Slashdot Mirror

← Back to Domains

Domain: apress.com

Stories and comments across the archive that link to apress.com.

Stories · 30

  1. Book Review: Definitive Guide To Drupal 7

    Books · · posted by samzenpus · from the read-all-about-it dept. · 55 comments
    Michael J. Ross writes "Most computer and web programming books are written entirely by a single author, while the remaining are written by more authors, typically with each one tackling several chapters. The latter approach can suffer from redundant material undetected by editors, and inconsistency in the writing style from one chapter to the next. Yet it offers the significant advantage that the subject matter of each chapter can be presented by an authority on that topic — who can focus on making that explication the best possible, without the burden of completing an entire book. That was one of my first thoughts (and hopes) when hefting the 1112 pages and 4.1 pounds of the Definitive Guide to Drupal 7." Read on for the rest of Michael's review. Definitive Guide to Drupal 7 author A cast of thousands. pages 1112 pages publisher Apress rating 8/10 reviewer Michael J. Ross ISBN 978-1430231356 summary A wide-ranging exploration of the latest version of Drupal. This tome was published on 19 July 2011, under the ISBN 978-1430231356, by Apress (who kindly provided a review copy). As of this writing, it appears to be the longest Drupal book in existence — more than 400 pages longer than the nearest two contenders. Fortunately, no single author ended up in an insane asylum as a consequence of trying to write such an extensive work on his own. Rather, this book is largely due to the efforts of 34 writers in total — more specifically, 30 authors (listed on the front cover, roughly in descending order of how many of the pages they wrote) and four more contributors (added to the list on the title page). This may be a new record in technical book publishing. The entire authorial crew won't be listed here, but it should be mentioned that Benjamin Melançon was the lead author, and contributed to many of the chapters.

    The book's material is organized into 38 chapters and nine appendices — all grouped into eight parts: Getting Started, Site Building Foundations, Making Your Life Easier, Front-End Development, Back-End Development, Advanced Site-Building Topics, Drupal Community, and Appendix. The chapter and appendix titles won't be listed here, but can be found on the publisher's book page, which also offers a description of the book, a section for reported errata (none as of this writing), links to purchase the print and electronic versions of the book, and a downloadable archive of the source code. Unfortunately, the code is apparently available only as a Git repository, and thus is inaccessible if you cannot — or do not want to — install Git on your computer. Consequently, it would be more difficult for such a reader to follow along and implement the example code while reading the book.

    The authors have created their own website for the book, where visitors can sign up for e-mail notification of updates and free chapters, view a chapter outline (which features some bonus material), see author photos and bios, offer suggested changes for future editions, and learn of reported errata (three, at this time). Throughout the book, readers are told to access that site for additional information related to the chapters' topics; yet there does not appear to be any such information, even after registering a new account and logging in. This will be most disappointing in those cases where the reader is enticed by the promise of valuable information, only to find that it is absent. The authors state (page lv) that there are forums, one per chapter; but those do not yet exist. In general, there seems to be a huge disconnect between that website and the claims made in the book as to what extra material readers will find there.

    The book begins with some introductory material, consisting of three mini-chapters: "What's New in Drupal 7" briefly describes some of the terrific improvements over version 6. "How to Use the Book" reassures the prospective reader that the book "does not presume any specific prior curriculum", although this seems inconsistent with the back cover's user level of "Intermediate-Advanced". Also, readers may be perplexed by the claim that the URL path admin/people/permissions/rules will go to admin/help (page lv). The last section, "How Drupal Works", oddly does not explain how Drupal works, but instead discusses some common terms and the typical phases of a website development project.

    The first part of the book comprises two chapters, the first of which has the promising title of "Building a Drupal 7 Site", and provides a cursory summary of site planning, wireframing, Drupal installation, the Administration menu, the Shortcut toolbar, color schemes, and modules. The chapter continues with sections on content types, blocks, taxonomy, and other key concepts — all grouped under the chapter head "Allowing People to Register and Log in with OpenID", even though those topics are unrelated to OpenID. All of the chapter's topics are illustrated by stepping the reader through building, from scratch, the beginnings of the Drupal 7 website — namely, one similar to the authors' site mentioned earlier. Unfortunately, some of the instruction in the book does not match the actual website design, e.g., no introductory text (page 20). Readers may be amused by the tip on page 11, which refers to "the remaining 800 pages of the book". Perhaps the remaining 1101 pages can be chalked up to scope creep! The second chapter explains the basics of how to install and use Drush and Git, but not for Windows users. Readers should find the material instructive and consistent, except for the claim that Git is "easy(ish)" even though "getting the hang of Git [is] a lifelong learning process".

    The half dozen chapters that compose Part II first introduce some of the most commonly-used Drupal modules, with extensive coverage of Views and later Organic Groups. A couple chapters explain how to keep one's site secure, partly by updating Drupal core and modules. The last chapter continues the development of the example site, using modules presented earlier. All of these chapters' narrative is valuable, although a couple pronouncements are too severe (e.g., "User input is evil", on page 127); but overall the advice is well warranted. Yet the chapter that will most likely aggravate readers is the eighth one. It seems to presume that the reader's test site was not affected by the exercises of the previous chapters, such as the Organic Groups. Secondly, some key information is incorrect, e.g., "Content: Image" (page 159) should be "Content: Headshot". Lastly, the authors refer to items not yet created as though they were, e.g., a "Table of Contents" menu link, an "Outline of Chapters" menu, and a "Twitter" field (pages 162-164). Unfortunately, the effects of all these problems compound, and, combined with the changes in Views since Drupal 7.0, make it increasingly difficult to follow along and implement the instructions.

    Part III offers another half dozen chapters, in this case devoted to higher-level, less technical matters — specifically, how to: best participate in the Drupal community, plan and manage a Drupal-based project, craft effective documentation for your sites' end users and support staff, set up a workable Drupal development environment, launch and back up a new website, and stay sane while doing all of this. The information presented is worthwhile, with only a couple peculiarities: Firstly, why is the book organized so that some technical information is presented in the early chapters, as well as later chapters, while a group of "softer" topics are sandwiched in between? Secondly, for Chapter 12, why is the reader told, halfway through the chapter, that she will need "A computer able to connect to the Internet" and "An Internet connection" (page 233)? No one who has worked through the preceding dozen chapters needs to be reminded of this. Perhaps this chapter, on how to set up a development environment, should be made an appendix, as was the other installation and setup topics (Appendices F-I).

    The next few chapters, Part IV, explore front-end development — namely, theming and jQuery. The first two chapters were penned by Jacine Luisi, who heads up the HTML5 initiative for Drupal 8. Readers learn about Drupal's core themes, theme engines, theme administration, metadata files, regions, layout, template files, global template variables, theme functions and hooks, preprocess and process functions, render arrays, theming forms, and more. The discussion is competent and thorough, as well as comprehensible, aside from the repeated use of the verb "print" to apparently mean "display". Chapter 17 demonstrates the use of JavaScript and jQuery in Drupal, and finishes by showing how to use jQuery UI to implement animations, such as accordions and progress bars.

    Part V, "Back-End Development", comprises seven chapters that explain how to develop custom Drupal modules using the APIs. Because they provide an introduction to Drupal's system of hooks and overrides, they probably should have been located before the earlier chapters on theming, which rely upon those features of Drupal. Regardless, Chapters 18-20, by Benjamin Melançon, attempt to demystify the key topics in module development. Because this subject area is so critical to real-world Drupal development, and because the concepts can be quite intimidating to neophytes, any presentation of it must proceed at a reasonable pace, with clear explanation of how each aspect relates to the next. Like similar discussions in other Drupal books, this one begins quite approachable, but becomes more daunting, with a few places where readers will likely be perplexed — such as the hook_form_alter() discussion (page 411), which doesn't seem to match the resultant HTML. Yet this is such a challenging subject area that entire books have been devoted to it, and this one ventures into areas untouched by other books, such as how to create new database tables. Drupal coding standards are presented, although apparently not always followed in the example code (e.g., preceding internal function names with underscores). Part V is rounded out with chapters on porting modules to Drupal 7, writing "glue" modules, performing functional testing, and writing extendable/API modules.

    Part VI, "Advanced Site-Building Topics", consists of ten chapters covering a variety of topics: building an online store using Commerce module (authored by the project's founder and lead, Ryan Szrama); Drush (which overlaps with Chapter 2); caching and storage mechanisms (MySQL and MongoDB); RDFa and the Semantic Web; Drupal's routing system; Drupal's internal operations for presenting a requested page; Solr module; UX enhancements in Drupal 7; completing the book's website; and Drupal distributions. All of the information and guidance appears correct, except for a couple problems: The instructions (page 568) to install Commerce Physical Product module, which does not have a Drupal 7 release, as of this writing, and certainly as of the book's publication date. Drune is a music player used as an example throughout Chapter 34, but its website, drune.org (pages 805 and 817), appears to be dead at this time.

    Throughout this book, one will find a strong sense of community, with frequent encouragement for the reader to participate and contribute. This is evidenced by Part VII, which comprises four chapters that present: Drupal's history, how to make a living as a Drupal developer, how to maintain a contributed project, and further thoughts on how to contribute to the overall Drupal community. The book concludes with Part VIII, consisting of nine appendices, most of which focus on how to install Drupal on various platforms. This part is strangely titled "Appendix", yet contains multiple appendices (more scope creep?).

    Given the somewhat stunning length of this book, its multitude of authors, and its wide coverage of most aspects of Drupal, it should be expected that the book has both strengths and weaknesses. Consider first that latter category. The authors and publisher should have sought ways to reduce the length of the book. For instance, the overview of PHP in Chapter 18 is not needed for this book's audience, and could be replaced by references to outside, more-detailed resources. The same is true of the section on Drupal coding standards. The book does not need to be made any longer than it already is, without good reason. Speaking of which, most of the longer chapters end with summaries, which are not worth the extra space taken up. Drupal's hook system is explained in at least three different chapters, and Git in two. The many authors should have been aware of this, had they been referencing the book's website, which was presumably built before the text describing it was written. Furthermore, the publisher and its chosen technical reviewers should have also spotted this.

    The remarkably large number of authors is probably the primary reason for the book's noticeable unevenness, from one chapter to the next, in the quality of the writing — including the clarity of the explanations, which is arguably the most important factor. In a book written by advanced Drupal developers, it is to be expected that they will use Drupal-specific terminology. That is fine, but such terms should be defined at least once, before encountered by any readers unfamiliar with them. For instance, page xxxv alone mentions "d.o", "D8", and "contrib" — all meaningless to someone learning Drupal. There are places in the text where the descriptions do not match the corresponding screenshots (e.g., the "Required field" on page 18), and where, in the narrative, the lack of quotation marks around field labels makes it jarring and difficult to understand (e.g., throughout Chapter 8). There are some inconsistencies in spelling (e.g., "web site" and "website", even in the same sentence, on page lii), some inconsistencies in italicizing menu links (e.g., page 13), some misused phrases (e.g., "cannot be understated", on pages lix and 225, when "cannot be overstated" was called for), some baffling allusions (e.g., "aiee-the-alligator-is-going-to-get-me", on page 492), curly quotes in the code (e.g., pages 277 and 356-9), a repeated paragraph (page 507), an oxymoron ("libertarian communism"; xlvi), and the obligatory conflation of "depreciated" and "deprecated" (page 495) found in countless programming books.

    This book contains numerous errata: "co-maintainer [f]or Drupal 7" (page xxxiv), "and." (xxxv), "bi-lingual" (xxxviii), "able [to] handle" (xlix), "don' think" (lv), "criteria[:] type" (lviii), "able [to] fill" (11), "th[r]ough the" (14), "an a" (19), "ask question questions" (29), "install [the] X-ray" (38), "You [] requests nuggets" (49), "you want to you" (56), "on [the] system" (57), "menu of option[s]" (57), "Rather [than] saving" (57), "menu(" (58), "you[r] Views" (59), "These setting[s]" (61), "that what" (66; should read "than what"), "might for use" (67), "you would chose" (67), "the next sort criteria" (67; should read "the next sort criterion"), "by click[ing]" (74), "you are make" (85), and "have [to] click" (85). At this point, not even 8% of the way in, I stopped recording them — although an amusing one is worth mentioning: "gather shook information" (452). Lastly, how did "Drurpal.org" (854) make it past the spelling check? It turns out that the entire book is peppered with such errors, and that first batch was merely the beginning. It is difficult to believe that so many obvious errata could have made it through any professional copy editing process.

    Readers who are following along, and likely using the latest version of Drupal (7.8 as of this writing), will notice some differences between what they see on their screens and what is shown in the book's screenshots — most if not all of which are based upon Drupal 7.0. This is especially noticeable in Chapter 3, which covers Views, a module affected by ongoing enhancement. For instance, Views exporter submodule (page 52) is now gone; "Access all views" (page 53) has been altered; "Display Status" (page 62) is gone; there are no broken link icons to indicate overrides; "views/edit" (in the URL, page 71) is now "views/view"; and the Fields configuration dialog (page 75) is different. Fortunately, none of these cases of obsolescence should have any impact on the value of the information as a whole.

    On the positive side of the ledger, this book offers much to be commended. As with any worthwhile programming book, this one makes extensive use of code snippets and screenshots to illustrate concepts discussed. These appear to be correct, except in the flowchart of Figure 30-3, where the conditional symbol's arrows are missing values. The text contains some welcome humor (e.g., a kittens photo request, on page 43) and some apt phrases (e.g., Permission module's "wall of checkboxes", on page 156). Some of the chapters were written by the contrib module developers/maintainers, i.e., those who arguably know those modules best. This is unique among the growing list of Drupal books, in that it devotes entire chapters to topics neglected by its competitors — such as documentation, installation profiles, module porting, Drush, Git, and working profitably as a Drupal professional. Some of this information emphasizes the value of project management (both for your individual projects, and Drupal as a whole).

    On balance, the pluses outweigh the minuses. The book has a lot of good information, and many of the problems stem from sloppy writing that should have been caught by the publisher's editing team. It may not be the best source for some key subject areas, such as security or site building options. But if you seek a sole source that offers more information in total, then this is your book. For some topics — such as upgrading Drupal, crafting and testing modules, building installation profiles, and the inner secrets of the menu system — it goes into far more detail than any other. Definitive Guide to Drupal 7 is an impressive attempt to be just that, and no other single book currently matches it.

    Michael J. Ross is a freelance web developer and writer.

    You can purchase Definitive Guide to Drupal 7 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  2. Book Review: Pro Drupal 7 Development, Third Edition

    Books · · posted by samzenpus · from the read-all-about-it dept. · 74 comments
    Michael J. Ross writes "With the growing interest in Drupal as a platform for developing websites, the number of books devoted to this CMS has increased from a handful to now several dozen. Consequently, intermediate and advanced Drupal programmers may wonder which one of those books would be their best choice as a single resource for learning how to create custom Drupal modules and themes. Ever since its first edition in April 2007, the Pro Drupal Development series from Apress is more frequently cited as the best candidate than any other." Keep reading for the rest of Michael's review. Pro Drupal 7 Development, Third Edition author Todd Tomlinson and John K. VanDyke pages 720 pages publisher Apress rating 9/10 reviewer Michael J. Ross ISBN 978-1430228387 summary A thorough guide to module building for intermediate to advanced Drupal coders. In its third edition, Pro Drupal 7 Development is now helmed by Todd Tomlinson and John K. VanDyke, and again features a forward by Dries Buytaert, the founder and project lead of Drupal. This edition was published on 29 December 2010 under the ISBN 978-1430228387. The publisher offers a fairly sparse Web page for the book, containing a brief description, the source code used in the book, a page for errata (several reported), links to purchase both the print and electronic versions (oddly, with no bundle discount), and a section for author information, which currently has no entries. At 720 pages, it is the longest Drupal book on the market, as of this writing (and should remain so until the scheduled release of Wiley's Drupal 7 Bible). Yet Pro Drupal 7 Development is not terribly thick, probably because its paper appears to be thinner than that typically used for programming books. Although this allows the text on the other side of each page to show through slightly (and no doubt unintentionally), it generally does not pose a problem, but would have if a paper any thinner had been chosen.

    The book's material is organized into 25 chapters and two appendices, covering numerous topics: Drupal infrastructure, including requisite Web technologies; module development basics; hooks, actions, and triggers; the menu, database, user, node, field, and theme systems; blocks; the form API; the filter system; searching and indexing content; file management; taxonomy and vocabularies; caching; sessions; jQuery; localization, internationalization, and content translation; XML-RPC; how to develop secure code and other best practices; site optimization; installation profiles; testing; Drupal database reference; and other resources. Given the sizable number of chapters and topics explored in this book, it would be impractical to attempt to provide any sort of full synopsis in this review. Instead we will focus more attention on those topics that will be of greater importance to Drupal developers (a phrase used to distinguish them from any Drupal site builders who do not create their own modules or modify existing ones).

    The subject matter presented first — how to structure module code and make use of Drupal's hook system, as well as actions and triggers — is essential reading for anyone new to these topics (but presumably could be skipped by any veteran programmer familiar with them from earlier versions of Drupal). Most readers should find that there is sufficient information provided to understand the concepts and/or the code being presented, but there are a few exceptions: For instance, on page 22, the narrative refers to only a single node, but the code in annotate_node_load() suggests multiple nodes are being processed. Also, readers following along by implementing the example code, will likely be frustrated that the action "Beep multiple times" is not displayed in their own "Trigger: After saving new content" list box (page 42). Fortunately, these are the exceptions, because the authors present the ideas at a measured pace, with sufficient groundwork so readers will not become lost.

    An understanding of Drupal's powerful hook system, is a necessary foundation for learning the concepts that form the heart of this book — namely, the menu, database, user, node, field, theme, block, and form systems (often referred to as the Drupal APIs). The presentation of the ideas is done in a methodical fashion, with plenty of example code and screenshots. Readers who patiently work their way through the material — particularly if they try to get the code working in their own Drupal environments, and perhaps even experiment with variations — will likely find it a time-consuming process, yet they will be richly rewarded for their efforts. The only blemishes are the several places in the text where there is a mismatch between the narrative and the code, or between the code and a screenshot. Several examples should suffice: The menufun_hello() function on page 67 is missing code for the two @from variables. Page 76 refers to a mysterious "second parameter, $b." The $items code on page 77 is close to what is in Drupal 6's user.module, but is nothing like Drupal 7's. Remarkably, "%index" appears in a section head (page 79) but nowhere in the text. The pager display code (on page 96) is missing "$result = $query->execute();." A "module named dbtest" (page 111) doesn't seem to exist.

    The topics covered next in the book generally go beyond the Drupal APIs, and are much more diverse. Readers will learn how to filter user input, as well as how to allow users to search a site's content, upload files, and characterize nodes using terms from taxonomy vocabularies. Incidentally, the chapter on caching would have been better positioned just before the chapter on optimizing Drupal's performance, since the two areas are so closely related. Yet both are invaluable for minimizing the page load times for any substantial Drupal-based site. The authors show how, within Drupal modules, to utilize jQuery and XML-RPC. The chapter devoted to localization and translation — a subject growing in importance as sites go multilingual — is quite thorough.

    The last five chapters of the book address topics that can help anyone become a better Drupal developer: code and form input security, programming best practices, Drupal site optimization, installation profiles, and testing techniques. Even though the authors provide a full chapter on Drupal programming best practices, there are similar nuggets of wisdom sprinkled throughout the other chapters — evidence of the authors' deep experience writing Drupal code, and seeing the pitfalls. The book's two appendices consist of a Drupal database reference, which describes all of the tables and their columns, and a summary of Drupal resources aside from the book, including user groups. The book concludes with an index that is missing some key concepts (e.g., permissions and roles), and would have been able to include more entries if the publisher had not chosen to use an unnecessarily large font and line height.

    Each chapter concludes with a brief summary, and all of these summaries provide no value and should be dropped from any future editions. For each one of the items labeled "Note" (scattered throughout the book), if it repeats information mentioned in the text (some just a couple sentences earlier), then it should be excised; otherwise, the information should be folded into the text. The book's narrative could be improved in other ways: There are a number of instances where the authors refer to particular lines of code in the example code, and it would have been most convenient for the reader had line numbers been used. Module names are often incorrectly presented in all lowercase (e.g., page 13). Occasionally some phrases or acronyms should have been explained (or not used), such as "HA companies" (page xxix). On the plus side, the material is occasionally livened up with some welcome humor, such as the devilish functionality of "Evil Bob's Forum BonusPak" (page 14) and some equally devilish deadly pets (page 282). At first, readers may chuckle at the phrase "Drupal's legendary snappiness" (page 499), but evidently the authors were not being facetious.

    The example code sprinkled throughout the chapters is especially helpful to the reader, and there are only a few places where the code does not match the narrative, or the code is incorrect in some other way (aside from those instances mentioned above): The text on page 14 neglected "annotate.admin.inc"; and in the listing for annotate.info, the "configure" path should not include "content/." In the discussion on paged display (on page 96), "clicking on 5 would take the visitor to rows" 41 through 50, and not "51 through 60." The code on pages 147 and 149 erroneously refers to "punchline" and a joke node type in job_node_access(). On page 355, field_tags is identified as field_geographic_location. The contents of the files in the downloadable source code do not always match what is seen in the book, starting with annotate.info (page 14) and annotate_admin_settings_submit() (page 20). Even worse, the source code for Chapters 3-6, 12, 13, 15-17, 19-22, 24, and 25 is missing completely.

    There are numerous other, more simple errata: "-sites" (page 8), "an[d] installing" (9), "/q=node/3" (10; missing the '?'), "modules /" (17), "[the module] removes" (19), "hooks key" (45; should read "triggers key"), "beep_multiple_.beep_.action()" (49), "end" (55; should read "beginning"), "to [the] module" (61), curly quotes in code (63, 67, 190, etc.), "%user_uid_only_optional" (77), "function_menufun_menu()" (79), "product" (98; should read "produce"), "lower-case" (111), "users signature" (117), "[the] time" (118), "themeing" (153), "secondary" (190), "to and an" (308), "php", "class. the", and "apis" (all on page 323), and "pave" (409). At that point, I stopped recording the errata. Most if not all of these errors should have been spotted in the book's technical review process, assuming they were not introduced after the reviews were done.

    For computer programming books, information presented outside of the narrative — such as figures and example source code — can either greatly enhance the reader's experience, or undermine it. In Pro Drupal 7 Development, the diagrams and screenshots are relatively few in number, yet are used effectively, with only a few errors: The caption for Figure 3-8 appears to be incorrect, as is the URL in Figure 4-5. Figure 5-1 contains an erroneous "$database". Table 17-1 is missing a row for uid 0. The screenshots in Figures 19-1 and 19-2 are quite fuzzy and difficult to read.

    A few comments on the book's physical design and production are called for: In the review copy that the publisher kindly sent me, the first text block signature consists of only the first two leaves. As a consequence, that signature had almost no glue holding it into the binding, and had already started to separate from the binding. The production team should have anticipated this sort of problem; but it may have been a choice driven by pending changes to the title and/or copyright pages.

    Fortunately, none of the above flaws are significant compared to the wealth of information provided by this book. Pro Drupal 7 Development clearly demonstrates why, in the minds of countless Drupal developers, this series is the gold standard for learning the inner workings of Drupal, and how to utilize them for building custom modules.

