Slashdot Mirror

nead writes "If you are disciple in the church of Wall, or like me you believe that laziness is the father of invention, or if you simply have more than a couple *nix machine to administer, Kirk Bauer's new book Automating Unix and Linux Administration is definitely for you. From the creator of the popular open source projects AutoRpm and LogWatch comes a thorough - and believe it or not entertaining - look at how one can leverage the power of a few common tools to significantly reduce the time and effort system administrators spend doing their jobs." Read on below for the rest of nead's review. Automating Unix and Linux Administration author Kirk Bauer pages 547 publisher Apress Inc. rating 8.0 reviewer Nick Downey ISBN 1590592123 summary Tools and methods for automating *nix administration for a couple (or a few thousand) computers.

From the outset, Bauer takes a straightforward and principled approach to problem analysis. Usually starting with anecdotal example scenarios (many of which will have you saying "been there before") and progressing through ideals, goals and consequences, he examines many of the common issues facing system administrators with candor and realism. Almost nowhere in the book does the author assume an authoritarian stance; he questions his own decision making process and encourages the reader to come up with exceptions to his rules. Fundamentally Bauer has one goal -- to develop a comprehensive system for reliably automating the tedious but important tasks that all system administrators face on a recurring basis.

Admittedly, it would be a fallacy for any book to claim complete and comprehensive coverage of all things related to system administration and Bauer does no such thing. When the author touches on topics that obviously require more depth than a single chapter can afford, he is certain to include at least one reference (and in many instances more) to alternate publications without bias to any particular publisher or author. Having said that, the book's scope and depth of topic coverage is impressive. Starting with an exhaustive examination of SSH and progressing through cfengine, NFS, LDAP, RPM and Tripwire (just to name a few) Bauer provides carefully detailed instruction on how to automate tasks ranging from simple network management and software packaging to security, monitoring and backups. The author even goes so far as to suggest methods for efficiently front-ending automation systems for the less technical of users.

Although not expressly stated in the text, the overall theme of the book is walk on the shoulders of giants. Starting with simple example scripts (in both Bash and Perl) and many single-line commands, Bauer builds on the content of each previous chapter as the book progresses. Examples shown in early chapters are incorporated into more complex systems one step at a time. Following along is easy, each script or command is detailed on a line-by-line basis, and because of Bauer's principle-based approach the reader is rarely left wondering why the author has chosen a particular tool or implementation. More often than not the elegance of how Bauer pieces together methods and procedures will excite you about the possibilities for automation of your own systems.

Although Bauer explicitly states that readers are presumed to have more than a modicum of experience in system administration, even the novice administrator, as well as those that are responsible for only a handful of machines, will find this book invaluable. Also included are three appendices which provide an easy introduction to basic shell tools, creating your own RedHat distribution and how to package software as RPMs. These portions of the book alone justify the less than $40 price tag, but for those who run clusters or data centers, this book stands to save you countless hours of repetitive headaches. Published by apress and boasting nearly 600 pages, this lively read has made itself a permanent addition to at least one reference library.

You can purchase Automating Unix and Linux Administration from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

fancellu writes "Extreme programming (XP) first hit the mainstream programmer consciousness a few years ago, with the publication of Kent Beck's Extreme Programming Explained. XP was controversial back then (and still is), because it argued in favour of hitting the 'reset' button on accepted software development practices." fancellu reviews below Extreme Programming Refactored: The Case Against XP, and offers this disclaimer: "I should point out that I get a couple of small mentions in this book (the authors quote an email from me), and I also happen to agree with a lot of what the authors say. But I'll try to be as impartial as I can with this review." Extreme Programming Refactored: The Case Against XP author Matt Stephens and Doug Rosenberg pages 400 publisher Apress L.P. rating 9 reviewer Dino Fancellu ISBN 1590590961 summary Bold critique of extreme programming - at last someone is prepared to say "The emperor is buck naked."

The Previous Extreme - What XP Set out to Fix It had previously been accepted practice to spend months (years, even, on large-scale projects) gathering requirements, then another year or two on design, before a single line of production code had been written. The infamous "big bang delivery" occurred when this gigantic monolith of a software system was finally delivered to the customer, only for the customer to retort that this was nothing like what he wanted.

It was also accepted practice to divide the system into separate subsystems, and attempt to integrate them after several months. By this time, each subsystem would have taken on a life of its own, and integrating these disparate monoliths together gave a whole new meaning to "plug and pray."

How XP "Fixes" It XP takes the development process to the other extreme, by shortening the "waterfall" lifecycle to weeks, days, even minutes. In fact, Kent Beck describes XP as a "waterfall run through a blender." Iterations typically last for a week or two; there is a high emphasis on code quality via unit testing; and code is integrated "constantly" so that it never becomes out of synch with the rest of the project. Beck is often quoted for saying that the XP practices "turn the dial all the way up to 10" -- that is, if something is good (testing, integrating, pair programming etc), well then, let's do it all the time.

There's a lot to be gained from learning about XP, and agile practices in general. However, many feel that XP has taken things too far. By taking things to the opposite extreme, we're just introducing a fresh set of problems. The optimum solution, then, must lie somewhere between these two extremes. That is fundamentally what Extreme Programming Refactored (XPR) is about.

Optimizing the Process There's been a lot of controversy surrounding this book. It grew out of an equally controversial article that appeared on the author's website. XP advocates were arguing on Yahoo! Groups over XPR's good and bad points, miraculously, months before the book was even available. XP zealots were even posting messages telling others not to buy the book, before they'd even had a chance to read it for themselves and find out what it's all about.

It's important to note that XPR isn't the anti-XP slam piece that some people had been expecting. It does rip into the XP practices in plenty of detail, but importantly it also describes alternatives, and talks about the good aspects of XP.

The authors make the argument that "turning the dial up to 10" mostly isn't such a good thing, and that to achieve our "holy grail" development process, we just need to turn the dial down a little bit -- let the milk simmer rather than boil over. We can do this by adding in some additional practices that take the burden off the overloaded, heavily interdependent XP practices.

For example, not everyone likes to pair program (with two people sitting at one computer). It just isn't for everyone. However, XP relies on everybody in the team pairing all the time. So if you don't like to "pair up," what choice do you have but to leave the project? XPR adjusts the other practices, placing a bigger emphasis on up-front design and documentation, so that pairing up doesn't have to be mandatory.

XPR also argues that it is possible to achieve a decent design before writing the code. The authors don't want a return to "BDUF" (Big Design Up Front), but instead to achieve an ideal middle-ground. The result is more akin to the monthly Sprints found in Scrum (www.controlchaos.com).

Similarly, XPR argues that the customer (and users) usually do have a pretty good idea what they want from a new system, and that they don't have to see a live system first before realizing that they wanted something entirely different. The authors argue in favour of interaction design as a way of achieving this goal.

XPR achieves all of this with more than a mild dose of satire. It's important to realize this -- the book is essentially "taking the piss" out of the more extreme XP practices, and the quasi-religious Extremo culture that has quickly grown up around XP. It has lots of serious things to say, but has a slight danger of that being lost "in the chuckles." There again, the danger is less to do with the book, and more to do with the reader.

XP sealots will never be swayed by such a book, naturally, but they are not the audience. It is for those undecided, or the cowed XP skeptics who know something is very wrong at the heart of the beast, but haven't have the words to say it. Even for zealots, I'd hope they'd put the hatred for long enough to at least temper their XP actions, to turn the dial down a little, to read the contents with the possibility in their minds that XP isn't the final perfect expression of all programming methodologies. Just for a while...

If you are scared of the contents, a favorite XP accusation, then of course you'll point out the 'needless humour,' blah blah, anything rther than address what the book says. Form will be far more addressable than content. It's the old "ignore this man, he wears a colourful tie" excuse, pick on some small detail that you feel is a weakness and totally ignore all the embarrassing questions you'd rather not address. If you like the contents, then the humour will be seen as a playful, court-jester like addition to what is a seriously analytical book

In conclusion, this book is well written, thought provoking, and above all entertaining (an aspect which seems to be proving almost heretical among some XP advocates). I found this to be a fun read, unlike some books, it was never a chore. It's extremely conversational, like having a cynical, wise-cracking guide. It's a pity more computer books aren't this fun. A spoonful of sugar and all that...

In fact this book is pretty damn wonderful. I know, it may sound a bit gushing, but before you review my review, give the book a read yourself. It's a thing of beauty, a rare mix of positive and negative, sweet and sour, opinion, and XP's favorite emotion, courage, courage enough to say "the emperor has no clothes." I can't see how you could read this book from beginning to end and not see XP in a different light.

In fact, XP programmers would do well to read this book, as it presents the negative path, something other than sunny-day scenarios. Using these warnings and guidelines, they'd have much more successful projects, as this book points out the dangers of lack of XP discipline, fragility and so on.

The truth is that I couldn't do justice to this book in such a short review. There is just so much evidence, so many contradictions pointed out, endless damning words from XPer's own mouths. It was supposed to be a small book to start of with, 150 pages or so, but due to the sheer body of evidence and submitted real life stories from those in the trenches, it bloomed to 400+ pages.

As Doug Rosenberg says "I don't want to be nearby when somebody decides to deploy an air traffic control system or some missile-targeting software that has been developed with no written requirements, and where the programmers made the design up as they went along." At least don't say you weren't warned!

You can purchase Extreme Programming Refactored: The Case Against XP from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Webmin is a pretty neat tool for administering a server using a GUI, particularly remotely. Managing Linux Systems with Webmin, written by Webmin's author, Jamie Cameron, is an extensive look at using and extending it, a good guide not without flaws." Read on for honestpuck's take on this book's good / bad ratio. Managing Linux Systems With Webmin author Jamie Cameron pages 765 publisher Prentice Hall rating 6 - Serious flaws in structure in an otherwise excellent book reviewer Tony Williams ISBN 0131408828 summary Good guide to using Webmin flawed by lack of structure

The book is structured as 60 chapters, without any division into sections and I have serious arguments with the order of chapters; why are the chapters about configuring Webmin at the end, for example. That said, the book has a fine index and the usual two-level contents make it a fraction easier to find what you want.

I do, however, have a little digression about the 'Bruce Peren's Open Source Series,' of which this book is a member. Frankly, I think they all need, and deserve, a much stronger hand in editing. With this volume it is the bad structure and order; with "Intrusion Detection Systems with Snort" I found myself engrossed by the information and furious at the appalling grammar and sentence construction, particularly in the introductory chapters. The others in the series look significantly better at first glance but could still use better editing.

Once again we have an author or publisher who throws Linux into the title to make sure that it gets found by the greatest mass of likely readers while the tool described is more (not that I criticise the practice, they want to sell books.) Any *nix system can be controlled using Webmin -- including a great deal of Mac OS X not available through 'System Preferences.' Indeed, I'd recommend the tool to all OS X users who want to gain better control and install better tools for the underlying BSD layer in OS X. I use it myself for just this reason. If you run any other *nix system don't be put off by the 'Linux' in the title: very little of this book is Linux specific.

This one is well written -- Cameron has a light, informative style that I look for in a tech book. The book is well laid out, he gives good examples, good explanations and screen shots.

Cameron starts out with three introductory chapters on Webmin, its installation and security before launching into forty three chapters on using various Webmin modules, but with no real pattern to the order of most of the chapters. Why, for example, is the NFS module at chapter 4 while the Samba module is discussed in 43? I could list another half dozen examples without raising a sweat.

There is then a chapter on Usermin, the Webmin system for ordinary users. This is followed by three chapters on the server clustering system, a few on Webmin configuration and logging before the volume ends with chapters on building modules and themes.

Some of the chapters on the modules within Webmin border on merely stating the obvious, others are extremely useful. Overall they constitute a good manual to using the system, Webmin users who have not spent a great deal of time administering servers will find them particularly useful. The chapters on clustering, using Webmin on multiple servers to perform the same task at the once on many machines, are a good guide to administering and using this useful facility. I found the chapters on writing your own module more than adequate, I'm well under way to writing my first one after only a short time with the system and book.

One final complaint. Where in this book does it tell you how to start Webmin? I didn't want Webmin running from boot, so I answered No to that question and Webmin then ran. Nowhere did it tell me how to restart Webmin after I rebooted my computer and having the script 'start' in the directory specified as the config directory is a little less than intuitive.

Prentice Hall have a page for the book that has an author bio, the Preface and a sample chapter. Though this book is supposedly 'open content,' I couldn't find an electronic version anywhere. It might have helped, as it would give me a way to search the book faster.

In conclusion, this is a good book. With a little work on the structure it would be an excellent book, rising from a rating of six to an eight or nine. the lack of structure makes it unduly hard to find what you are after. I would recommend Webmin, as a tool, to almost everyone running a supported server. If you have no need for the section on clustering and writing your own modules you could buy The Book of Webmin for a few dollars less or browse the same book (even download a PDF version free) at Swelltech, which is less comprehensive but much better structured (and tells you how to restart Webmin). If you want a guide to Webmin that includes notes on writing your own module then this will do until something better comes along, or they release a second edition with greater thought to structure and order.

You can purchase Managing Linux Systems With Webmin from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Webmin is a pretty neat tool for administering a server using a GUI, particularly remotely. Managing Linux Systems with Webmin, written by Webmin's author, Jamie Cameron, is an extensive look at using and extending it, a good guide not without flaws." Read on for honestpuck's take on this book's good / bad ratio. Managing Linux Systems With Webmin author Jamie Cameron pages 765 publisher Prentice Hall rating 6 - Serious flaws in structure in an otherwise excellent book reviewer Tony Williams ISBN 0131408828 summary Good guide to using Webmin flawed by lack of structure

The book is structured as 60 chapters, without any division into sections and I have serious arguments with the order of chapters; why are the chapters about configuring Webmin at the end, for example. That said, the book has a fine index and the usual two-level contents make it a fraction easier to find what you want.

I do, however, have a little digression about the 'Bruce Peren's Open Source Series,' of which this book is a member. Frankly, I think they all need, and deserve, a much stronger hand in editing. With this volume it is the bad structure and order; with "Intrusion Detection Systems with Snort" I found myself engrossed by the information and furious at the appalling grammar and sentence construction, particularly in the introductory chapters. The others in the series look significantly better at first glance but could still use better editing.

Once again we have an author or publisher who throws Linux into the title to make sure that it gets found by the greatest mass of likely readers while the tool described is more (not that I criticise the practice, they want to sell books.) Any *nix system can be controlled using Webmin -- including a great deal of Mac OS X not available through 'System Preferences.' Indeed, I'd recommend the tool to all OS X users who want to gain better control and install better tools for the underlying BSD layer in OS X. I use it myself for just this reason. If you run any other *nix system don't be put off by the 'Linux' in the title: very little of this book is Linux specific.

This one is well written -- Cameron has a light, informative style that I look for in a tech book. The book is well laid out, he gives good examples, good explanations and screen shots.

Cameron starts out with three introductory chapters on Webmin, its installation and security before launching into forty three chapters on using various Webmin modules, but with no real pattern to the order of most of the chapters. Why, for example, is the NFS module at chapter 4 while the Samba module is discussed in 43? I could list another half dozen examples without raising a sweat.

There is then a chapter on Usermin, the Webmin system for ordinary users. This is followed by three chapters on the server clustering system, a few on Webmin configuration and logging before the volume ends with chapters on building modules and themes.

Some of the chapters on the modules within Webmin border on merely stating the obvious, others are extremely useful. Overall they constitute a good manual to using the system, Webmin users who have not spent a great deal of time administering servers will find them particularly useful. The chapters on clustering, using Webmin on multiple servers to perform the same task at the once on many machines, are a good guide to administering and using this useful facility. I found the chapters on writing your own module more than adequate, I'm well under way to writing my first one after only a short time with the system and book.

One final complaint. Where in this book does it tell you how to start Webmin? I didn't want Webmin running from boot, so I answered No to that question and Webmin then ran. Nowhere did it tell me how to restart Webmin after I rebooted my computer and having the script 'start' in the directory specified as the config directory is a little less than intuitive.

Prentice Hall have a page for the book that has an author bio, the Preface and a sample chapter. Though this book is supposedly 'open content,' I couldn't find an electronic version anywhere. It might have helped, as it would give me a way to search the book faster.

In conclusion, this is a good book. With a little work on the structure it would be an excellent book, rising from a rating of six to an eight or nine. the lack of structure makes it unduly hard to find what you are after. I would recommend Webmin, as a tool, to almost everyone running a supported server. If you have no need for the section on clustering and writing your own modules you could buy The Book of Webmin for a few dollars less or browse the same book (even download a PDF version free) at Swelltech, which is less comprehensive but much better structured (and tells you how to restart Webmin). If you want a guide to Webmin that includes notes on writing your own module then this will do until something better comes along, or they release a second edition with greater thought to structure and order.

You can purchase Managing Linux Systems With Webmin from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

pres (Preston Tollinger) writes "I picked up Beyond Fear: Thinking Sensibly About Security In an Uncertain World basically because it was by Bruce Schneier. I am sure most Slashdot readers know Schneier's name and his work. The problem is, this book probably isn't for you (but might be perfect for someone you know)." To find out what he means by that, read on for the rest of Tollinger's review, below. Beyond Fear: Thinking Sensibly About Security In an Uncertain World author Bruce Schneier pages 256 publisher Copernicus Books rating 7 reviewer Preston Tollinger ISBN 0387026207 summary A worthwhile introduction to real-world (not just computer) security, aimed at a literate but non-technical audience. The Book Beyond Fear is described very well by its subtitle: this book helps you think sensibly about security. Don't expect the highly technical material you have seen in Schneier's previous books, but rather the more accessible material, much like you might read in his monthly newsletter. That doesn't mean the book is breezy: In Schneier's wordy but well-written manner, he describes a five-step process to analyze any particular security system or practice. The process helps you make sure you understand what you are protecting, what the tradeoffs are, and whether, in the end if it is worthwhile to implement the system.

He then goes on to apply this method to a series of security issues while covering the various types of security and their weaknesses. For the most part this not a technical evaluation of the tools used, but rather an analysis for each example of what the security goals are and how the tools and technology achieve or fail to achieve those goals. Even more importantly, he deals with the tradeoffs inherent in any security system.

Schneier applies this method not only to the global issues that have come up since 9/11, from airline security to protecting government secrets, but also to personal issues, including tradeoffs in personal home security. By doing so, he takes principles which might be hard for some to understand in the abstract and makes it clear how they apply in situations almost everyone has thought about.

By drawing parallels, for instance, between how you might select a home alarm system to how you might evaluate the use of face recognition at the airport, Schneier shows that you don't have to be a security "expert" to think logically about security. He brings to the forefront the tradeoffs that you made in these personal choices; for example, the downside of dealing with deactivating an alarm system every time you come home. Then, in turn, he shows how you must consider the problem of people being falsely identified by the face recognition system at the airport.

Given this strong framework, he then uses his method to analytically and dispassionately tear apart most of the silly and stupid security methods (note my dispassion here) that have been put in place or considered in the past few years, from airline security methods to national ID cards. With a combination of funny yet pointed anecdotes, clear statistics and the occasional Harry Potter reference, Schneier uses his talent for cogent, rational explanation to show how people can think about security in the modern world, instead of simply panicking at every ominous news report.

To Read Or Not To Read So it sounds like a good book and probably would be for some, but there was not enough new content for me to make it worth my limited reading time. Perhaps due to my general interest in security or just because waiting in line at the airport has already given me a lot of time to think, but I have already considered most of the ideas Schneier raises in Beyond Fear. I own a shredder, but not an alarm system, because I have considered the risks and costs. I dislike the idea of a National ID card because I was already afraid of what someone might do who got access to it, and already monitor my credit report. I have written my local representative that while his recent bill to remove SSNs from insurance cards is nice, it's far too late (and how about just getting people to stop using SSN's as passwords?).

If this describes you, skip the book. However you might note above I didn't say this was a waste of my money. This book is soon going to find its way into hands of friends and relations who need to think about security. It is a great introduction to a way of thinking that is critical in a post-9/11 world. It should be required reading for members of Congress before any more security laws are passed based only on the need to do something instead of rational thought.

Summary If you think consciously about security, know who Schneier is, or have ever noticed (and complained) that many airport security measures make no sense, you probably don't need this book. If you have only considered this topic in general, though, and want a book to focus your thoughts, Beyond Fear will do that. Finally, if you have friends who don't yet think this way (admit it, we all do), get this book into their hands.

You can purchase Beyond Fear from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

wcbrown writes "The heady days of venture capitalists funding any idea with a Web presence and IPOs without business plans are long gone, but entrepreneurship existed prior to the Internet and will continue long past when the net becomes a ubiquitous utility like the telephone. Business has changed fundamentally since the dot-com boom even if investing hasn't. To be successful in the business world today, you absolutely have to incorporate some sort of technology. If you don't, your competitors will and they will have a lower cost of doing business because of it." Read on for the rest of wcbrown's review. The Map of Innovation: Creating Something Out of Nothing author Kevin O'Connor pages 226 publisher Crown Business rating 8/10 reviewer Bill Brown ISBN 1400048311 summary This recent book by Kevin O'Connor describes how to generate business ideas, develop them into business plans, get funding, and hire the best employees.

This is the general idea that suffuses Kevin O'Connor's new book The Map of Innovation: Creating Something Out of Nothing. O'Connor might not be a household name, but he's started several businesses that have achieved recent notoriety: Flexplay, which makes DVDs that become unusable after a certain period of time, and DoubleClick, which needs no further introduction. This book synthesizes his experiences in conceiving a business idea, soliciting funding, and getting it off the ground. While we may dispute the utility of his business ideas, they have been largely successful. That means that he might have something valuable to say.

I've read a lot of books on entrepreneurship in my quest for self-employment. They're usually divided into two groups: those written prior to the Internet or only cursorily treat its affects and those created during the dot-com frenzy. The former are marginally useful since they offer some guidance on entrepreneurship even though their lack of technical considerations mitigates this usefulness. The latter are completely useless since they typically engage in strident hyperbole and grandiose pronouncements.

The Map of Innovation is different since it was written well after the dot-com hype had subsided. Even though the author built his major business, DoubleClick, during the IPO land grab, the book is remarkably free of the thinking that permeated that period. O'Connor's focus is to get a business started on fundamental principles like profitability, great employees, and broad vision. And that's exactly what a business book should target. If it seems obvious, O'Connor recognizes this: "I find that the best business books are obvious. But that isn't surprising. The fundamentals of what you have to do are so obvious that they almost always get overlooked."

The book is divided into four parts with an appendix containing DoubleClick's business plan: 1) coming up with ideas, 2) developing the best idea, 3) getting funding, and 4) hiring great staff. These, unsurprisingly, are the steps that he believes are vital to founding a successful company. Of these, I think that his idea generation chapter is the weakest one of the bunch. This isn't terribly important, though, since most people reading his book will probably have a few business ideas of their own or can come up with them readily.

My favorite part is dedicated to developing the best idea. It covers how determine the viability of your idea (how to vet it thoroughly) and how to present that idea in a business plan that will attract attention. O'Connor helpfully includes a basic outline for a business plan and then covers each item in considerable detail. I've read many books on constructing a business plan, yet I found his explanation to be the clearest and most straightforward one I've encountered.

The chapter on obtaining funding for your idea presents a series of solicitations starting with family and friends and ending with venture capital. O'Connor brushes off the problems with venture capitalists like dilution of ownership and the common occurrence of founder expulsion. He does offer some sage advice about how much money to seek and how that money should be spent. In light of his entrepreneurial history, it is unsurprising that he suggests such funding sources. His relations with venture capitalists were positive and he willingly withdrew from the corporate limelight.

Overall, the book is an excellent primer for anyone interested in creating a technology-oriented startup. It won't provide all of the information necessary for the would-be entrepreneur, but it's a good start. O'Connor tries to suggest that it would also be useful for new projects in an existing corporation but I don't buy it. The advice just doesn't apply as well. The only weak spot of the book is his Brainstorming Prioritization Technique, which is obviously a pet theory of his that he couldn't bear to pare down. It amounts to brainstorming and then picking only three to six items from the brainstorm. It is painfully obvious and an altogether common idea generation method and luckily is quickly read. The advice about venture capitalism is easily tempered by also checking out Arnold Kling's Under the Radar: Starting Your Net Business Without Venture Capital or Philip Greenspun's experience with venture capitalists.

You can purchase The Map of Innovation: Creating Something Out of Nothing from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ellenf contributes this review of User Interface Design for Programmers. "Aimed at programmers who don't know much about user interface design and think it is something to fear, Joel Spolsky provides a great primer, with some entertaining and informative examples of good and bad design implementations, including some of the thought process behind the decisions. Spolsky feels that programmers fear design because they consider it a creative process rather than a logical one; he shows that the basic principles of good user interface design are logical and not based on some mysterious, indefinable magic." Read on for the rest of ellenf's review. User Interface Design for Programmers author Joel Spolsky pages 144 publisher Apress rating 8 reviewer Ellen ISBN 1893115941 summary Aimed at programmers who don't know much about user interface design and think it is something to fear, Joel provides a great primer, with some entertaining and informative examples of good and bad design implementations, including some of the thought process behind the decisions. He feels that programmers fear design because it is a creative process rather than a logical one and shows that the basic principles of good user interface design are logical and not based on some mysterious indefinable magic.

Spolsky's light writing style makes this book an easy read, and his personal stories and anecdotes help make his thoughts on user interface stick in your mind when you're done reading. He provides programmers with a few simple guidelines to follow, such as "People Can't Read," and "People Can't Control the Mouse."

His focus on the logic of good user interfaces and his push to develop a good user model is bound to resonate and get programmers to think about making their interfaces logical from the user's perspective, rather than the perspective of the inner architecture, which the user could typically care less about.

The reminder to focus on the tasks the user is trying to accomplish rather than the long feature list that usually gets attached to product specifications should be read by product managers as well, of course. In fact, the absence of specific platform details makes the book a good read for anyone involved in software design -- with the caveat that it is not aimed at people with much design experience. This is a great starter book and makes the process understandable, friendly, and fun-sounding. (One of the things I appreciated was how much fun it sounds like Spolsky has when he's working.)

Spolsky encourages showing the in-progress software to users and watching them use it. I think one of his best points about usability testing is that if the programmers and designers cannot bother to watch the users during the testing, they're unlikely to gain much from a thick report by a testing lab. He encourages simple, quick, and casual usability testing, something even the smallest firm could afford and from which they would could draw useful improvements.

If you have much design experience, you'll find this book a bit basic, but even then the examples are worthwhile to read and remind yourself how a good idea can be poorly implemented sometimes -- usually by taking it too far! I was personally hoping for some richer comments about designing web applications, but if more people start paying attention to the basic guidelines he's covered here, web users will benefit.

In summary, the book is aimed at programmers without much design experience and Spolsky does a great job of hitting his mark. I think product managers without much design experience would benefit as well, as it provides a good basis for thinking about user interface design.

