perl 1.99 for Apache 2.0.

chrisv writes "It appears that mod_perl 1.27 has been released Saturday, something that apparently went unnoticed or unmentioned until now. Change list here." While you are at it, go and try out mod_perl 1.99 for Apache 2.0.

Aaron writes "Versions of the Apache HTTP Server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. In some cases it may be possible to cause a child process to terminate and restart, which consumes a non-trivial amount of resources. See the official announcement and stay tuned here for updated versions." This is in response to the rather uninformed and questionable security notice by ISS X-Force, about a bug that has already been mentioned on the public mailing lists for Apache and is fixed in CVS for Apache 2.0. I am also told that their patch doesn't fully solve the problem. I am sure though that by awaking us to the problem they will get a lot of great press just like any of the other companies currently using useless bug announcements as press releases.

Aaron writes "Versions of the Apache HTTP Server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. In some cases it may be possible to cause a child process to terminate and restart, which consumes a non-trivial amount of resources. See the official announcement and stay tuned here for updated versions." This is in response to the rather uninformed and questionable security notice by ISS X-Force, about a bug that has already been mentioned on the public mailing lists for Apache and is fixed in CVS for Apache 2.0. I am also told that their patch doesn't fully solve the problem. I am sure though that by awaking us to the problem they will get a lot of great press just like any of the other companies currently using useless bug announcements as press releases.

Aaron writes "Versions of the Apache HTTP Server up to and including 1.3.24 and 2.0 up to and including 2.0.36 contain a bug in the routines which deal with invalid requests which are encoded using chunked encoding. In some cases it may be possible to cause a child process to terminate and restart, which consumes a non-trivial amount of resources. See the official announcement and stay tuned here for updated versions." This is in response to the rather uninformed and questionable security notice by ISS X-Force, about a bug that has already been mentioned on the public mailing lists for Apache and is fixed in CVS for Apache 2.0. I am also told that their patch doesn't fully solve the problem. I am sure though that by awaking us to the problem they will get a lot of great press just like any of the other companies currently using useless bug announcements as press releases.

Peter Wayner writes: "In a world where Ali had to meet Frazier and Luke had to meet his father, it was only a matter of time before buzzwords like Java and eXtreme Programming found themselves together on the same marquee. A pair of new books examines some open source Java development tools and outlines how they can be put to use by those trying to master their workload by adopting the techniques of eXtreme programming." Read on for his latest review, which is really two reviews in one. (see each) author (see each) pages (see each) publisher (see each) rating (see each) reviewer Peter Wayner ISBN (see each) summary Two books which explore the use of Ant in Java software development

The two books are excellent examples of how the book industry organizes and disciplines the often crazy explosion of new tools, approaches, structures and metaphors developed by the software industry. Ant: The Definitive Guide by Jesse Tilly and Eric Burke comes from O'Reilly, the masters of producing missing manuals for open source projects. The other, Java Tools for eXtreme Programming: Mastering Open Source Tools including Ant, JUnit, and Cactus by Richard Hightower and Nicholas Lesiecki was published by John Wiley and Sons. Both provide a clear, example-driven exploration of the tools at hand.

The books are probably driven by the success of Kent Beck's Extreme Programming Explained: Embrace Change , a manifesto that outlined Beck's belief that the best way to develop code was with small teams of programmers and users who constantly reworked the software. His most controversial and attention grabbing notion demanded that the programmers work in pairs sharing one computer, one mouse and one keyboard. The constant interaction forced everyone to actually communicate with each other without sending emails and that, more than anything else, may be responsible for the success of his vision. His book spawned a few others on how programmers can plan to apply his vision.

Meanwhile, on the other side of the buzzword galaxy, the Apache group was quietly creating some of the coolest Java development and deployment tools around. Ant was and still is one of the most revolutionary, even though it was just a simple reworking of the classic UNIX make command. Its creator, James Davidson, grew so frustrated with the shell interface of the make command that he wrote a Java-centric version that moved all of the compilation, compression, and distribution inside one Java process. Now, no one has to wait for another Java Virtual Machine to start up to compile each class file independently.

While Davidson's Ant isn't much different than make at first glance, it's hard to overestimate the power of giving programmers a clever tool with plenty of hooks into the development process. Anyone can write new tasks for Ant, and some clever folks have built great new widgets that do things like enforce style guidelines or grab new code from a CVS tree. The structure of Ant lets the programmer dig deeply into the build process. The organic growth and dynamic flexibility shows how close Java can be to Lisp.