    Michael J. Ross is a freelance website developer and writer.

    You can purchase Pro Drupal 7 Development, Third Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  3. Book Review: Pro Drupal 7 Development, Third Edition

    Books · · posted by samzenpus · from the read-all-about-it dept. · 74 comments
    Michael J. Ross writes "With the growing interest in Drupal as a platform for developing websites, the number of books devoted to this CMS has increased from a handful to now several dozen. Consequently, intermediate and advanced Drupal programmers may wonder which one of those books would be their best choice as a single resource for learning how to create custom Drupal modules and themes. Ever since its first edition in April 2007, the Pro Drupal Development series from Apress is more frequently cited as the best candidate than any other." Keep reading for the rest of Michael's review. Pro Drupal 7 Development, Third Edition author Todd Tomlinson and John K. VanDyke pages 720 pages publisher Apress rating 9/10 reviewer Michael J. Ross ISBN 978-1430228387 summary A thorough guide to module building for intermediate to advanced Drupal coders. In its third edition, Pro Drupal 7 Development is now helmed by Todd Tomlinson and John K. VanDyke, and again features a forward by Dries Buytaert, the founder and project lead of Drupal. This edition was published on 29 December 2010 under the ISBN 978-1430228387. The publisher offers a fairly sparse Web page for the book, containing a brief description, the source code used in the book, a page for errata (several reported), links to purchase both the print and electronic versions (oddly, with no bundle discount), and a section for author information, which currently has no entries. At 720 pages, it is the longest Drupal book on the market, as of this writing (and should remain so until the scheduled release of Wiley's Drupal 7 Bible). Yet Pro Drupal 7 Development is not terribly thick, probably because its paper appears to be thinner than that typically used for programming books. Although this allows the text on the other side of each page to show through slightly (and no doubt unintentionally), it generally does not pose a problem, but would have if a paper any thinner had been chosen.

    The book's material is organized into 25 chapters and two appendices, covering numerous topics: Drupal infrastructure, including requisite Web technologies; module development basics; hooks, actions, and triggers; the menu, database, user, node, field, and theme systems; blocks; the form API; the filter system; searching and indexing content; file management; taxonomy and vocabularies; caching; sessions; jQuery; localization, internationalization, and content translation; XML-RPC; how to develop secure code and other best practices; site optimization; installation profiles; testing; Drupal database reference; and other resources. Given the sizable number of chapters and topics explored in this book, it would be impractical to attempt to provide any sort of full synopsis in this review. Instead we will focus more attention on those topics that will be of greater importance to Drupal developers (a phrase used to distinguish them from any Drupal site builders who do not create their own modules or modify existing ones).

    The subject matter presented first — how to structure module code and make use of Drupal's hook system, as well as actions and triggers — is essential reading for anyone new to these topics (but presumably could be skipped by any veteran programmer familiar with them from earlier versions of Drupal). Most readers should find that there is sufficient information provided to understand the concepts and/or the code being presented, but there are a few exceptions: For instance, on page 22, the narrative refers to only a single node, but the code in annotate_node_load() suggests multiple nodes are being processed. Also, readers following along by implementing the example code, will likely be frustrated that the action "Beep multiple times" is not displayed in their own "Trigger: After saving new content" list box (page 42). Fortunately, these are the exceptions, because the authors present the ideas at a measured pace, with sufficient groundwork so readers will not become lost.

    An understanding of Drupal's powerful hook system, is a necessary foundation for learning the concepts that form the heart of this book — namely, the menu, database, user, node, field, theme, block, and form systems (often referred to as the Drupal APIs). The presentation of the ideas is done in a methodical fashion, with plenty of example code and screenshots. Readers who patiently work their way through the material — particularly if they try to get the code working in their own Drupal environments, and perhaps even experiment with variations — will likely find it a time-consuming process, yet they will be richly rewarded for their efforts. The only blemishes are the several places in the text where there is a mismatch between the narrative and the code, or between the code and a screenshot. Several examples should suffice: The menufun_hello() function on page 67 is missing code for the two @from variables. Page 76 refers to a mysterious "second parameter, $b." The $items code on page 77 is close to what is in Drupal 6's user.module, but is nothing like Drupal 7's. Remarkably, "%index" appears in a section head (page 79) but nowhere in the text. The pager display code (on page 96) is missing "$result = $query->execute();." A "module named dbtest" (page 111) doesn't seem to exist.

    The topics covered next in the book generally go beyond the Drupal APIs, and are much more diverse. Readers will learn how to filter user input, as well as how to allow users to search a site's content, upload files, and characterize nodes using terms from taxonomy vocabularies. Incidentally, the chapter on caching would have been better positioned just before the chapter on optimizing Drupal's performance, since the two areas are so closely related. Yet both are invaluable for minimizing the page load times for any substantial Drupal-based site. The authors show how, within Drupal modules, to utilize jQuery and XML-RPC. The chapter devoted to localization and translation — a subject growing in importance as sites go multilingual — is quite thorough.

    The last five chapters of the book address topics that can help anyone become a better Drupal developer: code and form input security, programming best practices, Drupal site optimization, installation profiles, and testing techniques. Even though the authors provide a full chapter on Drupal programming best practices, there are similar nuggets of wisdom sprinkled throughout the other chapters — evidence of the authors' deep experience writing Drupal code, and seeing the pitfalls. The book's two appendices consist of a Drupal database reference, which describes all of the tables and their columns, and a summary of Drupal resources aside from the book, including user groups. The book concludes with an index that is missing some key concepts (e.g., permissions and roles), and would have been able to include more entries if the publisher had not chosen to use an unnecessarily large font and line height.

    Each chapter concludes with a brief summary, and all of these summaries provide no value and should be dropped from any future editions. For each one of the items labeled "Note" (scattered throughout the book), if it repeats information mentioned in the text (some just a couple sentences earlier), then it should be excised; otherwise, the information should be folded into the text. The book's narrative could be improved in other ways: There are a number of instances where the authors refer to particular lines of code in the example code, and it would have been most convenient for the reader had line numbers been used. Module names are often incorrectly presented in all lowercase (e.g., page 13). Occasionally some phrases or acronyms should have been explained (or not used), such as "HA companies" (page xxix). On the plus side, the material is occasionally livened up with some welcome humor, such as the devilish functionality of "Evil Bob's Forum BonusPak" (page 14) and some equally devilish deadly pets (page 282). At first, readers may chuckle at the phrase "Drupal's legendary snappiness" (page 499), but evidently the authors were not being facetious.

    The example code sprinkled throughout the chapters is especially helpful to the reader, and there are only a few places where the code does not match the narrative, or the code is incorrect in some other way (aside from those instances mentioned above): The text on page 14 neglected "annotate.admin.inc"; and in the listing for annotate.info, the "configure" path should not include "content/." In the discussion on paged display (on page 96), "clicking on 5 would take the visitor to rows" 41 through 50, and not "51 through 60." The code on pages 147 and 149 erroneously refers to "punchline" and a joke node type in job_node_access(). On page 355, field_tags is identified as field_geographic_location. The contents of the files in the downloadable source code do not always match what is seen in the book, starting with annotate.info (page 14) and annotate_admin_settings_submit() (page 20). Even worse, the source code for Chapters 3-6, 12, 13, 15-17, 19-22, 24, and 25 is missing completely.

    There are numerous other, more simple errata: "-sites" (page 8), "an[d] installing" (9), "/q=node/3" (10; missing the '?'), "modules /" (17), "[the module] removes" (19), "hooks key" (45; should read "triggers key"), "beep_multiple_.beep_.action()" (49), "end" (55; should read "beginning"), "to [the] module" (61), curly quotes in code (63, 67, 190, etc.), "%user_uid_only_optional" (77), "function_menufun_menu()" (79), "product" (98; should read "produce"), "lower-case" (111), "users signature" (117), "[the] time" (118), "themeing" (153), "secondary" (190), "to and an" (308), "php", "class. the", and "apis" (all on page 323), and "pave" (409). At that point, I stopped recording the errata. Most if not all of these errors should have been spotted in the book's technical review process, assuming they were not introduced after the reviews were done.

    For computer programming books, information presented outside of the narrative — such as figures and example source code — can either greatly enhance the reader's experience, or undermine it. In Pro Drupal 7 Development, the diagrams and screenshots are relatively few in number, yet are used effectively, with only a few errors: The caption for Figure 3-8 appears to be incorrect, as is the URL in Figure 4-5. Figure 5-1 contains an erroneous "$database". Table 17-1 is missing a row for uid 0. The screenshots in Figures 19-1 and 19-2 are quite fuzzy and difficult to read.

    A few comments on the book's physical design and production are called for: In the review copy that the publisher kindly sent me, the first text block signature consists of only the first two leaves. As a consequence, that signature had almost no glue holding it into the binding, and had already started to separate from the binding. The production team should have anticipated this sort of problem; but it may have been a choice driven by pending changes to the title and/or copyright pages.

    Fortunately, none of the above flaws are significant compared to the wealth of information provided by this book. Pro Drupal 7 Development clearly demonstrates why, in the minds of countless Drupal developers, this series is the gold standard for learning the inner workings of Drupal, and how to utilize them for building custom modules.

    Michael J. Ross is a freelance website developer and writer.

    You can purchase Pro Drupal 7 Development, Third Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  4. Foundation Drupal 7

    Books · · posted by samzenpus · from the read-all-about-it dept. · 98 comments
    Michael J. Ross writes "Of all the better-known content management systems, Drupal is oftentimes criticized for having the steepest learning curve. Yet that would only be a valid charge as a result of Drupal's great power and flexibility — particularly in the hands of a knowledgeable Drupal developer. But how can the interested programmer begin gaining those skills, as quickly as possible? One approach is to read and work through the examples of an introductory book, such as Foundation Drupal 7, written by Robert J. Townsend (except for a chapter contributed by Stephanie Pakrul)." Read on for the rest of Michael's review. Foundation Drupal 7 author Robert J. Townsend pages 328 pages publisher friends of ED rating 6/10 reviewer Michael J. Ross ISBN 978-1430228080 summary A guide to getting started building websites using Drupal. The book was published on 15 December 2010, under the ISBN 978-1430228080, by "friends of ED", which is both a division of Apress and arguably a baffling name for a publisher's imprint. The book's material spans 328 pages, grouped into 12 chapters and four appendices. The publisher's page offers a description of the book, and a link for purchasing the e-book version. Visitors can also read a few dozen of the least interesting pages in the book, using a lame modal interface "powered" by Google Preview's book viewer system. As of this writing, the author's own site for the book appears to have no useful content. In fact, even a few weeks after the publication of the book, the site had no word as to how to use the site or even obtain an account, and there is nothing pertaining to that in the book. Now, it appears to be the beginnings of a demo site.

    The book's chapters can be loosely grouped into four parts: The first three chapters provide an overview of Drupal, and explain how to set up a local Web server, install Drupal 7 on it, and configure the new site. The material composes an adequate introduction, but there are some false statements readers should watch out for, such as: newly created blocks are added to nodes (page 15); "Drupal will not run on most inexpensive hosting plans" (pages 19 and 20); "server settings and update notifications must be configured" (page 35; actually, they are optional); "the default Garland theme" (pages 40 and 55; no longer true in Drupal 7); a block can be any shape (page 48; as long as it's a rectangle!). But the discussion on multisite setups — while likely intimidating for Drupal newbies — is well worth reading by anyone who has not yet tried running multiple sites from a single Drupal instance. However, the ."demo.d7" suffix (page 28) should have been explained. In the introduction, the author noted that the book is primarily intended for readers who have little or no experience with content management systems in general, and Drupal in particular. The early chapters hew to that approach, going so far as to briefly present the basics of databases — material that experienced programmers can safely skip.

    Node fields, content types, taxonomies, users, roles, permissions, and modules (both core and contributed) are key components in building a site with Drupal — and they are explicated in Chapters 4 through 7. The narrative is quite descriptive, and readers new to Drupal may find some of it tough going; but it will be worth their while to read through all of the material, at least once, while exercising their newfound knowledge on a test installation of Drupal 7. Most of the discussion is clear and straightforward, but a few spots will likely perplex readers, e.g., "all search fields are hidden by default when either search view node is enabled" (page 85; what search view nodes?). Also, on pages 69 and 87, the author advises readers to limit a system name to seven characters, but each example given exceeds that number. Such inconsistencies can prompt readers to begin questioning the author's advice and attention to detail. As a resource perhaps unique to this Drupal book, the sixth chapter explores the purpose and basic usage of most of the core modules not enabled by the standard installation. Drupal newcomers invariably wonder what contrib modules they should first be trying out and learning, and the author presents several of them in the seventh chapter, which includes a helpful comparison of using the Webform module versus nodes for collecting data from users.

    Nonprogrammer website creators — who must rely entirely upon the GUI of a content management system to build a site — are strongly influenced by the visual appeal of a CMS's built-in themes, and not necessarily its flexibility or other differentiating factors. (One can only speculate as to how many such people have chosen Joomla over Drupal based upon the former's more attractive default themes.) Thus, theming can be especially significant to non-technical Drupal site creators, and is covered in the next two chapters, the first of which was authored by Stephanie Pakrul. To illustrate the ideas discussed, she uses her own Vibe theme, which is a sub-theme of Fusion. Unfortunately, as of this writing, there are no releases of Vibe, so it is not clear how readers are expected to download it as instructed (on page 174). Consequently, readers won't be able to see on their own Drupal installations what she shows in the screenshots. This is just one more example of how this book appears to be unfinished. Some readers may become frustrated with the way that she often gives instructions but fails to identify the page on which to perform them. Also, the Skinr block settings shown in the book look nothing like what I am seeing using the latest versions of Fusion and Skinr, but that may be due to Vibe missing. Skinr's project page currently warns that it is not stable or functional for Drupal 7; this makes it a poor choice for a book aimed at beginners, who can be easily derailed by such problems. Several details are incorrect, e.g., the Firebug technique shown in Figure 8-14 does not use double-clicking, as stated, but simply mouse hover. Chapter 9 provides advice on using Photoshop and Illustrator CS5 for working with layouts, text, colors, and images in designing Drupal themes.

    The last three chapters discuss topics related to deploying a site. Chapter 10, "Going Live," presents the details of the author's strategy for using separate sites for development, staging, and production. This involves executing Linux commands on the command-line, and at one point even deleting the public_html directory and creating a symbolic link. It is easy to imagine readers being hesitant about doing so — especially in a client's account — and for such people, using only an FTP application might be more palatable, even if it takes extra time. The next chapter offers some valuable best practices for maintaining a production site, including techniques to be automatically notified when installed modules become out of date. The last chapter, "Translating Business Requirements to Drupal Functionality," may at first glance seem inappropriately placed at the end of the book, because shouldn't the developer analyze the client's business requirements before beginning any work on their future website? But this chapter does belong at the end, because most of its topics will make a lot more sense to the reader after she has learned the basics of a Drupal site. The only confusing aspect of this material is the author's recommendation to add 25 percent to both the amount of estimated time to complete a project and also one's hourly rate, with no explanation for the rate increase. Nonetheless, the chapter presents some worthy advice on how to be a more effective Drupal site builder.

    The book's four appendices briefly cover search engine optimization for Drupal sites; Drush (a command-line shell for Drupal); a survey of more than 50 useful contrib modules; and usage of the Views module to address some common query-building needs. Note that the Views carousel module — which is one of two image slideshow modules listed — was deprecated awhile ago.

    All of the chapters except the first are capped off with summaries, which add no value to the book and consist mostly of unneeded reminders that begin with "I talked about," "I then talked about," etc. One of the summaries (page 214) states that a particular website was used as an example, but it wasn't even mentioned in the chapter itself. A strength of the book is that there are plenty of screenshots throughout, and most of them are helpful. But their captions typically repeat information stated immediately before the figure, and thus add unnecessary text.

    Readers may become disappointed with an overall sense that the book was not crafted and edited properly, perhaps in a desire to rush it to market in order to cash in on the growing interest in Drupal and the release of Drupal 7. Any such urgency could account for the poor decisions in the production of the book. Some of the material appears unfinished, or at least unpolished. For instance, Chapter 1 ends quite abruptly, with no chapter summary, unlike all the others. The first part of a sentence on page 184 is completely missing.

    It is not always clear as to which problems are caused by the authors, and which by the publisher. As a minor example, many of the module names are incorrectly presented in all lowercase (especially in Chapters 6, 7, and 11), in some cases rather pointedly (e.g., "cck") and in others a bit confusingly when in mid-sentence (e.g., "views"). Was that the author being sloppy, or an overzealous copyeditor who did not realize that title case is appropriate for the proper names of the modules?

    Some of the problems could only originate from the author. There are countless instances of weird and perplexing instructions, such as "log on and log in" (page 266). On one page alone (127), readers will encounter "Make sure the configure it after saving if applicable" and "Configuration, Languages should be screen text style." There are numerous errata: "postgresql" (page xvii), "blog" (page 15; should read "block"), "minimum the PHP requirements" (21), "Drupal 7-1 to 7-2" (35), "ä" (60), "of [a] single" (68), "of [the] fields" (74), "per-configured" (76), "a decimal [point]" (77), "be round[ed]" (77), "by [a] user" (83), "how which fields" (85), "requires updated or not" (131), "delimeter" (163), "ie" (175), "This [is] where" (196), "comments are will" (198), "aka" (226, 270, and 278), "is usually means" (240), "site to bake" (243), and "described in earlier in the chapter" (248).

    The pace of explanation varies tremendously, from one section to the next. For instance, several paragraphs might discuss fundamental Drupal concepts slowly, with full explanations, and then only a page later the reader is entangled in fairly advanced topics, with little or no preparation. Many readers will find appealing the informal conversational style — although in a few instances the wording is unintentionally humorous, such as the phrase "most exciting" transformed into "most excitedly" (page xxi).

    Other problems can only be laid at the feet of the publisher, such as incorrectly bolded words, even for individual characters in words (e.g., pages 87, 110, 233). The publisher chose to use the smallest font of any technical book I've ever seen, and consequently people with vision limitations may have difficulty reading the text. Also, many of the screenshots are rather pale; in most cases this is not a problem, but some of the images look fuzzy. In contrast (no pun), the image in Figure 9-4 is an unreadable black rectangle containing a stack of smaller gray rectangles, and the background is effectively indiscernible. Readers will wonder how the production team let that obvious problem slip through the cracks. The image used for Figure 4-15 evidently had its right side chopped off. Several of the pages contain small gray and brown lines, dots, and splotches; but those blemishes may be limited to my copy of the book.

    Writing and releasing a book prior to the final release of the software, is always fraught with danger. Some of the Drupal-generated warning and error messages mentioned in the book differ from what would be seen using the final 7.0 version, which was not available to the author during the writing of the book. This is likely also the reason why the list of core modules (Table 1-1) is missing the Options module and includes the now-absent Profile module. But that would not explain why the critical System module is missing from the list. Also, the "Secondary menu" mentioned on page 56, is now gone, although secondary links are still part of Drupal 7. In terms of theming, the default site theme is Seven, and not the venerable Garland; also, the Minnelli theme (page 63) — Garland's fixed-width counterpart — was excluded from the final 7.0 release.

    In essence, this book was not well executed, and yet it has a lot of promise. A second edition — perhaps for Drupal 8 — could rectify most if not all of these problems. The author's passion for Drupal is evident and inspiring: He shares hard-won and sincere advice for avoiding disaster in working with clients and working on their websites. Also, he notes in the introduction that 10 percent of all profits from the book will be donated to the Drupal Association. Although it is in much need of polishing — and in some places a full overhaul — Foundation Drupal 7 provides information and guidance that would be helpful to anyone who wants to learn how to use Drupal for creating websites.

    Michael J. Ross is a freelance Web developer and writer.

    You can purchase Foundation Drupal 7 from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  5. Practical Django Projects

    News · Programming · · posted by samzenpus · from the read-all-about-it dept. · 151 comments
    Chromodromic writes "Apress's newest Django offering, Practical Django Projects by James Bennett, weighs in lightly at 224 pages of actual tutorial content, but trust me, they're dense pages. Filled with pragmatic examples which directly address the kinds of development issues you will encounter when first starting out with Django, this book makes an important addition to the aspiring Django developer's reference shelf. In particular, the book's emphasis on demonstrating best practices while building complete projects does an excellent job of accelerating an understanding of Django's most powerful features — in a realistic, pragmatic setting — and which a developer will be able to leverage in very short order." Read below for the rest of Greg's review. Practical Django Projects author James Bennett pages 256 publisher Apress rating 8/10 reviewer Greg McClure ISBN 1-59059-996-9 summary A practical introduction to the Pythonic Django web framework. This book serves an important function by providing progressive, useful examples of Django's role in the development of realistic projects. During the course of the tutorial you build three basic apps: A simple brochureware-oriented CMS, a complete blogging system (with Akismet spam protection and RSS feeds, among other features), and a social code-sharing site similar to that found at djangosnippets.org (with account signups, syntax highlighting via pygments, and bookmarking features — the whole enchilada). You may or may not find these projects immediately relevant to your work or goals, but the projects themselves are really just platforms for delving into Django's nooks and general philosophy. It's an important point to make about the book especially, because though Django itself provides potent facilities for creating reusable code while preserving a high degree of flexibility, "magic" is kept to a minimum compared to some other popular frameworks. It follows that maximizing your knowledge of Django's inner workings through familiar paradigms is critical to making the framework perform to your best advantage. The book excels at accomplishing this goal.

    Along these lines, a lot of territory is covered in a short span. You're introduced to a couple of Django's contrib apps — code which comes with a normal Django installation and which cleanly plugs into your own application while remaining extremely customizable. After being ushered through a straightforward installation and database configuration, your first exposure to development is through the contrib app most frequently lauded in the Djangoverse, Django's deservedly well known admin system. But immediately, emphasis is shifted from the basic features of the system to the ways it can be customized. This approach of introducing a feature and then modifying or extending it is repeated immediately with Django's Flatpages contrib app, a very basic CMS which, again, comes with Django and installs with a single line of code and one command.

    By the time you've finished the third chapter, you've built the foundation of a typical brochureware site, complete with a working search system and a completely functional customized admin with which you may modify your content using a javascript-based HTML editor (TinyMCE). Pretty impressive for 41 fast-moving pages.

    The strongest feature of the book, though, is not the speed or facility with which features are presented, but rather the way these features are always demonstrated with a mind to Django's strongest argument: how easy it is to create reusable code, once you understand the framework's approach. As you move through the next four chapters of building the blogging system, the establish-modify-extend technique of presentation does a good job of working you through various standard Django features — generic views (a very important concept which is illuminated nicely), code organization, ORM techniques, template inheritance, and so forth — and you're smoothly shown the ways by which you will be able to incorporate much of the code you write into your future work. As you begin your last project, the code-sharing app, you've gotten an overview of both coding and workflow techniques which work best with Django. The final chapters reinforce everything you've learned while still introducing new material on library integration, form handling and the newforms library, and code distribution.

    The overall approach is very effective, though I found I had to trust the tutorial a little at first in order to get the most out of it. The projects initially seemed somewhat vanilla, so it wasn't until I really focused on the organization of the material that I discovered the book's strengths. Now I wish I'd had this book years ago.