You can purchase User Interface Design for Programmers from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

carl67lp (Carl Anderson) writes "I was recently charged with redesigning my University division's Web site. I hadn't designed a Web site in quite some time, and I wanted to ensure that I did so with everything being 'proper'--the nature of our projects require as large an audience as possible. When I saw Designing With Web Standards available on O'Reilly's Safari bookshelf, I knew I had to snag it. And now, after finishing the book (the first IT book I've ever read beginning to end!), I'm here to preach the book's virtues as the author preaches those of Web standards." Read on for Anderson's review of the book. Designing With Web Standards author Jeffrey Zeldman pages 456 publisher New Riders rating 9/10 reviewer Carl Anderson ISBN 0735712018 summary An excellent guide on designing a Web site with the latest Web standards

Jeffrey Zeldman is one of the best technical writers whose work I've had the pleasure of reading. He is obviously well-educated with regard to the subject, and his passion for the work really shows through. Still, he never comes across as a zealot -- his style is even-handed, thoughtful, and easy to comprehend.

The first part of the book ("Houston, We Have a Problem") is the reason I give a rating of "9" rather than "10." Zeldman spends a perfect length of time on background and history of Web standards (why they're here, and what designers did before they emerged). However, this section seems to suffer from what many technical books suffer from: a case of "We'll see this soon"-itis. While this is perhaps unavoidable in such a treatise, it is nonetheless apparent. Still, it's only marginally distracting.

The meat of the book comes with "Designing and Building." Zeldman first talks about modern markup, then explains the variations on XHTML (i.e. Strict, Transitional, Frameset) and how each ought apply to your design. Here we see more theory than practice, though, but this is welcome -- it lays the foundation for a more cerebral look at distinguishing markup from design. Once Zeldman explains the nuances of that topic, we moveon to the redesign of a Web page constructed with a hybrid table/CSS design complete with all the excellent effects we hope to see in modern pages.

After working through this redesign, Zeldman talks in more detail about the CSS box model (and the browsers that break it), typography, and some of the quirks that Web designers must deal with. Next he touches a bit on Web accessibility--a must-read for everyone, whether you think so or not.

While Zeldman isn't incredibly thorough here, he doesn't need to be--it's a book on Web standards, after all, and this chapter serves to show how accessibility can still be achieved within those standards. He also suggests a couple of other books for more information.

Finally, Zeldman walks the reader through a redesign of zeldman.com, basically as a hands-on summary of the book, and as a guide for future projects. Also included is a "Back End" (i.e., appendix) showing some excellent information about each major browser.

Too often, a book or Web site on XHTML/CSS will dwell only on the "how"--this book shows the "how" and still explains the "why": Here's how you set up an id'ed element; here's why we do that, rather than using a class. It's already opened my eyes to many things I thought I had a handle on, but now realize that I only knew in a cursory fashion.

So, ask yourself: Do you want to design a Web site that will work for everyone, regardless of their platform? Do you want to make sure your Web site is future-proof? If so, you need this book.

You can purchase Designing With Web Standards from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes with the review below of O'Reilly's Practical mod_perl, which he describes as "a doorstop sized volume that provides more information on using mod_perl than you ever thought you needed." Read on for the rest of his review, and to see whether you actually do need to know what's in this book. Practical mod_perl author Stas Bekman & Eric Cholet pages 858 publisher O'Reilly rating 8 - Good book, some flaws reviewer Tony Williams ISBN 0596002270 summary Good overall guide for running and developing with mod_perl

The almost 900 pages are divided into five parts and a bunch of appendices. Part I, "mod_perl Administration" covers building, configuring and installing mod_perl, followed by some Apache details and an 80-page guide to coding with mod_perl in mind. Part II, 'mod_perl Performance' deals with ways of getting the best out of Apache and mod_perl, with a little about security. Part III deals with databases, including persistent connections and data sharing. Part IV is a great guide to debugging and troubleshooting. Part V is a brief look at Apache 2 and mod_perl 2.

The appendices are useful. The first is a short section of around a dozen small 'recipes' for performing various tasks using mod_perl. I found these a good base for more complex tasks, particularly when combined with examples from elsewhere in the book. The second is a list of Perl modules that extend Apache and mod_perl with a brief description of each. The third gives some strategies for providers wanting to host Apache with mod_perl. The fourth and fifth give good overviews of the Template Toolkit and AxKit, an XML application server built on mod_perl.

The book is readable, tending towards heavy writing and certainly dense, but I didn't feel this was a problem in a book meant for a fairly advanced audience. I think you'd want to be a fairly good Perl programmer and well versed in Apache before needing this volume and shouldn't expect to be spoon fed. I thought it well written.

In a book of this size you expect to find a lot of example code, and you won't be disappointed. The book is peppered with short Perl examples and example command lines and configurations, all well explained. The one shortcoming is that there aren't many examples of full-blown applications where you can see everything discussed and have it explained all in one place. I would have appreciated some more of this, the examples tend to be on the short side.

This book sits well in the marketplace. It provides more details on running, installing and configuring mod_perl and Apache than mod_perl Developer's Cookbook (and also delves more into the reasons for doing something one particular way and much more help on debugging), though the Developer's Cookbook becomes a good companion to this volume as it provides a lot more in the way of examples. For those that want to get deep into the high end of mod_perl there is Writing Apache Modules in Perl and C, which is at core a good book on high end mod_perl programming.

O'Reilly have their usual website with Table of Contents, an example chapter, and errata. The authors have their own website with some of the same information and all the code examples from the book as both individual files and one 40k tarball.

I would recommend this book to anyone who administers and writes for mod_perl, it fills the missing pieces in mod_perl Developers Cookbook and is a good companion volume to it.

You can purchase Practical mod_perl from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Robotech_Master writes "For a long time, A Fire Upon the Deep has been one of my favorite books. Combining interesting technological prognostication, fascinating concepts, amusing characters, and an enthralling story, this novel brings together science fiction and present-day science fact in a deeply compelling read. For a long time, this book had been available in electronic form from Palm Digital Media, and it was the first e-book I ever bought for my Palm PDA. Recently a new 'special edition' of the book was published electronically, containing the annotations that had previously only been available on the 1993 Hugo/Nebula CDROM, and I knew I had to make the purchase--and then, since I couldn't dig up any other mention of it on Slashdot, review it." Robotech Master warns that his (lengthy) review below of the updated version "contains some minor spoilers for plot, but not for ending." A Fire Upon the Deep: Special Edition author Vernor Vinge pages file size: 1016K publisher Tom Doherty Associates/Palm Digital Media rating 10 out of 10 for quality; 7 out of 10 for format reviewer Christopher E. Meadows ISBN 0312703694 summary As rumors fly on the galactic netnews network, a desperate expedition races to a barbarian planet to rescue the children who might hold the key to saving the universe.

The Novel It would not be exaggeration to call A Fire Upon the Deep one of the seminal SF novels of the digital age. While there had been many other books that depicted computer networks of the future, Fire was one of the first to present such a network in terms of its resemblance to USENET of the then-present-day.

A Fire Upon the Deep is set 38,000 years in the future on the outskirts of the galactic rim of the Milky Way. The galaxy is divided into several Zones of Thought, ranging from the Transcend on the farthest outskirts of the galaxy to the High and Low Beyond, the Slow Zone, and the Unthinking Depths at the galactic core.

Outside the galaxy, in the Transcend, lurk the superintelligent beings who have, well, Transcended--passed beyond normal mortal intelligence and become as unfathomable to normal humanity as we must be to animals. As one moves toward the center of the galaxy, the efficiency of thought--both biological and mechanical--decreases, as does the ability to travel faster than light. In the Slow Zone, FTL travel and data transmission is impossible, and the laws of physics limit travel to ramscoop speeds--and in the Unthinking Depths, even rational thought itself fades away. As one might imagine, most of the "civilized" races of the galaxy are found in the Beyond, between the Slow Zone and the Transcend. Here is where one small branch of humanity has found its way out of the Slow Zone and settled worlds named Sjandra Kei and the Straumli Realm.

And here is also where our story is set. In the opening pages of A Fire Upon the Deep, an ancient horror is revived by an incautious expedition of Straumli archaeologist-programmers investigating a long-lost treasure-trove just over the border of the Transcend. As the horror reaches out to take over civilization after civilization within the Beyond, it soon becomes clear that the only hope for the survival of independent thought in the Beyond lies with a makeshift space vessel that fled to a small uncharted planet in the low Beyond. This vessel, carrying a family of archaeologist-programmers and a cargo of cryogenically-hibernating children who were the only survivors of the Straumli catastrophe, holds the key to defeating the mysterious Blight.

Unfortunately, the parents of the family died soon after their arrival, and the two children ended up in the custody of rival barbarian forces: 14-year-old Johanna Olsndot with Woodcarver, a benevolent queen of a realm of learning and freedom; 7-year-old Jefri with the murderous tyrant Steel. And the expedition to rescue them, consisting of humans Ravna Bergsndot and Pham Nuwen, and Skrode Riders Blueshell and Greenstalk, has problems of its own. The story unfolds from multiple viewpoints and multiple settings which grow closer together as the story draws to its inevitable conclusion.

One of the primary features of the Zones of Thought setting is the Known Net, the data network that connects all the civilized races of the Beyond and the Transcend. Although information technology out in these realms has progressed into true artificial intelligence, with all the technological advancement that implies, the nature of the FTL transmission method means that the network itself operates at bandwidth rates similar to those found in USENET circa 1990--meaning that, for most forms of long-distance communication, text (or its equivalent) is the order of the day for the transmission of the message--but then language transmission and filtration can be performed on the receiving end. (And when hundreds of civilizations are sharing the same data network, posting hundreds of millions of messages a day, both translation and filtration suddenly become very necessary.)

Setting this hard bandwidth limit was one of Vinge's ways of future-proofing the story, as well as making necessary the sort of USENET-like communication upon which a large part of the story depends--stripping the speed of communication down to the bare bones so that every bit counts. "Somewhere should make clear to the undiscerning reader that we can't have gosh-wow 1990 LAN stuff on the Known Net because of bandwidth and transmission delay problems," reads note 1160. With a USENET-style network in place, Vinge is free to homage the USENET of today (or, rather, of 1990) in subtle ways.

For example, one of the commonly-recurring themes throughout the book is that of identity and truth. One of the ways this theme is explored should be only too familiar to most Slashdot readers: the net is often called the Net of a Million Lies. Just as "on the Internet, no one can tell if you're a dog," on the Known Net nobody can tell what race you really are--only the one you say you are. Interspersed through the story are about a dozen USENET-style netnews posts, from sources considered reliable, questionable, or outright mysterious, asking (and trying to answer) many questions: are humans tools of the ravening Blight? Are they innocent dupes? Should they be wiped out? Who is the Blight? What does it want? What is really going on? Many conflicting and unexplained viewpoints are presented, and sorting out the truth is an important part of the story. (I have heard rumors that some of these posts were written based on the posting styles of well-known USENET kooks of the day, but the annotations failed to provide any proof of this.)

Vinge also makes a few cute little digs that only a net-user might get--such as when he refers to "chronic theorizers [as being] the sort of civilizations that get surcharged by newsgroup automation," when he names the starship in which our heroes travel the Out of Band II, or when he implies, via having translation programs work less efficiently the closer to the Slow Zone the starship approaches, that some of those strange, semi-intelligible posts that show up on USENET today might simply be the fault of a faulty translator. (The notes reveal that he considered using some even more familiar net slang, such as "IMHO," but decided against it.)

One of the other interesting elements of the story is the alien race, the Tines, with whom Johanna and Jefri are stranded. The Tines are pack creatures, something like a cross between a wolf and a seal, who communicate among themselves using ultrasonic frequencies. Instead of being a personality in a single body, the personality of these Tines is spread across multiple members, and can change when members die or join. The concept behind these beings is fascinating to me, and I would like to read more stories involving them.

The story of A Fire Upon the Deep is told from multiple viewpoints, switching back and forth from Tines' World to Out of Band II at a rapid enough pace to keep tensions high and prevent things from getting too confusing (though there are still subtleties that didn't come out for me until several rereads). At the root, it's a rollicking USENET-informed space opera crossed with a bit of Swiss Family Robinson and a dogs-and-their-boy story. If I have one minor complaint about it, it is that most of the alien races seen in the story -- whether it's the group-mind Tines, the Transcended Powers, or even the Blight -- seem, with one or two exceptions, to have altogether too human a viewpoint. (Though Vinge does point out in the notes that the ones who don't have that kind of viewpoint probably wouldn't have much to do with those who did anyway.) But as quibbles go, that one is so low on the scale that it hardly even registers. If you haven't read this book, go out and get it right away--or stay right where you are and order it from Palm Digital Media (see my comments on format below). You won't be disappointed.

Introduction and Annotations The annotations in the back of the book are not the only reason to buy this book, of course. There is also a fairly lengthy introduction that goes into the history of the annotated version of the book, and into prognostications about what the future of prose might be. Since A Fire Upon the Deep was written several years before the wide advent of HTML, the story itself centers on USENET as the galactic communication medium...but the introduction was written just as HTML and hypertext were starting to get wider exposure, and Vinge seemed to think that hypertext was the future of fiction. "I believe hypertext fiction will ultimately be a new art form," Vinge wrote, "as different from novels as motion pictures are from oil paintings." Vinge has left this 1993 introduction much the same as when he originally wrote it, even though his predictions have not yet shown much sign of coming to pass.

Calling this special edition of A Fire Upon the Deep "annotated" is really a slight misnomer; for a book to be "annotated" (as in The Annotated Alice) usually means that someone has gone through it after the fact, adding clarifying comments that expand the reader's understanding. That is mostly not the case here.

These annotations are not notes to add explanations (save for a very few that Vinge added in after the fact for that purpose); they are short, often cryptic notes from Vinge to himself (just as a programmer comments his code to remind himself what he's written and why), or from some of the consultants who helped Vinge thrash out the story, pointing out awkward phrases, words that should be (or have been) spell-checked, mathematical and astronomical calculations (how large and close the Tines' moon needs to be to provide months of a certain length, for instance), inconsistencies, problems that need clarification, possibilities for sequels, text fragments that did not make the final cut, and story ideas. And there are quite a few of them--going by the progress bar on the reader, the notes section is about 150% of the length of the story section.

Because these notes were made at different points during the drafting process, it is not unusual for them to refer to entirely different parts of the book--a note several chapters in talking about the ending, or a note 3/4 of the way through the book suggesting that it might be a great idea if Ravna actually came from Sjandra Kei (which was revealed as soon as we first met her in the story itself). And some of the notes cryptically refer to characters or events no longer even present in the text. This being the case, readers new to this story are strongly advised to read the book straight through at least once before venturing into the annotations at all, because otherwise some major revelations will be spoiled.

If you're expecting great insights in these notes...well, there are some--into how Vinge writes, as well as into the story itself. But the notes are far more often cryptic or even meaningless, so don't be disappointed if they aren't all you'd hoped for.

Some of the notes are quite funny, such as one of Vinge's consultants' complaint about the use of the term "member" for an individual animal in Tine packs. "Except for what the Victorians did with 'member,' this term seems perfect," Vinge replied. "Suggestions?" The consultant backed down and said, "It's okay as long as you don't use it for anything else."

There is also a noteworthy footnote from Vinge regarding a cascade failure of interconnected computer systems:

"Ug. Unfortunately, in 1992 how many people would believe that such apparently unconnected failures are reasonable? There'll be a period of time where this may seem incredible. (And then after 1996 or so, maybe it'll just be a cliche of the everyday news.)"

He might have been off by a year or two, but an argument could still be made that he nearly predicted the Y2K scare.

The Format

The annotated version of A Fire Upon the Deep has an interesting history. The annotations were, of course, created by Vinge as part of the process of writing the book itself. In 1993, Brad Templeton of ClariNet suggested including them on a special Hugo/Nebula Award CD-ROM he was preparing--and so they were, along with a couple of illustrations and a low-resolution Quicktime or AVI movie. The movie was a brief recording of Vernor Vinge himself saying hello (and revealing in so doing that his name actually rhymes with "Benji," not "hinge"), and that he wondered what future entities would think when they viewed this time capsule from the dawn of the digital age. (However, because the CD-ROM has since become as rare as hen's teeth, the likeliest answer is "not much.") What's more, since this CD was made while HTML was still catching on as a hypertext format, the novel and annotations were made available in the form of separate rich text files for each chapter and each chapter's worth of annotations, a Hypercard stack, or--get this--a Windows 3.1 Help file. Imagine reading a 1.5 megabyte book in Windows Help.

Ten years later, the Hugo/Nebula CD-ROM has vanished into near-total obscurity. Meanwhile, HTML has become the pre-eminent form of hypertext, and the e-book has come into its own as the reading format of choice for many technophiles. In fact, the un-annotated A Fire Upon the Deep was one of the first titles offered by Palm Digital Media, back when it was known as Peanut Press. And now that the technology has evolved, Vernor Vinge has re-released the annotated version of the novel as a Palm Digital Media format e-book.

It would have been nice to have A Fire Upon the Deep in open HTML like Baen's e-books, but it is understandable that Dr. Vinge (or his publisher) might have preferred for the book to be digitally protected. Since that is unlikely to change anytime soon, there is little point to letting the perfect be the enemy of the good; as digitally-protected e-book formats go, the PDM format is actually quite decent. Free reader software is available for the Palm, PocketPC, Macintosh, and Windows platforms (and the Windows version also runs flawlessly under WINE on Linux).

A Palm Digital Media e-book is a hypertext document that supports text formatting (as with bold, italics, and differently-sized fonts), low-resolution images, and links from one part of the document to another (most often used for footnotes or annotations). DRM is simple and nonintrusive, consisting of entering name and credit card number into the reader software the first time the book is loaded. Thereafter, the book can be loaded immediately, and always opens to the page on which it was closed. The DRM is not tied to any particular device, so a book can be unlocked on as many different computers or PDAs as its purchaser desires to use simultaneously.

For the most part, A Fire Upon the Deep is easy enough to read in this Palm Reader format. However, there are some small things that take away from the reading experience. The most obvious comes from the way the links to the annotations are provided. In the text, these links are essentially centered between two paragraphs, separated by paragraph breaks, like so:

Note 423

Sometimes there are two or three or more of these links in a row. When reading from a computer screen, this is not too distracting--and it is certainly easier than looking for the link inside a paragraph--but on the much smaller screen of a PDA, it can substantially cut down on the amount of actual story text on the screen at one time (especially at larger font sizes).

The other thing is that flipping back and forth from footnotes to text can be extremely distracting to following the thread of the story, especially when reading from a PDA (and particularly when many of those footnotes turn out to be things like "Checked spelling of 'worldwide'"). After a while, I started reading a whole chapter or two at a time, then flipping to the footnote section and reading its annotations -- flipping back to the text if I was confused about how a note applied. (The bookmarking function of the Palm Reader helped in this, too.) On my computer, I also experimented with opening two different Palm Reader windows, one for the text and one for the annotations, and placing them side by side -- but in order to do this, I had to make and rename another copy of the e-book because one e-book can only be opened in one Palm Reader window at a time. It was a bit awkward ... but then again, so is watching a movie with director commentary on, sometimes.

Aside from the annotations, there are a couple of minor differences between print and e-editions that do not affect the reading experience quite so much. For example, the Palm e-books do not include the map of the Zones of Thought and the Out of Band II's course that is in the tree-book editions, nor do they have the Vinge-drawn sketch of Jefri Olsndot and Flenser that was on the Hugo/Nebula CDROM. While regrettable, this is also understandable; line art does not reproduce well at lower resolutions, and would also make an already large file even larger.

Another departure from the print book has to do with fonts. At several points in the book, USENET-style netnews posts appear. As noted in the annotations, Vinge requested that they be printed in a courier-style monospace font to set them apart from the rest of the story. In the print version, this was done; however, in the e-versions they are simply block indented. Although the Palm Reader does have a monospace font that could have been used here, presumably it would have been hard enough to read on a small PDA screen that the formatter decided to go with indentation instead. While this is also an understandable decision, the slight indentation and the interspersed footnote links sometimes make it hard to tell whether one is still reading netnews post or story text.

Conclusion A Fire Upon the Deep is one of the best works of net-related science fiction ever written, in either its annotated or unannotated versions. Either edition would be worth buying from Palm Digital Media (or Fictionwise, who also carries it), or from your favorite print bookseller if you don't care about the annotations. (For a number of reasons, I don't expect the annotated version to be published as a tree-book any time soon.)

At PDM, the annotated version costs $8.96, whereas the non-annotated version is $4.49. The question is whether the annotations justify spending an extra $4.47.

In my opinion, for someone who just wants to read an excellent science-fiction story and doesn't care about what went on behind the curtain, the less-expensive version would be sufficient. But for the reader who is interested in the background material, the annotated version is well worth the extra money.

If reading on a palm isn't appealing, you can also purchase the paper version of A Fire Upon the Deep from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Fred Reynolds writes "You'd think that predicting human behavior would be easy. A moment or two's reflection, and it's obvious that people act to further their own interests. And in fact, the science of economics is founded on this observation. So everyone should be a rational economizer, busy calculating their individual costs and benefits, and acting accordingly. Right?" Since things aren't quite so simple, Reynolds has reviewed Robert R. Prechter's Socionomics: the Science of History and Social Prediction; read on for the rest. Socionomics: the Science of History and Social Prediction author Robert R. Prechter, Jr. pages 900 + publisher New Classics Library rating Oustanding reviewer Fred Reynolds ISBN 0932750575 summary A new science of human social prediction

Yet...it's also easy to see that people do a lot of nutty things, and usually do so in groups. They wear leg warmers, wide neckties, then narrow neckties. Long skirts, short skirts. No skirts. Paisley. They ride roller skates, then scooters. They buy Pet Rocks, collectible Beanie Babies, and stocks of dot-com companies with no profits and no business plan. They ingest odd substances, and subscribe to odd belief systems. They also fight wars, and blow up themselves and others.

This jackass behavior has lead to some telling but apparently casual observations, such as this gem by Charles MacKay: "Men, it has been well said, think in herds; it will be seen that they go mad in herds, while they only recover their senses slowly, and one by one." Offhand observation aside, it remains true that the non-rational behavior of human beings in society has usually made monkeys out of those who seriously attempt to forecast it.

This is why Robert Prechter's 2-volume opus Socionomics: The Science of History and Social Prediction is such a joy to read. It's a credible and provocative attempt to found a predictive science of human social behavior. It's also a truly different work. The number of new propositions and arguments advanced in Socionomics is matched by their highly controversial nature, and by the amount of evidence put forth by Prechter and his co-authors. Readers looking for non-fiction that is wide in scope, provocative, and meaty will enjoy these two books.

What's It All About?

It's helpful to think of Prechter's massive argument as if it was structured like an hour-glass. The first volume of the set, The Wave Principle of Human Social Behavior and the New Science of Socionomics (hereafter: HSB) is the fat upper part of the glass. It provides the theoretical justification for a shorter set of linked propositions or principles that constitute the narrow neck. The second volume,Pioneering Studies in Socionomics (hereafter: PSS) consists of a series of essays and articles that apply those principles to a wide swath of human endeavor: music, sports, politics, war and peace, scientific and intellectual trends, religion, economics and finance. This is the fat bottom of the glass, the payoff of analysis and prediction.

The Propositions

Socionomics has been defined as

the field of study encompassing the origins and effects of an endogenous human social dynamic called the Wave Principle, a specific sequence of progress and regress that regulates the complex system of collective mood and social interaction. It examines and forecasts market and social trends on the following basis: that the character of social, political, cultural, financial and economic trends are the product of collective human psychology, which is based upon an unconscious herding impulse deriving from pre-rational portions of the brain.

This definition shows why Socionomics... is a two-volume set: it's not easily summarized.

Any science must have a way to measure its subject. Prechter claims that human social behavior can be measured with several meters, but the most accurate meter is the movement and fluctuation of economic values, as expressed in stock markets every trading day. He believes that markets provide a real-time reflection of the collective social mood. Measuring social mood is important because:

1. The events of history and culture are driven by the engine of collective social mood. Social mood temporally and logically precedes social events, and is the cause of social events. War and terrorism don't cause distressed people; distressed people create the conditions and events that lead to and comprise war and terror. A booming economy does not create ebullient people; ebullient people produce more, consume more and participate in and contribute to market manias.

2. Social mood is itself the product of the interaction of the society's members. Collective mentation -- herding -- arises from the interaction of the players in a process similar to the emergent behavior of other complex, non-linear systems. Prechter quotes philosopher Eric Hoffer: When people are free to do as they please, they usually imitate each other.

3. Social mood fluctuates between polarities of primitive emotional states, such as confidence/fear, skepticism/credulity, optimism/pessimism, benevolence/malevolence, etc. These fluctuations are not effected by outside events, but move according to their own internal logic. They appear to arise in a dynamic that is endogenous to the social system.

4. Social mood fluctuations are patterned by the [Elliott] Wave Principle, a specific sequence of progress and regress that regulates the complex system of collective mood and social interaction. Prechter cites the work of market analyst R.N. Elliott, who, in the 1930's, discovered the patterns in the markets that bear his name. These patterns -- Elliott waves -- are measurable and may be charted.

5. Elliott waves, which are typically used to chart and forecast the movement of stock market valuations, are self-similar at different degrees of scale; i.e. a monthly chart of the Dow looks a lot like a weekly chart, or a 5-minute chart...or a 5-decade chart. Elliott apparently discovered that the market movements are fractal, decades before Mandelbrot invented the term and took credit for that observation.

6. The specific patterns described by Elliott Waves are in close relation to the Fibonacci sequence of numbers. The Fibonacci sequence, and the Fibonacci ratio derived from it, appear ubiquitously in natural forms ranging from the geometry of the DNA molecule to the physiology of plants and animals.

7. The behavior of these fractal, Fibonacci-based waves is specific and patterned. Hence, it is (probabilistically) possible to predict human social behavior.

Given the emphasis placed upon it, it's probably not too gross a distortion to define socionomics as the science of social mood: its genesis, behavior, and effects.

Justification

Any one of the propositions above is controversial; taken together they an extraordinarily claim. In the first volume of the set, Prechter attempts to provide extraordinary evidence to support his claims, and he makes a strong case.

HSB surveys the evidence of fractals and Fibonacci in nature and finance. Prechter sites study after study that finds the Fibonacci sequence in phyllotaxis, in branching or arboral systems, in nautilus shells, pine cones, the DNA molecule, neurons and galaxies ... and in the Dow, Nasdaq, and other market indices. The implication is clear: human social activities are a natural process, no less than the growth of trees or the formation of solar systems. For some readers, this tour-de-force alone may be worth the price of the book.

Prechter then leans heavily on Paul MacLean's book, The Triune Brain in Evolution to explain his endogenous herding impulse. MacLean and others have found evidence that the pre-reasoning limbic system may be hard-wired to herd or flock. The reasoning neocortex may override the impulsive, emotional limbic system if given sufficient time -- and in this possibility lies our experience of free will. But the emotional limbic system is faster and more powerful than the reasoning neocortex, and often wins out. As Prechter puts it: If you doubt its power and speed, try to envision how you would react if someone suddenly dumped a dozen writhing three-foot blacksnakes in your lap. Understanding that they are harmless, try to decide how long it would take you nevertheless to train yourself not to budge upon being surprised that way in the future.