Tilly and Burke do a good job capturing the spirit of the tool. Their book follows O'Reilly's time-tested and market-proven simple-examples technique to illustrate how to use Ant for your projects. The chapters in the first half of the book outline how to use and extend Ant for your project. The strength of the book may be the way the authors casually include practical advice about the bugs and idiosyncracies of the tool. While Ant is quite capable, there are a number of little limitations to the XML parser that can drive new users a bit nuts. The second half of the book is a detailed description of the API, the data types and the other practical documentation.

In one sense, it's not really fair to lump this book in with all of this gloss about Extreme Programming. because it's just another methodical O'Reilly book with Dover artwork on the cover. It's important to realize that these tools aren't directly tied to the extreme programming movement. Ant was just created by a Java programmer who hated to wait. Everything else came afterwards when he opened the API.

Ant: The Definitive Guide author Jesse Tilly & Eric M. Burke pages 260 publisher O'Reilly rating 7 ISBN 0-597-00184-3 summary A methodical, in-depth look at the Java tool.

The other book, however, explicitly illustrates how some popular open source tools can help the process of extreme programming. Hightower and Lesiecki's book is much broader than Tilly and Burke's because they want to tackle so much more. They don't want to just provide a missing manual for the tool-- they want to give the world a road map on how they use Ant and its cousins JUnit, HTTPUnit, and Cactus to build better applications. It should be noted that Hightower and Lesiecki work for a consulting group called eBlox and a number of other eBlox programmers are listed as contributors to the book. I think it's fair to say that anyone who hires eBlox will get eXtreme Programming results built with this methodology.

The best part about this book is the wide scope. Ant remains the central taskmaster responsible for building the software, but the book explains how to incorporate other tools for testing the software. The authors embrace one of the extreme programming central beliefs that programmers should define how to test their code before it is actually written. The book explains how to use JUnit, Cactus, and HTTPUnit to set up rules to test every class file. After ANT fires up the compiler, it turns around and runs the tests on the code.

Java Tools for eXtreme Programming author Richard Hightower and Nicholas Lesiecki pages 513 publisher John Wiley and Sons rating 7 ISBN 0-471-20708-X summary How to use some Java tools to transform extreme programming theory into reality.

I don't think that eXtreme Programming or any of these tools is the last word on the subject. The biggest problem is that testing a piece of code is guaranteed to be fairly rudimentary. No programmer can come up with test cases to push all of buttons in all possible combinations. The structure and discipline provided by this approach can help, but the book makes it clear that no amount of pairs programming or extremism will remove the need for the guidance of good programmers.

If anything these tools and the books about them should serve as inspiration for the next round of tools even more focused on extreme programming. The tools are impressive, but there is plenty of room for more innovation. None of them is aimed at explicitly coordinating the work of multiple developers and none of them is designed to provide much structure to the refactoring process. These areas are still very much arts, but there's no reason why tool suites like Ant can't evolve some rational approach to solving them. Perhaps the Slashdot audience can provide some informative postings with pointers to the next generation of cool tools.

Hightower and Lesiecki's book feels a bit more rudimentary and basic than Tilly and Burke's, in part because they cover so much more ground. Although their book is broader, it doesn't go into as much depth about Ant as Tilly and Burke's. The examples are simpler, too, and Hightower and Liesiecki seem mainly interested in getting you excited about building and testing software with the tools. There just isn't as much room for details. If you're interested in learning as much as you can about Ant, choose the book devoted to it. If you want to learn how to use a diverse set of tools to build and test your program in an extreme way, go for that book.

Peter Wayner blends the buzzwords of security, privacy, and data warehousing together in his latest book, Translucent Databases. It shows how to ensure that only the right people see the right information and the wrong people get nothing. His other new book, Disappearing Cryptography, mixes the buzzwords of being, nothingness, steganography, and cryptography. You can purchase both Ant: The Definitive Guide and Java Tools for eXtreme Programming from bn.com. Slashdot welcomes readers' book reviews -- to submit yours, read the book review guidelines, then hit the submission page.