    Issues? I had only one, really. The material presents itself as a tutorial suitable for those who are just starting out with Python. For example, near the beginning of the material the def keywork is pointed out as the way Python functions are declared, and similar kinds of notes and comments pepper the tutorial, somewhat unevenly, as well. While I appreciate the impulse to make the material as accessible as possible, I'm skeptical of the book's role as truly introductory at that level, although I could see some experienced developers, especially those coming from other languages, benefiting from these quick notes. But my feeling in general would be that if you're so new to Python that the def keyword is a revelation, you might be better off starting elsewhere before you dive into Django.

    This is a minor point, though, and if you're willing to give the material the time, you'll appreciate what Django has to offer more and more with every page. The book maintains a brisk pace which I truly appreciated. And if you've struggled with Django in the past, or you've wanted to learn more about what to do beyond getting the admin running, "Practical Django Projects" is an excellent foundation for your Django education. I absolutely recommend this as the Django book I've found to be, by far, the most useful.

    You can purchase Practical Django Projects from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  6. Practical Rails Projects

    News · Bookreview · · posted by samzenpus · from the read-all-about-it dept. · 65 comments
    Sean Cribbs writes "There are many beginning and advanced Ruby on Rails books available, from the authoritative Agile Web Development with Rails to the cookbook-style Rails Recipes. However, healthy guidance for intermediate-level developers is lacking at best. Ironically, this is the most crucial stage in the process of becoming proficient with Rails because one must begin to learn why, not just how. Eldon Alameda's Practical Rails Projects effectively fills that gap. I know Alameda from our local Ruby User Group and spoke with him frequently while he wrote this book. His expertise with Rails definitely shines through in the hefty 621-page volume." Keep reading for the rest of Sean's review. Practical Rails Projects author Eldon Alameda pages 621 publisher Apress rating 8/10 reviewer Sean Cribbs ISBN 978-1-59059-781-1 summary A strong book for the intermediate Rails developer Practical Rails Projects has a unique and effective approach. Instead of spoon-feeding contrived code snippets, Alameda teaches by example, leading the reader step-by-step through the design, creation, enhancement, and analysis of several full-fledged projects. Each project introduces new techniques to the intermediate Rails developer carefully and with plenty of explanation — from caching to generating graphs to RESTful application design and much more. Rather than regurgitating documentation that is occasionally unclear or misleading, each application begins with a clean Rails project and is built up step-by-step with detailed commentary on how and why each step is taken. Alameda's format reflects the reality that real-life projects never have a straight development path; at each step one must make tough decisions, watch for pitfalls and take risks. There are no leaps-of-faith or "just trust me" moments, everything is explained. In the final chapter of each project, Alameda also suggests ways that the project could be improved and how to apply the newly learned techniques to previous projects in the book.

    The text is clear and uncomplicated with an approachable style. Projects even makes Rails' least fun framework, ActionWebService (which helps you create SOAP and XML-RPC services), easy to understand. While there are some glaring proofing mistakes, such as "Ruby" uncapitalized and some malformed URLs to external resources, the code snippets are practically error-free and all source and binary resources are available via the Apress website.

    One controversial decision made by Alameda was to use the ExtJS Javascript library extensively in one project to build an administration interface for a legacy site. ExtJS is a powerful high-level library that simplifies the creation of desktop-like interfaces in the web browser. Instead of spending a lot of time hand-crafting HTML/ERb templates and CSS, Alameda quickly creates an interface in ExtJS and uses Rails to generate XML and JSON that drives the almost entirely client-side application. While some may find this outside the spectrum of what should be in a Rails book, many developers are now creating their interfaces in Flex, SilverLight, and other client-side technologies. With the recent official release of ActiveResource, I believe we will see more web-service-focused Rails applications as time goes on. Alameda's choice is also practical; with a small number of users having access to the interface, he can place greater requirements on them in order to deliver the application more quickly.

    Overall, I believe Practical Rails Projects is a strong book for the intermediate Rails developer. It provides an introduction to more advanced concepts of the framework without being preachy or obtuse. It lacks any discussion of test- or behavior-driven development with Rails, but the breadth and depth of the topics it covers makes up for this weakness. Like any book that covers a rapidly-changing open-source project like Ruby on Rails, Projects will date quickly, but in the near-term it should be of great help to developers looking to gain constructive experience.

    You can purchase Practical Rails Projects from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  7. Practical Web 2.0 Applications with PHP

    News · Bookreview · · posted by samzenpus · from the read-all-about-it dept. · 153 comments
    Michael J. Ross writes "Web 2.0 applications and sites commonly employ a number of technologies: PHP, MySQL, XHTML, CSS, JavaScript/Ajax, microformats (standard formats for HTML data), tags (keywords for categorizing site content), and Web feeds (formatted and streamed Web content, usually in XML, such as an RSS feed). Because learning and using most of these technologies can be rather challenging to a Web developer, perhaps the best way to get started doing so is by using all of them to create a single Web-based application, with no pretense at mastering any one of them. This is the approach taken in Quentin Zervaas's book, Practical Web 2.0 Applications with PHP." Read on for the rest of Michael's review. Practical Web 2.0 Applications with PHP author Quentin Zervaas pages 569 publisher Apress rating 7/10 reviewer Michael J. Ross ISBN 1590599063 summary An example-based guide to PHP and Web 2.0 technologies. The book was published by Apress, on 20 December 2007, under the ISBNs 1590599063 and 978-1590599068. On the book's Web page, visitors can read and submit errata (apparently none, as of this writing), read the online table of contents, download Chapter 11 ("A Dynamic Image Gallery") as a PDF file, and purchase an electronic version of the book.

    Given the number and complexity of the technologies discussed in the book, it is little wonder that it is 569 pages long. There is certainly a generous amount of material, and it is grouped into 14 chapters: planning and designing the sample application; application framework setup; user authentication, authorization, and management; user registration, login, and logout; Prototype and Scriptaculous; page styling using CSS; creating a blogging system; extending the blog manager; personalized user areas; Web 2.0 features (tags, Web feeds, microformats, and public profiles); the image gallery; site search functionality; integrating Google Maps; deploying and maintaining the site.

    The first two chapters set the stage for the rest of the book. Chapter 1 provides a brief overview of Web 2.0, the sample Web-based application to be developed in the book, database connectivity, search engine optimization, PHPDoc, templating, and security, as well as the major features of the sample application, namely, a blog site. Chapter 2 describes how the reader can set up the application framework needed to follow along as the author explains how to build the sample application. This includes brief descriptions of how to install Apache, MySQL, PHP, and the Zend Framework. In fact, the book makes so much use of the Zend Framework that, after reading it from cover to cover, the reader will have gained a strong understanding of how some of the most popular components of that framework can be employed in their own projects. The chapter describes the file system structure the author has chosen, how to configure your Web server, how to set up the database, and how to connect to that database. It also provides an introduction to the Model-View-Controller (MVC) design pattern, as well as the Smarty template engine — both of which are used later.

    While the introductory material in the first two chapters is essential — particularly to any inexperienced programmer — and generally spot on, some of the material could use a significant amount of expansion and clarification. For instance, in Chapter 2, the instructions on how to configure one's Web server, could easily prove confusing to most readers, because the author refers to the IP address 192.168.0.80, with no explanation as to what it is and how it relates to the usual local Web server address, 127.0.0.1 (localhost). His recommendation for a "hosts" file entry, "192.168.0.80 phpweb20," certainly does not help clarify matters. Furthermore, the author does not explain why "phpweb20" should be used instead of "localhost." In the subsequent discussion on virtual hosting and Linux, in a "Note," he mentions that the reader "must have previously included the NameVirtualHost 192.168.0.80 in your main Web server configuration..." In another note on the same page, he provides instructions on the PHP setup that should have been included earlier, in the section on installing PHP. In general, there are too many instances in the early chapters where key information is presented not where the reader would need it, but pages later. This can be especially exasperating to readers who are fairly new to the technologies, and are trying their best to follow the author's examples, every step of the way.

    Chapter 3 discusses user authentication, authorization, and management. Unlike most PHP books, this one does not limit the reader to using MySQL as the relational database management system in conjunction with the sample application. The downloadable code for the book makes it possible for the reader to use PostgreSQL, even though the text itself focuses on MySQL. This flexibility is made possible by the author's use of the Zend_Db class. Admittedly of little significance, some of the book's SQL code looks a bit puzzling in some places. For instance, on pages 46-47, unneeded blank lines are contained within the "create table users" statement, with no reason given. Of greater importance, the chapter includes a short but valuable section describing the potential problems of date and datetime values in MySQL caused by server time zones, daylight savings, etc. — a topic well worth reading up on. The fourth chapter explores user registration, login, and logout functionality. Crucial topics such as password reset are covered, while some others, such as password strength, are not — no doubt due to space limitations.

    Ajax is considered a central part of the new Web 2.0 trend, and for doing Ajax, the author recommends Scriptaculous, which is based on Prototype — both introduced in Chapter 5. The basic CSS styling of the sample application's Web pages, is covered in Chapter 6. The only flaw in the sample CSS code is that the author formats the declarations within each rule inconsistently, with some rules having multiple declarations on a single line, and others having each declaration on a separate line, which most people find easier to read and maintain. A highlight of the chapter is the author's comparison of the advantages and disadvantages to using a print-only CSS stylesheet versus a dedicated secondary print page — a topic not even seen in Web programming books that focus on design and CSS. The chapter concludes with a discussion of client-side form validation using JSON.

    Chapters 7 through 13 focus much more on the sample application's functionality: implementing the user blogging system, and supplementing it with a blog manager index, Ajax capabilities, and a WYSIWYG editor (FCKeditor); creating user areas that can be customized by the users themselves; implementing the aforesaid Web 2.0 features (tags, Web feeds, microformats, and public profiles); implementing a dynamic image gallery, using GD for resizing, etc.; adding site search capabilities using Zend_Search_Lucene; incorporating Google Maps into the users' public blogs. All of these chapters are chock full of sample code, which the energetic reader may want to test out in their own development environments — particularly if they want to follow the author in creating the sample application. Fortunately, the reader will not have to waste any of that energy typing in code, because it can all be downloaded from the author's book site.

    Specifically, Chapters 7 and 8 are devoted to the blogging capabilities of the sample application. While the discussion of permanent links, filtering, and the FCKeditor WYSIWYG editor may be of interest to a reader not implementing blogging themselves, the book at this point becomes more narrow in the information that it conveys — focusing even more on the code of the sample application. After reading through dozens of pages listing the code for blog entry management, readers may begin asking themselves, "Why not just use a CMS, instead of reinventing the wheel?" It should be borne in mind that the point of the book is not to advocate reinventing the wheel, but rather to show how a sturdy and reliable wheel can be built. Nonetheless, readers will need fortitude to plow through the many pages of code.

    Despite the obvious expertise of the author, readers should be alert and open-minded to potential pitfalls. In the sample application's code, for generating passwords, the author uses only a hash function, md5(), despite its vulnerability to rainbow tables. The reader is advised to use an encryption function instead of — or in conjunction with — any hash function. The book contains another example of inattention to data security: In Chapter 4, as part of the user registration process, the user's password is e-mailed to the new registrant, naturally in plaintext, making it visible to anyone who intercepts the e-mail message. Years ago, all sorts of online organizations were following this lamentable practice; fortunately, "nasty grams" from security-savvy users seem to be turning the tide.

    After exploring the possibilities of dynamic image galleries and Google Maps, the last chapter may appear relatively uninteresting to the reader, because it discusses application logging, error handling., and Web site deployment and maintenance, including backups. These topics may not seem too exciting, but failing to take the lessons to heart, and then experiencing a heart-stopping crisis on one's production site, will be the kind of excitement no Web programmer wants to experience.

    What distinguishes this book from the majority of other PHP titles — for better or for worse — is that the author makes extensive use of specific frameworks and other tools, such as the Smarty templating engine and the Zend Framework, as well as classes that he has written, which are freely available in the source code. As a result, the value of the book to the reader is, to a certain extent, proportional to how much that reader wants to learn and possibly use those components. For example, if the reader chooses, for whatever reason, to not use the MVC design pattern and the Zend_Controller class for implementing MVC in their application, then the author's use of these will appreciably reduce the value of the book to that particular reader. In fact, given how lengthy Chapter 2 is, such a reader may mistakenly conclude that the rest of the book would be of no greater interest to them, and consequently become discouraged and quit reading. Other examples include the homebrew DatabaseObject and Profile classes, discussed in Chapter 3. Regardless, some readers may find that even if they do not use the author's chosen tools for their own applications, there is enough other programming and application-focused information that makes the book worthwhile to them. Other readers will be disappointed in the overall value of the book should they choose not to follow the author's recommended approaches. In addition, some programmers may be quite hesitant to base one of their own applications — particularly for paying clients — on classes created by a single developer, with no accompanying unit testing code to verify its soundness.

    In terms of the production of the book, it is definitely up to par, with a font that is readable and yet small enough to get plenty of information on each page — in conjunction with the bottom margins being utilized better than in other books. However, at least for my particular copy of the book, several blocks of pages were cut with different widths, making it appear as if one or two blocks had become detached from the glue binding, when in fact they were all well attached. Within the binding glue, they were all attached at an equal depth, indicating that it was the cutting of the pages that caused the problem, and not how the blocks were set in the binding.

    Even though some readers may find the book overly focused on particular frameworks and other tools, Practical Web 2.0 Applications with PHP is an instructive and expert demonstration of how to use PHP, MySQL, the Zend Framework, Smarty, Ajax, and other powerful technologies for creating robust Web sites.

    Michael J. Ross is a Web developer, writer, and freelance editor.

    You can purchase Practical PHP Web 2.0 Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  8. Pro Drupal Development

    News · Bookreview · · posted by samzenpus · from the read-all-about-it dept. · 112 comments
    Michael J. Ross writes "If a Web site needs to be developed as quickly as possible, or it needs to support collaborative content, then usually the best approach is to use a content management system (CMS). There are many CMSs from which a Web developer could choose, including Drupal, which is considered by many to be the most powerful, extensible, and logically organized of them all. Installing Drupal and using it to create a simple site, is fairly straightforward, in part due to its relatively excellent documentation. For much of its existence, there has been far less information available on how to extend a Drupal site with one's own modules, themes, blocks, etc. That need is now met by a new book, Pro Drupal Development." Read on for the rest of Michael's review. Pro Drupal Development author John K. VanDyk and Matt Westgate pages 428 publisher Apress rating 9 reviewer Michael J. Ross ISBN 1590597559 summary A detailed guide to customizing a Drupal-based Web site

    The book was written by John K. VanDyk and Matt Westgate, both of whom are experienced computer programmers, who years earlier had created their own CMS. In their book's Introduction, they confess to discovering Drupal and its many advantages, switching over to it, and presumably abandoning further development of their own CMS. This speaks volumes about their regard for Drupal, because an individual programmer or programming team can give no greater vote of confidence for a technological product than to voluntarily end primary allegiance to a competing product that they themselves birthed and nurtured.

    Pro Drupal Development was published by Apress, on 16 April 2007, under the ISBNs 1590597559 and 978-1590597552. The publisher offers a Web page on their site dedicated to the book, where the visitor will find all of the book's source code, as well as the table of contents and a sample chapter (Chapter 8 — The Theme System), in PDF format. In addition, there is a link for errata, which leads to the authors' own book site. At the time of this writing, there are three dozen entries, contributed by the authors and their readers. The authors' site also has links for downloading the source code by individual chapter, and a blog that focuses on the book.

    The book's material, spanning 428 pages, is organized into 23 chapters and two appendices. Unlike the majority of technical books nowadays, this one does not have the chapters organized into labeled parts. Nonetheless, the chapters and appendices roughly fall into three categories: how Drupal works (Chapters 1, 19, and 23, and Appendix A), how to customize it (Chapters 2-18 and 22), and how to optimize your Drupal development efforts (Chapters 20-21, and Appendix B). The customization chapters cover a wide range of topics: modules, menus, databases, users, nodes, themes, blocks, forms, filtering, searching, indexing, files, taxonomy, caching, sessions, jQuery, localization, and optimization.

    Each one of these topics is explored in laudable detail, with plenty of sample code and figures to illustrate the key concepts. The greatest strength of this book is the depth of its coverage, and the methodical way that the authors go about presenting the material. They are clearly quite serious about Drupal itself, and about conveying to the reader all of the knowledge that they believe is important for the reader to master. In fact, anyone attempting to read the book cover to cover might find the presentation quite dry, with no evidence of humor or even a sense of fun, unlike so many other recent programming books. On the other hand, one can argue that the value of this information alone to the reader who is equally serious about mastering Drupal, should be sufficient. Regardless, be warned that this is definitely not a book that one can read through at a fast pace, absorbing the bulk of the information. The innards of Drupal alone make it a challenging subject for dissection; learning how to modify Drupal's behavior, is even more so.

    Yet if anyone is interested in mastering the inner workings of Drupal, and how to customize them, this is the book of choice. It may be a bit dry, but it is quite meaty, and the material is clearly presented. Moreover, the publisher, Apress, has done an admirable job with this title. The layout is clear; the index is substantial; and, as with their other titles, they offer two different versions of the table of contents — high-level, listing the chapter titles only, and detailed, listing the sections and subsections within those chapters.

    Another aspect of this book that I applaud is the efficient use of page space, through the use of top and bottom margins that are noticeably smaller than those found in the typical computer programming book. This is especially true of the bottom margins. For instance, on page 117, the text comes within one centimeter of the bottom edges the page — something I've never seen before in a professionally printed book. At first it might strike one as sloppy, but actually should be appreciated by anyone who is tired of technical books using excessive margins for padding out a much more limited amount of information into an even greater number of pages. This is a practice that I would recommend to all other publishers, technical or otherwise.

    However, the book does have some weaknesses, which is probably to be expected in any first edition. The sample source code in many cases could benefit from more use of whitespace — particularly for the PHP code. But with any code found in a book, there is always the possibility that such instances of compressed code result from a conscious decision given the limited width of the printed page. But in most such cases in this book, that reason would not be applicable.

    The authors do not warn the reader that a solid understanding of PHP is needed for using the book's ideas and sample code. Near the end of the Introduction, they suggest that if the reader is new to Drupal, then he or she should read the chapters in sequence. The authors should also note that if the reader is new to PHP, then it would be better to first get up to speed on PHP before trying to digest and make use of this book. Such points might be obvious to most readers, but they should be clarified up front, perhaps in the Introduction, for the benefit of anyone browsing this title in a bookstore, and wondering if they already possess the technical know-how required by the book.

    Similarly, the authors also do not mention that the book is, for the most part, only applicable to Drupal version 5, and not version 4 or earlier versions, since there have been some dramatic changes with the release of version 5. In fact, given the extent of the changes and how that would impact the utility of the book depending upon what version of Drupal the reader is using, it should be noted on the book's cover, as an increasing number of publishers are doing.

    A couple of minor problems were in evidence in the first dozen pages. On page 3, the authors refer to "user 1," which is likely to confuse most readers, because it looks like a username, and would be unfamiliar to someone who has installed Drupal and created a Web site, without extensive reading of the Drupal documentation. On page 11, the authors discuss core modules, and where they can be seen listed in the administration area of Drupal. But the path that they provide, "sites/all/modules," is incorrect, because that is where user-added modules are placed, of which there are none in a default installation. (The second mention of that path, in the fourth paragraph, is correct.)

    Lastly, when the book is opened up to any of the pages not near the center, the book immediately flops closed. The use of lay-flat binding is strongly urged, for future editions of this book and all others that Apress offers.

    Despite these weaknesses — all of which are fixable — Pro Drupal Development is strongly recommended for any PHP programmer who wants a truly in-depth look at how Drupal works and how to make the most of it.

    Michael J. Ross is a Web developer, freelance writer, and the editor of PristinePlanet.com's free newsletter.

    You can purchase Pro Drupal Development from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  9. Beginning Google Maps Applications with PHP and Ajax

    · posted by ryuzaki0 · from the map-it-out dept. · 105 comments
    Michael J. Ross writes "Just as PHP and other Web scripting languages have made it possible to create dynamic Web pages, online mapping services are making it possible to create dynamic maps that can be customized by a Web site owner, or made customizable by a site visitor. In the case of Google Maps, this is done using the built-in application programming interface (API), which is described in a new book, Beginning Google Maps Applications with PHP and Ajax: From Novice to Professional." Read on for the rest of Michael's review. Beginning Google Maps Applications with PHP and Ajax author Michael Purvis, Jeffrey Sambells, and Cameron Turner pages 384 publisher Apress rating 8 reviewer Michael J. Ross ISBN 1590597079 summary How to use the Google Maps API to make dynamic online maps.

    But first, a brief background: During the mid-1990s, the only generally available mapping applications were desktop programs with location data limited to major cities within the United States. Yet less than one decade later, those programs were obsolete, replaced by Web-based mapping services such as MapBlast, MapQuest, and Yahoo Maps. In early 2005, Google raised the bar, with its own Web-based mapping service that was far more attractive than the others. For countless Internet users, it was their first glimpse of the power of AJAX, a new combination of technologies that allows Web pages to be refreshed asynchronously, providing a faster user interface. But Google Maps later packed another feature, an API that allows Web developers to leverage the service's capabilities in previously unimagined ways.

    The authors of Beginning Google Maps Applications with PHP and Ajax — Michael Purvis, Jeffrey Sambells, and Cameron Turner — are based in Waterloo, Ontario, Canada. The book was published in August of 2006, by Apress, under the ISBN of 1590597079. The publisher maintains a Web page devoted to the title, where visitors can find an online table of contents, a sample chapter (Chapter 3, "Interacting with the User and the Server") as a PDF file, and a link for submitting errata (none of which, as of this writing, appear to have been reported — assuming there are any). In addition, the authors have a Web site for the book, where they offer a sample chapter (Chapter 4, "Geocoding Addresses") in PDF format, links to raw data sources, and brief entries describing a variety of related topics, including geocoding services, Google Maps Mobile (GMM), Keyhole Markup Language (KML), and building your own geocoding using Perl.

    The book's material is organized into 11 chapters, grouped into three parts. The fourth and final part contains the appendices. The three primary parts can roughly be thought of as presenting the beginning, intermediate, and advanced information. Part 1, "Your First Google Maps," whets the reader's appetite by showing how to easily create some simple maps (discussed below). In addition, it contains a chapter explaining how a Google Maps mashup interacts with the user as well as the server. The final chapter in this part discusses geocoding addresses. Part 2, "Beyond the Basics," explains how to work with third-party data, how to enhance the user interface, how to optimize and scale for large data sets, and finally what possible future directions Google may take with this API. Part 3, "Advanced Map Features and Methods," presents exactly that, covering such topics as creating custom controls and info windows, adding geometric shapes to maps, and getting the most out of geocoding, including how to work with postal codes.