Building on this theoretical base, HSB goes on to develop detailed statements about socionomics proper, statements that Prechter identifies as observations, not yet a hypothesis. He categorizes various social polarities that seem to characterize all social interaction. He traces -- measures -- the ebb and flow between these polarities with various social meters, including popular culture (movies, fashion, music, sports) and, of course, the stock market. For one example, there is a chart of baseball stadium attendance figures in the U.S. that sports a clearly developed Elliott Wave pattern. Based on the pattern, Prechter predicted that baseball's popularity would wain, as it subsequently has.

Application

Pioneering Studies in Socionomics continues this analysis of contemporary trends and events as seen through a socionomic lens. Here's a short list of grist for the socionomic mill: restaurants, Broadway, religion, central-banks (e.g. the Federal Reserve System), Pro Wrestling and the Bull Market, Microsoft, the attacks of 9/11, macroeconomics, and song lyrics. All of these human endeavors are found to fluctuate over time, in the now familiar fractal, Fibonacci-based Elliott waves.

Many Slashdot readers will be amused/intrigued/outraged by the chapter on quantum physics, and its parallel to the social sciences. Here Prechter sites the work (published and unpublished) of physicist Lewis E. Little. Little's thesis challenges the conventional view of quantum mechanics and presents a new theory that places activity at the sub-atomic level on the same grounds of cause and effect as all other physics. There's enough controversy in this chapter alone to merit a separate book!

What's Missing?

As sprawling as these books are, there is no discussion of methodology, seemingly a critical lacuna in the founding of a new science. In the hard sciences there is today little discussion of methodology; the discussion has concluded. In the soft or social sciences, entirely libraries could be filled with the debates on proper methodology. Which subjects should be chosen for research, and how should they be chosen? How should experiments be conducted? Or is experimentation possible? Or even desirable? Is the use of mathematics appropriate? If so, how?

Answers to these questions, which Prechter may provide in due time, are needed to defend what's proposed. For example, an easy criticism to make of the various essays in PSS is that the subject matter is cherry-picked, and that choosing different subjects may have yielded different results. The particular criticism may or may not be valid; it will take a methodological argument to answer.

A Closing Analogy

James Gleick's Chaos tells the story of the scientists and researchers who founded a new science. Over and over, they tell a similar story: that chaotic behavior was ever-present in the physical world, but dismissed as noise in the experiment. It required a profound shift in perspective to realize that the noise was worth studying.

Is Prechter, with his Fibonacci-based fractal waves of human social behavior and socionomic insight, correctly pointing out a similar need for a profound shift in perspective? Is the noise of pre-rational human social behavior worth studying? Does our future lie in our reasoning mind, or our prehistoric brain?

Some Useful Links

• The web site of the Socionomics Institute
  
• An overview of socionomics by John Casti, of the Santa Fe Institute.

You can purchase Socionomics: the Science of History and Social Prediction from bn.com -- the official release date is September 23rd. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

briandonovan writes "World Wide Web Consortium (W3C) Director Tim Berners-Lee and his compatriots would like to transform the current Web into a 'Semantic Web' where 'software agents roaming from page to page can readily carry out sophisticated tasks for users' using 'structured collections of information and sets of inference rules.' The Resource Description Framework (RDF), designed as a language for expressing information about resources on the Web, and allied technologies are the result to date of ongoing efforts at the W3C to furnish Semantic Web proponents with the requisite tools. While it's far too early to predict whether TimBL's grand vision will be realized, RDF/XML (the XML serialization of RDF) is already in widespread use, having been incorporated into a surprising array of applications." Read on below for briandonovan's link-stuffed review of O'Reilly's Practical RDF. Practical RDF: Solving Problems with the Resource Description Framework author Shelley Powers pages 331 publisher O'Reilly & Associates rating 9/10 reviewer Brian Donovan ISBN 0596002637 summary Great introduction to RDF, an assortment of tools and utilities for working with RDF, and some real-world applications.

RDF first hit my radar screen a couple of years ago while I was working on a barebones tool to manage my personal website. I was writing the code to generate RSS feeds ("What is RSS?") for my site and had to choose whether to support RSS 0.9x (non-RDF) or RSS 1.0 (RDF-based) or both. Long story short: I went with RSS 1.0 and was able to implement the feeds, but never got any further into RDF afterwards. I couldn't make headway through the RDF-related working drafts rapidly enough to justify the time that I was spending, there weren't any worthwhile-looking books available at the time, and the few online tutorials that I found were sorely lacking -- possibly because the specs themselves were still evolving as the RDF Core Working Group hashed out some remaining issues.

Fast forward a few years: the dust in RDF-land seems to be settling a bit (although new working drafts of all of the current RDF specs were released on September 5th, most of the changes from previous versions appear to be relatively minor) and, with the publication of Shelley Powers' Practical RDF: Solving Problems with the Resource Description Framework, there's finally a good book available on the subject.

Overview After an introductory chapter that touches on the history of RDF and some applications of RDF/XML (the preferred, W3C-blessed serialization of RDF), the book is divided into three broad sections. In the first, the reader is guided through the raft of documentation produced by the RDF Core WG, including : Resource Description Framework (RDF): Concepts and Abstract Data Model, RDF/XML Syntax Specification, RDF Model Theory (formerly Semantics), and RDF Vocabulary Description Language 1.0: RDF Schema. Before moving on to Part II, where she surveys programming language support and tools available for working with RDF (with code snippets where appropriate), Powers spends a chapter developing an RDF vocabulary, "PostCon," that's used throughout the remainder of the book for demo purposes.

Chapter 7, the first in the tools-focused portion of Practical RDF is dedicated to (mostly Java-based) editors, parsers, validators, browsers, etc. for desktop use. Next, she dives into Jena, the Java RDF toolkit that began life as the labor of love of HP Labs researcher Brian McBride before being elevated to the status of a formal HP Labs project under their Semantic Web Research umbrella. Another HP Labs Semantic Web project, Damian Steer's BrownSauce, a slick little Java-based RDF browser, was introduced back in Chapter7. Means for manipulating RDF/XML in Perl (RDF::Core, part of Ginger Alliance's PerlRDF project), PHP (RAP, the RDF API for PHP), and Python (RDFLib) are addressed in Chapter 9. RDF query engines/languages are taken up next -- rdfDB QL, the query language of R.V. Guha's rdfDB (written in C); SquishQL, implemented in the Java-based Inkling query engine (built atop PostgreSQL); RDQL, used within Jena; and Sesame, a JSP/Servlet querying engine that supports both RDQL and its own query language, RQL, and can be deployed atop MySQL or PostgreSQL. Powers rounds out this part of her book with a chapter that deals briefly with the leftovers. Drive, an RDF API for C#, is briefly discussed along with RDF APIs for less fashionable programming languages : Nokia's Wilbur for CLOS, XOTcl for Tcl, and RubyRDF for Ruby. Redland, an RDF toolkit written in C with Java, Perl, PHP, Python, Ruby, and Tcl wrappers, is covered at some length (about half a dozen pages) and a couple more are given over to Redfoot, a Python RDF framework consisting of RDFLib (mentioned earlier in the Perl/PHP/Python chapter), a small-footprint HTTP server (according to the changelog at redfoot.net, they're using Medusa), and a native scripting language called Hypercode that lives within CDATA blocks in RDF/XML (example).

The last third of Practical RDF is devoted to uses of RDF and begins with a chapter on the OWL Web Ontology Language, an extension to RDF that's designed to supply more constraints for RDF vocabularies than can be provided by RDF Schema alone. This chapter would have been better situated after Chapter 5, which addresses RDF Schema, and feels a bit out of place here. RSS 1.0, the RDF-based syndication format, gets a chapter all of its own, beginning with a short synopsis of the evolution of RSS and the rift between the RSS 0.9x/2.0 and RSS 1.0 camps, progressing through descriptions of the RSS elements, some discussion of the use of modules, RSS autodiscovery, and aggregators (Amphetadesk, Meerkat, and NetNewsWire are mentioned), and finishing with an example RSS file (a syndicated list of book recommendations), producing RSS 1.0 using the Informa RSS Library (a set of Java classes), and merging two RSS 1.0 files using the XML::RSS Perl module. Two "Applications Based on RDF" (commercial and noncommercial) chapters top off the book. Noncommercial applications of RDF are visited first : Mozilla, where history and bookmarks, among other classes of information, are stored in RDF; the Creative Commons licensing scheme, whose proponents encourage content creators to embed RDF snippets into their documents and applications to provide information about the work itself and the restrictions placed on its reuse under the particular CC license that they've chosen; a Java and PostgreSQL based digital library system jointly developed by MIT and HP that uses RDF; and FOAF (Friend-of-a-Friend), an RDF vocabulary designed to express personal information and interpersonal relationships. Among the list of commercial applications utilizing RDF that comprises the final chapter in the book is Chandler, the same as yet very-alpha personal information manager that's managed to garner multiple mentions on this site.

The Verdict

The real meat of Practical RDF, for me, was in Chapters 1 through 6 (plus the OWL chapter, Chapter 12). This is not to say that the material in the last 2/3 of the book isn't useful or interesting. The section on RDF software tools is a great annotated survey of what's out there right now ... and I would imagine that installing and testdriving each of the software applications featured in those chapters must have been an extremely time-consuming process. The chapters describing real-world applications of RDF could be useful to someone trying to convince a manager that RDF is a viable, widely-used technology. Given a choice, though, I would rather have seen those pages spent on additional coverage of RDF, RDFS, and OWL with more example RDF vocabularies developed (like PostCon, which the author formulated, then refined through RDFS and OWL). The displaced material could have been made available online at the author's site for the book. A lot of that information will become less accurate over time as the software evolves and people come up with more applications for RDF anyway.

All nitpicking aside, though, if you're looking for a book on RDF, then you can't go wrong with Shelley Powers' Practical RDF.

You can purchase Practical RDF from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Christina Schulman writes " Quicksilver, Volume One of the Baroque Cycle, is the new doorstop from Neal Stephenson, author of Snow Crash and Cryptonomicon . It's set in late-seventeenth-century Europe, and while it has a few links to Cryptonomicon, you don't need to read Cryptonomicon first. A bit of background reading about the English Civil War wouldn't hurt, though." Schulman's review (below) is enough to whet the appetite, without major spoilers -- perfect for those of us who've been waiting since the end of Cryptonomicon for another 900 pages. Quicksilver: Volume One of the Baroque Cycle author Neal Stephenson pages 944 publisher William Morrow rating 9 reviewer Christina Schulman ISBN 0380977427 summary More than you ever wanted to know about the English Restoration and the invention of calculus, with lots of explosions, syphilis, and piracy thrown in for good measure.

First, let's make it clear that Quicksilver is not science fiction. It's historical fiction, occasionally about science, for people who like science fiction, i.e. geeks. It has math, optics, and vivisection, but no computers, no code, and no high-speed pizza delivery.

This is also not a book that gets anywhere quickly. It's 900-plus pages, and it's not padded so much as it is fractal. Stephenson wanders down side tracks, stages elaborate adventures and morality plays, explores philosophical issues and geometric proofs, assembles obscure puns, and drags in all manner of famous people and events, purely for his own amusement. Either you sit back and enjoy the game, or you hurl the book (with effort) at the wall somewhere in the first few hundred pages.

Daniel Waterhouse is a seventeenth-century geek; his father's a prominent associate of Oliver Cromwell, but Daniel's more interested in Natural Philosophy than in decapitating kings and Catholics. At Cambridge, he befriends Isaac Newton; later he becomes sort of a grad student and chief bottle-washer to the Royal Society. He starts out as naive observer of London politics, but over a few decades, gravitates into the intrigues of both the Court and the European intelligentsia. Just as Lawrence Waterhouse befriended Turing in Cryptonomicon, Daniel Waterhouse orbits Newton and Leibniz. It seems to be the fate of Waterhouse men to be brilliant thinkers eclipsed by the geniuses of their age.

Jack Shaftoe is a legend in his own time, a thief and mercenary who propels himself around Europe on sheer balls and avarice. He bumbles into and out of ridiculous scrapes, including an ostrich-chase at the Siege of Vienna that results in his rescue of the slave-girl Eliza from a Turkish harem. Eliza's business savvy draws the pair back across Europe to Amsterdam, where Eliza becomes entwined in both the Dutch stock exchange and the court of Versailles.

Cryptonomicon readers will remember the improbably long-lived Enoch Root, who shows up occasionally to nudge the plot along. Most of the story takes place between 1655 and 1689, but it opens with Enoch in Massachusetts in 1713, interrupting Daniel's efforts to found MIT by presenting him with a summons from England. Daniel spends the next several weeks being chased around Plymouth Bay by the pirate Blackbeard, only to have his plot thread left dangling with no apologies. Either it will be picked up in the sequel, or Stephenson is attaining a new degree of sadism.

Where Cryptonomicon was about secrecy and deception, Quicksilver is about revealing the hidden and the unknown, and the free dispersal of ideas and money. Stephenson uses quicksilver as an unsubtle symbol of the scientific discovery that was beginning to percolate through the known world. He highlights the dichotomy between the religious viewpoint, of a world that began in perfect knowledge and order and has steadily decayed since the Fall, and the scientific viewpoint, of a chaotic world that is slowly being brought into order and the reach of understanding. Much of this understanding was accomplished through the efforts and correspondence of the Royal Society, which operated in a state of excitement, enthusiasm, and confidence that they would decipher the mechanisms of nature: an attitude not unlike that of the dot-com startup era, but fueled more by wonder and less by naked greed.

Lesser writers dump blocks of expository prose into the narrative; Stephenson shamelessly shovels it into his dialogue. As a result, much of the dialogue is stilted, and the banter is painfully odd. You get used to it. Some bits are more blatant than others, such as a dialogue between Waterhouse and Newton and a Jewish prism-merchant, in which Stephenson trots out a brief overview of European coinage of the time, while cycling through a catalogue of synonyms for "Jew."

So, is Quicksilver worth the effort? On the one hand, it's an insightful look at both the Scientific Revolution and the Glorious Revolution. On the other hand, it's got plague, pirates, astronomy, sex, explosions, daring rescues, religious strife, and the profound effect on European history of stockbrokers and syphilis. It's a terrific book, but don't expect it to resemble Stephenson's prior books in anything but ambition and length.

You can purchase Quicksilver from bn.com -- the official release date is September 23rd. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Peter Wayner writes: "If you're looking for a quick way to test the difference between reading text online and reading it in a book, turn to Steal This Computer Book 3 by Wallace Wang, the third edition of a popular series that promises to tell you 'what they won't tell you about the Internet.' All of the information in the book can be gathered from Google for free, but the crisp writing, clean presentation and printed format make the book a good deal. It's possible to curl up in a chair out of WiFi range and cruise the best parts of the Internet without leaving a trail of cookies." Read on below for the rest of Peter's review -- it's free! Steal This Computer Book 3 author Wallace Wang pages 358 publisher No Starch Press rating 9 reviewer Peter Wayner ISBN 1593270003 summary An irreverant

The book is a travelog of many of the most interesting or inflammatory corners of the Internet. There are chapters on hacktivism, hate crime, con games, spam, phone phreaking and dozens of other topics. If someone's spent time flaming about it, banning it, subpoenaing it, or demonizing it, there's probably a section on it here. All of the sections come with screen shots and URLs for further digging.

I found reading the book to be an odd pleasure. There was no way to click on the sites or try any of the software without heading for a computer, but that didn't seem to matter. If anything, it was nice to skip over the links and put off heading down alternate paths until later. The more I experience books like this, the more I begin to wonder if there's much in the hyper-fragmented, postmodern view of a narrative built out of multiply forking paths. This book offers one fairly simple arc that carries us through the most talked about corners of the web and it does it fairly gracefully. That's a pleasure unto itself.

The book comes with a rebellious gloss and semiotic history. The title was stolen from Steal This Book a collection of anarchist schemes written by Abbie Hoffman in the 1960s. Despite the title, that book became a bestseller -- offering a glimpse of the longterm prospects for Hoffman's revolution. All of the prole sheep dutifully bought a book filled with bombmaking techniques that promises to show you where "exactly to place the dynamite that will destroy the walls."

Hoffman's book showed that people will buy something they value even when they're told to steal it. The prole sheep intuitively understand that books cost money to create. But maybe that was a different era, before the web existed. This website offers the text even though there are four editions for sale at Amazon. I wonder who holds the rights?

Wang's book is nowhere near as radical or as dangerous. Hoffman wrote sentences like "The purpose of part two is not to fuck the system, but destroy it." Wang generally avoids such antagonistic language and speaks generally about anti-social behavior in the third person: "When hackers use social engineering, they often masquerade as a consultant or temporary worker..."

Much of the book, in fact, is filled with techniques that are presented as tools for protecting your privacy and your personal information. The back cover asks, "Is your computer safe from computer viruses and malicious hackers?" It's only partially aimed at helping people do asocial things on the Net. Helping people protect themselves from the evil hordes is a large part of it. Given that identity theft is a booming business, this edition is practically an anti-crime book.

What does this mean for the this Internet revolution? Will the current file trading yippies overthrow the copyright system? Will file sharing actually become the norm? Or will all of the Napsterites follow the paths of Hoffman's proteges and grow up, have kids, move to the burbs, and start paying for their content? Well, they might if the content is as comfortable as this book in the hands while sitting in a La-Z-Boy recliner. No popup windows. No flash graphics. No registration required. Just pure content. Hmmm.

Peter Wayner is the author of books like Policing Online Games, Translucent Databases and Java RAMBO Manifesto. Please don't steal them. You can purchase Steal This Computer Book 3 from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "To say that understanding HTTP is crucial for web development might seem like saying water is wet, yet many people don't take the time to fully understand the protocol. This book could be a good help. HTTP Developer's Handbook from SAMS gives you a great deal of information about the protocol in a clearly understood fashion." Read on for the rest of honestpuck's review. HTTP Developer's Handbook author Chris Shiflett pages 280 publisher Developer's Library/SAMS rating 6 - Serious flaws reviewer Tony Williams ISBN 0672324547 summary Mixed volume with fair look at HTTP protocol

One of the strangest feelings I've ever had reading a book is that I have a better opinion of it than does the author. Shiflett spends most of the introduction convincing the reader that this is a useful book and it seems that the start of most chapters is another few sentences telling me why the chapter is incredibly useful for me to read. I felt like yelling "I'm convinced, I'm convinced."

The book is broken up into 6 parts: 'Introducing HTTP,' 'HTTP Definition,' 'Maintaining State,' 'Performance,' 'Security,' and 'Evolution of HTTP.'

The first section and a large part of the introduction are the sort of information that is covered elsewhere in just as good a detail: it basically covers the obvious. The second section covers the HTTP protocol itself, with a good discussion of requests and responses, including all the nitty gritty details of the headers in some detail. This is the really useful heart of the book and it covers 80 of the 280 pages. The third, fourth and fifth sections give a too-concise look at their subject matter, I felt the book could have given much more detail here. The last section is a waste of space; in this volume I don't really need to have a small amount of information about SOAP and XML-RPC.

This book is well-written; I believe its two fatal flaws are that Shiflett seems unsure of his own book and that the book itself tries to offer everything for a developer while explaining it all for the newcomer. I think that had Shiflett given up on the newcomer and given the developer greater depth (with a lot more examples) he would have delivered a much better book. For a developer, the volume is much too light on example code, the book is not really 'practical,' more 'informative.'

This might be a good volume for a library, either a corporate or school library. It provides the salient information in one spot in a concise and readable manner. I think that an individual might find it a less than totally useful book for the money -- you're likely to have already have a volume or two that covers most of the information, and with most languages in web development having libraries that take care of most of the low-level stuff for you, it becomes less and less necessary to really understand the bottom level. Personally, I'll keep it for the 80 page section on the HTTP definition so I have it all in one spot.

You can purchase HTTP Developer's Handbook from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Read on below for two readers' review of books aimed at Red Hat 9 users: acemics writes with a quick review of Red Hat Linux 9 Professional Secrets, and reader skogs contributes a longer look at Sam's Publishing's Red Hat Linux 9: Unleashed. Red Hat Linux 9 Professional Secrets, Red Hat Linux 9 Unleased author See each. pages See each. publisher See each. rating See each. reviewer See each. ISBN See each. summary Guides for both experienced users and newbies to Red Hat 9

skogs' review of Red Hat Linux 9 Unleashed Red Hat Linux 9 Unleashed author Bill Ball and Hoyt Duff pages 1002 publisher Sams Publishing rating 9 reviewer Nathan Jay Skoglund ISBN 0672325888 summary A guide for intermediate to advanced users of Red Hat 9.

To begin my humble review, I think I need to explain my point of view a bit. I am very interested in Linux and the open source movement, hence the purchase of a 1000+ page Linux book. Nothing new here, just a book review, if you want some technical writing, buy the book.

The problem is that I have tried many distros (Slackware, RedHat7.2, Icepack 2.0, Mandrake 9.1, Knoppix[fun], DamnSmallLinux and now RedHat 9.0), and not really known what I was doing. I liked most of the install programs, and I liked the general office suites, but I couldn't fulfill my need to know what exactly was going on inside my machine.

I sat down inside Barnes & Noble for roughly an hour and a half and looked over the Unleashed Book and compared it to the 'Bible'. Having looked through them both extensively, and learning a few things along the way, I decided that I liked the book I am reviewing much better. The Red Hat Bible just didn't have the same smart feel to it. It did not have specific console commands written out in examples, and did not seem to give as much insight into exactly how my Linux system operated. The best way to describe it would be that it was just like the 'how-to' books for Microsoft products: they tell you how to change things, how to make such and such happen -- but more like "If I turn the wheel in my car to the right, I go right," instead of teaching the physics of the gears in the steering column and the forces being transfered to the wheels, and the wheel's friction turning the cars direction. I learned how to change things, but not how the things I changed specifically interacted.

After a short introduction, the book spends 20+ pages coaching the reader on how to prepare for his first Linux install. It also helps decide how to partition systems and drives, so that just about any foreseeable storage situation is addressed. The next chapter is dedicated to actually installing the OS on your computer(s) by any method you would like, be it CD-ROM, traditional ethernet, hard drive, or even through a parallel port or serial port. The book explains and tells you where to look up the autoinstall Kickstart system, and generally makes you feel like you could walk into any situation and feel comfortable with what you were doing. It even gives a two-page listing of exactly what things to expect during an office transition, and a great checklist for getting all hardware versions and compatibility issues checked out ahead of time. Hopefully before you put a dent in that professional image of yours.

After you are done reading about all the wonderfulness of post-install configuration, then you go through your 'first steps' with linux. Learning the directory tree a little better, shell commands to compress/decompress, directory permissions, various switches and adding users.

There follows in the 6th chapter the best explanation of X I have ever read. I must admit that I had no idea how versatile and powerful X was. This is the section of the book that started to make me feel like I was 11 years old again and playing with my first computer, and trying to understand how to program Basic. :)

Part II of the book then starts dealing with actual system administration, including all the services that run in the background, software and system resources, user management, filesystems, and backup/restore/recovery. I get kind of misty eyed when I think of all the user commands that I can now type in at a prompt. Group and user admin surely beats the competing win2k/win2k3 server editions (User manager, though wonderful, is not as powerful as these simple commands in Linux).

Part III of the book deals with System services, including Printing, Network, DNS, Apache management, MySQL, FTP, Email, and collaborative software. While I have always found network connectivity to be a strong suit of mine, I think I learned a bit in that chapter anyway. I have not had the opportunity yet to set up my own email servers or web servers, but I do anticipate doing so within the next 2 years, and with the excellent line-by-line examples in this book to lead me, I feel that I will be far less bewildered than your average Microsoft-only user.

Part IV deals with programming and productivity. I am not a programmer, so I skipped most of the sections on perl and C/C++. I did find shell scripting to be a worthwhile read, and implemented a few little tweak scripts on my own little machine. Multimedia is also covered in this section, which also describes why RedHat avoided allowing MP3 playback by default. No matter; I had long before reading this section updated xmms to allow MP3. (Gosh, I would never accomplish anything without my trusty MP3 collection.) There is also a very nice history of OpenOffice.org, and how to use it too. The book also offers help with PDAs, faxing and scanning.

This section also includes text examples of configuration and setup for emulation and cross-platform tools. While I am intrigued by the beautiful screenshot of Return to Castle Wolfenstein running perfectly in emulation mode, I cannot say that I have attempted to completely replace my gaming computer just yet -- sadly I still dual boot with win2k. However, after fully reading the chapters in the emulation section, I feel that I will have a much better chance than I did before. I know that newsgroups are great, but my general feeling after reading this book is much better than after reading bulletin board posts. :)

This book concludes with a large appendix section -- and best of all, somewhere around 20 pages of blank paper for me to write in my own notes and cheats. That way I won't lose them underneath a computer, because, damn, that is a big book.

I strongly recommend this book to just about anybody interested in starting into Linux. Assuming that you can indeed read, and don't get freaked out by an occasional command-line interface, you should be fine. I know most things have a GUI command interface available, it is nice to know exactly what that little GUI applet is doing. "It is editing this text file, that is linked to this one," and so on. I also strongly recommend it for the hardened Linux user/admin, as I believe it would be a worthwhile thing to have on the shelf. You probably will get a little bit more use out of it than you do that Windows NT4 server book you have up there. I find this book relevant, accurate, helpful, logical, and insightful. It has a few typos, grammatical mistakes and spelling errors(show me a programmer that can spell in English!), and sometimes I wish the authors had spent more time on the graphical tools rather than the text/console based tools, but on the whole, excellent.

Acemics' review of Red Hat Linux 9 Professional Secrets Red Hat Linux 9 Professional Secrets author Naba Barkakati pages 1038 publisher Wiley rating 9 reviewer Vince ISBN 0764541331 summary A great Linux guide for experienced users as well as newbies.

The task of learning Linux can be a burden that some people just do not want to take on. Trying to find the right book to learn more about Linux or to use as a reference can be a mind blowing task given all the choices that are available. Red Hat Linux 9 Professional Secrets by Naba Barkakati is an excellent option for the Linux newbie or the experienced Linux user who wants a useful reference guide.

Weighing in at over 1,000 pages, Red Hat 9 Professional Secrets provides many useful insights and behind the scenes tips on the inner workings of Red Hat Linux. I have used many different books on Linux and specifically the Red Hat distro, and over the past few weeks I found myself going back to this book as a reference and easily finding the solutions I was looking for.

Such a large book can sometimes be a "turn off" for someone looking for their first book to learn something new. The fear being that they will never be able to navigate through all the technical advanced jargon that one usually finds in a 1,000+ page book. However, I feel the author does a good job introducing Linux basics and fundamentals in Part I: Setting Up Red Hat Linux, and Part II: Exploring Red Hat Linux.