Peter Wayner writes: "In a world where Ali had to meet Frazier and Luke had to meet his father, it was only a matter of time before buzzwords like Java and eXtreme Programming found themselves together on the same marquee. A pair of new books examines some open source Java development tools and outlines how they can be put to use by those trying to master their workload by adopting the techniques of eXtreme programming." Read on for his latest review, which is really two reviews in one. (see each) author (see each) pages (see each) publisher (see each) rating (see each) reviewer Peter Wayner ISBN (see each) summary Two books which explore the use of Ant in Java software development

The two books are excellent examples of how the book industry organizes and disciplines the often crazy explosion of new tools, approaches, structures and metaphors developed by the software industry. Ant: The Definitive Guide by Jesse Tilly and Eric Burke comes from O'Reilly, the masters of producing missing manuals for open source projects. The other, Java Tools for eXtreme Programming: Mastering Open Source Tools including Ant, JUnit, and Cactus by Richard Hightower and Nicholas Lesiecki was published by John Wiley and Sons. Both provide a clear, example-driven exploration of the tools at hand.

The books are probably driven by the success of Kent Beck's Extreme Programming Explained: Embrace Change , a manifesto that outlined Beck's belief that the best way to develop code was with small teams of programmers and users who constantly reworked the software. His most controversial and attention grabbing notion demanded that the programmers work in pairs sharing one computer, one mouse and one keyboard. The constant interaction forced everyone to actually communicate with each other without sending emails and that, more than anything else, may be responsible for the success of his vision. His book spawned a few others on how programmers can plan to apply his vision.

Meanwhile, on the other side of the buzzword galaxy, the Apache group was quietly creating some of the coolest Java development and deployment tools around. Ant was and still is one of the most revolutionary, even though it was just a simple reworking of the classic UNIX make command. Its creator, James Davidson, grew so frustrated with the shell interface of the make command that he wrote a Java-centric version that moved all of the compilation, compression, and distribution inside one Java process. Now, no one has to wait for another Java Virtual Machine to start up to compile each class file independently.

While Davidson's Ant isn't much different than make at first glance, it's hard to overestimate the power of giving programmers a clever tool with plenty of hooks into the development process. Anyone can write new tasks for Ant, and some clever folks have built great new widgets that do things like enforce style guidelines or grab new code from a CVS tree. The structure of Ant lets the programmer dig deeply into the build process. The organic growth and dynamic flexibility shows how close Java can be to Lisp.

Tilly and Burke do a good job capturing the spirit of the tool. Their book follows O'Reilly's time-tested and market-proven simple-examples technique to illustrate how to use Ant for your projects. The chapters in the first half of the book outline how to use and extend Ant for your project. The strength of the book may be the way the authors casually include practical advice about the bugs and idiosyncracies of the tool. While Ant is quite capable, there are a number of little limitations to the XML parser that can drive new users a bit nuts. The second half of the book is a detailed description of the API, the data types and the other practical documentation.

In one sense, it's not really fair to lump this book in with all of this gloss about Extreme Programming. because it's just another methodical O'Reilly book with Dover artwork on the cover. It's important to realize that these tools aren't directly tied to the extreme programming movement. Ant was just created by a Java programmer who hated to wait. Everything else came afterwards when he opened the API.

Ant: The Definitive Guide author Jesse Tilly & Eric M. Burke pages 260 publisher O'Reilly rating 7 ISBN 0-597-00184-3 summary A methodical, in-depth look at the Java tool.

The other book, however, explicitly illustrates how some popular open source tools can help the process of extreme programming. Hightower and Lesiecki's book is much broader than Tilly and Burke's because they want to tackle so much more. They don't want to just provide a missing manual for the tool-- they want to give the world a road map on how they use Ant and its cousins JUnit, HTTPUnit, and Cactus to build better applications. It should be noted that Hightower and Lesiecki work for a consulting group called eBlox and a number of other eBlox programmers are listed as contributors to the book. I think it's fair to say that anyone who hires eBlox will get eXtreme Programming results built with this methodology.

The best part about this book is the wide scope. Ant remains the central taskmaster responsible for building the software, but the book explains how to incorporate other tools for testing the software. The authors embrace one of the extreme programming central beliefs that programmers should define how to test their code before it is actually written. The book explains how to use JUnit, Cactus, and HTTPUnit to set up rules to test every class file. After ANT fires up the compiler, it turns around and runs the tests on the code.