    The authors begin Part 1 ("Your First Google Maps") by introducing Google Maps with the two most simple examples possible: Keyhole Markup Language (KML) is an XML-like formatting language that allows one to specify the names, coordinates, and descriptions of one or more locations ("placemarks") in a single file. For anyone who wishes to avoid writing the code themselves, Wayfaring is a Web site that allows one to create and share custom Google Maps by point and click. Even though the introduction to KML is properly brief, instead of only stating that the sample coordinates were discovered manually, the authors should mention at least one simple way to find those coordinates (such as the "Link to this page" link in Satellite view in Google Maps). Nonetheless, it was wise of the authors to use simple examples to get the reader's feet wet as quickly as possible — especially for prospective readers who might skim through the rest of the book and become intimidated by the technical diagrams, JavaScript and PHP code, MySQL queries, XML markup, and mathematical formulas.

    There is much to like about this book. The explanations are straightforward, the code is readable, the examples are relevant, and the writing style is approachable. The illustrations, all of which are in black and white, are well-chosen, and not overwhelming in number. In addition to showing the expected results of the sample code, they also provide enough visual incentive to encourage the reader to give the sample code a try, and perhaps develop it further into their own mapping applications.

    The book is not too lengthy, clocking in at 384 pages according to the publisher (though, oddly, Amazon.com reports only 350 pages, even though the last page of the appendix reads "358"). The authors resisted the increasingly common temptation to pad the book with superfluous appendices. Instead there are only two. The first explains how and where to find location data, such as addresses and latitude/longitude points. The second appendix presents the details of all of the classes, methods, properties, constants and events defined within the Google Maps API. For some reason the authors mention "objects" instead of properties and events, but I was unable to find any pre-instantiated objects mentioned in that appendix., and I am not sure such are even possible in the API.

    Fortunately, the weakest section of the book, its foreword, has the least impact upon the value of the book. It fails to perform the most basic functions of a foreword, such as explaining to prospective readers why they should become actual readers, as well as what the book covers, and how the authors are qualified to provide that coverage. Instead, its author mostly discusses his personal Google Maps Mania site, and even wedges in mention of his appearance on an NPR radio show, which has little to do with the book. He also lists his first five posts to his Mania site, the first of which contains a misspelling, which should have been caught by the book's editors, or at least indicated with a "[sic]." The best part of the foreword is the first few paragraphs, which provide a brief history of Google Maps and the hacking thereof.

    Like most if not all of its titles, Apress helpfully starts this book with two versions of the table of contents — the first one serving as a high-level overview, and the second providing far more detail, listing not only sections but subsections. This is a nice touch, and should be employed by all technical publishers. On the other hand, this book does not have a lay-flat binding, which is a shame, as it makes it far more difficult to read the book with both hands free for keyboarding. With the introduction of lay-flat bindings years ago, it is inconceivable to me why it has not been universally adopted, particularly by technical publishers.

    Overall, Beginning Google Maps Applications with PHP and Ajax is an excellent introduction to extending the power of Google Maps on the Web, and provides enough detail to both help and entice readers to build their own Google Maps mashups.

    Michael J. Ross is a freelance writer, computer consultant, and the editor of the free newsletter of PristinePlanet.com."

    You can purchase Beginning Google Maps Applications with PHP and Ajax: From Novice to Professional from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  10. Pro PHP Security

    · posted by ryuzaki0 · from the keep-it-secure dept. · 105 comments
    Michael J. Ross writes "The global accessibility of Web sites is a double-edged sword: At the same time that your online e-commerce site is open for business to anyone with an Internet connection, it is also open to malicious attack. Web sites based upon the popular language PHP, are no exception. Thus, it is both astonishing and worrisome that there are currently so few books devoted to PHP security — particularly ones that go beyond the handful of typical security countermeasures discussed in articles. Fortunately, Pro PHP Security, written by Chris Snyder and Michael Southwell, is intended to fill this critical need." Read the rest of Michael's review. Pro PHP Security author Chris Snyder and Michael Southwell pages 528 publisher Apress rating 9 reviewer Michael J. Ross ISBN 1590595084 summary A comprehensive guide to developing secure PHP-based Web sites.

    Pro PHP Security spans 528 pages, consisting of 24 chapters organized into four major parts. The first part, comprising only one chapter, explains the nature and significance of computer security, and reasons as to why absolute security is an unattainable goal. Nonetheless, it is worthwhile to take all appropriate and reasonable security measures, and the authors provide a brief overview of the different types of attacks to which Web applications are vulnerable.

    On their Web site, Apress has a page devoted to the book, where they offer the book's source code (in a Zip archive file), the table of contents, corrections to the book (i.e., errata), and a sample chapter (Chapter 12 - Preventing SQL Injection) in PDF format. In addition, there is a link for any reader who would like to purchase this title as an e-book.

    One of the most laudable aspects of Pro PHP Security, is that the authors — both experienced software and Web site developers — go far beyond the standard PHP security advice of validating and escaping user input, etc. Those topics are covered in depth, but they are provided in the context of thorough discussions as to how to set up a secure environment in which to use those techniques. In addition, the authors present best practices that have evolved over time, as Web masters and system administrators have learned — often the hard way — the general types of attacks to which their Web sites and computer networks have been subjected.

    In fact, Snyder and Southwell hold off on presenting the aforesaid specific PHP security techniques, until the third part of the book. Prior to that, they explain the characteristics of a secure online computing environment, such as using encryption, securing network connections via SSL and SSH, controlling access via authentication and permissions, and other important topics. Their coverage of the subject matter is complete, without being overwhelming. For instance, the material on encryption is helpfully divided into two separate chapters — devoted to theory and practice, respectively. Consequently, a PHP application developer or system administrator can immediately dive into the authors' recommended practices for encoding sensitive data, without getting bogged down in the theoretical underpinnings, if the reader is in a hurry to implement encryption on their own systems, or simply has no interest in the theory behind the methods.

    As noted earlier, Part 3 of this monograph explains all of the well-known techniques that crackers use for attacking PHP-based Web sites, as well as the countermeasures that should be adopted by the developer or maintainer of the site. First up is validation of user input, which — though being essential to basic security — is still neglected on far too many Web sites. The attention to detail seen in this discussion is also reflected in the subsequent chapters, which cover SQL injection, cross-site scripting, remote execution, temporary files, and session hijacking. For each topic, the authors explain how the typical attack is attempted, and what needs to be done to prevent such attacks.

    The fourth and last major part of the book covers vitally important topics that are usually glossed over in most PHP security books, or neglected altogether. Snyder and Southwell explain methods of limiting access to your Web site to humans (thus minimizing attacks that employ scripts), verifying the identities of those users, authorizing what those users can do on your system, and tracking their actions once they have logged in. The authors also explain how to reduce the chances of data loss, and how to execute system commands and make remote procedure calls without exposing your site to vulnerabilities. The last chapter covers the benefits to be gained from opening up your site and its source code to a review by your technical peers.

    This book has much to recommend it: The discussions of security issues are more complete and thorough than in any other book that I have seen. The information chosen by the authors is detailed enough to be understandable and usable, but not so excessive as to prove daunting or discouraging to the reader who needs answers to their security questions, and does not have the time or inclination to slog through academic or pointless discussion. The information is well-organized, and presented in context, so the reader is not simply given a laundry list of security techniques, but instead better understands the rationale behind them. Lastly, because no technical topic can be covered in full in a single book, the authors provide a generous number of references to outside resources.

    The content of this book appears to have only one noticeable weakness, and that is the poor quality of the comments in the sample source code. Not only are they few in number and lacking in detail, but they are written in all lowercase letters, with little to no punctuation. This coding style results in the comments visually blending in with the code itself, and makes reading both to be more difficult than is justifiable.

    The physical book itself also has only one weakness, and that may only apply to a portion of the copies produced and distributed by the publisher. Specifically, the bottom and side edges of the book are cut cleanly, while the top edge is quite rough. As I was unable to find any mention within the book as to a possible reason or advantage for having the rough edging on top of the pages, I can only conclude that it was not intended on the part of Apress, and represents an error in production. I hope that the copy that I received — kindly given to me by the publisher — is not representative of all the copies produced and sold.

    In spite of these minor complaints, I was quite pleased with this book. Pro PHP Security is arguably the most comprehensive PHP security book available, and is highly recommended to any developer or administrator of a PHP-based Web site.

    Michael J. Ross is a freelance writer, computer consultant, and the editor of the free newsletter of PristinePlanet.com."

    You can purchase Pro PHP Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  11. The Definitive Guide to ImageMagick

    · posted by ryuzaki0 · from the worth-a-thousand-words dept. · 173 comments
    Michael J. Ross writes "To modify a digital image, most computer users turn to a GUI-based image processing application, such as Photoshop. However, while Photoshop and many other similar programs can process multiple images in batch mode, they still require manual usage, and thus typically are unable to process images via a command line or within a second application. Those capabilities call for a programmatic digital image manipulation tool such as ImageMagick, which is explored in a relatively new book, The Definitive Guide to ImageMagick." Read the rest of Michael's review. The Definitive Guide to ImageMagick author Michael Still pages 335 publisher Apress rating 7 reviewer Michael J. Ross ISBN 1590595904 summary An introduction to using ImageMagick for digital image manipulation.

    The author of this title is Michael Still, a programmer who gained experience with ImageMagick during his eight years of working on imaging applications, as well as writing articles on ImageMagick for IBM DeveloperWorks. Apress maintains a Web page for the title, where a visitor can purchase the electronic version of the book, read its table of contents, or download its source code or a sample chapter (Chapter 4 — Using Other ImageMagick Tools) in PDF format. They also have a link where readers can submit errata — and apparently be the first to do so, as there are no existing errata listed on the Web page.

    The book's 335 pages are organized into a dozen chapters, following an introduction and a few other standard sections, including a forward written by ImageMagick's principal architect, Christy, who briefly explains the product's 20 years of history, development, and lack of decent documentation. That is where this book is intended to fill the gap, and Christy notes that most future questions about ImageMagick will be answered by pointing people to this book, as is also noted on ImageMagick's homepage.

    The first chapter of the book explains how to install and configure ImageMagick, for several Linux distros, as well as Microsoft Windows — using the precompiled versions, or by compiling from ImageMagick's source code. The chapter is wrapped up with a brief description of ImageMagick's online help, debug output, verbose output, and version information. The next ten chapters fall into two categories: ImageMagick usage as a standalone, and from within other applications. The first category of chapters covers basic image manipulation, compression, other metadata, ImageMagick tools, artistic transformations, other image transformations, and drawing commands. The second category discusses how to utilize ImageMagick from within programs written in Perl, C, Ruby, and PHP. The 12th and final chapter is quite brief, and describes where to find online help (Web sites, blogs, mailing lists, and forums) and where to report any apparent bug in ImageMagick.

    For Windows users, the first chapter may begin badly, as the author fails to explain which precompiled version the reader should select if they wish to install ImageMagick on a Windows PC. For each version, there are four flavors to choose from. But which one is right for the reader? "static" vs. "dll?" "Q16" vs. "Q8?" What are the differences? The ImageMagick Web site and FTP file listings appear to have no README file or installation help file to explain which flavor you should download. The book should provide some assistance here, but does not. The former topic, static versus DLL, is mentioned only in reference to compiling ImageMagick from source — information which the reader will probably never see, should they choose to install the precompiled binaries and get started on ImageMagick as quickly as possible.

    The latter topic is not covered at all — not even in the index, where a "quantum depth" entry would be useful. For those readers who are interested, "Q8" indicates 8 bits-per-pixel components, and "Q16" means 16 bits-per-pixel. The latter allows one to read or write 16-bit images without losing precision, but requires twice as much resources as Q8. Apparently Q16 is the best choice for medical or scientific images, or those with limited contrast. Otherwise, Q8 should be sufficient, and offers greater performance.

    The material most likely to be read, referenced, and valued in this book, is the chapters devoted to explaining how to use ImageMagick for resizing, compressing, transforming, and drawing digital images. Most of these first-category chapters begin with a concise summary of the theory put into practice throughout the rest of the respective chapter — a wise inclusion in each case, since even the most experienced computer programmers and other users have had no instruction or experience in image theory. All of these chapters do a competent job of explaining what each ImageMagick command is used for, and then illustrating it with a straightforward example.

    The most glaring deficiency in these chapters, and the book as a whole, is that far too many of the book's figures (digital images, naturally) fail to reflect what is intended to be conveyed by each figure. This is primarily because they are all in black-and-white, and in many cases do not offer the size and resolution necessary. In other words, there are many cases where the "before" and "after" images look almost identical. In the cases of color manipulation, most of those black-and-white images are of little value — occasionally laughably so.

    The second-category chapters, covering ImageMagick usage with Perl, C, Ruby, and PHP, proved disappointing, primarily due to their narrow focus, and lack of tips, recommendations, and coverage of the APIs' capabilities. The details are presented in the form of a single example for each language. For instance, the Perl chapter devotes too many pages to source code listings of a Perl program written by the author, that few readers would probably download from the publisher's Web site, much less read.

    Nonetheless, this book should be useful to any programmer interested in making the most of ImageMagick's capabilities, and that is not just because it is the only ImageMagick book on the market. Michael Still certainly had his work cut out for him when he agreed to document the bulk of what ImageMagick can do. It is unfortunate that the color images that he created for the book cannot be seen by the reader, and that the Windows binary versions and ImageMagick APIs, were given short shrift. We can hope that future editions of this book will be significantly strengthened, such as including color and higher resolution images where needed — even if it requires grouping them together within the book, if that reduces production costs.

    Lastly, it should be mentioned that, as a smaller technical publisher, Apress is not resting on its laurels, and is not only scheduled to release an impressive variety of programming books this year, but their customer support — at least in my experience — was outstanding, as there was a problem with the shipping of this title, and they bent over backwards to make it right.

    Michael J. Ross is a freelance writer, computer consultant, and the editor of the free newsletter of PristinePlanet.com."

    You can purchase The Definitive Guide to ImageMagick from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  12. Beginning Excel What-if Data Analysis Tools

    Books · Books · · posted by samzenpus · from the get-started dept. · 151 comments
    Graeme Williams writes "Beginning Excel What-If Data Analysis Tools: Getting Started with Goal Seek, Data Tables, Scenarios, and Solver makes it easy to learn about some neat features of Excel, including the four data-analysis tools mentioned in the title. I found the book useful, but the style is dry and unadorned, and others may find it less approachable than I did. The examples around which the book is built are clear and straightforward rather than insightful, and presented plainly rather than with a lot of discussion." Read the rest of Graeme's review. Beginning Excel What-if Data Analysis Tools: Getting Started with Goal Seek, Data Tables, Scenarios, and Solver author Paul Cornell pages xxii + 167 publisher Apress rating 7 reviewer Graeme Williams ISBN 1-59059-591-2 summary A clear but bare introduction to a useful set of Excel tools

    This book reads and feels more like a textbook than an introduction. Other beginner books are full of diagrams, icons and text in boxes. This book has almost none of that – the occasional tip or note is set off with horizontal lines. In other books, text in boxes often seems to be put there for no reason at all, but this book has exactly one diagram. Comparing this book to others, I feel as though we've lost the middle way.

    The book seems to go out of its way to avoid diagrams. To fill out a dialog box, for example, the instructions are to click on the first field, type in the value, click on the second field, type in the value, and so on. I just don't understand why you wouldn't put in a screen shot, with the instructions, "Make it look like this". I don't know if screen shots weren't used because they're more expensive, or harder to translate, but if so, a table could have achieved a similar result.

    Goal Seek is a simple one-variable equation solver. You put x in one cell and f(x) in another. You point Goal Seek at the two cells, give it a value of c and it attempts to solve f(x) = c. It's a simple enough feature, and the book goes through a number of straightforward examples.

    The examples are relevant and clearly explained, but they seem only to be examples of themselves. They don't trigger any new ideas, and none of them jump out at you as "Neat!". I wish the author had put a little more creativity into the examples. They seem a little dry and occasionally repetitive, and don't seem to build on one another. An example shouldn't be just, "Here it is", but rather, "Here's something important to know about how it works" or "Here's an idea you can use in other places as well as here".

    At the end of each chapter, there's a list of possible errors, but the suggested fixes aren't all equally helpful. If Goal Seek can't solve f(x) = c, the book suggests (page 19) changing the value of c! This is an area where a set of related examples would have been very helpful: first showing a simple example, followed by a more complicated example that fails, and finally with the failure repaired.

    Data Tables are a way to automatically generate a one- or two-dimensional tables of values, given a formula and one or two sets of values. The book shows how to build data tables, going through a number of good examples, but I was somewhat mystified why this would be better than doing the same thing by hand. Building a data table by hand means you have to understand the difference between A1, $A1, A$1 and $A$1, which I guess is one reason for using the automatic mechanism. A1 and $A$1 are referred to as relative and absolute references, in case you want to google this particular mystery. But building a table by hand gives you more control over the layout. Unfortunately Microsoft has made the layout of two-dimensional data tables both odd and inflexible (the formula for the table is stuck in the upper left corner). It would have been clearer if the book had explained that the examples looked the way they did because that was the only way they could look. It would also have been useful if the book had at least briefly compared data tables to the manual equivalent.

    Scenarios allow you to store versions of a spreadsheet that have different input values. This is neater than it sounds, since you can vary any number of input variables and calculate any number of output variables, including charts. You can also generate a summary sheet which tabulates the corresponding inputs and outputs. The book explains all this very well, going from a clear explanation to three good examples.

    Any book with code samples risks confusion about whether the reader should type in the examples or download them, but this book crosses the line. In some examples (the most egregious example is on page 51), the discussion assumes that some cells have defined names, something that would only have been possible if the reader downloaded the example, since names were not included in the step-by-step instructions. The odd thing is that in some of the examples, the instructions DO include the defined name for each cell.

    When presenting Excel examples like these, you have to deal with the possibility that a cell will have three pertinent properties: a formula, a value, and a name. This is another case where the book seems to lack a good designer who could show this graphically.

    The Solver is a general-purpose equation solver that will handle multiple variables and multiple constraints. For a given function f(x1, ..., xn), the solver can either solve for f(...) = c, or maximize f(...). The book explains how to set this up, and the meaning of the dozen or so options (tolerance, maximum iterations, and so on) pretty clearly.

    The Solver provides a sensitivity report (how much the result will change if one of the inputs changes fractionally), but this report is disabled if even one of the variables is restricted to whole numbers. There are two obvious ways around this: run the sensitivity analysis as though the constraint wasn't there (which would provide the counter-factual information about how much the solution would change if the whole number value changed fractionally); or run the sensitivity analysis without the restricted variables. Microsoft doesn't provide either of these workarounds, and the book doesn't discuss them either.

    The sensitivity report is disabled if any variable has either an "integer" or "binary" constraint, but the book repeatedly mentions only integer constraints, which could be confusing to a beginner. It doesn't help that Microsoft gives the same error message ("Sensitivity Report and Limits Report are not meaningful for problems with integer constraints") for both cases.

    The appendices are quite good – I'd almost recommend reading the book backwards. There's an overview of the data and financial analysis functions in Excel, such as average, median, floor, ceiling and mortgage payment, with enough detail to lead you to the right part of Microsoft's documentation. Another appendix describes ways of handling data that aren't discussed in the body of the book, such as Lists, Subtotals, sorting, filtering and consolidating data. These extras add a considerable amount to the usefulness of the book.

    At $34.95 list, the book is expensive for an introductory book, but I'm not sure that should count against it. If you use the techniques described in the book, the time you'll save will quickly pay back the cost. On the other hand, if you need more explanation and discussion than the book provides, it's going to seem like a whole lot of money. I strongly recommend downloading the sample chapter. It will give you an excellent view of the book's strengths and weaknesses."
    You can purchase Beginning Excel What-If Data Analysis Tools from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  13. Beginning Excel What-if Data Analysis Tools

    Books · Books · · posted by samzenpus · from the get-started dept. · 151 comments
    Graeme Williams writes "Beginning Excel What-If Data Analysis Tools: Getting Started with Goal Seek, Data Tables, Scenarios, and Solver makes it easy to learn about some neat features of Excel, including the four data-analysis tools mentioned in the title. I found the book useful, but the style is dry and unadorned, and others may find it less approachable than I did. The examples around which the book is built are clear and straightforward rather than insightful, and presented plainly rather than with a lot of discussion." Read the rest of Graeme's review. Beginning Excel What-if Data Analysis Tools: Getting Started with Goal Seek, Data Tables, Scenarios, and Solver author Paul Cornell pages xxii + 167 publisher Apress rating 7 reviewer Graeme Williams ISBN 1-59059-591-2 summary A clear but bare introduction to a useful set of Excel tools

    This book reads and feels more like a textbook than an introduction. Other beginner books are full of diagrams, icons and text in boxes. This book has almost none of that – the occasional tip or note is set off with horizontal lines. In other books, text in boxes often seems to be put there for no reason at all, but this book has exactly one diagram. Comparing this book to others, I feel as though we've lost the middle way.

    The book seems to go out of its way to avoid diagrams. To fill out a dialog box, for example, the instructions are to click on the first field, type in the value, click on the second field, type in the value, and so on. I just don't understand why you wouldn't put in a screen shot, with the instructions, "Make it look like this". I don't know if screen shots weren't used because they're more expensive, or harder to translate, but if so, a table could have achieved a similar result.

    Goal Seek is a simple one-variable equation solver. You put x in one cell and f(x) in another. You point Goal Seek at the two cells, give it a value of c and it attempts to solve f(x) = c. It's a simple enough feature, and the book goes through a number of straightforward examples.

    The examples are relevant and clearly explained, but they seem only to be examples of themselves. They don't trigger any new ideas, and none of them jump out at you as "Neat!". I wish the author had put a little more creativity into the examples. They seem a little dry and occasionally repetitive, and don't seem to build on one another. An example shouldn't be just, "Here it is", but rather, "Here's something important to know about how it works" or "Here's an idea you can use in other places as well as here".

    At the end of each chapter, there's a list of possible errors, but the suggested fixes aren't all equally helpful. If Goal Seek can't solve f(x) = c, the book suggests (page 19) changing the value of c! This is an area where a set of related examples would have been very helpful: first showing a simple example, followed by a more complicated example that fails, and finally with the failure repaired.

    Data Tables are a way to automatically generate a one- or two-dimensional tables of values, given a formula and one or two sets of values. The book shows how to build data tables, going through a number of good examples, but I was somewhat mystified why this would be better than doing the same thing by hand. Building a data table by hand means you have to understand the difference between A1, $A1, A$1 and $A$1, which I guess is one reason for using the automatic mechanism. A1 and $A$1 are referred to as relative and absolute references, in case you want to google this particular mystery. But building a table by hand gives you more control over the layout. Unfortunately Microsoft has made the layout of two-dimensional data tables both odd and inflexible (the formula for the table is stuck in the upper left corner). It would have been clearer if the book had explained that the examples looked the way they did because that was the only way they could look. It would also have been useful if the book had at least briefly compared data tables to the manual equivalent.

    Scenarios allow you to store versions of a spreadsheet that have different input values. This is neater than it sounds, since you can vary any number of input variables and calculate any number of output variables, including charts. You can also generate a summary sheet which tabulates the corresponding inputs and outputs. The book explains all this very well, going from a clear explanation to three good examples.

    Any book with code samples risks confusion about whether the reader should type in the examples or download them, but this book crosses the line. In some examples (the most egregious example is on page 51), the discussion assumes that some cells have defined names, something that would only have been possible if the reader downloaded the example, since names were not included in the step-by-step instructions. The odd thing is that in some of the examples, the instructions DO include the defined name for each cell.