The first two parts of this book which compose chapters 1-12 are only the first 373 pages. Parts III, IV, and V discuss in detail Internetworking with Red Hat Linux, Managing Red Hat Linux and Programming Red Hat Linux. These sections of the book deal with more advanced subject matter such as setting up Red Hat Linux as a Mail Server, News Server, Web Server, FTP Server and Samba Server, and how to manage, secure and administer your Red Hat Linux system.

While some may consider the first two parts to be strictly for the Linux newbie and the second three parts for the more experienced Linux user, I believe that these areas mesh well with each other providing the experienced Linux user with install tips in the first two parts that are often overlooked and providing the newbie with the definitive Linux guide that will walk them through the simple tasks as well as provide them more in-depth detail to the more advanced concepts that are often only found in a separate Linux administration book.

I would highly recommend this book to the experienced Linux user and the Linux newbie who are looking for the ultimate guide on Red Hat 9.

You can purchase Red Hat Linux 9 Professional Secrets or Red Hat Linux 9 Unleashed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Read on below for two readers' review of books aimed at Red Hat 9 users: acemics writes with a quick review of Red Hat Linux 9 Professional Secrets, and reader skogs contributes a longer look at Sam's Publishing's Red Hat Linux 9: Unleashed. Red Hat Linux 9 Professional Secrets, Red Hat Linux 9 Unleased author See each. pages See each. publisher See each. rating See each. reviewer See each. ISBN See each. summary Guides for both experienced users and newbies to Red Hat 9

skogs' review of Red Hat Linux 9 Unleashed Red Hat Linux 9 Unleashed author Bill Ball and Hoyt Duff pages 1002 publisher Sams Publishing rating 9 reviewer Nathan Jay Skoglund ISBN 0672325888 summary A guide for intermediate to advanced users of Red Hat 9.

To begin my humble review, I think I need to explain my point of view a bit. I am very interested in Linux and the open source movement, hence the purchase of a 1000+ page Linux book. Nothing new here, just a book review, if you want some technical writing, buy the book.

The problem is that I have tried many distros (Slackware, RedHat7.2, Icepack 2.0, Mandrake 9.1, Knoppix[fun], DamnSmallLinux and now RedHat 9.0), and not really known what I was doing. I liked most of the install programs, and I liked the general office suites, but I couldn't fulfill my need to know what exactly was going on inside my machine.

I sat down inside Barnes & Noble for roughly an hour and a half and looked over the Unleashed Book and compared it to the 'Bible'. Having looked through them both extensively, and learning a few things along the way, I decided that I liked the book I am reviewing much better. The Red Hat Bible just didn't have the same smart feel to it. It did not have specific console commands written out in examples, and did not seem to give as much insight into exactly how my Linux system operated. The best way to describe it would be that it was just like the 'how-to' books for Microsoft products: they tell you how to change things, how to make such and such happen -- but more like "If I turn the wheel in my car to the right, I go right," instead of teaching the physics of the gears in the steering column and the forces being transfered to the wheels, and the wheel's friction turning the cars direction. I learned how to change things, but not how the things I changed specifically interacted.

After a short introduction, the book spends 20+ pages coaching the reader on how to prepare for his first Linux install. It also helps decide how to partition systems and drives, so that just about any foreseeable storage situation is addressed. The next chapter is dedicated to actually installing the OS on your computer(s) by any method you would like, be it CD-ROM, traditional ethernet, hard drive, or even through a parallel port or serial port. The book explains and tells you where to look up the autoinstall Kickstart system, and generally makes you feel like you could walk into any situation and feel comfortable with what you were doing. It even gives a two-page listing of exactly what things to expect during an office transition, and a great checklist for getting all hardware versions and compatibility issues checked out ahead of time. Hopefully before you put a dent in that professional image of yours.

After you are done reading about all the wonderfulness of post-install configuration, then you go through your 'first steps' with linux. Learning the directory tree a little better, shell commands to compress/decompress, directory permissions, various switches and adding users.

There follows in the 6th chapter the best explanation of X I have ever read. I must admit that I had no idea how versatile and powerful X was. This is the section of the book that started to make me feel like I was 11 years old again and playing with my first computer, and trying to understand how to program Basic. :)

Part II of the book then starts dealing with actual system administration, including all the services that run in the background, software and system resources, user management, filesystems, and backup/restore/recovery. I get kind of misty eyed when I think of all the user commands that I can now type in at a prompt. Group and user admin surely beats the competing win2k/win2k3 server editions (User manager, though wonderful, is not as powerful as these simple commands in Linux).

Part III of the book deals with System services, including Printing, Network, DNS, Apache management, MySQL, FTP, Email, and collaborative software. While I have always found network connectivity to be a strong suit of mine, I think I learned a bit in that chapter anyway. I have not had the opportunity yet to set up my own email servers or web servers, but I do anticipate doing so within the next 2 years, and with the excellent line-by-line examples in this book to lead me, I feel that I will be far less bewildered than your average Microsoft-only user.

Part IV deals with programming and productivity. I am not a programmer, so I skipped most of the sections on perl and C/C++. I did find shell scripting to be a worthwhile read, and implemented a few little tweak scripts on my own little machine. Multimedia is also covered in this section, which also describes why RedHat avoided allowing MP3 playback by default. No matter; I had long before reading this section updated xmms to allow MP3. (Gosh, I would never accomplish anything without my trusty MP3 collection.) There is also a very nice history of OpenOffice.org, and how to use it too. The book also offers help with PDAs, faxing and scanning.

This section also includes text examples of configuration and setup for emulation and cross-platform tools. While I am intrigued by the beautiful screenshot of Return to Castle Wolfenstein running perfectly in emulation mode, I cannot say that I have attempted to completely replace my gaming computer just yet -- sadly I still dual boot with win2k. However, after fully reading the chapters in the emulation section, I feel that I will have a much better chance than I did before. I know that newsgroups are great, but my general feeling after reading this book is much better than after reading bulletin board posts. :)

This book concludes with a large appendix section -- and best of all, somewhere around 20 pages of blank paper for me to write in my own notes and cheats. That way I won't lose them underneath a computer, because, damn, that is a big book.

I strongly recommend this book to just about anybody interested in starting into Linux. Assuming that you can indeed read, and don't get freaked out by an occasional command-line interface, you should be fine. I know most things have a GUI command interface available, it is nice to know exactly what that little GUI applet is doing. "It is editing this text file, that is linked to this one," and so on. I also strongly recommend it for the hardened Linux user/admin, as I believe it would be a worthwhile thing to have on the shelf. You probably will get a little bit more use out of it than you do that Windows NT4 server book you have up there. I find this book relevant, accurate, helpful, logical, and insightful. It has a few typos, grammatical mistakes and spelling errors(show me a programmer that can spell in English!), and sometimes I wish the authors had spent more time on the graphical tools rather than the text/console based tools, but on the whole, excellent.

Acemics' review of Red Hat Linux 9 Professional Secrets Red Hat Linux 9 Professional Secrets author Naba Barkakati pages 1038 publisher Wiley rating 9 reviewer Vince ISBN 0764541331 summary A great Linux guide for experienced users as well as newbies.

The task of learning Linux can be a burden that some people just do not want to take on. Trying to find the right book to learn more about Linux or to use as a reference can be a mind blowing task given all the choices that are available. Red Hat Linux 9 Professional Secrets by Naba Barkakati is an excellent option for the Linux newbie or the experienced Linux user who wants a useful reference guide.

Weighing in at over 1,000 pages, Red Hat 9 Professional Secrets provides many useful insights and behind the scenes tips on the inner workings of Red Hat Linux. I have used many different books on Linux and specifically the Red Hat distro, and over the past few weeks I found myself going back to this book as a reference and easily finding the solutions I was looking for.

Such a large book can sometimes be a "turn off" for someone looking for their first book to learn something new. The fear being that they will never be able to navigate through all the technical advanced jargon that one usually finds in a 1,000+ page book. However, I feel the author does a good job introducing Linux basics and fundamentals in Part I: Setting Up Red Hat Linux, and Part II: Exploring Red Hat Linux.

The first two parts of this book which compose chapters 1-12 are only the first 373 pages. Parts III, IV, and V discuss in detail Internetworking with Red Hat Linux, Managing Red Hat Linux and Programming Red Hat Linux. These sections of the book deal with more advanced subject matter such as setting up Red Hat Linux as a Mail Server, News Server, Web Server, FTP Server and Samba Server, and how to manage, secure and administer your Red Hat Linux system.

While some may consider the first two parts to be strictly for the Linux newbie and the second three parts for the more experienced Linux user, I believe that these areas mesh well with each other providing the experienced Linux user with install tips in the first two parts that are often overlooked and providing the newbie with the definitive Linux guide that will walk them through the simple tasks as well as provide them more in-depth detail to the more advanced concepts that are often only found in a separate Linux administration book.

I would highly recommend this book to the experienced Linux user and the Linux newbie who are looking for the ultimate guide on Red Hat 9.

You can purchase Red Hat Linux 9 Professional Secrets or Red Hat Linux 9 Unleashed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Tom Alaerts writes "I discovered Robert Charles Wilson because of the curiosity-inducing Slashdot review of his previous novel, The Chronoliths. I had read a lot of SF in the past but over the last 10 years I drifted away from the genre. The Chronoliths sparked my interest again, and this was largely because Wilson, next to an interesting story, gives a lot of attention to the character development. I really liked the deliberate pacing of the book (I can understand that some might find it slow), following the characters through a carefully constructed story. It made me curious about his other works such as Darwinia or the short story collection The Perseids. And now Wilson's new novel Blind Lake is available." Read on for his review. Blind Lake author Robert Charles Wilson pages 399 publisher Tor rating 8/10 reviewer Tom Alaerts ISBN 0765302624 summary A book about alien contact and the difficulty of interpretation

Blind Lake takes place in a close future and deals with alien contact and the difficulty of interpreting alien behavior. If you don't want to read further (but I will not include real spoilers, only the setting of the book), I can already summarize as follows: if you liked The Chronoliths or Darwinia, then you will like Blind Lake.

In the book, Blind Lake is one of two locations with an ultra-advanced telescope. This device doesn't work optically, and in fact nobody really understands exactly how it works (there is some amusing technobabble in the book about infinite complexity, adaptive self-programming and the like -- you know the drill), since it was invented accidentally. Anyway the result is that with this telescope, scientists can examine the surface of very far planets in great detail, they can even track an intelligent alien being through its daily life. The book follows Marguerite, a team leader at Blind Lake, her ex-husband, her young daughter (who suffers from a mild personality disorder), and a team of journalists. Marguerite leads a team of "interpreters," which leads to plenty of interesting discussions on how difficult this work is -- it is almost impossible to write the life story of the alien, since we tend to map what we observe to our own habits. Is the alien admiring the view or is he enjoying the air pressure? Etc, etc. Already from the very start of the story, Wilson injects a thriller element: Blind Lake goes into quarantine, with robot drones guarding the perimeter. Nobody knows why. Did something happen with the other telescope? Why are all data streams blocked?

Blind Lake is written with the same attention to detail as The Chronoliths, and the characters are equally well developed. There isn't much adventurous action in the book; it is built rather like a mystery novel with thriller elements, interjected with several interesting ideas. The pacing is similar to that of The Chronoliths. Wilson takes time to flesh out his characters and various background details. I like this thoughtful approach. Towards the end, various new ideas are introduced which are bigger in scope than the original storyline.

While I liked the almost metaphysical (even somewhat new age) concepts introduced in the later chapters, I actually preferred the original storyline (I had the same feeling with Darwinia, which evolves from an alternative history novel into a totally different story). Still, this is only a minor issue and most SF readers will experience a great deal of satisfaction with this book.

I would score Blind Lake 8/10. As a comparison with other Wilson books: I think it's as good as The Chronoliths, while I would rate Darwinia as a 7/10.

Interesting links

• Author's homepage
• Interesting reviews of Wilson's books
• The Blind Lake page at Barnes&Noble has interesting other comments (maybe even already a bit too much info if you haven't read the book yet).

You can purchase Blind Lake from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

milaf writes "Surprisingly many people have absolutely wrong ideas about Web Services. I think that the hype and perceived simplicity of everything having to do with the Web are to blame. Well, that, and the wide-spread 'confidence through ignorance' among us." Read on for milaf's review of the O'Reilly-published Java Web Services in a Nutshell, which he says displaces hype with good information. Java web services in a nutshell author Kim Topley pages 642 publisher O'Reilly rating 9/10 reviewer Alex ISBN 0596003994 summary Excellent book on Web Services for Java developers, related standards and technologies

I expected this book to be similar to other "Nutshell" books that I like and am familiar with: a very accurate and concise description of the domain, followed by a huge API reference. Well, I was pleasantly surprised: this book reads more like a tutorial, yet it is a reference in the sense that you can easily read its parts independently, and its index is quite useful and complete.

The book covers all technologies necessary for defining, implementing, and deploying Web Services for both client and server sides:

• WSDL (Web Services Definition Language), the XML-based interface definition language (and more); CORBA folks: this is your IDL for the Web Services platform, only not as easily read or understood. Not to worry: there are GUI-based editors for this thing, many of them are free. Plus the book explains WSDL format and structure in a great detail.
• JAXR, a client-side interface for extraction of business and service information from the compliant Web Service registries.
• JAX-RPC (two chapters: basic and advanced); at the application level this technology is similar to CORBA using Java.
• JAXM, a high level standard-based generic interface to messaging that is implemented by a messaging provider. It offers the benefits of asynchronous messaging, robust message delivery, and message profiles (use of SOAP message headers).
• SAAJ is a low-level Java interface to SOAP; under the hood some of the mentioned technologies use it.

For each of these technologies the author dedicates enormous effort to showing intricate but very relevant technical details without obscuring the big picture. There is a necessary but not overwhelming amount of Java code and XML. You will be able to reuse the examples since they are very clear.

The book has a chapter on Web Services tools and configuration files. This is a very helpful chapter: the business of defining deployment descriptors by hand is a messy job; presence of this chapter makes the job a bit easier. A small but helpful API reference may be found at the end of the volume.

If you need to understand the details of how to build, implement, and deploy Web Services, you will not be disappointed. There is absolutely no hype in this book! Considering the topic, nowadays this alone is an achievement.

Web Services technology is not the "Web Stuff," it is not related to browsing the WWW, and it does not pertain to the services offered by the WWW vendors (unless Web Services is what they sell). It is a fast-growing technology for programming in the distributed computing environment. Judging by the hype and money being spent on it by the leading powerhouses, it is going to be very prolific and important technology in the near future. Want to know more? -- Read the book!

You can purchase Java Web Services in a Nutshell from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

puppetman writes "The Kansas City Star has an interesting story about Toynbee Tiles. They show up embedded in streets, and can be found in the US (Pittsburgh, Philadelphia, New York, Baltimore, Aberdeen, Edgewood, Washington, etc), Chile, Argentina and Brazil. They are made of "epoxy or super hard plastic that's actually inlaid in the asphalt itself." The tiles invariably state, "Toynbee Ideas in Kubrick's 2001 Resurrect Dead On Planet Jupiter". Sometimes there are secondary tiles that request people make more while others are of a more paranoid slant. Toynbee was a religious historian who believed that "well-being of a civilization depends on its ability to respond successfully to challenges, human and environmental". There is even a Ray Bradbury book, The Toynbee Convector. Toynbee.net has a link to a Usenet posting where someone ask's Kubrick's daughter if the man himself knew of the tiles. To date, the origin of the tiles are a mystery. Any /.'ers able to provide the location of additional tiles, or perhaps clues for solving the mystery?"

RobotWisdom (Jorn Barger) writes "Imagine if William Gibson wrote a James Bond adventure in which a sexual tigress seduces Bond into a Caribbean political crisis, requiring a nighttime scuba-dive into a sunken treasure-wreck, and then a voodoo ceremony that reads like a nightmare acid trip. Now replace James Bond with an "overeducated hick" atheist literature professor from Minnesota. And target the writing to intelligent adults, rather than adolescents. That should give you an idea of the latest novella from Robert Stone, Bay of Souls: A Novel." The book is compact, and so is the rest of Barger's review (below). Bay of Souls: A Novel author Robert Stone pages 256 publisher Houghton Mifflin Company rating 9 reviewer Jorn Barger ISBN 0395963494 summary Classy, intelligent adventure for William Gibson fans

The William Gibson comparison is only a little farfetched -- Gibson acknowledges Stone's "paranoid fiction" as the stylistic inspiration for Neuromancer, so if you liked that writing style, you owe it to yourself to try reading Stone. But his books aren't science fiction, and they aren't just adventure stories by any stretch of the imagination.

Stone's been living on the edge of the counterculture since before Ken Kesey's famous 1964 Magic Bus trip. (In fact, his next book will be a memoir of his adventures with Kesey & Co.) His 1974 tour-de-force Dog Soldiers was about southern California drug smugglers in the Vietnam era. His 1981 A Flag for Sunrise was a painfully realistic study of central American political corruption. And 1998's Damascus Gate explored dozens of flavors of religious fanaticism in present-day Israel. [more background]

But Stone's style is the bedrock these are all anchored by. On the one hand, he uses his style to give a gritty, macho, hardboiled detective-story authenticity, but at the same time he's aiming much higher, into the realm of the literary classics (two of his novels qualified for Harold Bloom's exclusive Western Canon of all-time greats). He likes to weave in lots of casual allusions to interesting-but-obscure historical tidbits (I've started compiling online annotations for Damascus Gate and now for Bay of Souls as well).

You can read a sample online [more] to get a sense of Stone's writing, although that first chapter just shows "the calm before the storm," as the hick professor goes on a short hunting trip, and encounters a tragicomic loser who becomes a recurring motif in the book:

...He was struggling with the odd wheelbarrow across which he had slung his prize deer. It was a thing full of seams and joins and springs. Though it appeared altogether large enough to contain the kill, it could not, and its inutility was the source of his sobs and curses and rage and despair. And as the unfortunate man shoved and hauled, pushed and pulled his burden, covering the ground by inches, the extent of his rage became apparent. To Michael, observing from the tree, it was terrifying ...

This short book (250 pages) isn't for everybody, but I strongly recommend it to Gibson fans who feel curious to explore beyond sci-fi.

You can purchase Bay of Souls from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

meltoast writes "On September 17th, DC is releasing the first new installment in the Sandman series in over 7 years. Endless Nights is written entirely by award winning Neil Gaiman and drawn by seven different artists. Pre-order from ... well... where ever you want."

Simon P. Chappell writes "Now, I enjoy a good technical book more than the next geek, but it's been quite a while since one left me quite so excited with the possibilities that it presented. Code Generation in Action is beyond interesting, it is a masterful tome on its subject matter, written by one who is obviously an experienced practicioner in his craft." If "code generation" isn't a familiar term to you, this enthusiastic overview on devx.com is a concise introduction to what code generation is about, though it makes no pretense of ambivalence about its importance as a programming tool. Read on for the rest of Chappell's review. Code Generation in Action author Jack Herrington pages 342 (10 page index) publisher Manning rating 9 reviewer Simon P. Chappell ISBN 1930110979 summary A masterful tome.

Overview Code Generation in Action, CGiA to its friends, is presented in two parts. The first part is four chapters, and covers a code generation case-study, the basic principles of code generation, including the different types of code generation strategies together with reasons why you would or would not use each strategy. The book's chosen toolset for building generators is presented next, and then some walk-through examples of building simple generators wraps up the first part.

The second part is a kind of a cross between a cookbook and a list of engineering solutions. There are nine chapters with the breadth of solutions covered being quite impressive, covering the gamut of generation of user interfaces, documentation, unit tests and data access code. Each chapter presents a couple of solutions within its topic area, often for different technologies within that topic. For example, the user interface chapter covers the generation of Java ServerPages, Swing dialog boxes and then Microsoft MFC dialog boxes. No favouritism here!

What's To Like There's a lot to like with this book. The writing is very clear and of good prose. I found the introduction to be very compelling, and I felt completely drawn in by the opening case-study. The four chapters of part one are a concise case for code generation, and would be very useful information to help persuade co-workers and management of the positive risk/benefit ratio with trying code-generation on a live project.

It would be impossible to try enough of any solution from part two in a time-frame short enough to make this review useful, but in the solutions that match my areas of knowledge, I found myself admiring Herrington's straight-forward and pragmatic approach.

What's To Consider There are two aspects of this book that I want to flag. One of these aspects, some will love and others will hate, and that is the choice of generator language for CGiA. The author has chosen to use Ruby as his working language. This is an interesting choice. Ruby is certainly a language that is inspiring a lot of admiration these days (in fact, it's hard to get Dave Thomas to stop talking about it :-), but with the majority of the code-generation examples being for Java-related technologies, I wonder why Java was not selected instead.

I also found myself wondering about the lack of discussion of how to integrate these Ruby tools into a typical Java build process. Many developers I know use ant to bring automation and consistency to their builds, yet the book doesn't mention this. (JRuby anyone?) Certainly something to consider for the second edition or future code-generation authors.

Summary

This is a masterful tome that inspires and delights, although the two issues raised above did cost it a perfect score of ten.

Table Of Contents

1. Code generation fundamentals
2. 1. Overview
   2. Code generation basics
   3. Code generation tools
   4. Building simple generators
3. Code generation solutions
4. 1. Generating user interfaces
   2. Generating documentation
   3. Generating unit tests
   4. Embedding SQL with generators
   5. Handling data
   6. Creating database access generators
   7. Generating web services layers
   8. Generating business logic
   9. More generator ideas

You can purchase Code Generation in Action from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Mar's closest visit to the earth for a while may be over -- but while that reddish speck is still far brighter than usual, you might want to brush up on your Martian knowledge. Read on below for honestpuck's review of A Traveler's Guide To Mars. A Traveler's Guide To Mars author William K. Hartmann pages 445 publisher Workman Publishing rating 8 - Good book, some flaws notwithstanding. reviewer Tony Williams ISBN 0761126066 summary Good interesting guide to Mars

With all the noise and kerfuffle about Mars recently I thought I should take a look at the Red Planet. I'm not well educated about astronomy, have to think hard to get the order of the planets right, but still wanted something with some depth. I found a great little guide for the uninformed visitor, "A Traveler's Guide to Mars" by William K Hartmann. This fairly inexpensive volume is full of all the information you're going to need, a large number of pictures, several maps and a great deal of information about previous voyagers to the planet. Indeed Hartmann was one of the scientists for the Mars Global Surveyor mission.

This book really does look like a typical traveler's guide with large print, bold headings, a good use of colour and text boxes. The style is light enough that when it gets scientific you don't notice too much. It is broken up into seven sections

1. Introducing Mars: Past and Present.
2. Noachian Mars: Exploring The Oldest Provinces
3. Interlude: Landing on Mars
4. Hesperian Mars: A Time of Transition
5. Interlude: Rocks From Mars
6. Amazonian Mars: The Red Planet Today
7. Where Do We come From, Where Are We Going

The first section is a quick overview of the planet and a look at the history of Martian research. Section three looks at the various landings and what they discovered. Section five is a single chapter explaining the Martian meteors and what they might mean. Section seven is also small and looks at future Martian research. The other three sections look at the geography and geology of various parts of the Red Planet.

I found the whole book fascinating. I particularly liked the way Hartmann kept almost all his own tale in small sidebars called "My Martian Chronicles", 15 of them scattered through the book. These were interesting and meant that he could push his own barrow in a way that didn't intrude into the rest of the book, you could read them when you wanted. Throughout the book you get a huge amount of information about Mars and how the various bits were likely formed and what further exploration is likely to find.

All that said, it's not a book that can be taken in huge gulps. It took me several weeks to read it, picking it up and reading a few chapters then putting it down for a day or so, then perhaps another hour or two just looking at pictures, maps and reading sidebars. The layout does lend itself to this, however, so I'm not quite certain I'd call this a flaw, it seemed like a good way of making a 450 page book on Mars that much easier to digest. It also doesn't seem like a book that you need to read cover to cover, in order. I certainly didn't, reading bits about the meteors and landings and the last section before reading the section on Hesperian Mars.

The Workman Publishing web page on the book is not much use, with only a tiny excerpt from the book and while the book does have a selected reading list at the end it would have been nice to have a list of recommended web sites for further information as most of us don't have access to the sort of library likely to carry advanced astronomy journals or books.

If you're not an astronomy geek and want to know more about Mars then you may well find this book ideal. I certainly enjoyed my visit to the Red Planet.

You can purchase A Traveler's Guide To Mars from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "As digital video cameras spawn in the hands of you, me, parents and tourists like cockroaches in my kitchen we find ourselves needing the kind of technical and aesthetic help not really seen since the advent of 'desktop publishing'. Once again a 'Missing Manual' has come to my help." Read on for honestpuck's review of David Pogue's iMovie 3 & iDVD: The Missing Manual. iMovie 3 & iDVD: The Missing Manual author David Pogue pages 456 publisher Pogue Press/O'Reilly rating 7 - Good book, some flaws reviewer Tony Williams ISBN 0596005075 summary A quality introduction to two closely tied products.

I have previously reviewed iPhoto2: The Missing Manual and said "The target audience for this book would probably be a little less technical than myself or the average Slashdot reader, however when I find myself in a field I don't understand well I don't mind a little stuff for the absolute newbie" -- and once again this is true. iMovie 3 & iDVD: The Missing Manual finds me in an area where I am technically inferior. Once again I truly appreciated this book and its style.

The book is broken up into four sections, one devoted to video cameras and shooting a movie, a large one on editing in iMovie 3, and smaller sections on exporting out of iMovie 3 and on using iDVD. At the end are two useful appendices: the first is a menu-by-menu look at iMovie 3, and the second is an iMovie 3 troubleshooting guide. The latter is often needed and always useful -- iMovie 3 still has more than one bug.

The first section gives a great deal of incredibly useful information about video cameras and how to use them, including hints on various types of shooting such as sporting events, interviews and weddings. The technical information on cameras is perfect if you have yet to buy a camera, including a guide to which features are essential and which unnecessary as you can do the same thing (only better) in iMovie 3. When it goes on to the 'how to shoot' section, you get pretty much the same advice you'll get anywhere, but since we didn't really read all of from the last book on video we read (and forgot half the bits we did read) it's nice to have it there again.

The second section does a good job of explaining the details of iMovie 3, even down to some of its shortcomings and bugs. I also appreciated the way it spent as much time on improving the quality of the finished film as it did telling me how to use the various parts of the software. It follows a logical sequence through the movie-making process, giving good details on how iMovie does the job, how to get the best result and what sort of things to avoid -- particularly useful for things like transitions and effects when less is best.

The third section, titled "Finding Your Audience," is a bit more of a problem. It really has nothing to do with finding an audience and a lot more to do with QuickTime. The section first spends ten pages telling us how to get our edited film back onto the camcorder or onto a VCR, then it spends a lot of time dealing with exporting to QuickTime, including posting movies to the web and some info on using the QuickTime player, including some "tricks" with QuickTime Player Pro.