Java Tools for eXtreme Programming author Richard Hightower and Nicholas Lesiecki pages 513 publisher John Wiley and Sons rating 7 ISBN 0-471-20708-X summary How to use some Java tools to transform extreme programming theory into reality.

I don't think that eXtreme Programming or any of these tools is the last word on the subject. The biggest problem is that testing a piece of code is guaranteed to be fairly rudimentary. No programmer can come up with test cases to push all of buttons in all possible combinations. The structure and discipline provided by this approach can help, but the book makes it clear that no amount of pairs programming or extremism will remove the need for the guidance of good programmers.

If anything these tools and the books about them should serve as inspiration for the next round of tools even more focused on extreme programming. The tools are impressive, but there is plenty of room for more innovation. None of them is aimed at explicitly coordinating the work of multiple developers and none of them is designed to provide much structure to the refactoring process. These areas are still very much arts, but there's no reason why tool suites like Ant can't evolve some rational approach to solving them. Perhaps the Slashdot audience can provide some informative postings with pointers to the next generation of cool tools.

Hightower and Lesiecki's book feels a bit more rudimentary and basic than Tilly and Burke's, in part because they cover so much more ground. Although their book is broader, it doesn't go into as much depth about Ant as Tilly and Burke's. The examples are simpler, too, and Hightower and Liesiecki seem mainly interested in getting you excited about building and testing software with the tools. There just isn't as much room for details. If you're interested in learning as much as you can about Ant, choose the book devoted to it. If you want to learn how to use a diverse set of tools to build and test your program in an extreme way, go for that book.

Peter Wayner blends the buzzwords of security, privacy, and data warehousing together in his latest book, Translucent Databases. It shows how to ensure that only the right people see the right information and the wrong people get nothing. His other new book, Disappearing Cryptography, mixes the buzzwords of being, nothingness, steganography, and cryptography. You can purchase both Ant: The Definitive Guide and Java Tools for eXtreme Programming from bn.com. Slashdot welcomes readers' book reviews -- to submit yours, read the book review guidelines, then hit the submission page.

Peter Wayner writes: "In a world where Ali had to meet Frazier and Luke had to meet his father, it was only a matter of time before buzzwords like Java and eXtreme Programming found themselves together on the same marquee. A pair of new books examines some open source Java development tools and outlines how they can be put to use by those trying to master their workload by adopting the techniques of eXtreme programming." Read on for his latest review, which is really two reviews in one. (see each) author (see each) pages (see each) publisher (see each) rating (see each) reviewer Peter Wayner ISBN (see each) summary Two books which explore the use of Ant in Java software development

The two books are excellent examples of how the book industry organizes and disciplines the often crazy explosion of new tools, approaches, structures and metaphors developed by the software industry. Ant: The Definitive Guide by Jesse Tilly and Eric Burke comes from O'Reilly, the masters of producing missing manuals for open source projects. The other, Java Tools for eXtreme Programming: Mastering Open Source Tools including Ant, JUnit, and Cactus by Richard Hightower and Nicholas Lesiecki was published by John Wiley and Sons. Both provide a clear, example-driven exploration of the tools at hand.

The books are probably driven by the success of Kent Beck's Extreme Programming Explained: Embrace Change , a manifesto that outlined Beck's belief that the best way to develop code was with small teams of programmers and users who constantly reworked the software. His most controversial and attention grabbing notion demanded that the programmers work in pairs sharing one computer, one mouse and one keyboard. The constant interaction forced everyone to actually communicate with each other without sending emails and that, more than anything else, may be responsible for the success of his vision. His book spawned a few others on how programmers can plan to apply his vision.

Meanwhile, on the other side of the buzzword galaxy, the Apache group was quietly creating some of the coolest Java development and deployment tools around. Ant was and still is one of the most revolutionary, even though it was just a simple reworking of the classic UNIX make command. Its creator, James Davidson, grew so frustrated with the shell interface of the make command that he wrote a Java-centric version that moved all of the compilation, compression, and distribution inside one Java process. Now, no one has to wait for another Java Virtual Machine to start up to compile each class file independently.