    When presenting Excel examples like these, you have to deal with the possibility that a cell will have three pertinent properties: a formula, a value, and a name. This is another case where the book seems to lack a good designer who could show this graphically.

    The Solver is a general-purpose equation solver that will handle multiple variables and multiple constraints. For a given function f(x1, ..., xn), the solver can either solve for f(...) = c, or maximize f(...). The book explains how to set this up, and the meaning of the dozen or so options (tolerance, maximum iterations, and so on) pretty clearly.

    The Solver provides a sensitivity report (how much the result will change if one of the inputs changes fractionally), but this report is disabled if even one of the variables is restricted to whole numbers. There are two obvious ways around this: run the sensitivity analysis as though the constraint wasn't there (which would provide the counter-factual information about how much the solution would change if the whole number value changed fractionally); or run the sensitivity analysis without the restricted variables. Microsoft doesn't provide either of these workarounds, and the book doesn't discuss them either.

    The sensitivity report is disabled if any variable has either an "integer" or "binary" constraint, but the book repeatedly mentions only integer constraints, which could be confusing to a beginner. It doesn't help that Microsoft gives the same error message ("Sensitivity Report and Limits Report are not meaningful for problems with integer constraints") for both cases.

    The appendices are quite good – I'd almost recommend reading the book backwards. There's an overview of the data and financial analysis functions in Excel, such as average, median, floor, ceiling and mortgage payment, with enough detail to lead you to the right part of Microsoft's documentation. Another appendix describes ways of handling data that aren't discussed in the body of the book, such as Lists, Subtotals, sorting, filtering and consolidating data. These extras add a considerable amount to the usefulness of the book.

    At $34.95 list, the book is expensive for an introductory book, but I'm not sure that should count against it. If you use the techniques described in the book, the time you'll save will quickly pay back the cost. On the other hand, if you need more explanation and discussion than the book provides, it's going to seem like a whole lot of money. I strongly recommend downloading the sample chapter. It will give you an excellent view of the book's strengths and weaknesses."
    You can purchase Beginning Excel What-If Data Analysis Tools from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  14. Pro Perl Debugging

    News · Perl · · posted by samzenpus · from the make-it-clean dept. · 164 comments
    Michael J. Ross writes "The typical computer program has more bugs than there are ants at a picnic -- except ants are usually easier to find. Programs written in Perl are no exception, because the compactness of the language does not make any existent bugs easier to spot; they can simply be packed into fewer lines of code. To help remedy this problem, Richard Foley and Andy Lester, two seasoned Perl programmers, offer a new book, Pro Perl Debugging: From Professional to Expert." Read the rest of Michael's review. Pro Perl Debugging: From Professional to Expert author Richard Foley with Andy Lester pages 269 publisher Apress rating 8 reviewer Michael J. Ross ISBN 1590594541 summary A comprehensive tutorial and reference for the Perl debugger

    This title was published in hardcover in March 2005 by Apress, a relatively new member of the technical publishing world. The publisher has a Web page for the book that includes links to all of the source code in a Zip file, the table of contents in PDF format, and a form for submitting errata. The book comprises 269 pages, the majority of which are organized into 16 chapters: Introduction (not to be confused with the true Introduction immediately preceding it), Inspecting Variables and Getting Help, Controlling Program Execution, Debugging a Simple Command Line Program, Tracing Execution, Debugging Modules, Debugging Object-Oriented Perl, Using the Debugger As a Shell, Debugging a CGI Program, Perl Threads and Forked Processes, Debugging Regular Expressions, Debugger Customization, Optimization and Performance Hints and Tips, Command Line and GUI Debuggers, Comprehensive Command Reference, Book References and URLs.

    For programmers who wish to learn how to fully utilize Perl's debugger, what options are open to them? A terse summary of the debugger's commands are always close by, within the debugger itself. Those Perl coders who have yet to try the built-in Perl debugger, really owe it to themselves to give it a whirl. In most cases, it is superior to embedding lots of "print" statements in your scripts, and then wading through the results. Simply include perl.exe's -d flag on the system command line, and you should be put right into the debugger, and see the debugger's "DB<1>" command prompt -- the "1" meaning that it is ready for your first command. To display the aforementioned command summary, simply enter "h", or "|h" to see the output one screen-ful at a time, which you will probably want to do unless your system window can show all of the dozens of lines at once. The command summary is best used as a quick reference, and naturally cannot be expected to serve as any sort of tutorial. Yet it has its use, and for that, it's fine.

    Most Perl books devote at least some space to explaining the basics of firing up and using Perl's debugger. The (in)famous "camel book," Larry Wall's Programming Perl, has a chapter on the debugger. It covers breakpoints, running, stepping, tracing, displaying code, commands, debugger customization, debugger options, unattended execution, creating your own debugger, and performance profiling. Aside from that last topic, the chapter is mostly an expansion of the command summary mentioned earlier. It is sparse on examples, and does not cover any advanced topics, such as using the debugger in the context of forking, threads, and POE, as well as the debugger's special capabilities for regular expressions, CGI programs, and shelling out.

    The advanced topics are where Pro Perl Debugging really shines in relation to the coverage that I have seen in any other book, partly because the authors have the space to thoroughly explore those topics in depth, and to provide much more meaty examples, with adequately illustrative sample code. Even for the more complex topics, the writing is clear, and the examples are worthwhile.

    The authors clearly intend for the book to serve as both a comprehensive tutorial and a reference for the Perl debugger. In both respects, they succeed admirably. But the practical value of their accomplishment could be called into question by any programmer who has grown tired of the limitations of the Perl debugger, and has switched over to any Perl-capable standalone GUI debugger or integrated development environment (IDE). More specifically, watching a variable change value, while stepping through the lines of a Perl script using the debugger, requires that the programmer manually or programmatically echo that variable's value, by issuing a print command ("p") followed by the variable name, one way or another. This process quickly becomes tedious when multiple variables need to be watched, because each individual variable must be printed, one at a time. Admittedly, previously entered print statements can be recalled by using the up-arrow key, but only if the particular command has not been pushed out of the debugger's limited storage. This usually becomes even more frustrating when trying to print the values of indexed arrays, hashes, and nested arrays and other structures. There are workarounds, but none are pretty, and even the most promising techniques still seem to require excessive focusing on the debugger commands themselves, drawing attention away from the code being debugged.

    As a result, some disheartened Perl coders eventually switch back to embedding "print" statements in their code. Fortunately, there is a better alternative, in the form of IDEs, which can automatically report the changing values of a large set of variables, none of which need to be typed in, owing to the drag-and-drop capabilities of most IDEs. There are many IDEs available, including freeware and open source offerings. Most if not all of them support advanced editing, syntax highlighting and verification, visual breakpoints, and other much-appreciated capabilities. Even if they were to lack all of these features, and only have the advantage of easily and dynamically displaying the current values of variables, then they would be much more pleasant to use than the built-in Perl debugger. This is especially true in the case of nested structures, which can be expanded with a mouse click within most IDEs. All of this being said, it should be noted that the authors include a chapter that briefly touches upon the most well-known Perl GUI debuggers -- but at only seven pages in length, the chosen applications get only a cursory treatment, highlighting their major features.

    Nonetheless, given the intended purpose of Pro Perl Debugging, and its target audience, the book cannot be faulted for its contents nor its approach to presenting the material. Anyone looking for a detailed and competent explication of the native Perl debugger, would likely not be able to find a more thorough treatment anywhere else.

    Michael J. Ross is a freelance writer, computer consultant, and the editor of PristinePlanet.com's free newsletter."

    You can purchase Pro Perl Debugging from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  15. PHP 5 Recipes

    News · Programming · · posted by samzenpus · from the properly-cooked dept. · 121 comments
    jsuda writes " With all the books being published recently about PHP a new one will need to find and fill a niche to distinguish itself. PHP 5 Recipes: A Problem-Solution Approach, published by Apress, has done so, in my view. This is an intermediate-level volume exploring PHP 5 using a recipe approach where the basics of PHP 5's functionality are expressed systematically but in a small-topic by small-topic manner. Cook-book style, each topic is relatively autonomous and can be individually selected, as necessary, for information or review, similarly to how many refer to the Joy of Cooking for help on a cooking project. It's a source for instant solutions to common PHP-related problems. There are over 200 such recipes presented." Read the rest of jsuda's review. Php 5 Recipes: A Problem-Solution Approach author Lee Babin, Nathan Good, Frank M. Kronman, Jon Stephens pages 646 publisher Apress rating 8 reviewer John Suda ISBN 1-59059-509-2 summary A problem solving approach to Php 5

    Each of these recipes refers to a small element or aspect of PHP 5 and the presentations contain a brief overview of the topic, an explanation of how the code elements work, and where the code is applicable in projects. Overall, the book covers the whole range of PHP 5 functionality where each major element of PHP 5 is addressed in a recipe explaining and illuminating relevant code elements. You can easily get information about a specific PHP 5 element by going directly to the section of the book where it appears. Even better, the code snippets are designed to allow one to copy and paste them into your own applications or development easily and then to configure them as necessary. All of the code snippets are freely available for downloading at the publisher's website at www.apress.com.

    There are 16 chapters and an index covering a total of 646 pages. The chapters are organized similarly to other PHP primers, covering the basic elements of PHP - data types, operations, arrays, strings, variables, files and directories, dates and times, functions, and regular expressions. The coverage for much of these concepts is relatively mundane and unoriginal. The discussion of dynamic imaging, however, is an exception. The writing throughout, however, is solid and clear. The book emphasizes the most important elements of new PHP 5. The object-oriented programming elements especially are covered - classes, objects, protected class variables, exception handling, interfaces, and the new mysqli database extension. The authors' discussions focus on PHP 5.0.4, MySQL 4.1, and cover Linux and Windows environments.

    The book is directed at PHP programmers looking to learn the elements introduced by PHP 5, and for those looking to find fast solutions to coding problems. It assumes a basic knowledge of PHP. Many of the recipes discuss object-oriented programming and these are some of the more advanced sections of the book. I can say that Chapter 2, which introduces the object-oriented concepts is one of the better explanations of the topic that I've read. The chapter covers constructors, destructors, methods and properties, class diagrams and examples of these concepts at work in code snippets. There are a number of interesting segments containing custom coding of classes as reusable templates from which to create objects.

    The book is well-designed and written. The discussion is clear and logical. The code snippets are well-explained. The authors are experienced programmers and developers, and Good and Stephens have authored or co-authored a number of technical books.

    A large handful of the recipes contain projects, usually appearing at the end of the overview and presentation of code snippets covering the basics of the topics. The projects usually deal with the creation of higher-end classes and objects as solutions to common coding problems. The idea here is to show PHP 5 functionality at work providing useful code sections to be dropped into your custom applications. Chapter Five concludes with a sophisticated class dealing with dates and times issues. Other chapters contain constructions of string, file, graphics, and regular expression classes.

    The last five chapters deal with using the PHP code in web applications and services. This material covers cookies (including construction of a cookie class), using HTTP headers, sessions, and using query strings. Much of this material has been covered elsewhere in the many primers on PHP already published. There is a chapter on using forms and an interesting chapter on working with markup. The better chapters are on using DOM to generate markup, parsing XML, using RSS feeds, SOAP, and simple XML. The chapter on mysql is basic, except for the section on creating a wrapper class. The last chapter deals with communicating with Internet services, like POP, iMap, and FTP. Another project presented here is one creating object-oriented code dealing with a mail class.

    This is a useful book to have in a programmer's library."

    You can purchase Php 5 Recipes: A Problem-Solution Approach from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  16. The Definitive Guide to MySQL 5

    News · Programming · · posted by samzenpus · from the all-in-one dept. · 100 comments
    jsuda writes "The Definitive Guide to MYSQL 3rd Edition certainly deserves its title. It is a large, dense, complete guide to MySQL and updates its predecessor edition by covering new MySQL5 and new auxiliary software including database administration tools and interfaces. MySQL is the open-source database software which has become very popular for web-based database applications now being used by Yahoo, NASA, Slashdot, and other entities. Read on for the rest of Jsudas' review The Definitive Guide to MySQL 5 3rd Edition author Michael Kofler pages 748 publisher Apress rating 7 reviewer John Suda ISBN 1-59059-535-1 summary The Definitive Guide to Mysql 5

    The author of this book, Michael Kofler, has a Ph.D. degree in computer science and is an accomplished writer of technical books. The audience is intermediate to high-level database designers and programmers. Although the presentation assumes little prior knowledge of MySQL and databases, it does assume a good amount of contact with and knowledge of programming languages. The topic of this book does not lend itself to an easy, flowing writing style. Reading through this complex material is like chewing on heavy New England pound cake. That is not a criticism of the author as he thoroughly presents the topics in a comprehensive, workmanlike, textbook-like manner. The discussions of databases and MySQL features are lightened by numerous table, charts, graphics, and examples of relevant matters.

    The updating from the 2nd Edition of The Definitive Guide involves the upgrade of MySQL from version 4.1 to 5.0 which now provides support for Unicode, the sub-SELECT and GIS functions, improved authorization features, addition of stored procedures, and other new commands and server options. It also includes discussion of new or updated auxiliary software used with MySQL, like PHPAdmin and new interfaces for Open Office, Star Office, and Apo.NET.

    There are six parts with twenty-three chapters and 3 appendices, amounting to 748 pages with index. The parts entail an introduction to MySQL and databases, administrative tools and user interfaces, fundamentals of database design, programming using MySQL, and detailed content references. The appendices include short segments of a glossary, bibliography, and notes about the sample code files available for downloading from the publisher's website at http://www.apress.com./

    The beginning chapters introduce the basic concepts of MySQL including its client-server architecture, tables, fields, queries, keys, and the distinction between relational and object-oriented databases. The author focuses the bulk of the book on relational databases. The many features of MySQL are itemized and other matters like licensing and setting up test environments are discussed. A large segment of this early material offers instruction on installing under Windows and Unix/Linux platforms and configuring the installations for function, usability, and security. An introductory example of building an opinion poll application with PHP is provided.

    Chapters 4 - 6 cover a number of administrative tools to use with MySQL, including mysqladmin, mysqldump, and PHPAdmin. The author spells out how to install and configure, set up user management and security, create and edit databases, import and export data, and use auxiliary functions, among other things.

    The best chapter, in my view, is Chapter 8 on database design. The technical aspects of databases are well-covered, like the various table types and data types, but the more theoretical aspects are noted in some length. There is some art in creating databases and tables which is above the technological. Correct design with related tables is crucial to efficiency, ease of use, accuracy, ability to revise, and consistency. A segment on "tips and tricks" in database design is especially interesting.

    The bulk of Part 3 contains a comprehensive presentation of SQL features, syntax, configuration, and security issues, The new functions of version 5 are explored, like GIS and stored procedures and triggers. A section on transactions for advanced users and setups is nicely done. For novice users, mention is made of the "--I-am-a-dummy" option which warns and provides a second chance to avoid inadvertent updating or deleting of a table. Chapter 14 is all about maintenance issues - backing up, importing, logging, and replication.

    Part 4 deals with how to combine MySQL with programming languages like PHP, perl, Java, C, Visual Basic, and Visual Basic.NET. Each is treated similarly - detailing features, concepts, syntax, and programming techniques. Most of the attention is given to PHP, which is described as a natural companion to MySQL for use in developing dynamic web applications.

    Chapter 21 is a comprehensive SQL reference of operations, functions, data types, variables and constants, and commands. There are a large number of charts and tables to bring order to the dense material. Chapter 23 contains material on the various API's which can interact with MySQL. These include PHP.API, perl.API, JDBC, ADO-net, and C.API.

    For those with a need to know, and those with a desire to learn MySQL, this volume contains nearly everything you would want and expect, not only about MySQL itself but about the software that interacts with it or web servers. The author deserves credit for presenting the dense material in a thorough and orderly manner."

    You can purchase The Definitive Guide to MySQL 5 3rd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  17. Perl 6 Now by Scott Walters

    News · Perl · · posted by timothy · from the now-and-then-or-later-or-earlier dept. · 366 comments
    Joseph Brenner writes "Every now and then, a beginning programmer asks if there's any point in learning to program in Perl 5, when Perl 6 is going to change everything soon. There are a number of answers to that: one is to point out that Perl 6 is still years away, another is to point out that it is promised that Perl 5 code will run under Perl 6 without modification (a module that begins with the traditional "package" statement is Perl 5 code; if it begins with the new "class," then it's Perl 6)." Read on for the rest of Brenner's review of Scott Walters' Programming in Perl 6 style using Perl 5, a book which answers that question a whole different way. Perl 6 Now author Scott Walters pages 379 publisher Apress rating 7 reviewer Joseph Brenner ISBN 1590593952 summary Programming in Perl 6 style using Perl 5

    Scott Walters here pursues what might be thought of as the third answer: you can learn Perl 6 now and immediately begin writing programs in a "Perl6ish" sort of way, using appropriate CPAN modules that have been used to implement approximations of Perl 6 behavior: Perl6::Variables, Perl6::Export, Perl6::Contexts, autobox, Perl6::Classes, Switch, and so on.

    There are many caveats about using these tricks in production code, however, and Scott Walters doesn't shy away from warning you about them (e.g. p.43 "Source filters are dangerous" where he discusses their increased start-up overhead and potential bugginess -- though he doesn't mention my own peeve which is that they're very confusing when you try and use the Perl debugger).

    So possibly the book is not really quite so well suited to an actual beginner-- who probably should not be told about "use Switch 'Perl6'", but the device of spending the early stages of the book directed toward a beginning audience makes it a very useful review for people like myself who have been reading the Apocalypses, but don't remember every detail.

    And on the other hand, the book includes some prominent early warnings about common gotchas that beginning programmers seem to be prone to -- e.g. using dynamically defined variables instead of just using hashes.

    The standards for writing English in the Perl world are pretty high -- the core members of the Perl community have always cared a lot about clear writing, and it's arguably the world's best documented language (critics will no doubt add that it needs to be). Unfortunately, I can't say that Perl 6 Now quite lives up to this standard. This is a book that was written in a hurry, and it shows: hasty sentences and minor organizational problems abound (e.g. one or two items seem to be discussed in the wrong place; there are an awful lot of explicit forward references, and yet there's at least one place where something was used in an example before being discussed a few dozen pages later). But then in Scott Walters defense, this is certainly a book that needed to be written in a hurry, because its subject matter is such a moving target.

    And where the book really shines is in its code examples: short, clear and to the point; the author repeatedly shows how something can be done in Perl 5 code and how it's expected to work in Perl 6. These examples are always clearly labeled "Perl 5" or "Perl 6" in the comments, so that the two can't be confused.

    The subjects of some of the examples are pretty cool: e.g. he talks about using PDL ("Perl Data Language") to crunch audio data in MOD format, which I was completely unfamiliar with. A *.mod file essentially contains the "sheet music" for multiple parts (really, MIDI) plus sound samples that specify how notes will sound for each voice. This is discussed in Chapter 7, which is also the free sample chapter. I also liked random walking Arizona's highways as an example of Graph navigation (Chapter 8, p 159), and I appreciate the fact that he downplays inheritance in favor of delegation in his discussion of objects (Chapter 14, p. 262).

    All in all, this book is a fun read for the Perl fanatic.

    (Note: the title Perl 6 Now bears a strong resemblance to an emacs package I've been working on called perlnow.el, but there is no relation.)

    You can purchase Programming in Perl 6 style using Perl 5 from bn.com; it's also available in eBook format (password protected PDF, using your email as password) for $15. Source code and and a sample chapter are available online: Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  18. Beginning PHP 5 and MySQL E-Commerce

    News · Business · · posted by timothy · from the for-not-quite-beginners dept. · 202 comments
    norburym (Mary Norbury-Glaser) writes " Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional by Cristian Darie and Mihai Bucica is a valuable resource for the web developer/intermediate programmer who is preparing to create a database-driven e-commerce site and who is most comfortable learning by example. The authors have prepared a book with real-world application in a tutorial format; they give detailed instruction on how to create a fully developed e-commerce web site from design phase to deployment. This book is not for the raw beginner; some knowledge of PHP and MySQL is assumed and truthfully, this book will most benefit a professional web designer who has some experience building dynamic elements into web sites." If that fits you, or if you want it to, read on for the rest of Norbury-Glaser's review. Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional author Cristian Darie and Mihai Bucica pages 568 publisher Apress rating 9 reviewer Mary Norbury-Glaser ISBN 1590593928 summary Create an E-Commerce Site Using PHP 5 and MySQL 4

    The authors use a T-shirt shop scenario as their model for the design and implementation of their e-commerce site. The book is separated into three distinct "phases" of development. Phase I covers the foundations of creating the Web site, what tools to use and how to use them including creating a product catalog, incorporating a search tool, using PayPal payment processing and adding an administration interface. Phase II proceeds with enhancing the site with a custom shopping cart, a client-server ordering process, a page for pending order administration and a dynamic product recommendations system. Phase III looks at a more complicated customer accounts scenario: taking credit cards instead of using PayPal, building an order-processing pipeline, implementing credit card gateways, adding a product reviews system and accessing web services using SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) XML-based protocols.

    Chapter 1 introduces business strategies for considering an online commerce solution and the reasons for launching an e-commerce presence: acquiring more customers, making customers spend more and reducing the costs of fulfilling orders. A thorough read of Appendix C ("Project Management Considerations") would be a good aside at this point. This section provides excellent insight into choosing an appropriate software development cycle model for different projects with a good discussion of advantages and disadvantages of various methods and theories.

    Chapters 2 through 7 constitute Phase I proper. The authors begin by tackling the basic structure of the site and focusing on flexible design, scalability and reliability. They introduce a three-tier architecture model: the presentation tier (dynamic pages that contain the elements that allow visitor to the site to interact effectively with the business end), the business or middle tier (requests for data that are posed by the visitor are passed on by the presentation tier to the data tier) and the data tier (manages the data and sends appropriate responses back to the business tier when requested).

    Chapter 2 lays the groundwork for the reader to establish the TShirtShop site and accompanying database. Installation instructions for Apache 2, PHP 5, MySQL 4 and phpMyAdmin are referenced to Appendix A. Instructions for installing other tools used in this book - the Smarty template framework for PHP and PEAR DB - are included within Chapter 2. I quite admire the authors' choice to use Smarty. Smarty parses templates behind the scenes and creates PHP scripts from them so when a Web page is rendered, Smarty reads from the PHP scripts instead of pulling the templates themselves, eliminating run-time parsing of templates. Smarty also has built-in caching of template outputs, which saves on overhead in retrieving data from the database.

    After creating the main index.php page and the index.tpl Smarty template, the authors discuss error handling and reporting (with a nod to PHP's often head-scratching error messages). They provide a nice set of instructions here for creating an efficient error handling/reporting scheme. The last step in Chapter 2 is to load phpMyAdmin and create the new tshirtshop database and an admin user.

    From this point forward, the authors structure each chapter to adhere to the three-tier model. Implementing the presentation tier, the business tier and the data tier is an integral part of the construction of the site. The reader is encouraged to begin every major aspect of the project with these elements in mind.