The attention to the finished product in the second section carries through to the fourth section on iDVD, though the writing here is not quite as good. It is incredibly informative, however. I learned a great deal about putting together all sorts of iDVD projects, including ways of customizing almost every aspect of the finished product.

O'Reilly have the usual marketing stuff while Pogue Press have the handy little Missing CD section with links to all the free and shareware software mentioned in the book. Neither has a sample chapter or the table of contents, you can't even get either at Amazon.

One of the drawbacks of getting free software is that we don't get good free documentation. One of the benefits of free software is that we can choose which 'documentation' to buy. Some people might prefer the style of the 'Dummies' books, others the style of Peachpit's Visual Quickstart Guide. I've had a look at all three and like the balance of depth and explanation that Pogue has in his 'Missing Manual' series. I once again find myself recommending a 'Missing Manual' to everyone. While catering to the beginner, this book goes deep enough that all but the most long-term user of these two pieces of software will find something to learn in this volume.

You can purchase iMovie 3 & iDVD: The Missing Manual from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nut writes "MIDP 2.0 is the latest version of the most common J2ME Profile. It comprises the Java Connected Limited Device Configuration (Usually referred to just as the CLDC) and a Java API for handheld wireless devices -- i.e. mobile phones, PDAs, etc. The MIDP 2.0 Style Guide for the Java 2 Platform, Micro Edition is one of a class of books that every application developer should read, and that not enough do, much like Nielsen's classic Designing Web Usability. It provides cheap access to knowledge that is expensive to obtain. The title is almost a misnomer; Call it a usability guide and give a better idea of its usefulness." Read on for the rest of nut's review. MIDP 2.0 Style Guide for the Java 2 Platform, Micro Edition author Cynthia Bloch, Annet Wagner pages 260 pages approx. publisher Addison Wesley rating 8 reviewer nut ISBN 0321198018 summary A comprehensive guide to usability in MIDP 2.0 programming.

MIDP 2.0 is also a fairly new specification -- in fact, the final release only came out in November of last year. Some phone and handheld manufacturers are already supporting it, however. Nokia, for example, have announced support for MIDP 2.0 on their Series 60 devices quite recently, and I would be very surprised if the competition hangs back in the wake of the success of the MIDP 1.0 specification.

A lot of the content in this book can be usefully applied to the many MIDP 1.0 devices. There is in fact a MIDP 1.0 style guide, now available online, but I would still recommend this book for the wealth of extra content that it has.

The MIDP 2.0 Style Guide is a widget-by-widget guide to best-practice programming with the MIDP 2.0 API. The information contained within comes from established design principles, J2ME programming and implementation experience, and usability studies. Usability studies, especially, don't come cheap. Such labour-intensive research is well out of the reach of most individual programmers and small companies, so there is real value for money here.

The layout is very browseable, with most of the sixteen chapters each being a set of recommendations for a specific widget such as a text box or a gauge. The first three chapters (this includes the introduction) are more concerned with defining the goals of the book, the technology it relates to and the bones of a user-interface design process. For the most part, each chapter follows a standard format that is defined in the introduction.

Some of the later chapters cover topics that have less to do with user interface design, such as application installation and management, and the security API. The table of contents is comprehensive, listing not only chapters but two layers of headings within chapters -- useful in a reference book.

There are two target audiences here: J2ME developers and MIDP 2.0 implementors. For the former, it's an excellent resource. For the latter, I would say it was required reading. This is because it ends up defining what amounts to a contract between MIDP implementors and application developers.

For instance, from two successive recommendations on text boxes:

Application Developers
"Use [The NON_PREDICTIVE] modifier in a textbox that has a URL, EMAIL, NUMERIC, or DECIMAL constraint. Email addresses and domain names are not typical words, so turning off predictive text input ..."

And in the next paragraph,

MIDP Implementors
"If the application specifies the NON_PREDICTIVE modifier, allow users to enter one character at a time without any predictive input facilities."

Clearly the first recommendation is only meaningful if the second has been followed already. There are lot of these sort of co-dependent recommendations, covering areas such as default actions for abstract commands, list selection defaults, field constraints, etc.

There is still a lot of slop in the MIDP 2.0 specification. Its scope is, after all, fairly broad -- encompassing forms and form widgets, graphics canvases, game canvases and sprites, command design patterns, messaging and networking, security and application delivery APIs. Besides which, large chunks of the spec are optional, or can be implemented in more than one way. In part this is to preserve backward compatibility with MIDP 1.0, but it also means that your UDP-based streaming video application might work on only some the devices that support the same standard.

This looseness is only to be expected in such a young technology, but it means that books such as this may help to define the standard if people use the recommendations they provide. I would expect many of the recommendations in here to become part of future versions of the MIDP specification.

NOTES:
For more information on J2ME in general, and MIDP in particular, I also recommend Programming Wireless Devices with the Java 2 Platform, Micro edition [2nd ed.] and, of course, there are all the specifications and tutorials at Sun's Java site.

The J2ME Wireless Toolkits versions 1.0.x and 2.0 are good starting points for development as well. Version 2.0 of the wireless toolkit supports MIDP 2.0.

You can purchase MIDP 2.0 Style Guide for the Java 2 Platform, Micro Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

SpookWarfare writes "To be completely honest I'm good friends with Tom Spurgeon and Jordan Raphael, the authors of Stan Lee: The Rise and Fall of the American Comic Book." So take your grain of salt, and read on below for "an unbiased review of a the most important book ever to be written about the subject of comic books, or any subject for that matter." Stan Lee: The Rise and Fall of The American Comic Book author Jordan Raphael and Tom Spurgeon pages 320 publisher Chicago Review Press rating 8 reviewer Gus Mastrapa ISBN 1556525060 summary Stan Lee

If you don't know who Stan Lee is, you will have little to no interest in this book. But who are we kidding? Any geek worth his or her metal knows Stan "The Man" Lee, the co-creator of Spider-man, The Hulk, The Fantastic Four and countless other beloved Marvel Comics characters. What most people don't really know is the real story behind the creation of these characters. Many have never heard of the artists Jack Kirby and Steve Ditko, who contributed a great deal to the creation and development of these superheroes. In the past years a bit of a rift has formed in comics fandom, the hard-core siding with the late Kirby, claiming that Lee and Marvel did the artist wrong. The other side blithely backs the amiable Lee. Through interviews with artists, family members and Stan Lee himself, Spurgeon and Raphael try to shed some light on the subject.

Anyone who's read Michael Chabon's The Amazing Adventures of Kavalier and Clay will notice a great deal of similarities between Stan Lee's origins and the fictionalized settings Chabon created for his book. Both stories start in the time of the pulps, when publishers cranked out fantastic publications by the truck-load. The parallels are fascinating. If you're a comic book fan and you haven't read Chabon's book, you need to read it.

Anyway, the book I'm supposed to be reviewing tracks Stan Lee's star from his position as a lowly writer at Timely Comics, to the editor behind the most famous run of comic books in history; Marvel's Silver Age comics. This is when the Fantastic Four, Spider-man and The Hulk were born. The book doesn't stop there. It follows Lee through the decades detailing his involvement with the Marvel titles all the way. It examines his rocky relationship with Hollywood and decades of attempts to bring Marvel characters to life on television or in the movies. Even more fascinating are the segments of the book that deal with Stan Lee Media and the enormous financial flame-out that occurred when the business went sour.

The book paints Lee in a very humanistic light. It brings his flaws into sharp contrast and at the same time gives him credit for his amazing accomplishments, unceasing drive and wild imagination. Most interesting is the way the book tells the story of all comics in the context of Marvel and Lee's story. As much as underground geniuses such as R. Crumb or Art Spiegelman must hate the association, it's hard to argue that the fates of all comics are influenced by Marvel's gravitational pull.

There's been a mild knee-jerk reaction in the comics community that the book is blatant attack on Lee, being that both Spurgeon and Raphael both worked at The Comics Journal, a publication that has publicly supported Jack Kirby's claims against Lee. To be fair, the authors put an exceptional amount of work into trying to tell the truth, which is reflected in the sheer number of annotated resources they've provided in the book's source notes.

In all seriousness, try to forget for a moment that I'm friends with the authors. As a lifelong comics reader I found the information presented in this book fascinating. It made me want to run to my comics shop and buy reprints of the old issues. Don't take my word for it, though.

There are several excerpts of the book available online. You can read the prologue at the book's official website. Part of Chapter 17, "Stan in Hollywood" is excerpted at The Comic's Journal's website."

You can purchase Stan Lee: The Rise and Fall of The American Comic Book from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Gianluca Insolvibile writes "I plead guilty: I have always admired Microsoft's COM architecture and the relative simplicity that allows you to reuse already installed components to create even complex programs. And I have always been fascinated by the distributed nature of DCOM, which seemed to me much more graspable than complex monsters like CORBA and J2EE. While looking for equally expressive Open Source component technologies among GNOME and KDE, I was never able to find something fitting my needs (I never got into Bonobo deeply enough, though)." Read on to see how this led Gianluca to Juval Loewy's O'Reilly-published Programming .NET Components, and what he thinks of the book. Programming .NET Components author Juval Loewy pages 460 publisher O'Reilly rating 7.5 reviewer Gianluca Insolvibile ISBN 0596003471 summary An introduction to components-oriented development with the tools and services provided by the .NET framework

One day, I stumbled upon the mono and Portable.NET projects, which are trying to bring all the .NET stuff to the penguin platform. This was the main reason that convinced me to learn more on .NET: open specs, a component-enabling technology, the cross-platform mirage, a completely new (well, sort of) set of concepts to be grasped, and something which I could use both on Linux and on Windows.

Armed with these expectations, I decided to look for a good introductory text on the .NET framework focused on components development. Among the plethora of publications on the subject, I decided to stick with a publisher having a long and respectable tradition in Open Source related books. Among the herd of funny beasts that populate O'Reilly's catalog, I picked out a "land hermit crab," aka Programming .NET Components, by Juval Loewy.

Overview The book begins with a chapter giving a rationale behind component-oriented programming versus object-oriented programming, that is, interfaces versus inheritance. The second chapter shows how those concepts are reflected in the .NET Framework, briefly introducing the Common Language Runtime (CLR), the Intermediate Language (IL) and .NET Assemblies. The following three chapters deal with interface-based programming, objects lifecycle management and versioning, gradually introducing the underlying concepts and showing how they become concrete in the .NET framework (more specifically, by using the C# language). No formal introduction to C# language constructs is given, but if you are familiar with C++ or Java you will be able to follow the code snippets fairly easily.

Events and asynchronous code execution are the subjects of Chapters 6 and 7, respectively. While the former is just a quick introduction to the C# approach to delegates and events (yet useful if you are new to the matter), the chapter on asynchronous calls is much more substantial. The mechanics behind async calls are explained, together with pros and cons of using callbacks, BeginInvoke() and EndInvoke() calls, one-way methods, and so on.

Chapter 8 is devoted to Multithreading and Concurrency. Commonplace concepts like threads application and usage are explained, as always dressed with a bit of C# syntax. While such concepts are easily found in any multithreaded programming tutorial on the Internet, explaining them from the basics never hurts -- and prepares the reader to the most insidious traps of multithreaded programming. Synchronization appropriately takes a fair part of Chapter 8: automatic and manual synchronization provided by the .NET runtime environment are explained, together with the concepts of contexts and synchronization domains. This part is quite interesting, since it delves into .NET specific concepts which are quite new to programmers who had a happy Microsoft-less childhood (though they might not be so new to people who speak COM fluently). Other .NET threading related services (such as timers) are presented at the end of the chapter.

Chapter 9, devoted to object serialization and persistence, describes how live objects can be transformed (formatted) into a stream of bytes to be sent over a network channel, or stored on a persistent storage medium. This chapter lays the grounds for the exacting chapter on remoting, which follows immediately. Chapter 10 is the longest and most content-rich chapter of the book: first, the entire story of native processes, .NET app domains and assemblies is told. After reading it here, it won't look so confusing as before. Then, objects marshaling, remote callbacks, synchronization and activation modes are described, including client and server activated, single-call and singleton modes. Afterwards, the author gets to a global overview of the .NET remoting architecture, its basic building blocks (like proxies, transport channels and call dispatchers) and working mechanisms (like type registration and environment configuration). A reprise on objects sponsorship and leasing closes the chapter and completes the discussion on objects' lifecycle left pending in Chapter 4. Chapter 10 offers a lot of interesting cues, but unfortunately cannot dig deeply enough in the subject (after all, this is not a book on remoting). Many people (including Juval himself) recommend Ingo Rammer's Advanced .NET Remoting (APress) to learn more on the topic, but I have yet to get my hands on it.

Chapter 11 reprises the description of contexts in .NET, this time focusing on calls interception. The whole interception architecture is described with a fair level of detail and, as always, in a clear and understandable way. Context-agile and context-bound objects are described, as well as .NET and custom component services. While reading this chapter, you start understanding that contexts, app domains, call interception and remoting are tightly interwoven and that their full understanding is the real key to the exploitation of the .NET platform potential. Unfortunately, this is where the book leaves you alone -- but I strongly suspect that a full coverage of these topics would have required an entire book on its own.

The last chapter of the book deals with the .NET Security architecture, introducing the concepts of permissions, code groups and policies. Security administration is explained, both from a system configuration and a programmatic point of view.

What's to like What I liked most is the straightforward approach of the author in introducing the rationale behind components, components-based programming and their support in the .NET Framework: each concept is walked through step-by-step, instead of being presented in a complete working example with little or no explanation. Hence, you won't get working code on page 3 of the book -- instead, you will gradually learn how to write some.

Indeed, I found the description of awkward concepts like asynchronous calls, multithreading and remoting very clear, even for someone with no previous experience with .NET and C#.

I also consider a plus the broad experience the author has in the field, which shines through the many programming hints given, and in lots of references to concepts in COM which have an homologous in .NET.

I finally found the book to have the right balance between printed code and text (that is: do not fill hundreds of pages with code, I'll look at it online).

What's to consider Programming .NET Components is just an introductory book: it points you in the right direction toward components programming with .NET, but does not bring you very far. If you are really serious about learning .NET advanced topics, you will need a more specific tome to complement (or substitute for) this one.

More specifically, the 70 pages which cover remoting are just an introduction to the matter. The same applies to some of the most important concepts revolving around .NET (app domains, contexts, and the like).

Finally, despite the subtitle ("Design and Build Maintainable Systems using Components-Oriented Programming"), be warned that this is not at all a book on software design (components oriented programming is covered in just 15 pages).

The summary Reading the book goes without a glitch, thanks to a smooth writing style and a very structured approach to explaining concepts. Still, when I turned the last page of the book I felt that my understanding of components within the .NET platform was far from complete.

.NET Components Programming is quite fair to its title: it will teach you how to program components by using .NET constructs, but (apart from some quick notes here and there) it will not provide extensive coverage of components oriented design and development. If you are already familiar with .NET concepts and are looking for something shedding light on components programming, this book will not help you significantly. On the contrary, if you know something about components and want to start developing them into the .NET Framework, this will surely be an interesting read.

Table of Contents
Preface
Chapter 1. Introducing Component-oriented programming
Chapter 2. .NET Component-oriented Programming Essentials
Chapter 3. Interface-based Programming
Chapter 4. Lifecycle Management
Chapter 5. Version Control
Chapter 6. Events
Chapter 7. Asynchronous Calls
Chapter 8. Multithreading and Concurrency Management
Chapter 9. Serialization and Persistence
Chapter 10. Remoting
Chapter 11. Context and Interception
Chapter 12. Security
Appendix A. Interface-based Web-services
Appendix B. Custom Security Principal
Appendix C. Reflection and Attributes

You can purchase Programming .NET Components from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck contributes this review of Sams Publishing's Teach Yourself AppleScript in 24 Hours, writing "The market for books on AppleScript cannot be a large one, since there never seem to be many volumes in it; usually only one at a time is up to date and worth the money. Now that O'Reilly's AppleScript In A Nutshell is showing its age (and wasn't that great in the first place), and Danny Goodman's book is even older, I was pleased to hear that this volume had come along." Read on for honestpucks' mixed impressions of the book. Teach Yourself AppleScript in 24 Hours author Jesse Feiler pages 432 publisher Sams Publishing rating 7 reviewer Tony Williams ISBN 0672325187 summary Not a bad introduction to AppleScript but leaves off far too early.

Teach Yourself Applescript in 24 Hours (TYA) from Sams Publishing is certainly up to date: it covers Applescript under OS 10.2 and the use of AppleScript Studio to build GUI applications using the language. That's its strength. The book's first weakness, though, is that it starts too far down the learning curve in my opinion. The first few chapters of TYA could be read by someone almost totally new to the Macintosh -- they cover such basics as running the scripts installed with the OS and getting new scripts from Apple and installing them. At the same time, they introduce basic AppleScript programming terminology not really required for these sorts of tasks such as suites, classes and commands. This material would have best waited a few chapters. It is not really until 'Hour 6', most of the way through the first part of the book, that it really sorts itself out and gets down to really teaching you AppleScript.

The Basics The book is divided into four parts: 'Getting Started With AppleScript,' which covers using scripts and basic programming concepts; 'Writing Scripts With Script Editor,' which takes you through using the Script Editor, details AppleScript syntax and how to script the Finder and various applications and using AppleScript Dictionaries; 'Working With AppleScript Studio,' which covers building AppleScript-based GUI applications using Project Builder and Interface Builder all the way through to complex applications that can store and retrieve documents; and a final section 'Advanced Scripting,' which covers Script Objects, scripting across a network (including SOAP and XML-RPC), and integrating scripts with the terminal and cron.

Each section is then divided up into chapters designed to be worked through in less than an hour ,with a small number of short exercises at the end. I found that most chapters took me about half an hour before I reached the exercises, which then took ten to fifteen minutes.

As you can see, almost everything you could ask for is touched on in this book. Once over the introductory chapters, I found the book to be well laid out, well structured and well written. I particularly liked Part III on AppleScript Studio; it started easily and worked up to quite an advanced little application explaining everything well along the way.

The Bad There are some things missing, however. Debugging is hardly mentioned (3/4 of one lesson), and debugging is not exactly trivial in AppleScript. I also found no mention of my pet demon with AppleScript; its incredibly strong typing and problems with having data in the wrong type; this is a classic problem with files and file names. In reality, this book teaches you the language without really getting down to teach you how to program in the language. A fine distinction, I know, but after just reading Learning Perl Objects, References & Modules, I found TYA to be light on real examples and real world code. Even the best section, the one on AppleScript Studio, didn't touch on many things you will need to know.

Sams have a page devoted to the book at the Sams web site, but frankly the URL is so long and cumbersome I don't dare risk putting it in a post. Go to the site and type 'AppleScript' in the search box. It has the table of contents and a sample chapter and some of the code from the book. The sample chapter is the third chapter 'Running The Scripts You Already Have' and really doesn't give you a good feel for how the book teaches you AppleScript programming. The page to download the code examples says "All the code developed for the book in one convenient download," but in fact all you get are the AppleScript Studio projects and source from four of the chapters. Oh, and the introduction says "There are even a few goodies on the web site that aren't in the book" -- they sure must be good as I couldn't find them.

In conclusion, I think this book starts too far down the learning curve and leaves off too early, with not enough detail. It seems a shame, what we have here is well laid out and well written, I wanted it to be better after I had finished. This book might suit someone absolutely new to the Mac who wanted to learn enough AppleScript to perform a few basic operations, for everyone else it'll be better to wait till October when AppleScript 1-2-3 will be out from Peachpit and AppleScript: The Definitive Guide will be out from O'Reilly, and we might have a better option. If you absolutely need to get some help with AppleScript Studio then borrow someone else's copy or find one second hand.

You can purchase Teach Yourself AppleScript in 24 Hours from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Charles McColm writes "At just under 1,000 pages the 3rd edition of Practical Unix & Internet Security might look intimidating on the shelf, but a quick glance through the pages reveals that it is both practical and entertaining. With Slammer and Blaster making their way into the news it seemed like a good time to brush up on security. Already considered a classic reference, the 3rd edition of the book provides extensive updated information about topics like PAM (Pluggable Authentication Modules), LDAP, forensics, intrusion detection, wireless devices, and cryptography." Read on for the rest of McColm's impressions of the book. Practical Unix & Internet Security author Simson Garfinkel, Gene Spafford & Alan Schwartz pages 954 publisher O'Reilly & Associates rating 8/10 reviewer Charles McColm ISBN 0596003234 summary The 3rd edition of Practical Unix & Internet Security adds much-needed updated information to an already classic security text. It's very comprehensive but a little dry in parts.

Practical Unix & Internet Security is divided up into six sections:

The first section covers the basics of computer security, tracing the history of Unix and security, as well as providing details of what should be in a good security policy.

The second section covers the building blocks of security, authentication, users and groups, filesystems, cryptography, physical security for servers, and personnel security.

Network and Internet security are focused on in the third section, with emphasis on modems and dialup security, TCP/IP networks, securing TCP and UDP services, Sun RPC, NIS, Kerberos, LDAP, NFS, and SAMBA, and finishing up with a chapter dedicated to secure programming techniques.

Day-to-day operations are the focus of the fourth section. Keeping up to date, making backups, defending accounts, using integrity checking tools, and auditing, logging, and forensics are all expanded upon in detail over five chapters.

The fifth section rounds off the main part of the book by describing how to handle security incidents. Special focus is given to discovering a break-in, protecting against programmed threats, Denial of Service Attacks (& DDoS), legal options, and a chapter on who you can trust.

The Appendixes make up the sixth and final section. Not a spot is wasted in the appendixes, which begin with a Unix security checklist, and then outline Unix processes, provide extensive links to both paper and electronic resources, and conclude with a sub-section on security organizations.

Among the topics I found most interesting were: Access Control Lists (ACL), Pluggable Authentication Modules (PAM), the section about 128-bit keys and dictionary-based passwords, connection laundering, honeypots, the false syslog example, and the example detailing a call to Microsoft's anti-piracy help line. The real-life examples scattered throughout Practical Unix & Internet Security keep the security sections from seeming overwhelming. This is one of the few books that I've found ever chapter of the appendix useful, so don't overlook them as simple reference pages.

Normally one-liners are reserved for movie discussions but for those who've already delved into Practical Unix & Internet Security here are a few of my favorite one-liners:

• "...we do believe that making files readable and writable by everyone leads to many evil deeds." - talking about the octal mode 666.

• "Humidity is your computer's friend." - just before static discharge kills your entire system.

• "Beware of Key Employees." - warning against making one person so key that their departure could cause your company irreparable harm.

• "You mean, you don't really have a copy? [of Windows 98]" - the last part of a conversation with Microsoft's Anti-Piracy line. The company which called Microsoft's was tracing some intruders who had uploaded a copy of Windows 98 to the company's web site and was using the site to peddle warez. Microsoft was just about to launch Windows 98. The example shows just how clueless some help desks can be.

There are a few spelling mistakes and grammatical flaws but not enough to take away from the bulk of the information and no glaring omissions. UUCP coverage was dumped because UUCP simply is not a practical anymore now that more advanced alternatives like sendmail exist. I started glazing over material by the middle of the NIS chapter, but it probably had more to do with the fact that I was thinking about the other 400 or so pages I had to read before I finished the main section of the book rather than the topic itself.

One of the great things about Practical Unix & Internet Security is that it is appropriate for a wide audience. There is relevant material for system administrators, security, company decision makers, even the guy sitting at the accounting terminal. Despite its massive size Practical Unix & Internet Security is entertaining enough to be read cover to cover. (It's good for the arm muscles too.) Though it is easy to read, beginners should probably reread their system manual before plunging headlong into this book. All in all Practical Unix & Internet Security continues to be one of those must-have books for any Linux user.

You can purchase Practical Unix & Internet Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Adios077 (Ada Shimar) writes "Ok, so I was reluctant when I first picked up and started reading O'Reilly's JavaScript & DHTML Cookbook. After all, I'm fairly proficient in JavaScript already (yes, get in line to hire me!), and if I needed some cool DHTML scripts, I could just visit a good site like Dynamic Drive. However, the book managed to both surprise and impress me, a great combination to have in a book." Find out why by reading the rest of Shimar's review, below. JavaScript and DHTML Cookbook author Danny Goodman pages 576 publisher O'Reilly & Associates rating 8.5 reviewer Ada Shimar ISBN 0596004672 summary A surprisingly useful JavaScript book, even for people skilled with the language already.

I'll begin my review by making a bold statement -- if you've read and like O'Reilly's Definitive Guides on JavaScript and DHTML, you'll adore this book. I use the word adore very deliberately here, because in my opinion JavaScript & DHTML Cookbook is much easier to love than the gigantic and sometimes monotonous Definitive Guide series. Why, you ask? Let's see -- the book is compact (some 500 pages), concise, and filled with the essence of JavaScript and DHTML as far as what you can create using the language/ technology.

JavaScript & DHTML Cookbook is broken up into 15 chapters, each containing a series of recipes. The chapters are:

1. Strings
2. Numbers and Dates
3. Arrays and Objects
4. Variables, Functions, and Flow Control
5. Browser Feature Detection
6. Managing Browser Windows
7. Managing Multiple Frames
8. Dynamic Forms
9. Managing Events
10. Page Navigation Techniques
11. Managing Style Sheets
12. Visual Effects for Stationary Content
13. Positioning HTML Elements
14. Creating Dynamic Content
15. Dynamic Content Applications

These chapters are used mainly to facilitate the look up of a particular recipe, as each recipe exists and is explained independent of one another. This is consistent with the style of most Cookbooks, and it seems to work well here as well.

If you're a complete novice, you may be wondering at this point the distinction between JavaScript and DHTML. The book doesn't make a conscious effort to differentiate between the two when discussing recipes, and for a good reason. DHTML is basically JavaScript, though the latter draws in your page's HTML and often CSS as well to create something more encompassing.

Ok, on to what's important now -- the recipes themselves. I was expecting a series of flashy, long and tacky JavaScripts you can find in the source of every other site on the web these days, padded with some nonsense accolade like "the web cannot survive without them." Such scripts are mostly counterproductive, and do little to educate a JavaScript learner, let alone a master like myself (hur hur). To my delight, things were the complete opposite. The recipes in JavaScript & DHTML Cookbook are extremely practical, well thought out, and even educational. Discussions like Calculating the Number of Days Between Two Dates, Simulating a Hash Table for Fast Array Lookup, and Transforming XML Data into HTML Tables not only are very useful to the cut-and-paster, they teach even seasoned JavaScripters a thing or two about the language.

The only minor compliant I have with this book is the length of some of the script examples -- they span a little too long to follow effortlessly. The longest script I can recall in the book runs about 5 pages in length. Fortunately, such recipes are few and far in between, and 95 percent of the recipes are extremely short in length and packed with useful information and techniques. For the long scripts, it's easy to see that they exist out of necessity to create and show a fully functional script rather than just to pad pages.