While Davidson's Ant isn't much different than make at first glance, it's hard to overestimate the power of giving programmers a clever tool with plenty of hooks into the development process. Anyone can write new tasks for Ant, and some clever folks have built great new widgets that do things like enforce style guidelines or grab new code from a CVS tree. The structure of Ant lets the programmer dig deeply into the build process. The organic growth and dynamic flexibility shows how close Java can be to Lisp.

Tilly and Burke do a good job capturing the spirit of the tool. Their book follows O'Reilly's time-tested and market-proven simple-examples technique to illustrate how to use Ant for your projects. The chapters in the first half of the book outline how to use and extend Ant for your project. The strength of the book may be the way the authors casually include practical advice about the bugs and idiosyncracies of the tool. While Ant is quite capable, there are a number of little limitations to the XML parser that can drive new users a bit nuts. The second half of the book is a detailed description of the API, the data types and the other practical documentation.

In one sense, it's not really fair to lump this book in with all of this gloss about Extreme Programming. because it's just another methodical O'Reilly book with Dover artwork on the cover. It's important to realize that these tools aren't directly tied to the extreme programming movement. Ant was just created by a Java programmer who hated to wait. Everything else came afterwards when he opened the API.

Ant: The Definitive Guide author Jesse Tilly & Eric M. Burke pages 260 publisher O'Reilly rating 7 ISBN 0-597-00184-3 summary A methodical, in-depth look at the Java tool.

The other book, however, explicitly illustrates how some popular open source tools can help the process of extreme programming. Hightower and Lesiecki's book is much broader than Tilly and Burke's because they want to tackle so much more. They don't want to just provide a missing manual for the tool-- they want to give the world a road map on how they use Ant and its cousins JUnit, HTTPUnit, and Cactus to build better applications. It should be noted that Hightower and Lesiecki work for a consulting group called eBlox and a number of other eBlox programmers are listed as contributors to the book. I think it's fair to say that anyone who hires eBlox will get eXtreme Programming results built with this methodology.

The best part about this book is the wide scope. Ant remains the central taskmaster responsible for building the software, but the book explains how to incorporate other tools for testing the software. The authors embrace one of the extreme programming central beliefs that programmers should define how to test their code before it is actually written. The book explains how to use JUnit, Cactus, and HTTPUnit to set up rules to test every class file. After ANT fires up the compiler, it turns around and runs the tests on the code.

Java Tools for eXtreme Programming author Richard Hightower and Nicholas Lesiecki pages 513 publisher John Wiley and Sons rating 7 ISBN 0-471-20708-X summary How to use some Java tools to transform extreme programming theory into reality.

I don't think that eXtreme Programming or any of these tools is the last word on the subject. The biggest problem is that testing a piece of code is guaranteed to be fairly rudimentary. No programmer can come up with test cases to push all of buttons in all possible combinations. The structure and discipline provided by this approach can help, but the book makes it clear that no amount of pairs programming or extremism will remove the need for the guidance of good programmers.

If anything these tools and the books about them should serve as inspiration for the next round of tools even more focused on extreme programming. The tools are impressive, but there is plenty of room for more innovation. None of them is aimed at explicitly coordinating the work of multiple developers and none of them is designed to provide much structure to the refactoring process. These areas are still very much arts, but there's no reason why tool suites like Ant can't evolve some rational approach to solving them. Perhaps the Slashdot audience can provide some informative postings with pointers to the next generation of cool tools.

Hightower and Lesiecki's book feels a bit more rudimentary and basic than Tilly and Burke's, in part because they cover so much more ground. Although their book is broader, it doesn't go into as much depth about Ant as Tilly and Burke's. The examples are simpler, too, and Hightower and Liesiecki seem mainly interested in getting you excited about building and testing software with the tools. There just isn't as much room for details. If you're interested in learning as much as you can about Ant, choose the book devoted to it. If you want to learn how to use a diverse set of tools to build and test your program in an extreme way, go for that book.

Peter Wayner blends the buzzwords of security, privacy, and data warehousing together in his latest book, Translucent Databases. It shows how to ensure that only the right people see the right information and the wrong people get nothing. His other new book, Disappearing Cryptography, mixes the buzzwords of being, nothingness, steganography, and cryptography. You can purchase both Ant: The Definitive Guide and Java Tools for eXtreme Programming from bn.com. Slashdot welcomes readers' book reviews -- to submit yours, read the book review guidelines, then hit the submission page.