    Chapters 3 and 4 lead the reader through the creation of the product catalog for the TShirtShop site. The authors give a brief overview of SQL, relational databases, using PEAR DB and Smarty plug-ins. The first table is created and populated with data, PEAR DB is used to access the data and a Smarty template is used to implement the user interface. Multiple tables are then added to enhance product catalog features, which allows for a discussion of table relationships. Filtering SQL results and joining data tables are then examined in the section on implementing the data tier.

    Chapter 5 introduces a product search engine to the site by using MySQL to search the database and using Smarty templates to build the user interface. This is a major component of any e-commerce site and the authors prepare an excellent code set for this purpose by using the full-text searching functionality of MySQL. The pros and cons of this versus using LIKE are also discussed.

    Chapter 6, "Receiving Payments Using PayPal", will be of great interest to many readers. Many individual proprietors and small businesses don't have the resources to process credit cards and therefore use Internet Payment Service Providers to process transactions. In this chapter, the authors teach the reader how to create a new PayPal account, how to integrate the PayPal shopping cart and custom checkout and how to configure PayPal to automatically calculate shipping costs. There is a bit of missing code in this chapter but it appears correctly on this book's Apress errata page (apress.com).

    The last chapter of Phase I covers implementation of a catalog administration page using componentized templates and a simple authentication scheme for administrator access to the page.

    By the completion of Phase I, the design and programming for a completely functional e-commerce site is in place.

    Phase II begins with a pros and cons discussion of using a simple cart method like PayPal versus creating a custom shopping cart and checkout to enhance flexibility. There are some neat tricks here including storing the cart ID as a cookie on the client.

    In Chapters 8 and 9, the reader learns how to store cart info in the database, how to implement a client-side ordering mechanism and an orders administration page for pending orders. The benefit to this is that since the data is now stored in the database, quantitative analysis and tracking can be done based on the products sold.

    In Chapter 10, the authors add product recommendations to their TShirtShop site. This dynamic visitor-specific functionality is an excellent sales strategy intended to boost sales by adding suggestions for upgrading a purchase or complementing a purchase with another product. The items recommended are based on what products were ordered together by other customers. The SQL query to get the list of products is very nicely done!

    This concludes Phase II and the site is again fully functional but with some neat new enhancements: the site has its own shopping cart, credit card processing is accomplished through PayPal and an orders administration page and product recommendations system have been added. Many individually run or small businesses may stop at this point and be completely content with the e-commerce site that has been developed so far. But the authors proceed with more complex scenarios by offering Phase III: "Processing Orders and Adding Features". This final section of the book deals with processing credit cards, using SSL to encrypt data transactions, storing customer accounts, adding a customer product review system (think Amazon.com) and using XML Web services to integrate Amazon.com products into the site.

    The authors spend some time covering the design of the order pipeline and optimizing the logical sequence of tasks that need to be tracked. Chapter 12 deals with the modifications necessary to the enable pipeline processing and the database schema changes for auditing and storing data. Chapter 13 implements the pipeline sections in preparation for adding full credit card transaction functionality in Chapter 14 and rounds out with the creation of a new orders admin page that shows an audit trail for any particular order stored in the database.

    Full implementation of credit card orders is completed in Chapter 14. The authors discuss credit card transaction fundamentals including working with credit card payment gateways, understanding transactions and card processing. They look at two payment services providers as examples: DataCash (a UK-based company) and Payflow Pro (a division of Verisign).

    Product review integration is the subject of Chapter 15. This is another highly coveted enhancement to e-commerce sites. The authors provide a very simple (and therefore, elegant, in my view) implementation of code to add review capabilities to the sample site.

    The final chapter of the book is Chapter 16, "Connecting to Web Services", where the authors complete their professionally developed TShirtShop e-commerce site by integrating the Amazon E-Commerce Service using SOAP and REST.

    Appendices A-C cover necessary application installation (as mentioned above), hosting advice, steps for getting your files where they need to be on various hosting models and project management theory. Access to code and errata is available on the Apress Web site (apress.com). This book has a nice layout, clean typography, plenty of screen shots and the code sets are offset from the main body of text and are extremely easy to follow. The book can readily be propped open while looking on from your development machine and the overall size of the book isn't unwieldy or awkward to place on a surface.

    In the The Expert's Voice in Open Source series, Apress has harnessed the knowledge and expertise of some of the best folks in open source and this book is no exception. Cristian Darie has previously written several well-regarded volumes (Programmer's Guide to SQL, Beginning ASP.NET E-Commerce, Visual C# .NET: A Guide for VB6 Developers, among others) and his skill in untangling complex subject matter is apparent in Beginning PHP 5 and MySQL E-Commerce. Both authors have prepared a book that will enable any intermediate developer to create a fully functional e-commerce Web site that they can then customize and extend. This book is consistent, well organized and clearly presented. Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional is the perfect tutorial-style book for start-to-finish e-commerce site development instruction for any developer with the desire to learn the advanced tools and techniques to get a scalable professional site designed and in production.

    You can purchase Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  19. Beginning PHP 5 and MySQL E-Commerce

    News · Business · · posted by timothy · from the for-not-quite-beginners dept. · 202 comments
    norburym (Mary Norbury-Glaser) writes " Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional by Cristian Darie and Mihai Bucica is a valuable resource for the web developer/intermediate programmer who is preparing to create a database-driven e-commerce site and who is most comfortable learning by example. The authors have prepared a book with real-world application in a tutorial format; they give detailed instruction on how to create a fully developed e-commerce web site from design phase to deployment. This book is not for the raw beginner; some knowledge of PHP and MySQL is assumed and truthfully, this book will most benefit a professional web designer who has some experience building dynamic elements into web sites." If that fits you, or if you want it to, read on for the rest of Norbury-Glaser's review. Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional author Cristian Darie and Mihai Bucica pages 568 publisher Apress rating 9 reviewer Mary Norbury-Glaser ISBN 1590593928 summary Create an E-Commerce Site Using PHP 5 and MySQL 4

    The authors use a T-shirt shop scenario as their model for the design and implementation of their e-commerce site. The book is separated into three distinct "phases" of development. Phase I covers the foundations of creating the Web site, what tools to use and how to use them including creating a product catalog, incorporating a search tool, using PayPal payment processing and adding an administration interface. Phase II proceeds with enhancing the site with a custom shopping cart, a client-server ordering process, a page for pending order administration and a dynamic product recommendations system. Phase III looks at a more complicated customer accounts scenario: taking credit cards instead of using PayPal, building an order-processing pipeline, implementing credit card gateways, adding a product reviews system and accessing web services using SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) XML-based protocols.

    Chapter 1 introduces business strategies for considering an online commerce solution and the reasons for launching an e-commerce presence: acquiring more customers, making customers spend more and reducing the costs of fulfilling orders. A thorough read of Appendix C ("Project Management Considerations") would be a good aside at this point. This section provides excellent insight into choosing an appropriate software development cycle model for different projects with a good discussion of advantages and disadvantages of various methods and theories.

    Chapters 2 through 7 constitute Phase I proper. The authors begin by tackling the basic structure of the site and focusing on flexible design, scalability and reliability. They introduce a three-tier architecture model: the presentation tier (dynamic pages that contain the elements that allow visitor to the site to interact effectively with the business end), the business or middle tier (requests for data that are posed by the visitor are passed on by the presentation tier to the data tier) and the data tier (manages the data and sends appropriate responses back to the business tier when requested).

    Chapter 2 lays the groundwork for the reader to establish the TShirtShop site and accompanying database. Installation instructions for Apache 2, PHP 5, MySQL 4 and phpMyAdmin are referenced to Appendix A. Instructions for installing other tools used in this book - the Smarty template framework for PHP and PEAR DB - are included within Chapter 2. I quite admire the authors' choice to use Smarty. Smarty parses templates behind the scenes and creates PHP scripts from them so when a Web page is rendered, Smarty reads from the PHP scripts instead of pulling the templates themselves, eliminating run-time parsing of templates. Smarty also has built-in caching of template outputs, which saves on overhead in retrieving data from the database.

    After creating the main index.php page and the index.tpl Smarty template, the authors discuss error handling and reporting (with a nod to PHP's often head-scratching error messages). They provide a nice set of instructions here for creating an efficient error handling/reporting scheme. The last step in Chapter 2 is to load phpMyAdmin and create the new tshirtshop database and an admin user.

    From this point forward, the authors structure each chapter to adhere to the three-tier model. Implementing the presentation tier, the business tier and the data tier is an integral part of the construction of the site. The reader is encouraged to begin every major aspect of the project with these elements in mind.

    Chapters 3 and 4 lead the reader through the creation of the product catalog for the TShirtShop site. The authors give a brief overview of SQL, relational databases, using PEAR DB and Smarty plug-ins. The first table is created and populated with data, PEAR DB is used to access the data and a Smarty template is used to implement the user interface. Multiple tables are then added to enhance product catalog features, which allows for a discussion of table relationships. Filtering SQL results and joining data tables are then examined in the section on implementing the data tier.

    Chapter 5 introduces a product search engine to the site by using MySQL to search the database and using Smarty templates to build the user interface. This is a major component of any e-commerce site and the authors prepare an excellent code set for this purpose by using the full-text searching functionality of MySQL. The pros and cons of this versus using LIKE are also discussed.

    Chapter 6, "Receiving Payments Using PayPal", will be of great interest to many readers. Many individual proprietors and small businesses don't have the resources to process credit cards and therefore use Internet Payment Service Providers to process transactions. In this chapter, the authors teach the reader how to create a new PayPal account, how to integrate the PayPal shopping cart and custom checkout and how to configure PayPal to automatically calculate shipping costs. There is a bit of missing code in this chapter but it appears correctly on this book's Apress errata page (apress.com).

    The last chapter of Phase I covers implementation of a catalog administration page using componentized templates and a simple authentication scheme for administrator access to the page.

    By the completion of Phase I, the design and programming for a completely functional e-commerce site is in place.

    Phase II begins with a pros and cons discussion of using a simple cart method like PayPal versus creating a custom shopping cart and checkout to enhance flexibility. There are some neat tricks here including storing the cart ID as a cookie on the client.

    In Chapters 8 and 9, the reader learns how to store cart info in the database, how to implement a client-side ordering mechanism and an orders administration page for pending orders. The benefit to this is that since the data is now stored in the database, quantitative analysis and tracking can be done based on the products sold.

    In Chapter 10, the authors add product recommendations to their TShirtShop site. This dynamic visitor-specific functionality is an excellent sales strategy intended to boost sales by adding suggestions for upgrading a purchase or complementing a purchase with another product. The items recommended are based on what products were ordered together by other customers. The SQL query to get the list of products is very nicely done!

    This concludes Phase II and the site is again fully functional but with some neat new enhancements: the site has its own shopping cart, credit card processing is accomplished through PayPal and an orders administration page and product recommendations system have been added. Many individually run or small businesses may stop at this point and be completely content with the e-commerce site that has been developed so far. But the authors proceed with more complex scenarios by offering Phase III: "Processing Orders and Adding Features". This final section of the book deals with processing credit cards, using SSL to encrypt data transactions, storing customer accounts, adding a customer product review system (think Amazon.com) and using XML Web services to integrate Amazon.com products into the site.

    The authors spend some time covering the design of the order pipeline and optimizing the logical sequence of tasks that need to be tracked. Chapter 12 deals with the modifications necessary to the enable pipeline processing and the database schema changes for auditing and storing data. Chapter 13 implements the pipeline sections in preparation for adding full credit card transaction functionality in Chapter 14 and rounds out with the creation of a new orders admin page that shows an audit trail for any particular order stored in the database.

    Full implementation of credit card orders is completed in Chapter 14. The authors discuss credit card transaction fundamentals including working with credit card payment gateways, understanding transactions and card processing. They look at two payment services providers as examples: DataCash (a UK-based company) and Payflow Pro (a division of Verisign).

    Product review integration is the subject of Chapter 15. This is another highly coveted enhancement to e-commerce sites. The authors provide a very simple (and therefore, elegant, in my view) implementation of code to add review capabilities to the sample site.

    The final chapter of the book is Chapter 16, "Connecting to Web Services", where the authors complete their professionally developed TShirtShop e-commerce site by integrating the Amazon E-Commerce Service using SOAP and REST.

    Appendices A-C cover necessary application installation (as mentioned above), hosting advice, steps for getting your files where they need to be on various hosting models and project management theory. Access to code and errata is available on the Apress Web site (apress.com). This book has a nice layout, clean typography, plenty of screen shots and the code sets are offset from the main body of text and are extremely easy to follow. The book can readily be propped open while looking on from your development machine and the overall size of the book isn't unwieldy or awkward to place on a surface.

    In the The Expert's Voice in Open Source series, Apress has harnessed the knowledge and expertise of some of the best folks in open source and this book is no exception. Cristian Darie has previously written several well-regarded volumes (Programmer's Guide to SQL, Beginning ASP.NET E-Commerce, Visual C# .NET: A Guide for VB6 Developers, among others) and his skill in untangling complex subject matter is apparent in Beginning PHP 5 and MySQL E-Commerce. Both authors have prepared a book that will enable any intermediate developer to create a fully functional e-commerce Web site that they can then customize and extend. This book is consistent, well organized and clearly presented. Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional is the perfect tutorial-style book for start-to-finish e-commerce site development instruction for any developer with the desire to learn the advanced tools and techniques to get a scalable professional site designed and in production.

    You can purchase Beginning PHP 5 and MySQL E-Commerce: From Novice to Professional from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  20. Two Books On Plone

    News · Books · · posted by timothy · from the so-this-pair-of-nuns-gets-into-a-plone dept. · 107 comments
    Robert Nagle writes "Over the last year, Zope and Plone have gained mindshare as open source web application servers. In the last few months, two books have come out about how to use, extend and administer Plone. One is Andy McKay's Definitive Guide to Plone (available for free online), and the other is Julie Meloni's Plone Content Management Essentials." Read on for Nagle's review of both books. (See each) author (See each) pages (See each) publisher (See each) rating (See each) reviewer Robert Nagle ISBN (See each) summary McKay's book is indeed definitive; Meloni's book is a good introduction

    The Zope/plone combination offers a variety of advantages to the open source developer: robust workflow capabilities, conformity to Web standards, cross-platform support and a sophisticated security model. On the other hand, it has a steep learning curve and deals with objects in an object database (instead of the usual RDBMS/LAMP data model).

    First, here's 30 seconds of what Plone is all about (the Slashdot editors can provide the bunnies). Zope is a Python-backed web application server which includes a Zope Management Interface (or ZMI), a web-based interface to modify templates and interact with/administer the Zope Object Database (ZODB). Although Zope can be a standalone webserver, in fact people usually put it behind Apache for reasons of security, performance and caching. Years ago, Zope used a custom scripting language (DTML) to do its business logic, but later switched to an XML-based templating language called ZPT and let users use Python-based scripts to perform actions. Zope is the application server; CMF is the content management framework, and Plone is the standards-compliant front end that lets you manage skins, slots, styles, portlets, forms, actions, content types and installation of products. Then there's archetypes, which make it easier to create new content types and web forms. Oh, have I mentioned that we're dealing with objects here? In other words, we're not just throwing data and text into SQL); we're creating different types of content (documents, events, multimedia objects), storing them as objects (with actions, metadata, etc) and then summoning them (or parts of them) from the object database with ZPT using macros and indices.

    From a design perspective, Plone is elegant although so multi-layered that it's often hard to figure out where to make changes. Also, while the Plone front end is snazzy, most users end up having to go to the ZMI to modify the template and edit actions (which, depending on how you look at it, can be an advantage or disadvantage). Finally, although the list of open source products for Plone and Zope is impressive, they don't necessarily play well together, and many products for Zope don't work in Plone and vice versa.

    Definitive Guide to Plone author Andy McKay pages 584 publisher Apress rating 5 ISBN 1590593294

    That is where Andy McKay's book and Julie Meloni's book come in. Of the two books, Andy's is more comprehensive and geared toward the experienced developer (and typical Slashdot reader); Julie's book does more hand-holding and provides more thorough explanations of introductory concepts.

    As a lead plone developer, McKay has intimate knowledge of the good, the bad and the ugly for plone. Although his chapters fly by certain introductory tasks at record speed, he explains things well and offers lots of tips and hints throughout the book. (I can't tell you how many times I've put the book down and exclaimed, 'Aha, so that's how you ...'). The sequence of presentation is generally logical with one exception: in chapter 14 (page 459), the book mentions that you can use Zope Enterprise Objects to debug a live server without having to shut down Plone. That is valuable -- even vital-- information, and belonged in the earlier chapter on installing Zope. Although the chapters don't go into great depth, his code examples and commentary are sufficient to explain what is going on.

    It's not the main focus of the book, but the sections on system administration (caching, tuning, scaling) are well done although some things are missing (like Virtual Host Monster). It's assumed that readers will be able to find this information elsewhere.

    The best parts about McKay's book are how it relates Python programming to Plone. The deeper you get into Plone, the more important it is to write Python scripts and do basic Python debugging. Even basic sysadmin tasks like product management seems to require an understanding of object-oriented concepts. One initial difficulty comes with the idea of URL paths corresponding not to actual directories but objects being contained within other objects. (So that login_form in http://foobar/login_form doesn't necessarily reside within the foobar directory, but is in any directory or object acquired by the foobar object). This type of URL (called a traversal) is explained well enough in the book, but often makes it difficult to figure out where to find things within the ZMI and the file system. Who would have ever thought that the place to edit the login_form object for http://foobar/login_form is /foobar/portal_skins/plone_forms/login_form within the ZMI (which is actually /zopeinstance/products/CMFPlone/skins/plone_forms/ login_form.pt on the file system)? That's why McKay's skin example (in Chapter 7) accomplishes so many things; it provides a "guided tour" through the layers (i.e., scripts, templates, etc) contained within portal_skins; it also runs through the process of creating custom templates and forms based on existing ones. This, by the way, is one of the niftiest features of Zope/Plone; you push a Customize button in the ZMI, and voila! you've cloned an object for customizing. This is dense stuff, but after reading this chapter, I have a better sense of the beast I'm dealing with.

    I particularly liked the book's chapters on archetypes and manipulating content types. If Zope/Plone is about manipulating objects, then it helps to have a variety of objects to manipulate. Archetypes lets you create new content types and new views for content types. By providing Python libraries for fields and widgets, archetypes makes it relatively easy to create web forms for data input. McKay's book covers this topic thoroughly and clearly. I also appreciated the chapter on searches and indexing (and the helpful table of indices and index types); this filled in a lot of gaps in my knowledge. The sections on security and workflow contained good examples, and the book also contained a section on internationalization. The programming chapters are the best parts about the book.

    On the negative side, I wish there were more charts and tables in the book (perhaps as appendices). A lot of this is already found within Zope help or the Plone site, but it would have been handy to have these things as reference. Although McKay's book contains a good (though brief) introduction to Zope Page Templates, the explanation of the syntax is scattered throughout the ZPT chapter; it would have been much better to summarize all the tal tags in a single table.

    Also, at many points during the ZPT chapter and other chapters, McKay refers to Plone and archetype API classes that are described nowhere else in the book. It took me a while to figure out where these things were coming from (and I would refer you to here for API descriptions). The book would have benefited from a better description of APIs, even a high level view of it (You can find some quick references here).

    Because of its focus on development, McKay's book spends almost no time on third-party products or "sanctioned" products available in the plone collective. This is somewhat understandable (given the mercurial nature of product development), but the casual reader might finish the book without realizing that additional additional products even exist. (Here's a fairly comprehensive list of Plone and Zope products).

    Also, I would have liked better explanation about change management. Plone has its own product installer, but I always have difficulties upgrading products. How do you test products before actually deploying them? How do you manage upgrades (and how do you upgrade Zope itself?) For such an extensible project as Plone, managing the installation, testing and upgrade of third-party products can be a disaster waiting to happen.

    Plone Content Management Essentials author Julie C. Meloni pages 258 publisher SAMS rating 3 ISBN 0672326876

    Julie Meloni's book takes a different approach to the subject, one geared less to Python development and more to deploying third-party products and customizing site appearances. I'm tempted to say that the typical Slashdot reader would find this book "shallow," but really that is not fair. Although Meloni's book contains a short appendix on Python, it focuses more on how Plone works out of the box and how to take advantage of core functionality. In fact, Meloni's slender book contains many useful sections probably deemed too elementary for McKay's book: how structured text works, for example.

    Rather than trying to cover everything Plone-related, Meloni identifies a small number of typical tasks and explains them in detail. For example, the book documents the Plone style sheets and how to modify them in the ZMI. Too basic, you say? Well, yes, but it's still useful reference material. Rather than trying to teach you how to write your own Plone product or content type from scratch, she walks us through using that nifty Customize button to clone existing templates for customization (although to tell the truth, you still need would need to know a good bit about Python and ZPT syntax to complete the task). Although the book's section on skins focused mainly on how they relate to style sheets, I found the section on customizing slots to be particularly useful.

    In contrast to McKay's book, Meloni spends a separate chapter on deploying and using several popular plone products: a discussion board, a weblog and a photo album. Given that several competing products exist for each category, and that better products are likely to come out later, this chapter will probably be the first to go out of date.

    Perhaps the book could have spent less time on the products themselves and more on managing products and testing/troubleshooting them.

    Of the two books, McKay's book is the more indispensable, even though I still wound up consulting external sources fairly often for clarification. On the other hand, after reading first McKay's book and then Meloni's, I wish I had read Meloni's book first. Meloni's book provides a great introduction to basic plone concepts; McKay's book is great for the power user/developer. (Still another book, recently released, Cameron Cooper's Building Websites with Plone probably goes into more detail on the Python side; read a sample PDF chapter).

    Perhaps I sound like a shill for the publishing industry when I say this, but it sometimes make sense to possess two or more books on a topic. The decision-making process for geeks buying books can sometimes differ radically from the general public. Geeks, for example, don't have qualms about paying full price for a new book if the content is up-to-late and relevant to the task at hand. The ordinary reader might make a purchasing decision on the basis of which book constitutes the highest information density (the $20 book with 200 pages vs. the $30 books with 500 pages). Geeks are also more inclined to view the purchasing decision in terms of time saved (i.e., how much time will reading this book save me in the long run?) From the standpoint of saving time, there's a lot to be said for reading an introductory book first and then moving to a book on more advanced topics.

    Of course, Andy McKay's book is available already for free on the web (and kudos to Apress Publishing for allowing this).

    ** Actually, mysql/postgresql DB adaptors make it possible for Zope to fetch/send sql data; and Archetypes has a function, SQLStorage, to allow data from content objects to persist in a sql database (news to me). Other Web Resources:

    Robert Nagle (aka idiotprogrammer) writes fiction under various pseudonyms. He lives and works in Houston, Texas. In early 2005 he will be launching a plone-backed literary community ezine. You can purchase the Definitive Guide to Plone from bn.com; bn also carries Plone Content Management Essentials . Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

  21. Two Books On Plone

    News · Books · · posted by timothy · from the so-this-pair-of-nuns-gets-into-a-plone dept. · 107 comments
    Robert Nagle writes "Over the last year, Zope and Plone have gained mindshare as open source web application servers. In the last few months, two books have come out about how to use, extend and administer Plone. One is Andy McKay's Definitive Guide to Plone (available for free online), and the other is Julie Meloni's Plone Content Management Essentials." Read on for Nagle's review of both books. (See each) author (See each) pages (See each) publisher (See each) rating (See each) reviewer Robert Nagle ISBN (See each) summary McKay's book is indeed definitive; Meloni's book is a good introduction

    The Zope/plone combination offers a variety of advantages to the open source developer: robust workflow capabilities, conformity to Web standards, cross-platform support and a sophisticated security model. On the other hand, it has a steep learning curve and deals with objects in an object database (instead of the usual RDBMS/LAMP data model).