In summary, I walk away from reading JavaScript & DHTML Cookbook with many new tricks up my sleeve, something I had not expected at all. Some good resources online that compliment the reading would be DevEdge's JavaScript Reference and JavaScriptKit's JavaScript tutorials."

You can purchase JavaScript and DHTML Cookbook from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

adrienlamothe writes "Practical C++ Programming is dedicated to teaching the reader how to program in the C++ programming language. The book actually has four goals: 1) Teach the reader C++. 2) Instill good programming style and practice (indeed, the book's subtitle is 'Programming Style Guidelines.') 3) Teach the programmer basic software development concepts. 4) Introduce the reader to debuggers and the make utility. 4) The author encourages the reader to use a computer to enter, run and debug the book's programming examples. I concur with this advice, though it isn't absolutely necessary." To see how well the book meets its own goals, read on for the rest of Lamothe's review. Practical C++ Programming, Second Edition author Steve Oulline pages 549 publisher O'Reilly & Associates rating 7 reviewer Adrien Lamothe ISBN 0596004192 summary Guide to learning C++ and programming style.

Practical C++ Programming is a fairly large book: 549 pages organized into six parts containing 30 chapters and 5 appendixes. The parts are as follows:

1. The Basics
2. Simple Programming
3. Advanced Types and Classes
4. Advanced Programming Concepts
5. Other Language Features
6. Appendixes.

You will have to read most of the book in order to learn C++, although there are a number of chapters you can avoid if your goal is to learn only the language's mechanics.

I must start by saying that I like the book -- I think it has value. There are a number of things I really appreciate about the book. There are also some problems that adversely impact one segment of the book's intended audience (more about those later.)

The book discusses all the essential elements of C++. Areas covered include: Class definition, namespaces, scope definition and resolution, operator and function overloading, object memory allocation (i.e. new and delete,) type casting, exceptions, inheritance, templates (including an introduction to the Standard Template Library,) the Input/Output system (including the C I/O library), and pointers. All language operators are discussed (i.e. relational, assignment, etc.) Also covered are language elements that C++ has in common with C. The other areas of instruction (programming style, software development concepts, programming tools) are intertwined with the primary topic throughout the course of the book.

One of the book's strong points is the author's excellent conversational writing style. It's hard to find books that combine good technical information with clear expository writing (O'Reilly seems to publish most of them.) Practical C++ Programming definitely succeeds in this area. The author frequently references his own experience to reinforce concepts on programming style, design and debugging. I found his anecdotes useful and occasionally humorous. The book also contains small sections of text that serve to warn the reader of pitfalls (these are marked with a bear trap icon) and areas where caution should be exercised (marked with bear paw tracks). Also, some of the source code examples contain intentional bugs, which the author explains at the end of each chapter. Diagrams, tables and source code examples are found on almost every page of the book, and these are used to keep the reader engaged with the textual discourse. My favorite diagram is Figure 7-1. "Software life cycle," on page 88; I emphasize with the dinosaur.

The book contains some interesting programming examples. The chapters on operator overloading and floating-point math contain source code illustrating how to deal with the numeric precision problems that plague all computers and computer languages. The chapter on the Standard Template Library contains a program showing how to create and use objects that manage a simple roster for enrollment and grading of students. The book also contains several examples of linked-lists and trees, for the purpose of teaching the reader how to use pointers, and to also show the reader the power and usefulness of the Standard Template Library.

Now to speak about the book's shortcomings. First, although the book does a good job of covering the important C++ topics of classes, inheritance, and templates, I think it falls a bit short in these areas (especially the coverage of inheritance). Also, the terms instantiation, polymorphism and encapsulation are not used in the book. The book could have provided a bit more insight into object-oriented concepts. Also, these areas of the book are sparsely diagrammed. Second, source code errors and typos appear regularly enough to frustrate an inexperienced reader. I also found a couple of diagrams to be confusing. Third, there are occasional misleading statements that a beginner probably won't recognize as such. Because of these problems, I cannot recommend the book to people with no previous programming experience. I'm surprised that these problems made it into a second edition.

I think that despite these problems, the book has value to experienced programmers who want to learn C++. C programmers in particular will have an easier time dealing with the source code errors. Also, I think that the book can be used by beginning programmers in a classroom environment, providing the instructor understands the book's problems and is prepared to guide students around them. The book should be particularly useful when read in conjunction with a good C++ reference guide.

Practical C++ Programming is an ambitious work in its breadth and depth. It covers more areas of software development than other C++ books. It takes an interesting approach that some readers will appreciate and others may not.

I would like to have seen a more detailed and complete explanation of the object-oriented aspects of C++ (including more diagrams). A table showing all functions for Standard Template Library containers would have been nice (the book does make reference to two STL web sites). Some mention of third-party object libraries (such as Rogue Wave, Qt, etc.) and their uses would have been helpful.

The lack of a detailed explanation of inheritance may not be bad. I'm one of those who believe that heavy reliance on inheritance causes serious maintainability problems. However, I think the book should have covered this topic more fully, so the reader would understand this issue.

In summary, Practical C++ Programming is a good book that really shines in some aspects and falls short in others. With some improvement, it could be a great book.

You can purchase Practical C++ Programming, Second Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Mahrin Skel (Dave Rickey) writes "When I wrote up my Engines of Creation column for August 12th with a focus on Dr. Richard Bartle's Designing Virtual Worlds , I had no idea it was the closest thing to an independent review the book had yet received. I hadn't intended my column as a review, but simply as nit-picking over an almost theological point of disagreement between my philosophy of game design and that of Dr. Bartle. My intended audience was the normal readers of my column, mostly other people already working in the Online Games industry." Rickey provides a review of Bartle's book for a more general audience below, and explains his reasoning for doing so. Designing Virtual Worlds author Richard A. Bartle pages 768 publisher New Riders rating Very Good reviewer Dave Rickey ISBN 0131018167 summary An overview of Virtual World Design by one of the field's founders

It never occurred to me that my review would be read by a wider public, most of whom had never heard of me or even Dr. Bartle, and would see only the hostility, and not understand the narrowness of the focus. When the column was picked up by Slashdot I was stunned, when I realized it was also linked by Clay Shirky in Many to Many and by Joystick101 among other places, I felt slightly ill. Without intending to, I may have damaged the reputation of Dr. Bartle and of his book, and I feel an obligation to set the record straight with an actual review of his book. I'm not sure why it has not already received such a review, except that only a few dozen people in the world currently make their living at virtual world design and would really be qualified to write it.

What is in the book? The "Introduction to Virtual Worlds" of the first chapter does a very good job of laying out what a virtual world is, and defending that definition as a category that includes but is not limited to the online games that are the most common examples of the type. The history lesson included a lot of information even I, after six years in the industry and a serious attempt at studying it, was not aware of. The second chapter gives a very good overview of the process by which the world is created both in business terms and in structural arrangements. The third includes a reprise and updating of Dr. Bartle's now-classic Players that Suit MUD's, the touchstone for every theory of player motivation in online games, and continues into a description of the properties and dynamics of the communities that form in and around the worlds.

Where most of the first three chapters are a primer -- containing the base knowledge needed to understand the whole field in functional terms -- the 4th and 5th chapters focus much more on the worlds as games. The mechanics of game systems, the structure of "advancement" systems and the psychology that makes them run, all of the myriad elements that make a virtual world a game.

Chapters 6 and 7 take a more academic overview of the field, discussing the "why's" of the worlds, what they are, what they may become, and what other fields of human endeavour they are most similar to and therefore may have lessons to offer. Chapter 7's effort to establish the academic and artistic "legitimacy" of virtual worlds was the main source of my disagreement with the book: I think that virtual worlds are entirely capable of standing on their own merits and do not need to be considered credible by the academic arts to be worthy. But this is the "almost theological" issue, and although significant to myself and a handful of others in the field, it's not something that should be counted against the work as a whole.

Chapter 8 focuses on the fact that as virtual as the worlds may be, the people in them (and therefore the relationships) are real, and therefore certain ethical factors normally not considered an issue in game design become much more important. Added to this are questions of "ownership"; if there is no game without the players, but the operator has a finger on the power button, who is in control? Who should be? The book doesn't solve many of these problems (every solution is likely to be unique to a particular setting), but does lay out where most of the fracture lines occur.

What I liked: The book establishes good points and brings the reader up to date on the known principles of the field, with copious references to other writings on the subject provided in the footnotes. The general focus on the "players eye" view is a very important attribute: too often, discussions of virtual worlds have the "God's Eye" designer's view from orbit, and forget that in the end it's the ground-level "fun or not-fun" experience of the players that makes or breaks a design.

What I didn't like: Dr. Bartle is much more broadly educated than I am (they don't give out any titles for an Associates degree in electronics), and tries very hard to make a case to the academic community that virtual worlds are worthy of consideration as serious works of Capital-A "Art." Since I am not concerned about credibility with the dilettantes and dabblers who make up most of academia in the Arts, the repeated references to the Hero's Journey and the effort to define a dramatic theory of online games in Chapter 7 distracted and occasionally annoyed me. But those interested in such things will probably find his efforts there as workmanlike as the rest of the volume.

Summary: This book is a must-read for anyone who works in the field of online games, and highly recommended for anyone who wants to understand the theory and structure of the systems that make them run, or to effectively discuss them with the teams that work on them.

You can purchase Designing Virtual Worlds from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

kevin42 writes "Everyone who was into computers 10 years ago knows about Doom. Less people are familiar with Wolf3D, and even fewer people ever played any of the Commander Keen games. But those of us who played them when they were cutting edge games couldn't wait for what would come next. To hard-core gamers, these games were amazing, and important. The change came with DOOM; suddenly everyone was interested in this groundbreaking game." Kevin reviews below David Kushner's Masters of Doom. Masters of Doom author David Kushner pages 352 publisher Random House rating Excellent! reviewer Kevin Bentley ISBN 0375505245 summary How two guys created an empire and transformed pop culture.

Virtual reality was the craze of the time, and Doom offered a glimpse into what it was all about. But this innovative game did not come from any of the "big" video game developers of the time, and it was not the built by a large team with huge resources. Although it was the product of many people's efforts, it was primarily the creative genius of two people, both named John.

John Carmack and John Romero are names that every self-respecting Slashdot reader knows. Carmack even posts here occasionally (hi John!). Until I read this book, I knew very little about the personal life of Carmack, and I thought I probably knew too much about Romero. Like many, I have been intrigued by their successes (and failures), and was interested in learning more about what makes them tick.

Masters of Doom starts off with a chapter for each John, telling stories from their childhood that made me realize they were just typical American kids, with the same kind of problems that many of us probably had. These are important chapters, and the author repeatedly references these stories throughout the book. Although the book chronologically covers the entire lives of the two Johns, most of the book details their working years, from their time at Softdisk until now.

This is where the book was most interesting to me. The details of the camaraderie that existed among the team made me feel like I was there. The author got a lot of his information from personal interviews with people, and it really shows in his writing style. First-person accounts are woven together so you get to know what each person was thinking while the story plays out. For instance when the id team met with Sierra On-Line in 1992, you get first-person impressions from both sides of the meeting, giving the reader a lot of insight that you would ordinarily never get.

For me, the book's climax was during the initial releases of Doom, when huge checks were pouring in. Things were going really well for the team at this point, and the book describes things like John C. and John R. dropping off a check for five million dollars at the bank's drive-through, while riding in one of their Ferraris. Although things were looking great for the team at this time, the future really held turmoil and disappointment.

The only negative comment I have about this book is not really a criticism of the book itself, or even the author. I believe the story was accurate, and while it didn't have any shocking new information, it left me feeling sad to see such a powerful combination of talent break apart because of personality conflict, and sad at the thought that Carmack seemed to be losing interest in id Software. The book does mention Carmack's current interests in rocketry (which are even more exciting to me than his games), and Romero seems to have settled into a life he is enjoying, but the mood of the book seemed very depressing to me in the end.

Anyone who is a gamer or a self-taught programmer like Carmack and Romero would enjoy this book. The book does not require the reader to know much about games or computer programming, but I suspect it might be uninteresting to people who aren't either gamers or interested in computers. To the average Slashdot reader though, I would definitely recommend this book.

You can purchase Masters of Doom from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Security has long been a concern for Unix administrators who find themselves connected to the sometimes dark and dirty world of the Internet. With the advent of personal operating systems with file sharing, remote login and built-in web servers, and the spread of broadband networks with their always-on connectivity, it should now be a concern for everyone." Specifically, honestpuck is talking here about Mac OS X; read on for his review of Sams Publishing's Mac OS X Maximum Security. Mac OS X Maximum Security author John Ray and William C Ray pages 768 publisher Sams rating 7 reviewer Tony Williams ISBN 0672323818 summary Comprehensive but sometimes long winded book that covers securit on your Mac well

It really didn't concern me until one day when I was checking the logs on my Mac OS X box while developing a web app and discovered dozens of entries from all over the globe probing my box to see if it was an insecure IIS server. I then decided I needed to pay attention to security alerts and the help of a book like Macintosh OS X Maximum Security to help me understand and fix any holes.

The Good

The book is divided into four sections. Part 1 is about learning to think about security, covering such topics as physical security and protection from your users and bad guys. Part II, 'Vulnerabilities and Exposures,' covers the various sorts of attack such as password attacks, trojans and worms, sniffers and spoofing. Part III, 'Specific Mac OS X Resources and How To Secure Them,' covers just that, the various servers such as FTP, mail, Apache and SSH and how to go about making them safe. The final part covers attack prevention, detection, reaction and recovery with topics such as firewalls, alarm systems, logs and disaster planning.

Macintosh OS X Maximum Security is a large, extremely comprehensive volume. For the average person who wants to protect a small home network the information it provides is probably overkill. To make matters worse, the style is fairly verbose, particularly in the first section. Of course, if you want to secure a company network then you may need to know all the information -- and so all this background material is useful, if only so you can reach the right level of paranoia and suspicion.

The book is not a 'recipe' book that tells you "take these steps and you will have a secure machine"; rather it takes you through the possible holes and how to fix them. This approach seems much better for security, since it teaches you a respect for the places you have to open up and a methodical approach to doing so that will hopefully carry over beyond the specifics addressed. Any recipe is bound to have flaws since the operating system and the services are all changing, I'm hoping the methods and style this book have imparted to me will last beyond any changes.

The book also deals well with all the Macintosh-specific stuff, informing you well about such topics as Rendezvous, Apple Remote Desktop, using NetInfo and the like. One aspect that isn't well covered is Airport; securing an 802.11 network is barely touched on.

The Bad

The information provided in all areas of the book is quite detailed, and includes many links to further places to look for more (and more recent) information. Once again, for a book in an ever-changing field like security, this is a huge benefit. I would have appreciated some sort of a small website devoted to the book with the links mentioned gathered together and perhaps some notes on how things may have changed since the book's publication. Unfortunately the Sams Publishing site has a broken link to the book and while the authors say "we are creating a security section for the www.macosxunleashed.com website," no such section exists as I was writing this review. Frankly I am disappointed at this, I think with a book on this sort of topic it behooves either the publisher or author to provide a place for errata, discussion and notes. The best you can do is go to Amazon where you can see the Table of Contents and one chapter. [Ed. Note: The site's errata section is currently up and running.]

My only real complaint with the book itself is the huge size, and the long-winded nature of some of the material. I found the first two sections in particular almost tedious and definitely lecturing in tone. I would have rated this book higher if the editors at Sams had taken a large red pencil to slabs of the first section. Overall, I'd say that while not a 'must buy,' this book will have to do till I find something better, and I expect to loan my copy to several friends.

You can purchase Mac OS X Maximum Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

DrCarbonite (Jeff Martin) writes "I've used OpenBSD in the past, and benefitted from its extensive online documentation. Sometimes an off-line reference is useful (i.e. required), and Absolute OpenBSD fills this void." Read on for the rest of Martin's review, as well as a more critical one from Marius Aamodt Eriksen. Absolute OpenBSD: UNIX for the Practical Paranoid author Michael W. Lucas pages 489 publisher No Starch Press rating 8 reviewer Jeff Martin, Marius Aamodt Eriksen ISBN 1886411999 summary Well-written guide to administering OpenBSD for the intermediate to advanced user.

OpenBSD is not your average open source operating system, and consequently it does not have an average user community supporting it on the Internet. Absolute OpenBSD (AOB) by Michael W. Lucas, bills itself as "the definitive guide to OpenBSD." In addition to detailing the operating system (OS), Lucas does a wonderful job of illustrating and preparing new users for the different community surrounding OpenBSD.

A book like AOB is going to introduce many new users to OpenBSD, and it would be a disservice both to the existing community and the newcomers to not explain OpenBSD's culture. Thus, the first two chapters discuss the OpenBSD philosophy and also show the user how to become self-supporting when it is time to solve problems rather than flooding the mailing lists with easily answerable questions.

Critics may feel OpenBSD's rugged individualism is an indictment of its usability, but then they may be better served by a different OS.

The next few chapters focus on the installation of OpenBSD. AOB covers both dedicated and multi-boot installations. Most serious users will likely choose the dedicated installation, however Lucas points out that may not be an option for someone looking to sample OpenBSD, or for those users who wish to share a common data partition. Both types are covered, allowing the reader to decide which is most appropriate. Important installation caveats are also mentioned, such as OpenBSD's requirement that its root partition must be completely contained within the first 8 gigabytes of the hard drive. Although OpenBSD supports several different hardware platforms, when specifics are required Lucas focuses on the i386 platform. Lucas does a good job explaining the concepts, so users of non-Intel hardware should have minimal difficulty installing on their particular hardware.

Following the installation discussion, Chapter 6 covers OpenBSD's booting process and its /etc/rc scripts. Lucas' explanations go beyond simply itemizing these different aspects, choosing instead to provide the reader with the reasons a certain option may be needed. Expert users will already know when they wish to boot in single-user mode, but others will appreciate the discussion on how to boot alternate kernels, run fsck, and boot from alternate hard disks.

OpenBSD is promoted as a secure OS, and AOB is diligent in covering this aspect. File flags and securelevels are introduced and discussed. Lucas does a good job explaining what they do and what acceptable scenarios would be for their application. OpenBSD's systrace utility is explained in detail. Writing systrace policies, generating them using the policy-generation tool, and obtaining predefined policies from the Internet is described in depth.

OpenBSD administrative information receives attention as well. Chapters 11 and 12 cover configuring and building custom kernels. The treatment in Chapter 13 of compiling ports and installing packages is very helpful-- and in fact necessary for those looking to install essential utilities such as fortune.

OpenBSD's ports system was originally adapted from that in FreeBSD, and users of that OS may see some similarities. Users from a different background will appreciate the primer.

Three chapters of AOB are devoted to OpenBSD's in-kernel packet filter, pf. This is arguably one of OpenBSD's best features, and Lucas suitably spends a lot of time discussing it. Chapter 17 covers basic pf usage, such as explaining pf's configuration file, tables, and macros. In addition, Lucas takes a timeout to also explain pf's suitability for particular tasks. Chapter 18 describes advanced applications of pf, including network address translation, load balancing, and bandwidth management. Chapter 19 concludes with managing live pf execution. Correctly managing a live firewall on-the-fly is important for sites requiring high uptime, and Lucas does well in explaining the various methods available for logging, viewing statistics, and rule management. Wrapping up, AOB also describes how to configure authenticated pf access by authorized users. "pf" has a lot of power, and spreading the material over 3 chapters worked well in presenting the reader with information at a manageable rate.

One of the strengths of an OS-specific book such as AOB is that the material covered benefits from a more focused approach. If it doesn't apply to OpenBSD, it doesn't need to be covered. Lucas has an experienced background in system administration, and this experience shines through well in the material. His remarks about the dangers of a system with open access via RPC seem especially prophetic in light of current events -- and not mindless ranting.

Overall, AOB is a well-written book that hits its market squarely on target. Those new to OpenBSD will appreciate the comprehensive approach that takes them from concept to functional execution. Existing and advanced users will benefit from the discussion of OpenBSD-specific topics such as the security features and pf administration. Lucas does well in his attempt to increase the number of those who would be practical paranoids.

Marius's turn: Reviewer Marius Aamodt Eriksen also liked some aspects of Absolute OpenBSD, but found more faults in it; his critique may help you decide whether this book is for you (and he disagrees about the match between the book and its audience). He writes:

The book covers a very broad area, but it lacks depth in some parts. Perhaps my biggest problem with Absolute OpenBSD is that it should have focused more the features that make OpenBSD unique: its security features. For example, it does not cover IPsec. Many of the various security features of OpenBSD are mentioned, but few are covered in much detail.

Michael Lucas' writing style is quite relaxed and informal. However, this often gets in the way of content. The numerous rants about how Windows security sucks simply get irritating. It is distracting from the focus of the book and simply unneccessary. Also, the tangents on TCP/IP and various other underlying technologies likewise deviate from the focus of the book. Lucas also does not hesitate to express personal opinions and views on a range of subjects. Though I typically have no problems with authors expressing their views, Lucas' tend to be unfounded and not well argued; they too are simply distracting. At times, it almost felt like Lucas was trying to put down less experienced people, teaching them lessons they "should know." I cannot imagine that this is what the typical audience of the book are looking for.

Absolute OpenBSD makes little effort to cover the various architectures that are supported by OpenBSD. The install section only covers i386; though probably not an issue for most users, it would be nice to have a more complete reference.

Otherwise, I would consider the contents of the book to be quite complete, and most definitely sufficient to provide a good introduction to OpenBSD and many of its neat features. An entire chapter is devoted to how to find more help, covering the various documentation, man pages and mailing lists. This is an excellent idea, and makes up for most of the (content) shortcomings of the book.

The PF (Packet Filter) section was very good; it covered a very broad set of features that PF provides, while carrying sufficient technical detail. The examples were very illustrative and appropriate for the text.

I spotted a few technical errors while reading the book. The editing also seems a bit rushed: in addition to the technical errors, there a number of typos. Unfortunately, there isn't an errata section on the book's website; I strongly recommend Lucas and his publisher make one available.

My biggest problem with Absolute OpenBSD is that it is not true to its audience. I imagine that the audience is one which would like to know how to do something in OpenBSD without being told how "real system administrators" do it, or how much Microsoft sucks. My recommendation to Lucas would be to write Absolute System Administration and leave it out of Absolute OpenBSD. I do not mean to sound harsh, merely critical. The book has very many good sides, and by many counts is an excellent reference for people looking to migrate to OpenBSD. I would not have any problems recommending it to anyone who wanted to migrate to OpenBSD or see what it's about -- just be wary of the distractions.

You can purchase Absolute OpenBSD from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Eric Stats writes "Working as a Network Engineer for web-hosting company that prides itself on uptime and network availability, and moonlighting as a part-time Linux administrator, my managers and clients are starting to expect a level of information security knowledge from me. I decided that if I wanted to take my career to the next level, I needed to develop some security-specific skills. I heard a lot about the open source Intrusion Detection System (IDS), Snort from friends and co-workers (mostly that it was a pain to get running, and an even bigger pain to understand what it was doing)." To get past those frustrations, Eric looked at two more books on Snort (and compares them to the already-reviewed Intrusion Detection with Snort ); read on below for his take on what each offers. Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID; Intrusion Detection with Snort; Snort 2.0 Intrusion Detection author (See each) pages (See each) publisher (See each) rating (See each) reviewer Eric Stats ISBN (See each) summary (See each)

I ran Snort at home for a while, using the online docs, but I could never get a handle on which output plugin to use (When to log? When to alert?), how to email alerts to myself (I later found out Snort doesn't natively do this), and how to create signatures from packet captures (no online docs at all for this). When I did get The Pig running, it filled up my log directory with thousands of small alert files, which ended up being in tcpdump format. This frustrated the hell out of me, so I decided I needed to find a good book on Snort, as the online docs simply did not describe how to use Snort from start to finish.

In the past few months, an assortment of books have come out on Snort. Because it has begun to eclipse closed-source, multimillion dollar IDSes in terms of raw performance and features, much attention is currently focused on Snort. Naturally, when an open source project achieves this level of notoriety, publishers, venture capitalists, and corporations want to get in on the game. The flood of Snort books is a testament to this, but it doesn't mean they were all created equally. This book review covers the three books on Snort currently available (we will see another two Snort books later this winter). It covers what is good about them, what is bad, and who the target audience is for each. If you are looking to learn intrusion detection the open source way, or simply do not have a million-dollar IT security budget, these books are a good starting point.

Each of these three books serves a different purpose and consequently is appropriate for a different reader. In summary, Rafeeq Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID presents a concise, quick-start guidebook to getting Snort up and running fast. He doesn't delve into the details of Snort, and this book makes a perfect choice for a reader who wants to get The Pig up and running quickly and move on to something else.

The whole gaggle of authors that put together Snort 2.0 Intrusion Detection created a much-needed user manual for Snort. This book makes for good desktop reference, but assumes you understand the core concepts of intrusion detection, or have significant field experience with Snort. It is also somewhat convoluted to read; I suppose it's inevitable when you have 12 authors working on a single book, it is going to come out somewhat disjointed and jumbled. If I hadn't read the other two books first, I doubt I would have been able to piece together what this book is talking about in places. (Such as referring to Barnyard logs in one chapter and "unified binary format" in another; how is the reader going to know they are the same?)

Lastly, Jack Koziol's Intrusion Detection with Snort is a guidebook for using Snort in the real world, either on small networks or in large corporate settings. Like any security tool, Snort is only as effective as its operator. Snort can do an enormous number of things, but if you don't understand the "how and why" you aren't going to be able to apply your knowledge in unexpected, different, or new situations. Koziol's book bridges the gap and teaches you the nitty-gritty Snort details not found in online docs, as well as how to apply your newfound IDS knowledge in practice. This book does lack in terms of screenshots and diagrams, which can be frustrating at points. Instead of a paragraph of text, a simple diagram would have sufficed.

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID author Rafeeq Rehman pages 288 publisher Prentice Hall rating 7/10 ISBN 0131407333

I first picked up Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID. Rehman's book is also a member of the Bruce Perens Open Source Series. All of the books in his series are published under the OPL. Overall, Rehman's book served as a good intro to Snort. I followed the examples, used some of the custom startup and log-rotation scripts, and got Snort working for the first time. I also learned of ACID, which is a PHP-based GUI for Snort, put out by Carnegie Mellon's CERT/CC. It makes managing alerts from Snort much less time-intensive. It was an exciting experience, but the book left me in the dark on a number of concepts that I knew I needed to learn. I still didn't understand what I was getting out of Snort; I had so many alerts I couldn't "tune out the noise." I didn't know when to use log or alert plugins, so I just turned on both for safety's sake. I also found that Snort was dropping packets (meaning it wasn't able to keep up with the traffic load going to my webservers hosted at home), but didn't find any way to fix this problem. This setup was fine for experimenting at home, but I didn't feel I would be able to use Snort in a mission-critical corporate setting yet.

Intrusion Detection with Snort author Jack Koziol pages 400 publisher SAMS Publishing rating 9/10 ISBN 157870281X

I thumbed through Jack Koziol's Intrusion Detection with Snort at the bookstore, and it seemed to have some more detailed descriptions of using Snort. It also had a lot of the planning, deployment, and maintenance activities you never think of until you are faced with one at 2 a.m. (such as how to upgrade Snort in an organized manner after a vicious integer overflow exploit is released for a core Snort component). It is also the most popular Snort book, so I figured I would buy it. When I took it home, I learned where to place Snort on a network, and what advantages and disadvantages there are to different IDS sensor placement strategies, something I had never considered.

Koziol's book also had the technical detail I was in desperate need of. I learned how to use Barnyard to spool alerts, which keeps Snort from dropping packets. I got to write my own attack signatures from scratch by using Ethereal packet captures in an controlled lab environment. I created a targeted ruleset; it enables specific attack signatures based on what I actually have running on my network, simply using nmap and some complicated perl scripts. The targeted ruleset went a long way to reducing false alerts, and is now a selling product from the Snort commercial vendor, Sourcefire. I finally got email alerts working using syslog-ng with Snort. The book ends with some more advanced content, namely using Snort as an Intrusion Prevention device. You can setup Snort to block packets that match a signature, using Inline Snort, or you can have Snort reconfigure routers and firewalls to block offending IP addresses, using SnortSam. I've experimented with Inline Snort as part of a honeypot, but, as the author points out, this is not yet production-safe, as it can easily be used by attackers to disrupt network availability.

Snort 2.0 Intrusion Detection authors Jay Beale, Anne Carasik, Aidan Carty, Scott Dentler, Adam M. Doxtater, Wally Eaton, Jeremy Faircloth, James C. Foster, Vitaly Osipov, Jeffrey Posluns, Ryan Russell, Brian Caswell pages 485 publisher Syngress rating 4/10 ISBN 1931836744

The final Snort book in this review is Snort 2.0 Intrusion Detection. This book has a lot of the screenshots and figures that the Koziol and Rehman books leaves out. It also contains a lot of useful diagrams, about one for every other page, and a CD-ROM with all of the Snort source and a pdf version of the book. This book, and the Koziol book, cover Snort version 2.0, which isn't all that much different from version 1.9 covered in the Rehman book. Still, it is nice to have the most up-to-date documentation, but it doesn't make the Rehman book any less effective. This book has the most reference material in it, over 500 pages' worth, and it has very organized user manual-like descriptions of important Snort components (preprocessors, output plugins, and rules). Keep in mind that this book was created more as a user manual rather than an implementer's guide. You aren't going to see planning, deployment, and maintenance activities as well as technical deployment examples, as in the Koziol book. And, you aren't going to find a concise quick-start guide such as the Rehman book.

In summary, you aren't going to find anything in this book that isn't in the other two. What you will find is lengthy descriptions, and a lot more screenshots. As stated before, Snort 2.0 Intrusion Detection was written by 12 different people (one of them a Sourcefire employee and Snort.org website maintainer, Brian Caswell). This is obviously done by the publisher to get the book out as fast as possible, which is important for technology book publishers as books are outdated quickly, but has the end result of a disjointed book that contradicts itself in many areas. An example: one author stresses how deadly important it is for us to only use the latest Snort version, while another tells us to use the CDROM that comes with the book, which contains an outdated version of Snort.

You can clearly tell a different authors worked on different chapters, as the style and format change frequently. You can also tell that the authors didn't talk to each other much, as you will find one author referring to something in one chapter (unified binary format) that he expected to have been explained in a previous chapter. In print, the concept was not explained until later, which can be really frustrating if you are not a Snort pro. Additionally, there are enough grammatical errors in the book to be distracting, and, much like a vendor-provided user manual, the chapters don't logically flow from one to the next. If you do purchase this book, this slashdotter would recommend it as a supplement to either the Rehman or Koziol book.

You can purchase Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID , Intrusion Detection with Snort , and Snort 2.0 Intrusion Detection from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Eric Stats writes "Working as a Network Engineer for web-hosting company that prides itself on uptime and network availability, and moonlighting as a part-time Linux administrator, my managers and clients are starting to expect a level of information security knowledge from me. I decided that if I wanted to take my career to the next level, I needed to develop some security-specific skills. I heard a lot about the open source Intrusion Detection System (IDS), Snort from friends and co-workers (mostly that it was a pain to get running, and an even bigger pain to understand what it was doing)." To get past those frustrations, Eric looked at two more books on Snort (and compares them to the already-reviewed Intrusion Detection with Snort ); read on below for his take on what each offers. Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID; Intrusion Detection with Snort; Snort 2.0 Intrusion Detection author (See each) pages (See each) publisher (See each) rating (See each) reviewer Eric Stats ISBN (See each) summary (See each)

I ran Snort at home for a while, using the online docs, but I could never get a handle on which output plugin to use (When to log? When to alert?), how to email alerts to myself (I later found out Snort doesn't natively do this), and how to create signatures from packet captures (no online docs at all for this). When I did get The Pig running, it filled up my log directory with thousands of small alert files, which ended up being in tcpdump format. This frustrated the hell out of me, so I decided I needed to find a good book on Snort, as the online docs simply did not describe how to use Snort from start to finish.

In the past few months, an assortment of books have come out on Snort. Because it has begun to eclipse closed-source, multimillion dollar IDSes in terms of raw performance and features, much attention is currently focused on Snort. Naturally, when an open source project achieves this level of notoriety, publishers, venture capitalists, and corporations want to get in on the game. The flood of Snort books is a testament to this, but it doesn't mean they were all created equally. This book review covers the three books on Snort currently available (we will see another two Snort books later this winter). It covers what is good about them, what is bad, and who the target audience is for each. If you are looking to learn intrusion detection the open source way, or simply do not have a million-dollar IT security budget, these books are a good starting point.

Each of these three books serves a different purpose and consequently is appropriate for a different reader. In summary, Rafeeq Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID presents a concise, quick-start guidebook to getting Snort up and running fast. He doesn't delve into the details of Snort, and this book makes a perfect choice for a reader who wants to get The Pig up and running quickly and move on to something else.

The whole gaggle of authors that put together Snort 2.0 Intrusion Detection created a much-needed user manual for Snort. This book makes for good desktop reference, but assumes you understand the core concepts of intrusion detection, or have significant field experience with Snort. It is also somewhat convoluted to read; I suppose it's inevitable when you have 12 authors working on a single book, it is going to come out somewhat disjointed and jumbled. If I hadn't read the other two books first, I doubt I would have been able to piece together what this book is talking about in places. (Such as referring to Barnyard logs in one chapter and "unified binary format" in another; how is the reader going to know they are the same?)

Lastly, Jack Koziol's Intrusion Detection with Snort is a guidebook for using Snort in the real world, either on small networks or in large corporate settings. Like any security tool, Snort is only as effective as its operator. Snort can do an enormous number of things, but if you don't understand the "how and why" you aren't going to be able to apply your knowledge in unexpected, different, or new situations. Koziol's book bridges the gap and teaches you the nitty-gritty Snort details not found in online docs, as well as how to apply your newfound IDS knowledge in practice. This book does lack in terms of screenshots and diagrams, which can be frustrating at points. Instead of a paragraph of text, a simple diagram would have sufficed.

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID author Rafeeq Rehman pages 288 publisher Prentice Hall rating 7/10 ISBN 0131407333

I first picked up Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID. Rehman's book is also a member of the Bruce Perens Open Source Series. All of the books in his series are published under the OPL. Overall, Rehman's book served as a good intro to Snort. I followed the examples, used some of the custom startup and log-rotation scripts, and got Snort working for the first time. I also learned of ACID, which is a PHP-based GUI for Snort, put out by Carnegie Mellon's CERT/CC. It makes managing alerts from Snort much less time-intensive. It was an exciting experience, but the book left me in the dark on a number of concepts that I knew I needed to learn. I still didn't understand what I was getting out of Snort; I had so many alerts I couldn't "tune out the noise." I didn't know when to use log or alert plugins, so I just turned on both for safety's sake. I also found that Snort was dropping packets (meaning it wasn't able to keep up with the traffic load going to my webservers hosted at home), but didn't find any way to fix this problem. This setup was fine for experimenting at home, but I didn't feel I would be able to use Snort in a mission-critical corporate setting yet.

Intrusion Detection with Snort author Jack Koziol pages 400 publisher SAMS Publishing rating 9/10 ISBN 157870281X

I thumbed through Jack Koziol's Intrusion Detection with Snort at the bookstore, and it seemed to have some more detailed descriptions of using Snort. It also had a lot of the planning, deployment, and maintenance activities you never think of until you are faced with one at 2 a.m. (such as how to upgrade Snort in an organized manner after a vicious integer overflow exploit is released for a core Snort component). It is also the most popular Snort book, so I figured I would buy it. When I took it home, I learned where to place Snort on a network, and what advantages and disadvantages there are to different IDS sensor placement strategies, something I had never considered.

Koziol's book also had the technical detail I was in desperate need of. I learned how to use Barnyard to spool alerts, which keeps Snort from dropping packets. I got to write my own attack signatures from scratch by using Ethereal packet captures in an controlled lab environment. I created a targeted ruleset; it enables specific attack signatures based on what I actually have running on my network, simply using nmap and some complicated perl scripts. The targeted ruleset went a long way to reducing false alerts, and is now a selling product from the Snort commercial vendor, Sourcefire. I finally got email alerts working using syslog-ng with Snort. The book ends with some more advanced content, namely using Snort as an Intrusion Prevention device. You can setup Snort to block packets that match a signature, using Inline Snort, or you can have Snort reconfigure routers and firewalls to block offending IP addresses, using SnortSam. I've experimented with Inline Snort as part of a honeypot, but, as the author points out, this is not yet production-safe, as it can easily be used by attackers to disrupt network availability.

Snort 2.0 Intrusion Detection authors Jay Beale, Anne Carasik, Aidan Carty, Scott Dentler, Adam M. Doxtater, Wally Eaton, Jeremy Faircloth, James C. Foster, Vitaly Osipov, Jeffrey Posluns, Ryan Russell, Brian Caswell pages 485 publisher Syngress rating 4/10 ISBN 1931836744

The final Snort book in this review is Snort 2.0 Intrusion Detection. This book has a lot of the screenshots and figures that the Koziol and Rehman books leaves out. It also contains a lot of useful diagrams, about one for every other page, and a CD-ROM with all of the Snort source and a pdf version of the book. This book, and the Koziol book, cover Snort version 2.0, which isn't all that much different from version 1.9 covered in the Rehman book. Still, it is nice to have the most up-to-date documentation, but it doesn't make the Rehman book any less effective. This book has the most reference material in it, over 500 pages' worth, and it has very organized user manual-like descriptions of important Snort components (preprocessors, output plugins, and rules). Keep in mind that this book was created more as a user manual rather than an implementer's guide. You aren't going to see planning, deployment, and maintenance activities as well as technical deployment examples, as in the Koziol book. And, you aren't going to find a concise quick-start guide such as the Rehman book.

In summary, you aren't going to find anything in this book that isn't in the other two. What you will find is lengthy descriptions, and a lot more screenshots. As stated before, Snort 2.0 Intrusion Detection was written by 12 different people (one of them a Sourcefire employee and Snort.org website maintainer, Brian Caswell). This is obviously done by the publisher to get the book out as fast as possible, which is important for technology book publishers as books are outdated quickly, but has the end result of a disjointed book that contradicts itself in many areas. An example: one author stresses how deadly important it is for us to only use the latest Snort version, while another tells us to use the CDROM that comes with the book, which contains an outdated version of Snort.

You can clearly tell a different authors worked on different chapters, as the style and format change frequently. You can also tell that the authors didn't talk to each other much, as you will find one author referring to something in one chapter (unified binary format) that he expected to have been explained in a previous chapter. In print, the concept was not explained until later, which can be really frustrating if you are not a Snort pro. Additionally, there are enough grammatical errors in the book to be distracting, and, much like a vendor-provided user manual, the chapters don't logically flow from one to the next. If you do purchase this book, this slashdotter would recommend it as a supplement to either the Rehman or Koziol book.

You can purchase Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID , Intrusion Detection with Snort , and Snort 2.0 Intrusion Detection from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Eric Stats writes "Working as a Network Engineer for web-hosting company that prides itself on uptime and network availability, and moonlighting as a part-time Linux administrator, my managers and clients are starting to expect a level of information security knowledge from me. I decided that if I wanted to take my career to the next level, I needed to develop some security-specific skills. I heard a lot about the open source Intrusion Detection System (IDS), Snort from friends and co-workers (mostly that it was a pain to get running, and an even bigger pain to understand what it was doing)." To get past those frustrations, Eric looked at two more books on Snort (and compares them to the already-reviewed Intrusion Detection with Snort ); read on below for his take on what each offers. Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID; Intrusion Detection with Snort; Snort 2.0 Intrusion Detection author (See each) pages (See each) publisher (See each) rating (See each) reviewer Eric Stats ISBN (See each) summary (See each)

I ran Snort at home for a while, using the online docs, but I could never get a handle on which output plugin to use (When to log? When to alert?), how to email alerts to myself (I later found out Snort doesn't natively do this), and how to create signatures from packet captures (no online docs at all for this). When I did get The Pig running, it filled up my log directory with thousands of small alert files, which ended up being in tcpdump format. This frustrated the hell out of me, so I decided I needed to find a good book on Snort, as the online docs simply did not describe how to use Snort from start to finish.

In the past few months, an assortment of books have come out on Snort. Because it has begun to eclipse closed-source, multimillion dollar IDSes in terms of raw performance and features, much attention is currently focused on Snort. Naturally, when an open source project achieves this level of notoriety, publishers, venture capitalists, and corporations want to get in on the game. The flood of Snort books is a testament to this, but it doesn't mean they were all created equally. This book review covers the three books on Snort currently available (we will see another two Snort books later this winter). It covers what is good about them, what is bad, and who the target audience is for each. If you are looking to learn intrusion detection the open source way, or simply do not have a million-dollar IT security budget, these books are a good starting point.

Each of these three books serves a different purpose and consequently is appropriate for a different reader. In summary, Rafeeq Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID presents a concise, quick-start guidebook to getting Snort up and running fast. He doesn't delve into the details of Snort, and this book makes a perfect choice for a reader who wants to get The Pig up and running quickly and move on to something else.

The whole gaggle of authors that put together Snort 2.0 Intrusion Detection created a much-needed user manual for Snort. This book makes for good desktop reference, but assumes you understand the core concepts of intrusion detection, or have significant field experience with Snort. It is also somewhat convoluted to read; I suppose it's inevitable when you have 12 authors working on a single book, it is going to come out somewhat disjointed and jumbled. If I hadn't read the other two books first, I doubt I would have been able to piece together what this book is talking about in places. (Such as referring to Barnyard logs in one chapter and "unified binary format" in another; how is the reader going to know they are the same?)

Lastly, Jack Koziol's Intrusion Detection with Snort is a guidebook for using Snort in the real world, either on small networks or in large corporate settings. Like any security tool, Snort is only as effective as its operator. Snort can do an enormous number of things, but if you don't understand the "how and why" you aren't going to be able to apply your knowledge in unexpected, different, or new situations. Koziol's book bridges the gap and teaches you the nitty-gritty Snort details not found in online docs, as well as how to apply your newfound IDS knowledge in practice. This book does lack in terms of screenshots and diagrams, which can be frustrating at points. Instead of a paragraph of text, a simple diagram would have sufficed.

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID author Rafeeq Rehman pages 288 publisher Prentice Hall rating 7/10 ISBN 0131407333

I first picked up Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID. Rehman's book is also a member of the Bruce Perens Open Source Series. All of the books in his series are published under the OPL. Overall, Rehman's book served as a good intro to Snort. I followed the examples, used some of the custom startup and log-rotation scripts, and got Snort working for the first time. I also learned of ACID, which is a PHP-based GUI for Snort, put out by Carnegie Mellon's CERT/CC. It makes managing alerts from Snort much less time-intensive. It was an exciting experience, but the book left me in the dark on a number of concepts that I knew I needed to learn. I still didn't understand what I was getting out of Snort; I had so many alerts I couldn't "tune out the noise." I didn't know when to use log or alert plugins, so I just turned on both for safety's sake. I also found that Snort was dropping packets (meaning it wasn't able to keep up with the traffic load going to my webservers hosted at home), but didn't find any way to fix this problem. This setup was fine for experimenting at home, but I didn't feel I would be able to use Snort in a mission-critical corporate setting yet.

Intrusion Detection with Snort author Jack Koziol pages 400 publisher SAMS Publishing rating 9/10 ISBN 157870281X

I thumbed through Jack Koziol's Intrusion Detection with Snort at the bookstore, and it seemed to have some more detailed descriptions of using Snort. It also had a lot of the planning, deployment, and maintenance activities you never think of until you are faced with one at 2 a.m. (such as how to upgrade Snort in an organized manner after a vicious integer overflow exploit is released for a core Snort component). It is also the most popular Snort book, so I figured I would buy it. When I took it home, I learned where to place Snort on a network, and what advantages and disadvantages there are to different IDS sensor placement strategies, something I had never considered.

Koziol's book also had the technical detail I was in desperate need of. I learned how to use Barnyard to spool alerts, which keeps Snort from dropping packets. I got to write my own attack signatures from scratch by using Ethereal packet captures in an controlled lab environment. I created a targeted ruleset; it enables specific attack signatures based on what I actually have running on my network, simply using nmap and some complicated perl scripts. The targeted ruleset went a long way to reducing false alerts, and is now a selling product from the Snort commercial vendor, Sourcefire. I finally got email alerts working using syslog-ng with Snort. The book ends with some more advanced content, namely using Snort as an Intrusion Prevention device. You can setup Snort to block packets that match a signature, using Inline Snort, or you can have Snort reconfigure routers and firewalls to block offending IP addresses, using SnortSam. I've experimented with Inline Snort as part of a honeypot, but, as the author points out, this is not yet production-safe, as it can easily be used by attackers to disrupt network availability.

Snort 2.0 Intrusion Detection authors Jay Beale, Anne Carasik, Aidan Carty, Scott Dentler, Adam M. Doxtater, Wally Eaton, Jeremy Faircloth, James C. Foster, Vitaly Osipov, Jeffrey Posluns, Ryan Russell, Brian Caswell pages 485 publisher Syngress rating 4/10 ISBN 1931836744

The final Snort book in this review is Snort 2.0 Intrusion Detection. This book has a lot of the screenshots and figures that the Koziol and Rehman books leaves out. It also contains a lot of useful diagrams, about one for every other page, and a CD-ROM with all of the Snort source and a pdf version of the book. This book, and the Koziol book, cover Snort version 2.0, which isn't all that much different from version 1.9 covered in the Rehman book. Still, it is nice to have the most up-to-date documentation, but it doesn't make the Rehman book any less effective. This book has the most reference material in it, over 500 pages' worth, and it has very organized user manual-like descriptions of important Snort components (preprocessors, output plugins, and rules). Keep in mind that this book was created more as a user manual rather than an implementer's guide. You aren't going to see planning, deployment, and maintenance activities as well as technical deployment examples, as in the Koziol book. And, you aren't going to find a concise quick-start guide such as the Rehman book.

In summary, you aren't going to find anything in this book that isn't in the other two. What you will find is lengthy descriptions, and a lot more screenshots. As stated before, Snort 2.0 Intrusion Detection was written by 12 different people (one of them a Sourcefire employee and Snort.org website maintainer, Brian Caswell). This is obviously done by the publisher to get the book out as fast as possible, which is important for technology book publishers as books are outdated quickly, but has the end result of a disjointed book that contradicts itself in many areas. An example: one author stresses how deadly important it is for us to only use the latest Snort version, while another tells us to use the CDROM that comes with the book, which contains an outdated version of Snort.

You can clearly tell a different authors worked on different chapters, as the style and format change frequently. You can also tell that the authors didn't talk to each other much, as you will find one author referring to something in one chapter (unified binary format) that he expected to have been explained in a previous chapter. In print, the concept was not explained until later, which can be really frustrating if you are not a Snort pro. Additionally, there are enough grammatical errors in the book to be distracting, and, much like a vendor-provided user manual, the chapters don't logically flow from one to the next. If you do purchase this book, this slashdotter would recommend it as a supplement to either the Rehman or Koziol book.

You can purchase Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID , Intrusion Detection with Snort , and Snort 2.0 Intrusion Detection from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

limbo_14 writes "Mike Gancarz takes his oft'-quoted original book, The Unix Philosophy and spruces it up for the Brave New World of Linux with Linux and the Unix Philosophy. Since The Unix Philosophy was written, Unix has undergone many changes and evolutions. Now with Linux emerging as the new face of Unix, he has updated his book with the same philosophy and tenets that were in the first, but updated the book to include considerations for the Open Source community and the new world of Operating Systems in which we live." Even the old version of The Unix Philosophy is worth finding; it may remind you of Neil Stephenson's In the Beginning Was the Command Line. Read on for the rest of limbo_14's review. Linux and the Unix Philosophy author Mike Gancarz pages 200 publisher Butterworth-Heinemann rating Recommended reviewer limbo_14 ISBN 1555582737 summary An updated and expanded version of Gancarz's original book, The Unix Philosophy.

The good stuff... I enjoyed Mike Gancarz' first book The Unix Philosophy greatly when I was first getting into the Unix world, and was hoping for an updated version. The thing that makes this book stand out in the shelves full of How-To, Dummy, and Administrator guides is the fact that it covers the What and Why of Unix/Linux rather than the How's. I am constantly amazed at Unix books that are mostly printed man files, and things that can easily be googled. This book explains with great precision why Unix is the way it is, and what separates it from other OS paradigms.

I realized the importance of this book after reading it, and being forced to do interviews for a Unix Engineer at my office. Of the 7 candidates, 6 of them seemed to know the textbook stuff. They knew the commands, they knew vi and a handful of scripting languages to a degree of proficiency. Alas, this is what it takes to become a Unix Administrator, not an Engineer that needs to see the whole picture. In this world of "puppy mill" Unix admins who have certifications and know one or two flavors of Unix/Linux, this book really teaches people the core of why Unix/Linux is the way it is, and why it is so attractive to those who really care about which OS to use.

The last chapter -- "Brave New (Unix) World)" -- is the real kicker. Gancarz really drives it home, and shows how the Unix/Linux philosophy has made it into other aspects of technology, and in the world we live in.

The not-so-good stuff ... With every good book, there must be some bad, although this one's errors are quite forgivable. Although I appreciate any book that loosens the RFC style nature of so many technical books, sometimes it can go a little too far. This, however, is for each reader to judge. Some of the puns made me squirm, but for the most part they added a nice touch of levity to the book. So, depending on your threshold for python-esque puns or corny Elvis jokes, the book may not be for you, but knowing the /. Crowd, I don't think it will cause anything more than some groans and giggles. All in All... This is a quality book. It is one that should be re-read every now and then to make sure you do not stray from the Tenets that Gancarz drives home throughout the book via anecdotal evidence.This book can and should be read by anyone from a newbie hacker to a Corporate CEO. It is just technical enough not to make one feel patronized, and eases you into it with general concepts just enough to make it not feel like reading IETF standards. Here are the chapters, which give a good overview of what each is about:

• Table of Contents
• The Unix Philosophy: A Cast of Thousand
• One Small Step for Humankind
• Rapid Prototyping for Fun and Profit
• The Portability Priority
• Now THAT'S Leverage!
• The Perils of Interactive Programs
• More Unix Philosophy: Ten Lesser Tenets
• Making Unix Do One Thing Well
• Unix and Other Operating System Philosophies
• Through the Glass Darkly: Linux vs. Windows
• A Cathedral? How Bizarre!
• Brave New (Unix) World

Although this is not the cheapest book in the rack, it packs more of a punch than half of the books on my shelf, so I think it is worth it. I found it a great read on the metro on the way to work in the morning, and found myself finishing it well within a week. With 200 pages, and by making it fun to read, Linux and the Unix Philosophy breezes by and makes for a great read.

You can purchase Linux and the Unix Philosophy from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

limbo_14 writes "Mike Gancarz takes his oft'-quoted original book, The Unix Philosophy and spruces it up for the Brave New World of Linux with Linux and the Unix Philosophy. Since The Unix Philosophy was written, Unix has undergone many changes and evolutions. Now with Linux emerging as the new face of Unix, he has updated his book with the same philosophy and tenets that were in the first, but updated the book to include considerations for the Open Source community and the new world of Operating Systems in which we live." Even the old version of The Unix Philosophy is worth finding; it may remind you of Neil Stephenson's In the Beginning Was the Command Line. Read on for the rest of limbo_14's review. Linux and the Unix Philosophy author Mike Gancarz pages 200 publisher Butterworth-Heinemann rating Recommended reviewer limbo_14 ISBN 1555582737 summary An updated and expanded version of Gancarz's original book, The Unix Philosophy.

The good stuff... I enjoyed Mike Gancarz' first book The Unix Philosophy greatly when I was first getting into the Unix world, and was hoping for an updated version. The thing that makes this book stand out in the shelves full of How-To, Dummy, and Administrator guides is the fact that it covers the What and Why of Unix/Linux rather than the How's. I am constantly amazed at Unix books that are mostly printed man files, and things that can easily be googled. This book explains with great precision why Unix is the way it is, and what separates it from other OS paradigms.

I realized the importance of this book after reading it, and being forced to do interviews for a Unix Engineer at my office. Of the 7 candidates, 6 of them seemed to know the textbook stuff. They knew the commands, they knew vi and a handful of scripting languages to a degree of proficiency. Alas, this is what it takes to become a Unix Administrator, not an Engineer that needs to see the whole picture. In this world of "puppy mill" Unix admins who have certifications and know one or two flavors of Unix/Linux, this book really teaches people the core of why Unix/Linux is the way it is, and why it is so attractive to those who really care about which OS to use.

The last chapter -- "Brave New (Unix) World)" -- is the real kicker. Gancarz really drives it home, and shows how the Unix/Linux philosophy has made it into other aspects of technology, and in the world we live in.

The not-so-good stuff ... With every good book, there must be some bad, although this one's errors are quite forgivable. Although I appreciate any book that loosens the RFC style nature of so many technical books, sometimes it can go a little too far. This, however, is for each reader to judge. Some of the puns made me squirm, but for the most part they added a nice touch of levity to the book. So, depending on your threshold for python-esque puns or corny Elvis jokes, the book may not be for you, but knowing the /. Crowd, I don't think it will cause anything more than some groans and giggles. All in All... This is a quality book. It is one that should be re-read every now and then to make sure you do not stray from the Tenets that Gancarz drives home throughout the book via anecdotal evidence.This book can and should be read by anyone from a newbie hacker to a Corporate CEO. It is just technical enough not to make one feel patronized, and eases you into it with general concepts just enough to make it not feel like reading IETF standards. Here are the chapters, which give a good overview of what each is about:

• Table of Contents
• The Unix Philosophy: A Cast of Thousand
• One Small Step for Humankind
• Rapid Prototyping for Fun and Profit
• The Portability Priority
• Now THAT'S Leverage!
• The Perils of Interactive Programs
• More Unix Philosophy: Ten Lesser Tenets
• Making Unix Do One Thing Well
• Unix and Other Operating System Philosophies
• Through the Glass Darkly: Linux vs. Windows
• A Cathedral? How Bizarre!
• Brave New (Unix) World

Although this is not the cheapest book in the rack, it packs more of a punch than half of the books on my shelf, so I think it is worth it. I found it a great read on the metro on the way to work in the morning, and found myself finishing it well within a week. With 200 pages, and by making it fun to read, Linux and the Unix Philosophy breezes by and makes for a great read.