    First, here's 30 seconds of what Plone is all about (the Slashdot editors can provide the bunnies). Zope is a Python-backed web application server which includes a Zope Management Interface (or ZMI), a web-based interface to modify templates and interact with/administer the Zope Object Database (ZODB). Although Zope can be a standalone webserver, in fact people usually put it behind Apache for reasons of security, performance and caching. Years ago, Zope used a custom scripting language (DTML) to do its business logic, but later switched to an XML-based templating language called ZPT and let users use Python-based scripts to perform actions. Zope is the application server; CMF is the content management framework, and Plone is the standards-compliant front end that lets you manage skins, slots, styles, portlets, forms, actions, content types and installation of products. Then there's archetypes, which make it easier to create new content types and web forms. Oh, have I mentioned that we're dealing with objects here? In other words, we're not just throwing data and text into SQL); we're creating different types of content (documents, events, multimedia objects), storing them as objects (with actions, metadata, etc) and then summoning them (or parts of them) from the object database with ZPT using macros and indices.

    From a design perspective, Plone is elegant although so multi-layered that it's often hard to figure out where to make changes. Also, while the Plone front end is snazzy, most users end up having to go to the ZMI to modify the template and edit actions (which, depending on how you look at it, can be an advantage or disadvantage). Finally, although the list of open source products for Plone and Zope is impressive, they don't necessarily play well together, and many products for Zope don't work in Plone and vice versa.

    Definitive Guide to Plone author Andy McKay pages 584 publisher Apress rating 5 ISBN 1590593294

    That is where Andy McKay's book and Julie Meloni's book come in. Of the two books, Andy's is more comprehensive and geared toward the experienced developer (and typical Slashdot reader); Julie's book does more hand-holding and provides more thorough explanations of introductory concepts.

    As a lead plone developer, McKay has intimate knowledge of the good, the bad and the ugly for plone. Although his chapters fly by certain introductory tasks at record speed, he explains things well and offers lots of tips and hints throughout the book. (I can't tell you how many times I've put the book down and exclaimed, 'Aha, so that's how you ...'). The sequence of presentation is generally logical with one exception: in chapter 14 (page 459), the book mentions that you can use Zope Enterprise Objects to debug a live server without having to shut down Plone. That is valuable -- even vital-- information, and belonged in the earlier chapter on installing Zope. Although the chapters don't go into great depth, his code examples and commentary are sufficient to explain what is going on.

    It's not the main focus of the book, but the sections on system administration (caching, tuning, scaling) are well done although some things are missing (like Virtual Host Monster). It's assumed that readers will be able to find this information elsewhere.

    The best parts about McKay's book are how it relates Python programming to Plone. The deeper you get into Plone, the more important it is to write Python scripts and do basic Python debugging. Even basic sysadmin tasks like product management seems to require an understanding of object-oriented concepts. One initial difficulty comes with the idea of URL paths corresponding not to actual directories but objects being contained within other objects. (So that login_form in http://foobar/login_form doesn't necessarily reside within the foobar directory, but is in any directory or object acquired by the foobar object). This type of URL (called a traversal) is explained well enough in the book, but often makes it difficult to figure out where to find things within the ZMI and the file system. Who would have ever thought that the place to edit the login_form object for http://foobar/login_form is /foobar/portal_skins/plone_forms/login_form within the ZMI (which is actually /zopeinstance/products/CMFPlone/skins/plone_forms/ login_form.pt on the file system)? That's why McKay's skin example (in Chapter 7) accomplishes so many things; it provides a "guided tour" through the layers (i.e., scripts, templates, etc) contained within portal_skins; it also runs through the process of creating custom templates and forms based on existing ones. This, by the way, is one of the niftiest features of Zope/Plone; you push a Customize button in the ZMI, and voila! you've cloned an object for customizing. This is dense stuff, but after reading this chapter, I have a better sense of the beast I'm dealing with.

    I particularly liked the book's chapters on archetypes and manipulating content types. If Zope/Plone is about manipulating objects, then it helps to have a variety of objects to manipulate. Archetypes lets you create new content types and new views for content types. By providing Python libraries for fields and widgets, archetypes makes it relatively easy to create web forms for data input. McKay's book covers this topic thoroughly and clearly. I also appreciated the chapter on searches and indexing (and the helpful table of indices and index types); this filled in a lot of gaps in my knowledge. The sections on security and workflow contained good examples, and the book also contained a section on internationalization. The programming chapters are the best parts about the book.

    On the negative side, I wish there were more charts and tables in the book (perhaps as appendices). A lot of this is already found within Zope help or the Plone site, but it would have been handy to have these things as reference. Although McKay's book contains a good (though brief) introduction to Zope Page Templates, the explanation of the syntax is scattered throughout the ZPT chapter; it would have been much better to summarize all the tal tags in a single table.

    Also, at many points during the ZPT chapter and other chapters, McKay refers to Plone and archetype API classes that are described nowhere else in the book. It took me a while to figure out where these things were coming from (and I would refer you to here for API descriptions). The book would have benefited from a better description of APIs, even a high level view of it (You can find some quick references here).

    Because of its focus on development, McKay's book spends almost no time on third-party products or "sanctioned" products available in the plone collective. This is somewhat understandable (given the mercurial nature of product development), but the casual reader might finish the book without realizing that additional additional products even exist. (Here's a fairly comprehensive list of Plone and Zope products).

    Also, I would have liked better explanation about change management. Plone has its own product installer, but I always have difficulties upgrading products. How do you test products before actually deploying them? How do you manage upgrades (and how do you upgrade Zope itself?) For such an extensible project as Plone, managing the installation, testing and upgrade of third-party products can be a disaster waiting to happen.

    Plone Content Management Essentials author Julie C. Meloni pages 258 publisher SAMS rating 3 ISBN 0672326876

    Julie Meloni's book takes a different approach to the subject, one geared less to Python development and more to deploying third-party products and customizing site appearances. I'm tempted to say that the typical Slashdot reader would find this book "shallow," but really that is not fair. Although Meloni's book contains a short appendix on Python, it focuses more on how Plone works out of the box and how to take advantage of core functionality. In fact, Meloni's slender book contains many useful sections probably deemed too elementary for McKay's book: how structured text works, for example.

    Rather than trying to cover everything Plone-related, Meloni identifies a small number of typical tasks and explains them in detail. For example, the book documents the Plone style sheets and how to modify them in the ZMI. Too basic, you say? Well, yes, but it's still useful reference material. Rather than trying to teach you how to write your own Plone product or content type from scratch, she walks us through using that nifty Customize button to clone existing templates for customization (although to tell the truth, you still need would need to know a good bit about Python and ZPT syntax to complete the task). Although the book's section on skins focused mainly on how they relate to style sheets, I found the section on customizing slots to be particularly useful.

    In contrast to McKay's book, Meloni spends a separate chapter on deploying and using several popular plone products: a discussion board, a weblog and a photo album. Given that several competing products exist for each category, and that better products are likely to come out later, this chapter will probably be the first to go out of date.

    Perhaps the book could have spent less time on the products themselves and more on managing products and testing/troubleshooting them.

    Of the two books, McKay's book is the more indispensable, even though I still wound up consulting external sources fairly often for clarification. On the other hand, after reading first McKay's book and then Meloni's, I wish I had read Meloni's book first. Meloni's book provides a great introduction to basic plone concepts; McKay's book is great for the power user/developer. (Still another book, recently released, Cameron Cooper's Building Websites with Plone probably goes into more detail on the Python side; read a sample PDF chapter).

    Perhaps I sound like a shill for the publishing industry when I say this, but it sometimes make sense to possess two or more books on a topic. The decision-making process for geeks buying books can sometimes differ radically from the general public. Geeks, for example, don't have qualms about paying full price for a new book if the content is up-to-late and relevant to the task at hand. The ordinary reader might make a purchasing decision on the basis of which book constitutes the highest information density (the $20 book with 200 pages vs. the $30 books with 500 pages). Geeks are also more inclined to view the purchasing decision in terms of time saved (i.e., how much time will reading this book save me in the long run?) From the standpoint of saving time, there's a lot to be said for reading an introductory book first and then moving to a book on more advanced topics.

    Of course, Andy McKay's book is available already for free on the web (and kudos to Apress Publishing for allowing this).

    ** Actually, mysql/postgresql DB adaptors make it possible for Zope to fetch/send sql data; and Archetypes has a function, SQLStorage, to allow data from content objects to persist in a sql database (news to me). Other Web Resources:

    Robert Nagle (aka idiotprogrammer) writes fiction under various pseudonyms. He lives and works in Houston, Texas. In early 2005 he will be launching a plone-backed literary community ezine. You can purchase the Definitive Guide to Plone from bn.com; bn also carries Plone Content Management Essentials . Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

  22. Free Ebook on C# Programming

    Tech · Programming · · posted by michael · from the eye-strain dept. · 70 comments
    christophw writes "The programmers of SharpDevelop (better known to the /. crowd will be its sibling MonoDevelop) together with the publisher Apress made the book Dissecting a C# Application - Inside SharpDevelop available as a freely downloadable PDF document (no, no registration required). So if you want to judge for yourself if one can build an application of scale with .NET (or Mono for that matter), you now have a 500+ pages book for the holiday reading season (or the virtual bookshelf)."

  23. Offshoring IT

    News · Business · · posted by timothy · from the alle-menschen-sind-auslaender-fast-ueberall dept. · 369 comments
    prostoalex (Alex Moskalyuk) writes "After the Presidential election process and U.S. foreign policy directions, outsourcing is a topic guaranteed to stir up heated debate. Bill Blunden's Offshoring IT is not a 'how-to' guide, as one might expect from the title. It's a collection of stats, figures and opinions on outsourcing information technology to foreign providers." Read on for the rest of Moskalyuk's review; watch out too for my upcoming review of N. Sivakumar's Debugging Indian Computer Programmers: Dude, did I steal your job?. Offshoring IT author Bill Blunden pages 138 publisher Apress rating 5/10 reviewer Alex Moskalyuk ISBN 1590593960 summary The good, the bad and the ugly (but mostly the bad) on IT offshoring

    Bill Blunden is the author of Cube Farm - a humorous autobiography and story of author's fruitless employment at Lawson Software. A physics major faced with the grand prospects of waiting tables after college graduation, Blunden is not a newbie in the unemployment world. Offshoring IT promises to give the reader "the good, the bad and the ugly" of IT outsourcing practices.

    The book is not very long -- just five chapters -- but it's thorough, as each chapter packs data and statistics from various government and commercial reports. "Setting the stage" talks about general trends in the software industry and cost of education. "Measuring the trend" tells the reader which companies outsource, why they outsource and who's helping them with outsourcing. "The Offshoring Obstacle Course" describes existing outsourcing processes - when exactly should company start thinking about outsourcing, what type of jobs is most likely to go offshore, what's the difference between India, Ireland, Israel, Russia and Mexico. Finally, "Arguments in Favor of Offshoring" made it into the book just because the publisher requested a fair look at the other side's arguments (which shows which "side" Mr. Blunden is biased towards). "Arguments Against Offshoring" is truly the author's work with major myths and excuses about offshoring debunked.

    Blunden points out that in order to compete in the global marketplace, countries like India invested in their educational system and constructed high-speed data networks, which provided the foundation for companies popping up with the capability to take over remotely as call centers, software development houses, and R&D departments. Meanwhile, the cost of going to Ivy League schools keeps going up, leaving the fresh graduates with six-digit debt -- debt which the Student Loan Corporation (division of CitiCorp) expects to be promptly paid. The cost of college education for those who choose to go this route stipulates adequate pay requirements after graduation, and in the world where IT is going offshore, the paycheck is often just not there anymore, which leaves the fresh grad owing money and needing immediate retraining or a career switch.

    The book delves into specific industries and companies, looking at the outsourcing numbers and potential for jobs to be offshored. Blunden notes that while corporations made their offshoring figures public before, lately the backlash against going offshore has made PR departments suddenly avoid the topic. Blunden refutes the argument that only low-level jobs are being outsourced and points to Intel designing CPUs for wireless devices on campuses in India.

    Chapter 3 focuses on reasons for outsourcing. According to Blunden, the more face-to-face interaction and management effort a job requires, the less likely it is to be outsourced. At the same time, many companies are currently exploring offshoring some of their projects, claiming that only non-essentials are going abroad. Outsourcing of small projects allows them to establish the necessary processes and test their service provider, so that when a bigger project comes along, the management can feel safer working with the same offshore provider.

    Chapter 4 deals with pro-offshoring arguments. Even though the author states he only had to write this chapter to satisfy the publishers, the arguments he picks are ones that appear in the press quite often - namely, that offshoring means more efficient allocation of resources, better revenue projections, and increased shareholder value. In Chapter 5 Blunded goes on a crusade to discredit these arguments, though, saying that offshoring does not benefit average Americans, that only the top 5% of income earners benefit from increased shareholder values, and that frequently top management receives additional benefits while laying off the proles.

    While the first two chapters of the book are filled with data, numbers and statistics, the last three chapters mostly read like an rant on the current state of affairs, which many of us may have gotten for free from the older members of the family at Thanksgiving. Blunden does have some valid arguments about the increased danger to national security and wealth due to offshoring, but you can't help but notice the feeling that the author feels entitled to a job provided by an American corporation, even though corporate America is bad-mouthed in the next sentence. To give Blunden credit, he mentions that sometimes reasons for offshoring include the low popularity of call-center and data-entry positions in the U.S. Americans view doing support for AOL and data entry for Cingular as grunt jobs, just temporary positions on the way to a better life, while for many Indians it is the ultimate career, and are thankful to the provider for giving them the opportunity.

    Blunden also does not distinguish between different types of IT workers. The aforementioned AOL support soldier and top NASA scientist, designing microcontrollers for the next space mission would be aggregated into the same "IT worker" category. There's little detailed statistics on what sectors of IT are prone to outsourcing and which are pretty stable to be in. Sometimes the author plays little tricks with the reader to make his points across. On p. 106 he talks to an invisible IT manager: "Sure, you can hire six Indian engineers for the price of an American engineer. But if an American engineer can do the work of six Indian engineers, what's the difference?" Oops. Notice how by the time we get into the second sentence the equality in price gets substituted by equality in productivity. Just because 6 Indian salaries would equal to one American, the author assumes the productivity level is going to stay the same, making the example nonsensical, since why would you outsource if it's the same money and the same productivity?

    Overall, it's an interesting book to read, although somewhat depressing, as it provides little pointers into how do the readers stay competitive in this marketplace or what needs to be done on the personal skills level to make oneself more valuable. You can definitely tell which side the author is leaning, but subjective writing makes the reading more interesting. Nevertheless, the title does leave an impression of being one giant complaint about the current state of affairs, and I don't think I will be re-reading it. Perhaps just loan it to my friends, who are in college pursuing IT-related careers.

    In an attempt to stay up-to-date with his skills Alex reads and reviews many programming and technology as well as keeps the list of free ones available on the Web. You can purchase Offshoring IT from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  24. Dive Into Python

    Books · Books · · posted by timothy · from the sploosh dept. · 309 comments
    AccordionGuy writes "If you've ever spent an afternoon in the "Computers" section of a bookstore going through the programming language books, you've probably noticed that most of them seem to exist only to boost a publishing company's fortunes by capitalizing on the hot new programming language of the moment. These books -- essentially glorified bookends -- seem to follow the same format, cover the same subjects and aside from the tiny flourishes that are part of each author's particular writing style, are indistinguishable from each other. Reading them, one gets the feeling that its primary purpose is to allow the author to make some payments on a car or mortgage. I have a few of these books and they're gathering dust on the bookshelf farthest away from my desk." For deVilla's review of Dive Into Python, a book that inhabits a completely different category, read on below. Dive Into Python author Mark Pilgrim pages 432 publisher Apress rating 9 reviewer Joey deVilla ISBN 1590593561 summary The "desert island" Python book

    However, from time to time, you can find a programming language book that stands apart. You can tell from the way the author writes, the topics s/he covers, the unique presentation style and insight that s/he brings that the book is a labor of love. These books enjoy placement on the shelf closest to my desk -- that is, if they're not propped open beside my computer. Dive Into Python is such a book.

    One thing that sets Dive Into Python apart from many other programming language books is that its author, Mark Pilgrim, didn't originally plan to make any money from it. As we often say in Open Source circles, he simply had an itch and decided to scratch it. Mark explains this in a story on his weblog in the form of a dialog between him and his manager after showing him a rough 20-page draft:

    Manager: "This is really good. You could probably make some money off this someday."
    Mark: "Maybe, but I'm not going to. I'm giving it away for free."
    Manager: "Why would you do that?"
    Mark: "Because this is the way I want the world to work."
    Manager: "But the world doesn't work that way."
    Mark: "Mine does."

    First released in late October 2000 and published in online and downloadable forms under the GNU Free Documentation License, Dive Into Python had grown in fits and starts until 2003, when Mark declared the project closed. Even as an unfinished work, it was held in such high regard by the Python community that developers consistently recommended it; it was also included with ActiveState's Python and FreeBSD's ports distributions. When Mark announced that Apress had decided to pay him to finish the book and publish it, it became the most-anticipated book on Python ever. Even better, Apress has been gracious enough to allow Mark's world to work way it always has: Dive Into Python is still available for free download and is still under the GNU FDL.

    What's in Dive Into Python

    Many programming language books follow what I like to call the "Computer Science 101 Format", with the first few chapters devoted to covering basic concepts that any moderately experienced programmer already knows. Whenever I leaf through such a book and encounter a chapter that tries to reintroduce me to data types, looping or branching, I feel cheated; I'm essentially paying for a big chunk of book that I'll never read. If you've ever been annoyed by such filler, you'll find Dive Into Python a refreshing change. Rather than wasting time and trees devoting whole chapters to rehashing Computer Science 101, Mark chose to build each chapter after the first around a program that illustrates a number of Python features and programming techniques.

    The programs upon which Dive Into Python's chapters are based strike a carefully-maintained balance. They are rich enough to illustrate a number of points and be the basis for some "real world" code, yet small enough to be comprehensible tutorials. For example, chapters 2 and 3 are based on "Your First Python Program", which is a mere six lines of code. However, in those six lines, you are introduced to function declarations, documentation strings, objects and their attributes, importing modules, Python's indentation rules, the "if __name__" idiom, dictionaries, lists, tuples, string formatting and list comprehensions. Within the first hundred pages, a point where many books are re-acquainting you with the "else" keyword, Dive Into Python covers the aforementioned topics as well as Python's reflection capabilities, list filtering, the "and-or trick", lambda functions, OOP and exception handling, all with enough thoroughness to be useful. After reading Dive Into Python, you may have trouble reading other programming language books because they'll seem glacially slow and fluff-laden in comparison.

    For the first two-thirds of the book, Mark continues with this approach, presenting a program and then analyzing it to see what makes it tick, teaching Python and oftentimes a programming technique along the way. Each program covers useful tasks that you're likely to run into while programming and does so in an interesting way. At the same time, concepts are introduced in a way that makes sense. For instance, chapter 4 covers two topics that mesh together quite well -- exceptions and file handling -- and it does this by exploring an interesting application: a program that displays the ID3 tag information about each file in your MP3 collection. Later chapters explore regular expressions, HTML and XML processing and Web services. By the time you've finished the first two-thirds of Dive Into Python, you'll have been introduced to enough Python to start writing a wide array of "real world" applications. The book might have benefited from having a chapter covering database access, a task that's at least as common or as useful as accessing Web services, but that's a minor complaint.

    While the first two-thirds of the book concerns itself with helping the reader become a Python programmer, the final third is about elevating Python programmers above mere competence. It covers useful topics (albeit rarely-covered in language books) such as refactoring and performance optimization as well as ones that may be new to even some experienced programmers: unit testing, functional programming and dynamic functions. Each chapter in this section is still based on an example program, but rather than analyzing a completed program, its evolution is traced. Although you can get by as a Python programmer without ever reading the material in this section, you'll be a much better one for having done so.

    In keeping with the spirit of Python, Mark writes the chapters to present the material as completely and clearly as possible without extra clutter. If there's any additional material that doesn't apply directly to what he's trying to explain, he provides references or links to that material rather than attempting to "fatten up" the book.

    The book's long gestation period, assisted by years of reader feedback and James Cox's editing has paid off. It doesn't have the rushed feel that many language-of-the-moment books have (especially the ones written by an army of authors, each one taking a chapter). As far as I know, there isn't any of the sloppiness that pervades many programming books these days, save one instance of the popular typo "teh" (and really, what truly 1337 book doesn't have one of these?).

    Mark is aware that Python is likely not to be the reader's first programming language; it's more likely to be some descendant of ALGOL (or more precisely, a language that borrows heavily from either C or BASIC). He also knows that many programmers tend to misapply techniques from the languages with which they're familiar to the language they're learning. With these in mind, he's taken great care to introduce Python idioms as soon as possible. If you follow his advice, you'll be writing "real" Python and taking advantage of what the language has to offer rather than just writing Python-flavored version of whatever programming language you're most comfortable with.

    Dive Into Python's Audience

    The "user level" specified on the back cover of this book says "Beginner - Intermediate", which I feel is a little misleading. As I mentioned earlier, the book takes great care not to rehash topics with which programmers with some experience are already familiar and is written with the assumption that the reader is proficient in at least one object-oriented programming language. I think many programming novices would be overwhelmed with the speed with which Python features are introduced.

    Experienced programmers, whether they are new to Python or are fluent with the language will benefit the most from the book. One programmer I know works with Python daily and and even submitted a patch to wxPython; even he said that Dive Into Python showed him things about Python that he never knew. If you're tired of books aimed at "Introduction to Computer Science" students, you're going to love this book. This doesn't mean that people who don't normally program can't benefit from the book: Joi Ito, who is a tech entrepreneur and not a programmer, learned enough from Dive Into Python to put together jibot, a bot for the IRC channel that bears his name. If you're new to programming, you might want to make Dive Into Python your second book or supplement it with an introductory text such as Apress' own Practical Python, O'Reilly's Learning Python or the free online book How To Think Like a Computer Scientist (the Python edition).

    Conclusion

    Dive Into Python may be one of the thinnest programming language books on my shelf, but it's also one of the best. Whether you're an experienced programmer looking to get into Python or grizzled Python veteran who remembers the days when you had to import the string module, Dive Into Python is your "desert island" Python book. If you're new to programming but have heard all the wonderful things about Python, make sure that this is the second programming book you read. My congratulations to Mark Pilgrim on an excellent book and authorial debut!

    (Remember, you don't have to just listen to my effusive praise. Dive Into Python is available for free at diveintopython.org. Read it for yourself and if you like it, vote with your dollar!)

    You can purchase Dive Into Python from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  25. Internet Babylon

    Tech · Internet · · posted by timothy · from the hanging-gardens dept. · 147 comments
    Daniel Jolley writes "I spend basically every waking hour online, and I have seen all kinds of crazy things on the Web over the years, yet I was amazed by some of the incredible things author Greg Holden describes in Internet Babylon: Secrets, Scandals, and Shocks on the Information Superhighway . This guy has gone where many fear to tread, digging up the goods on some of the Internet's most questionable, fascinating, oftentimes disturbing oddities. He has put all of this knowledge to a higher purpose, using it to describe the all-pervasive social change the Internet has wrought." Read on for the rest of Jolley's review. Internet Babylon: Secrets, Scandals, and Shocks on the Information Superhighway author Greg Holden pages 472 publisher APress rating 9 reviewer Daniel Jolley ISBN 1590592999 summary A guided tour of the wild, surprising, and oftentimes dark underbelly of the World Wide Web

    Along with all the incredible things I somehow missed over the last few years (e.g., the Amazing Mahir), Holden brought to mind a number of wonderful yet somehow forgotten memories (e.g., All Your Base Are Belong To Us). Then there's all the great stuff that, like so much on the Internet, no longer exists but which provided tons of laughs at the time (e.g., Evil Bert). And I never tire of the great web creations that keep on giving, such as the phenomenal Star Wars Kid parodies.

    Unlike most of us, Holden didn't just wander willy-nilly all over the Internet -- well, maybe he did, but he put together a well-organized book that breaks his subject down into six parts spread across twenty chapters. First up is "The Rich and (In)famous." Here you can read all about the online doings of celebrities, serial killers, has-beens and wannabes. Holden will lead you to the Partridge Family Temple, introduce you to the unique musical stylings of Star Trek actors, and even point you to refreshers on Manson Family Values.

    Next up is "The Afterlife." On the Internet, nothing truly dies. You can explore the mysterious deaths of Elvis and other celebrities, become a knowledgeable amateur sleuth hot on the trail of Jack the Ripper, the Zodiac killer, and other inhuman monsters, help look for ghosts via webcam in haunted buildings, and even watch a body decompose inside a coffin. (Actually, that last idea fell through, but it's sure to happen eventually.) Of course, you might want to get religion before you take your own one step beyond, and the Internet puts a wide variety of "religions" at your fingertips. With the good comes the bad, and the Internet does, unfortunately, have a dark underbelly of criminality and evil; in the section "Bad Boys and Naughty Girls," Holden gives you the scoop on famous hackers and their exploits, viruses and their creators, and the cretins who curse us all with unwanted spam. He basically takes you on a guided tour of the dark side of the World Wide Web.

    As we all know, the Internet has revolutionized politics, and Holden devotes three fascinating chapters to political intrigue, scandals, and government secrets online. In the past, politicians could keep their perverted behavior secret from the public, but the Internet has changed all that -- just ask Bill Clinton. In this online age, rumors and scandals can be spread across the entire world in a matter of minutes, and Holden shows us how the Internet has at times shaped the content of traditional journalism (as well as supplying us with some of the funniest jokes and parodies known to man).

    Anyone who browses the Internet soon learns that there are people out there who will do anything to get attention, and those with some sort of self-styled mission will stop at nothing to get their points across. This is the realm of flame wars, denial of service attacks, as well as really, really silly web sites you can't believe anyone would ever think of creating. The unlikeliest of Internet heroes are honored in this section: the Amazing Mahir of "I Kiss You!!!!!" fame, the Star Wars Kid (one of my personal favorites), and even one of the little guys - the man who invented the Smiley symbol. It all wraps up with a look at "Big (And Not So Big) Business." Remember the Pets.com Sock Puppet, who enjoyed much more success than Pets.com ever did? That's just one dot-com disaster story; here, you will learn about some of the worst Internet business plans ever put together.

    Believe me, I have only scratched the surface of the material covered in this book. Internet Babylon is chock full of fascinating, oftentimes hilarious stories (and pictures) of the continually surprising sites and sounds the Internet has brought to life. You'll learn a little bit about the creation and evolution of the Internet, but mostly you'll revel in all the crazy online manifestations Holden holds under the microscope.

    Let me close with a word of warning. I'm a big horror fan, and I've seen some pretty disgusting things in my life; I like to think I'm tough enough to stand anything. Thus, I ignored Holden's warnings about some of the more disturbing web content that can be found out there and rushed right off to one aptly-described shocking site. Let's just say I'll never be able to watch weight lifting again. I know you will want to take a gander at many of the sites Holden refers to throughout this book, so I just want to advise you to proceed carefully: as this fascinating book proves, you can find absolutely anything out there online, and some of it ain't pretty.

    You can purchase Internet Babylon: Secrets, Scandals, and Shocks on the Information Superhighway from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  26. Google, Amazon, and Beyond

    Developers · Programming · · posted by timothy · from the moon-is-next dept. · 74 comments
    honestpuck writes "As titles go "Google, Amazon, and Beyond" sounds to me like Buzz Lightyear's latest slogan, but it's actually quite a good book about writing software to consume and provide web services." Read on for honestpuck's review of the book -- it sounds useful for developers on both sides of a web-service transaction, but honestpuck cautions that its value varies with your attachment to Java. Google, Amazon, and Beyond author Alexander Nakhimovsky and Tom Myers pages 314 publisher Apress rating 6 for most, 8 for Java programmers reviewer Tony Williams ISBN 1590591313 summary Good guide to web services for Java programmers

    The first two chapters are introductory material, though the authors quickly introduce some code with JavaScript routines to talk to both Google and Amazon. The second of them does a good job explaining the intricacies of DOM and how you use it to build a web page in Java. Then the authors get down to some serious work at using Java, including stand-alone applications and applets, to access web services.

    They move fast throughout the book; this is not one to read quickly or without ready access to a computer. That said, the writing is good; the text is understandable and all the code is well explained.

    The book covers a wide gamut of techniques and technologies, including SOAP and REST on the query side, and XSLT and XPath on the output side.

    Then the book moves on to instructions for offering your own services. This part of the book starts off with WebDAV using Tomcat, though there is a short digression into Java Server Pages before really getting down to the nitty gritty. Finally the book shows how to use WSDL and Axis to easily create full web applications.

    You can see that this volume covers a lot of territory. This breadth may well be the book's largest flaw; its wide reach means no topic gets a really deep coverage and a number of topics do not get the coverage they deserve. Indeed I would have to say that only a much better Java programmer than I would get full value from this volume -- there were parts where the authors lost me entirely and it took an effort to get back my understanding, occasionally resorting to a Java manual.

    The publishers have a page for the book that has an example chapter, table of contents, index and source code. The example chapter, 4, details how to build a SOAP server using Java and provides an excellent example for the book. If you're a little unsure of your Java skills, take a look at this chapter and see if you can easily understand the code and explanation. If you can, then this volume should have no surprises for you.

    It should be said that nothing about the book's cover tells you how much of it relies on Java, though a good read of the table of contents makes it obvious. I would have personally preferred a book that was more general in the programming language it used, covering more of the tactics and methods rather than examining specific code. If, on the other hand, you are an experienced Java programmer looking for a book on programming web services in that language, then this is an excellent volume.

    You can purchase Google, Amazon, and Beyond from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  27. Learn How to Program Using Any Web Browser

    Developers · Programming · · posted by timothy · from the charles-atlas-muscles-in-6-weeks dept. · 456 comments
    honestpuck writes "Harold Davis has started with a marvelous idea, teaching programming using a language available on all platforms, JavaScript, and an interface familiar to everyone, the web browser. Learn How to Program Using Any Web Browser is written for absolute beginners to learn the basic principles of programming -- or at least that's what the cover would have you believe." Read on for honestpuck's evaluation of that claim. Learn How to Program Using Any Web Browser author Harold Davis pages 396 publisher Apress rating 5 reviewer Tony Williams ISBN 1590591135 summary Not much programming, but well written

    The language is suitably light and simple, the book well-structured and broken down into easily digested chunks. The order in which concepts are introduced is fairly traditional for a language tutorial: first we get types, variables and statements, before moving on to conditionals, loops, and functions, followed by arrays and objects before finishing with event-driven programming. Davis' decision to leave string handling till last seems a little perverse and personally I would have introduced functions earlier.

    My real complaints about this book centre on the abstract nature of the discussion. There are very few real world examples that could be useful to anyone. The best you get is a version of "Rock, Paper, Scissors" in Chapter 3, and an 'auction' application. The book would have been improved dramatically if the end result of your study was a few things you could actually point to.

    I also have a complaint about the target audience for this book. The web page for the book at the publishers states that "The target reader is likely a twelve- or thirteen-year-old, who is just starting to get curious about what makes a computer work -- or an office worker who has been using computer applications for years, and would like to spend some time delving deeper into what makes them tick." Most adults and even teenagers don't want to 'learn how to program' as much as they want to learn how to use a tool to perform a task. If your tool is JavaScript, then it's almost certain your task is related to building web pages, but this gets little real attention from Davis. For even younger students, this book totally lacks anything to hold their attention -- the lack of real-world examples hurts here.

    I also take issue with the title: this book doesn't really teach 'programming' much at all. It certainly teaches you to write JavaScript, but where are the sections about the real lessons of programming, such as top-down vs. bottom-up design, or breaking a task up into chunks? Even debugging has little coverage -- a single thirty-page chapter, half of which is specific to JavaScript or the throwing and handling of exceptions. Since the work of Papert and others at MIT twenty-five years ago, we've learned a great deal about how to teach programming concepts in a simple manner, but Davis appears to have ignored all this and given us a language tutorial. The publisher's web page for the book says "very emphatically, this is not a book about programming JavaScript." If that's so then I'd argue that it isn't a book about learning the principles of programming either.

    It is obvious from this book that Davis is an excellent writer; if he had tried to write a book to teach JavaScript and had focused on the tasks for which it is often used this, volume may have been superb. As it is, he has shot for a higher goal and fallen far too short.

    If you would like to check it out for yourself, you can go to the web page for the book where there is sample chapter, the Table of Contents (though they call it a "Detailed TOC" as distinct from the 'Table of Contents,' which is just a list of 11 chapter titles) and index, all in PDF format.

    I went looking for a book that I could give to my 11-year-old daughter now that she has become interested in "what Daddy does." I'm still looking, I'm certain that this one isn't it.

    You can purchase Learn How to Program Using Any Web Browser from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  28. The Definitive Guide to the Compact Framework

    · posted by ryuzaki0 · from the if-this-is-the-path-you-seek dept. · 125 comments
    William Ryan writes "If you are new to the .NET Compact Framework, you are about to embark upon a challenging yet rewarding path by writing CF applications. For the experienced CF developer, you know there is a lot to learn, and that it's constantly evolving. However, Dan Fergus and Larry Roof's new book, The Definitive Guide to the Compact Framework (available from Apress) is something you'll want in your library regardless of your familiarity with the CF. The book is just short of 1,000 pages including the index, tables of contents etc. It's composed of 22 chapters and 6 appendices. It also includes Microsoft's UI Design guidelines for the Compact Framework, which was a really nice touch by the authors." Read on for the rest of Ryan's review. The Definitive Guide to the Compact Framework author Dan Fergus & Larry Roof pages 1011 publisher Apress rating 10 reviewer William Ryan ISBN 1590590953 summary This article reviews Dan and Larry's new book on the Compact Framework (SP) with the .NET Compact Framework (.NETcf). This book is the longest in terms of content on the Compact Framework to Date

    The authors made Chapter 1 as interesting as the beginning of a computer book is going to get. The two best parts in the introduction, IMHO, are the discussions of the differences between eVB (eMbedded Visual Basic) and the Compact Framework as well as the differences between the full framework and the CF.

    Chapter 2 is where the rubber hits the road, so to speak, and walks you through getting started and a Hello, World application. This is where the authors' attention to detail really becomes obvious. Instead of a standard such program that simply pops up a MessageBox displaying "Hello, World," the authors come up with a cool sample that gives you a good introduction to CF programming.

    Chapter 3 talks about designing interfaces. Typically, a lot of developers may take this for granted (have you ever met a developer that didn't think they were a UI Expert?), but there is limited real estate on a PDA, and I think Larry's guidelines are excellent.

    Chapter 4 is probably best described as "The last guide to CF controls that you'll ever need." It's packed with examples on how to use everything in the toolbox, and you can tell the authors really put some thought into coming up with interesting and useful examples. While experienced developers will certainly find this chapter helpful, beginning developers would be well advised to buy the whole book even if this were the only chapter. Although I really liked this chapter, the authors sort of skimped on one important area here, but it's not a big deal: If you want to write custom controls and have them placed in the Visual Studio designer, you have to jump through a few hoops. The authors tell you what these hoops are, but don't tell you how to jump through them. In all fairness though, if they covered everything to the level of detail this subject entails, the book would be 20,000 pages and take years to write.

    Not every control that you have in your toolbox on the desktop is available here, and if you want to spice up your UI, you'll probably want to roll your own controls. Chapter 5 builds on the topic of custom controls, and delves into building your own. The next two chapters still concentrate on UI issues, mainly menu items and drawing your own graphics. If you intend to write your own control or do anything interesting with your interface, getting familiar with the graphics library is a must.

    After discussing the UI, the authors veer off into the CF File System. By its very nature, the PDA has a different file system than the desktop, and is something that many new developers have a fair amount of headaches with. Roof and Fergus show you how to move around files and directories, and how to create a text file or binary. The first time I read the chapter, I was disappointed that XML wasn't discussed when writing files, but there's good reason for this; they dedicated an entire Chapter to XML later on.

    With the UI and file system explained, the authors next move into the important area of data access. After all, unless you are simply playing games on the PDA, it probably needs to interact with a database somewhere and I can assure you, just about every common task that you may encounter is discussed in depth. The show you how to bind controls to data, retrieve it from a Web Service, retrieve it from a SQL Server on a local network, use SQL CE to take advantage of replication and using XML as a Data Access technology. Since a PDA may get its data from many different sources, the ability to manipulate XML is very handy. Every problem that I ever encountered regarding data access in the CF was covered here and they have some really interesting ideas on how to implement things.

    The book moves on to networking. There were only two chapters dedicated to networking and I would have liked to see more, but they definitely address just about everyt task that you'll routinely face. In all fairness to the authors though, there's about 100 pages dedicated to mobile networking and web services, and it's certainly not glossed over.

    Chapter 17 takes a turn into Unmanaged code and P/Invoke and is probably my favorite chapter of the book. Why? Well, because a lot of things aren't yet supported on the CF and many probably won't be. So using Interop is the only way to get stuff done. I've developed CF programs for almost a year now, and this chapter got me through two problems that I hadn't been able to figure out previously. Beginning CF developers may not find this chapter as interesting as I did because it involves API calls, but trust me, this part is a life saver! Then they go right into showing you a really practical example of using Interop and their examples address things that I constantly see asked in newsgroups.

    I was impressed by the authors' discussion of some really popular 3rd-party tools. Microsoft has a POOM example, but it leaves a lot to be desired. The authors show you how to use many of its features, and then present a very popular POOM Outlook implementation that is about as cool as it gets.

    The rest of the book is pretty much a wind-down. It shows you how to build a help system, create setup applications and HTML reports. However, the authors did something really cool and slipped in a chapter on configuration files and how to use them. Registry access in the CF takes some time to learn (and if you didn't read Chapter 17, good luck!) and traditional configuration files aren't natively supported. However, they create their own implementation and it's very easy to understand. I've thought about implementing a solution like this for a while, but never got around to doing it. Fortunately, Larry and Dan took care of it for me. This is definitely a solution that you will probably want to use over and over.

    The last part of the book is the appendices. This stuff is thorough and packed with solutions to all of those little problems that are so pesky when you are first starting out. These serve not only to get you past a whole slew of common frustrations, but they reinforce what was presented in the book I think the degree of detail that they included in the end was another superb touch by two guys who really care about their readers.

    In summary, this book is a must by for many reasons. It covers a very broad range of information and it covers the majority of it in great detail. They walk you through getting started, building cool applications and deploying them. They give you a complete arsenal or tools to help build solutions with, and I can't think of anything that they ignored. They also give you the appendices, which, as I mentioned above, will get you through a lot of common pitfalls after you've built your application. As of this writing, I have compiled and run all of the code through Chapter 15 and found it well documented and accurate, but Apress can always be counted on for this. Editorially, the content was interesting and well presented and I found the layout very pleasing.

    Without a doubt, this book is really great and something that you'll surely want to purchase if you are going to write CF code.

    You can purchase The Definitive Guide to the Compact Framework from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  29. Automating Unix and Linux Administration

    Tech · Unix · · posted by timothy · from the nothing-can-go-wrong-nothing-nothing dept. · 167 comments
    nead writes "If you are disciple in the church of Wall, or like me you believe that laziness is the father of invention, or if you simply have more than a couple *nix machine to administer, Kirk Bauer's new book Automating Unix and Linux Administration is definitely for you. From the creator of the popular open source projects AutoRpm and LogWatch comes a thorough - and believe it or not entertaining - look at how one can leverage the power of a few common tools to significantly reduce the time and effort system administrators spend doing their jobs." Read on below for the rest of nead's review. Automating Unix and Linux Administration author Kirk Bauer pages 547 publisher Apress Inc. rating 8.0 reviewer Nick Downey ISBN 1590592123 summary Tools and methods for automating *nix administration for a couple (or a few thousand) computers.

    From the outset, Bauer takes a straightforward and principled approach to problem analysis. Usually starting with anecdotal example scenarios (many of which will have you saying "been there before") and progressing through ideals, goals and consequences, he examines many of the common issues facing system administrators with candor and realism. Almost nowhere in the book does the author assume an authoritarian stance; he questions his own decision making process and encourages the reader to come up with exceptions to his rules. Fundamentally Bauer has one goal -- to develop a comprehensive system for reliably automating the tedious but important tasks that all system administrators face on a recurring basis.

    Admittedly, it would be a fallacy for any book to claim complete and comprehensive coverage of all things related to system administration and Bauer does no such thing. When the author touches on topics that obviously require more depth than a single chapter can afford, he is certain to include at least one reference (and in many instances more) to alternate publications without bias to any particular publisher or author. Having said that, the book's scope and depth of topic coverage is impressive. Starting with an exhaustive examination of SSH and progressing through cfengine, NFS, LDAP, RPM and Tripwire (just to name a few) Bauer provides carefully detailed instruction on how to automate tasks ranging from simple network management and software packaging to security, monitoring and backups. The author even goes so far as to suggest methods for efficiently front-ending automation systems for the less technical of users.

    Although not expressly stated in the text, the overall theme of the book is walk on the shoulders of giants. Starting with simple example scripts (in both Bash and Perl) and many single-line commands, Bauer builds on the content of each previous chapter as the book progresses. Examples shown in early chapters are incorporated into more complex systems one step at a time. Following along is easy, each script or command is detailed on a line-by-line basis, and because of Bauer's principle-based approach the reader is rarely left wondering why the author has chosen a particular tool or implementation. More often than not the elegance of how Bauer pieces together methods and procedures will excite you about the possibilities for automation of your own systems.

    Although Bauer explicitly states that readers are presumed to have more than a modicum of experience in system administration, even the novice administrator, as well as those that are responsible for only a handful of machines, will find this book invaluable. Also included are three appendices which provide an easy introduction to basic shell tools, creating your own RedHat distribution and how to package software as RPMs. These portions of the book alone justify the less than $40 price tag, but for those who run clusters or data centers, this book stands to save you countless hours of repetitive headaches. Published by apress and boasting nearly 600 pages, this lively read has made itself a permanent addition to at least one reference library.

    You can purchase Automating Unix and Linux Administration from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

  30. Programming Wireless Devices With Java 2

    Developers · Java · · posted by timothy · from the hopped-up dept. · 108 comments
    Jeff Carroll writes "Developers building Java applications for wireless handheld devices have been looking forward for some time now to the release of devices supporting version 2.0 of the Connected Limited Device Configuration (CLDC), and version 1.1 of the Mobile Information Device Profile (MIDP). These new releases contain support for features demanded by developers that didn't make the original releases. In support of CLDC 2.0 and MIDP 1.1, Roger Riggs and his team of authors from Sun, Nokia, and Motorola have released Programming Wireless Devices with the Java 2 Platform, Micro Edition, Second Edition (since I don't have a copy of the first edition, I can only evaluate the new edition on its own merits)." (Read on for his review.) Update: 07/23 16:31 GMT by T : Whoops -- that's CLDC 1.1 and MIDP 2.0, not the other way around. Programming Wireless Devices with the Java 2 Platform, Micro Edition, 2ed. author Roger Riggs, Antero Taivalsaari, Jim Van Peursem, Jyri Huopaniemi, Mark Patel, Aleksi Uotila pages 464 publisher Addison-Wesley Professional rating 7 reviewer Jeff Carroll ISBN 0321197984 summary In-depth introduction to and reference on CLDC 2.0 and MIDP 1.1.

    As is characteristic of the titles I've seen from Sun's Java series, this book goes into great detail about architectural decisions, standards process, and philosophy underlying the new release. The first six chapters are given over to this discussion. This material is mostly great for experienced developers seeking a deeper understanding, occasionally so abstract as to be silly (as in the case of the Java washing machine and its downloadable stain-removing code), but likely to be of only secondary interest to new J2ME developers focused on coming up to speed.

    What this book does best is comprehensive exposition of the J2ME APIs. There are chapters dedicated to the APIs for forms, graphics, games, sound, persistence, and networking, with code samples offered in most cases, and a Java Almanac-style reference to all J2ME-specific classes and interfaces is provided as an appendix. Features that are new to the J2ME second edition are clearly identified.

    The remainder of the book constitutes a detailed discussion of the new technologies for event-driven launch, application security, and over-the-air deployment, perhaps the most potentially confusing of which is event-driven application launch. While the book explains the new technology well, it doesn't address how it will be introduced by network operators, or how it might interact with or replace similar existing proprietary technologies such as Sprint's MUGlets.

    Another subject that is not dealt with here that will soon be relevant to developers for any particular J2ME-supporting network is that of optional packages (OPs) - features to be supported at the option of particular device vendors and/or network service providers. It is fairly clear that, going forward, the wireless network infrastructure and its supported features will be an integral part of the J2ME platform that will have to be taken into account by developers, and books which fail to discuss popular and commonly adopted OPs will be of limited usefulness (you'd think that Sun would know that after all that rhetoric about the network being the computer). In general, a book of this sort would benefit from the participation of network operators, as it does from that of device manufacturers Nokia and Motorola.

    All the code samples and background on architecture notwithstanding, this book is clearly targeted at experienced Java programmers, not handheld device programmers working in other technologies. If you don't already know Java, this book will not teach you. There is also nothing said here about selection, configuration, or use of development tools; readers who are not already adept at the use of J2ME development tools, including the Wireless Tool Kit (WTK), should not expect to acquire that knowledge from this book. (People who need help in this area may want to consider Jonathan Knudsen's Wireless Java or Kim Topley's J2ME in a Nutshell.)

    Keeping the aforementioned caveats in mind, this is an excellent introduction to and reference on the new release of J2ME.

    You can purchase Programming Wireless Devices with the Java 2 Platform, Micro Edition, 2ed. from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.