You can purchase Linux and the Unix Philosophy from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

emmastory writes "'Expert Dan Frakes toiled endlessly with OS X so you don't have to,' proclaims the back cover of Mac OS X Power Tools. Not to be confused with the O'Reilly power tool books, this is a recent Sybex title. Frakes assures the reader that anyone who's ever touched a computer before can make use of this book, and that even the most experienced user will find something new and exciting. Is he right? Maybe." Read on for the rest of emmastory's review. Mac OS X Power Tools author Dan Frakes pages 607 publisher Sybex rating 7/10 reviewer Emma Story ISBN 0782141927 summary A solid OS X title that covers its bases.

Here's the thing about book reviews: They're a lot easier to write when you either absolutely hated or absolutely adored the book in question. Once you've decided how you feel about it, it's easy to find a dozen examples of its mediocrity or excellence, as the case may be. However, I've been sitting on this particular review for a few weeks now, unable to finish it because I can't say that I feel very strongly at all about Power Tools. I recently decided, however, that being unable to form a definite opinion of it one way or another is itself a kind of opinion. There's nothing glaringly wrong with it or missing from it, but when it comes down to whether I'd choose to buy it over a different Mac book, I can't say that I would. I realize that this isn't a work of fiction -- its goal isn't exactly to suck me in with thrilling plot twists so that I read the whole thing cover to cover in one sitting. Nevertheless, there are some other books out there that do exactly that (I'll get to them later), and I think I've been spoiled by reading them.

What I Liked
Power Tools covers its bases in a thorough, informative way. It's a solid OS X book, intended for anyone who understands the very basics involved in using a Mac. The author makes very clear early on that he's not intending to show you how to log in, or how to launch an application, but that's about the extent of the proficiency required, I think. Frakes seems to understand his audience and to address it consistently, which is rare enough to be refreshing. One of my pet peeves in technical writing concerns authors who can't decide who they're talking to -- sidebars for beginners and power users are great, but when the body of the text itself waffles back and forth between skill levels, it can be both frustrating and confusing. This is a trap that Power Tools sidesteps completely: At the beginning of each section, you'll find a couple of lines telling you whether an Admin account is required for the techniques described, and whether the changes being made are system-wide or will affect only your own account. Mac OS X Hacks (which is, incidentally and confusingly enough, the Mac equivalent of O'Reilly's classic Unix Power Tools) uses a similar system to introduce each of the hacks in the book, and it's a practice that I'd like to see used more widely.

Favorite sections: Although certainly not the meatiest bits of the book, I thought the quick-reference keyboard shortcut and third-party utility lists were great, and I've used them fairly frequency since Power Tools took up residency on the shelf over my desk. As far as the more substantial content is concerned, I'd have to say Frakes's coverage of Classic is probably one of my favorite chapters -- oddly enough, since I never use Classic myself. That's part of the reason I liked his section on it, though: it does a good job of explaining why you'll want to avoid Classic whenever you can, while also pointing out some ways to make the best of it if it can't be avoided. The list of startup files necessary to use Classic is a good reference for folks who'd like to clean out their old System Folders without crippling anything. And of course Frakes's experience managing and troubleshooting OS 9 comes in useful here -- he points out classics like Conflict Catcher that users shouldn't be without if Classic is used with any degree of regularity.

Chapter 14, covering maintainence and administration of a Mac running OS X, is also full of sound, reasonable advice. Disk care and repair as well as how to recover lost data and prevent such mishaps to begin with are all covered thoroughly and intelligently in this section, as well the whys and wherefores of backups. Nothing surprising, perhaps, but nothing that should be left out of a decent Mac book, either.

What I Didn't Like
Although this is purely a matter of taste and I'm aware that there are many people who disagree with me, I just don't like Frakes's writing style. I have enjoyed some of his columns in the past, but it seems like his humor falls more than a little flat when stretched out over the course of a book. The alliterative titles were amusing for the first one or two chapters, but "Apple-ication Aptitude" is pushing it just a bit, I think. Although I realize that the first priority of a technical book is not to entertain its readers, exactly, is it too much to ask that it enthuse us? I was already interested in OS X before reading Power Tools, but I didn't find anything to excite me -- how would a new Mac user fare?

My least favorite chapter was probably Chapter 6, "Developing a Dynamite Dock." Despite Frakes's promise to assume that the reader is familiar with the basics, there's still the inevitable trot through the relevant Preference panel. Some good third-party software like Tinker Tool is discussed, but there wasn't anything that surprised me in this chapter.

The Bottom Line
This is a perfectly adequate OS X book, and you wouldn't be wasting your money by buying it. Indeed, if you're already a fan of the author, you should probably do exactly that. For me, though, while it does a decent job of accomplishing the tasks it sets for itself, the book just never quite cuts it for me. The bottom line is really that if I had enough money to buy only a single Mac book, this wouldn't be it. I'd spend my forty dollars (or so) instead on either Mac OS X Unleashed or Mac OS X: The Missing Manual. Frakes actually recommends the latter as an alternative for absolute beginners who would be lost in his own book, but don't make the mistake of thinking it's just for novices. It really is a complete OS X manual, covering topics for users at every skill level. As for Unleashed, I've reviewed this book already (more recently than I have the Missing Manual) so I'll just say that if you want a Mac book so complete that it will introduce you to web programming so you can use that default Apache installation, then that's a book you should consider. While I would prefer either one of these books to Power Tools if I were only able to buy one, it's also true that I'm not sorry to have added it to my collection (since, like most people, I'm not limited to one book per subject).

And Furthermore
Dan Frakes is a generally beloved Mac writer and developer and, my ambivalence about this book aside, his stuff is worth looking into. He contributes to the "Mac OS X Secrets" column in Macworld and is also involved in the 9th edition of the Mac Bible. His personal site is danfrakes.com, and the site for this book is at macosxpowertools.com.

You can purchase Mac OS X Power Tools from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

fadden writes "When a friend of mine recommended this book, I wasn't quite sure what to make of it. I'm an introvert, but I didn't see what good reading about it was going to accomplish. I don't particularly need conversation starters or dating tips, so what's the point? The back cover claims, 'Filled with Aha! moments of recognition. Dr. Laney's book will help millions of introverts understand why they are misunderstood, learn to appreciate who they are, and develop a just-right life in a world where extroverts once ruled.' Sounds like hyperbole, but after reading the book I find myself in agreement." Fadden's complete review of The Introvert Advantage: How to Thrive in an Extrovert World follows; I wonder how true the claim is that introversion is truly hard-wired. The Introvert Advantage: How to Thrive in an Extrovert World author Marti Olsen Laney, Psy.D. pages 330 publisher Workman rating 9 reviewer Andy McFadden ISBN 0761125892 summary What it means to be an introvert, and how to cope with the other 75% of the population.

Most people don't understand what introversion is. I certainly didn't, despite delusions to the contrary. The book begins by explaining what being an "innie" is all about, using a light conversational tone and experiences from the (introverted) author's life. A number of misconceptions are examined and dispelled. For example, introversion is not shyness or a lack of social skills. It's temperament, hard wired in your genetic code, and cannot be altered. To give some flavor to the remarks, examples of introverts from fiction and real life (e.g. Abraham Lincoln, Michael Jordan, Steve Martin) are listed.

The book includes what has to be one of the weakest personality tests ever devised. The goal is to determine if you're an introvert, but it appears that most responsible adults qualify. Some of my clearly extroverted friends got nearly the same scores as introverts. Skip it.

That test aside, the author does an excellent job of reducing the difference between introverts and extroverts to one of energy levels. Extroverts have more energy -- and recharge by being around large groups of other people, while introverts have less, and recharge by being alone or with a very small group of close friends. The very things that energize "outies" will drain "innies," leading to the "party pooper" perception.

One of the strongest parts of the book is a discussion of the physiology of introversion. Differences in the dominance of sympathetic and parasympathetic nervous systems (the "fight or flight" and "throttle down" feedback systems) explain why introverts tend to go through the day at a lower energy level than extroverts. Introverts tend to be less vocal and more "blank", especially when mixed into groups of active extroverts.

The discussion of brain chemistry is equally fascinating: introverts use different neurochemicals for memory, which is why it can take some time (and perhaps REM sleep) for information to fully settle and process. Hence the tendency for great ideas to occur during the morning shower. The chemical mix also explains why the sorts of events that stimulate extroverts can quickly over-stimulate and wear out introverts.

Dealing with Extroverts The second part of the book is about dealing with significant others, children, and co-workers. The first chapter has sections on different relationship pairings (introvert male with extrovert female, introvert female with extrovert male, introvert with introvert). These are insightful and, frankly, would have saved me some grief had I read them a number of years ago. The author gives specific tips for improving communication and understanding in each situation.

The chapter on parenting gives tips on identifying introverted children and coping with them. This will be more useful for an extroverted parent, who perhaps doesn't understand why sitting quietly and reading has such a strong appeal. The chapter also has tips for introverted parents with extroverted kids, who need a little more outward show than the parents are perhaps used to giving.

A section on socializing and small talk is in this section, but such things have been covered more extensively in books on overcoming shyness.

Introverts and extroverts often rub up against one another in the workplace. In the last chapter in this section, the author raises a number of issues and suggests ways to cope with them. For example, introverts tend to immerse themselves in a particular project, and like to work without interruption for extended periods. Intrusions disrupt concentration, and regaining it takes time and energy. Extroverts enjoy the occasional interruption, because it gives them an energizing break and avoids monotony. Both sides expect the other to feel the same way, so extroverts interrupt others with quick questions (which annoys the introvert), and introverts try to avoid interrupting others (which makes extroverts see introverts as aloof). The chapter also discusses participation in meetings, giving presentations, and just dealing with people who "interface" differently.

There are other books on relationships, parenting, and on dealing effectively with others in the workplace. This is not the book that puts all others to shame, but if you're an introvert it covers the essentials.

Living in an Extroverted World The last part of the book discusses strategies for living in a world dominated by extroverts. How to manage your time, schedule your life in a way that won't cause overstimulation, how to re-energize through aromatherapy. There is some good advice here, but nothing really new or insightful.

The author points out that 75% of people are extroverts, and suggests that might explain why the quick-thinking life of the party is idealized. Introverts often have self-esteem problems because they can't be what most of the world wants them to be. The point of this book is to teach introverts why they are the way they are, to show them which aspects of their personality are immutable and which can be changed, and most of all to show that that there is nothing about introversion that requires making excuses.

Much of the value of this book is in the first third, where the psychology and physiology of introversion are treated as an integral whole. Discovering that personality quirks and the desire to ask "how long are we planning to stay at the party" are normal and expected behaviors is liberating. (I'll be launching the Introvert Liberation Front shortly.) The later sections range from "just okay" to very good, but even if you've seen such before it's worthwhile to get a different perspective. Other books -- many of which are listed in the bibliography -- have covered these topics with greater depth or breadth, but the focus on looking at life from an introvert's perspective separates this from most of them.

I highly recommend this book to introverts or to extroverts with an introvert in their life. (If you work in high tech, you're probably one or the other.)

You can purchase The Introvert Advantage: How to Thrive in an Extrovert World from bn.com. There is also a web site for the book, with merchandise, downloadable pamphlets, and discussion forums. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

BanzaiBill writes with the review (below) of Christopher Duncan's The Career Programmer: Guerilla Tactics for an Imperfect World, writing "When this book came out a year ago, I bought it, but was in the middle of massive death march. Frankly, the first three chapters depressed me! It hit a little too close to home. Of course, I wasn't sleeping either, and that turned out to be more important than reading. After a few months of recuperation, I picked it up again. So many of the points this book makes were on the money that I felt I needed to spread the word." Read on for BanzaiBill's review of a book that addresses aspects of programming success not listed on job requirements. The Career Programmer: Guerilla Tactics for an Imperfect World author Christopher Duncan pages 211 publisher Apress rating 9.5 reviewer BanzaiBill ISBN 1590590082 summary A funny, pragmatic guide to successful software development

What's with the title? The Career Programmer: Guerilla Tactics for an Imperfect World is a gem of wisdom in a sea of dry, academic books on the software development process. It seems to mix equal parts of any software process book, Dilbert, and Sun Tzu's The Art of War. The development "process" that most developers find themselves enduring today isn't too dissimilar from the "process" that developers have endured for the life of our industry. Management specifies deadlines before they specify requirements, and frown when programmers start designing instead of immediately typing. There are a lot of things wrong with this, but the problem persists.

For this problem, there is at last a real answer. Duncan, a developer himself, brings the wisdom he's gathered during the course of his career to bear on the problem. Surprisingly, he succeeds. With exquisite humor and wry wit he prescribes remedies for the variety of ailments that beset the software development process. The Career Programmer helps software developers in the areas where they are often weakest, from dealing with the politics of an organization, providing estimates that are real, and coping with the realities of management driven timelines. In short, all of the things you never learn in any school except the school of hard knocks. If you want to avoid the endless death march, have a life outside your job, and gain credibility by delivering your software on time and under budget, this book is for you. This book is intended for software developers of all skill and experience levels, no matter which language or operating system they might use.

The Career Programmer differs from most books on the development process in several ways. First, and most importantly, it is a pragmatic book. There are no pretensions to developing the "one, true process" that is better than all of the rest. It concentrates on strategies that work. Different environments require different strategies, and this book doesn't ignore the impact of office politics on the development process. Many developers already know how to develop software in a perfect world, but few are allowed to gather requirements in sufficient detail, take adequate time for design, develop test plans or any of the other important aspects of development. There are a variety of reasons for this, and this book covers them well.

Second, this book provides much-needed balance to books that focus only on the development process, by reminding the reader why the company they work for is in business. Obviously, it's not to let you play with the latest cool tools, despite the attitudes of many developers I've known. Learning to appreciate what motivates the managers and executives at your company is vitally important if you want to succeed. They pay the bills, and you work for them. That makes them important, even if they can't code a bit. Last, succeeding in spite of your boss sometimes requires you to fly under the corporate radar to be successful. Like any good guerilla, you do your best work when you aren't noticed.

What's in the book? The first section of the book, "Software Development in an Imperfect World," introduces the reader to the realities of the corporate world. For someone just out of college, this section is bound to be a rude awakening. They probably didn't understand why Dilbert is so funny, either. However, there is a lot of information in this section that will be useful for veteran developers, especially those who feel that they shouldn't have to "play politics." Playing the political game doesn't have to mean you stab people in the back, but it sure helps if you don't want to be on the receiving end. This section lays out the issues and problems that are dealt with on a daily basis in many companies. If that sounds depressing, never fear, help is on the way.

The second section of the book, "Guerilla Tactics for Front Line Programmers," examines the development process, step-by-step over the life of a project, and provides useful, practical information on how to succeed in spite of the hurdles placed in your path. The reader is guided through requirements gathering, design, estimation, development and testing with an eye toward fixing the perceptions management often has about the development process. If you can convince the people you work for that it is in their best interest to let you gather requirements, design and test, in addition to writing code, you have achieved a great deal.

The best parts of this book are the chapters "Effective Design Under Fire," and "Managing Your Management." Again, both are practical approaches to real problems. "Effective Design Under Fire" alone is worth the price of the book. This is a tremendously pragmatic approach to the problem of limited time for design. I wish every developer I knew understood the concepts here. Frankly, the approach used in the book can make you look like a guru, both to your coworkers, and to your boss. Simply put, it works. "Managing Your Management" is also very valuable, with an emphasis on learning to speak the language of the folks you work for. Sometimes a good guerilla must blend in.

The Summary Something different than the run-of-the-mill development process book, The Career Programmer: Guerilla Tactics for an Imperfect World will allow you to gain control of your software projects. It provides pragmatic, useful information that will allow you to push your organization toward successfully delivering software on time. Even junior programmers can affect the development process when they follow the guidelines in this book. Chris Duncan's humorous writing style makes this a very enjoyable read.

Table of Contents

1. Software Development in an Imperfect World
2. 1. Welcome to Corporate America
   2. Business Is War. Meet the Enemy.
   3. Good Coding Skills Are Not Enough
3. Guerilla Tactics for Front Line Programmers
4. 1. Preventing Arbitrary Deadlines
   2. Getting Your Requirements Etched in Stone
   3. Effective Design Under Fire
   4. Practical Estimating Techniques
   5. Fighting for Quality Assurance
   6. Keeping the Project Under Control
   7. Managing Your Management
   8. Corporate Self-Defense
   9. Controlling Your Destiny

You can purchase The Career Programmer: Guerilla Tactics for an Imperfect World from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

A few weeks ago, reviewer honestpuck looked at Head First Java , comparing it to O'Reilly's Learning Java, 2nd Edition. Now wcbrown writes with a review that starts on the other foot; he reviews Beginning Java Objects: From Concepts to Code in comparison with Head First Java. Read on for his review. Beginning Java Objects: From Concepts to Code author Jacquie Barker pages 688 publisher APress rating 8 reviewer Bill Brown ISBN 1590591461 summary This introduction to Java centers around a single application and follows it through from concept to modeling to development.

Coming to Java from ColdFusion and ASP has been a long and arduous journey. Those languages lack the strong typing, the formal structure, and the incredible power that Java offers. In the course of grappling with concepts completely foreign to those languages, I have purchased and read many books. I've read Thinking in Java, Java: How to Program, and Java in a Nutshell, all in a futile effort to learn the language in a systematic and useful way. Each book came up short in the teaching department: one covered Java too abstractly, another too concretely. Reading these books' turgid style was a surefire turn-off to the language. After a while, I realized that the problem wasn't totally with me -- that these books were not designed for newcomers to the language.

I then came across two books that changed my view of Java introductory texts completely. Both Beginning Java Objects (hereafter BJO) and Head First Java (hereafter HFJ) take beginner-centric approaches to instruction. They both seem to understand that reading computer language overviews is a necessary evil and that most books fail to connect with their readers. They both take active roles in guiding the reader through Java, though their executions are wildly different.

Two Different Styles The fundamental difference between the two books is teaching style: they're both obviously the products of serious pedagogical thought. BJO's pedagogical considerations are understated, while HFJ's are explicit and pronounced. BJO moves the reader from start to finish on a single project, introducing Java syntax and language elements as needed and largely in the final third of the book. HFJ, on the other hand, divides major topics into smaller units interspersed with pictures, diagrams, and tables in order to break up the monotony.

The effect of BJO is that each chapter builds on the previous one, thus discouraging browsing through the book haphazardly. This was the first computer book that I have read cover-to-cover, though it took me forever to get through at over 650 pages. It starts with an introduction to objects and object-oriented programming. This first section gets you thinking about the concept of objects, gradually working in the seeds of the book's example project, so that you're thinking about what objects you'll eventually need. The second part involves modeling those objects you deemed necessary in the first part using UML. It's by no means a complete guide to UML, but the author wants you to realize that UML is a vital part of the design phase.

The final part introduces the majority of Java syntax and focuses on implementing those objects you've modeled. First, the author works on a command-line version of a university registration system using the file system to persist data. Finally, she implements a GUI version using Swing that still uses the file system.

HFJ, on the other hand, reads like a computer book version of Alton Brown's cooking show Good Eats. Syntax lessons share the pages with funny anecdotes, cartoonish diagrams, silly exercises, and sidebars of various kinds. Some of the jokes and visual aids will make you groan, but they are, by and large, helpful and not too lighthearted. At first, the style seems like a gimmick but you quickly lose that sense of novelty. The book is organized around 17 topics that the authors think are important. Each chapter only marginally builds on the previous, so skipping around is both possible and suggested. The topics range from the common (objects, polymorphism) to the rare (RMI, sockets, exceptions). There's also an appendix that covers briefly 10 items that didn't quite make the cut for the book but were too important to leave out entirely. If I had to characterize HFJ's teaching style, I would describe it as visual.

Which is Better? So they have different styles, which one should you buy? I think that if you have to choose one or the other, you need to evaluate your learning style. Think back to when you learned your last language or important subject. How did you learn it? Did you systematically follow a tutorial? Or did you come up with an application and learn what you needed as you needed it? I would describe the first method as a hierarchical learning style and the second as a visual learning style. There's much more cognitive psychology here that would better inform such casual definition, but that's beyond this review.

For the hierarchical or systematic learner, BJO is the book for you. The author's presentation of an application from start to finish is very well done and the application actually bears a striking resemblance to something that would exist in the real world. The introduction of UML to the design process will warm the cockles of a systematic learner's heart. What's more, the natural progression from one topic to the next will help those learners who need structure and rigor in their instruction. HFJ might strike this type of learner as cutesy and flighty. While it's definitely a more soporific read, you really have a sense that you're learning from every paragraph and page.

The visual learner would probably not get very far into BJO because there's little code to read or practice with until the third part of the book. HFJ is perfect for this type of reader since it encourages flitting about while it entertains your brain into learning. The topics aren't covered as thoroughly as in other books, but that's because the authors are trying to present only what's necessary in order to avoid cranial overload. The book's breezy style makes for very easy reading and I more than once found myself eager with the anticipation I normally reserve for fiction of the page-turner variety. In addition, the book covers some topics, like exception handling, that I hadn't encountered in my introductory Java book adventures and it does so in a very compelling and memorable way. There is an application that is developed over the course of the book, but it's not as well integrated into the book as the one in BJO is. Unlike BJO, this book sometimes leaves you unsure of why you're learning a particular item until later. Often, though, these lapses are addressed in a sidebar they call "There are no dumb questions," but I would have preferred to see more of them.

Anything Left? Neither book, though, is perfect. For example, both books whizzed through some subjects that really deserve more treatment: exception handling in BJO and variable types in HFJ. Also, neither discussed persistence beyond the file system. In the real world, I have a feeling that file-based persistence is one of the least common varieties. I can understand, though, that dealing with JDBC and the like would have increased the lengths of the books as well as their complexity. Finally, neither book did a good job of telling the reader what the next steps in learning Java should be. Java is a huge topic and it is very confusing for the beginner to get a bearing in the Java ocean. Having an expert say "If you're interested in JSP, you should find books on these subjects next, and then these" is of inestimable benefit. Heck, it's even hard to know what areas of Java you might be interested in if your introduction to Java is casual and not demanded by work needs.

BJO omits any mention of unit testing your applications, but I think that's largely a shortcoming of having published the book in 2000. HFJ revels in test-driven development and includes writing a test as the second step of the three-part development process. Each code sample includes a test class and the authors stress repeatedly the importance of TDD. Unfortunately, they don't mention JUnita, glaring omission since the two are practically synonymous. Tests are emphasized but the reader isn't shown how to use them effectively. With the value attendant in a test-first development process, these omissions are of serious concern.

Concluding Thoughts These two books combined make for a very solid introduction to Java. Though they take different tacks, I think the categorization of people's learning style into a simple dichotomy is not realistic. People learn through a variety of means, yes, but often that variety is present in an individual. Reading both books will ensure that your learning style is covered as well as reinforcing the basic principles of good Java programming through repetition. There really isn't enough overlap between the two books to make the reading of them both tedious.

Once you've read these two books (or just one if you're a cheapskate), you should probably consider moving on to Bruce Eckel's Thinking in Java and perhaps finding a good book on JDBC or Java and XML. Eckel's book covers much of the same ground as these two, but there are some sections in his book that you absolutely must read to progress as a Java programmer (or learn them on your own, of course). Where you go after that is up to you and I would recommend a quick survey of the topics at prominent Java Web sites to see what sort of areas are available.

You can purchase Beginning Java Objects: From Concepts to Code from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "In the world of Perl there was once only the 'camel book,' held in perhaps as much reverence as 'K & R' among C programmers. It certainly appealed to roughly the same audience, those who wanted a short, sharp introduction to a programming language. It was with a problem that needed solving and a copy of the camel book that I started as a Perl programmer." Read on for honestpuck's review of another book he regards at least as highly. Learning Perl Objects, References & Modules author Randal L. Schwartz with Tom Phoenix pages 205 publisher O'Reilly rating 9.9 - Cannot find a fault reviewer Tony Williams ISBN 0596004788 summary Perfect book for taking your Perl skills to the next level

Then for those that wanted a introduction to Perl and programming Randal L. Schwartz wrote Learning Perl, a book that has arguably become the definitive textbook for teaching Perl. The one weakness was that it left off before really getting to the guts of building large, complex projects in Perl. It did not cover classes, objects, breaking your code up into pieces or the more arcane aspects of variables, references. For this we had to resort to the last few chapters of the 'camel book' and I, for one, have never really been totally comfortable at this end of the language; when I'm reading someone else's code it might take a couple of reads to fully understand the process.

Now this weakness has been well and truly addressed. Schwartz, with Tom Phoenix, has written "Learning Perl Objects, References & Modules", a volume that takes the same steady approach to teaching you the more advanced topics as the earlier 'Learning Perl'. Schwartz has spent the years since writing 'Learning Perl' teaching and writing. You can tell, this is a superbly written book, not that 'Learning Perl' wasn't well written; it's just that this volume is far better.

The Guts

The book starts with a chapter on building larger programs that covers @INC, eval, do and require before discussing packages and scope. It then has several chapters on references that explains in well understandable fashion and increasing complexity all the ins and outs of references including dereferencing, nested references, references to subroutines and references to anonymous data before a final chapter on references that gives you some incredibly useful tricks such as sorting and recursively defining complex data.

The book continues with three chapters that give you a solid grounding in Perl objects. Here Schwartz has assumed that you know at least a little about object oriented programming, some may feel the need for more explanation of concepts might be required, but if you've had any experience in OOP before then the clear examples and descriptions here are probably all you want.

Modules are not as well covered, with only a single chapter, but it is hard to think of anything left out, it covers using them and building your own so well that it left me wondering what all the fuss was about, "seems obvious to me." The book concludes with chapters on building a distribution out of your module, testing it using make test (with Test::Harness), Test::Simple and Test::More before a chapter telling you how to contribute to CPAN.

Each chapter of the book concludes with a number of small exercises, designed to be done in just a few minutes, that cement the learning of the previous chapter. The answers to these are at the end of the book.

Conclusion

Once I'd finished I felt I had a much more solid grounding in Perl, certainly I was much better able to understand another programmer's code that dealt with such things as subroutine references and some complex data structures. While the subject matter of this book is almost entirely covered in 'Programming Perl' the tutorial aspects of this book made it much easier going. The style would be familiar to anyone who has read 'Learning Perl', light without being frivolous and extremely well written, Schwartz seems a master at reducing complexity to manageable bites.

This book is deceptively easy to follow, each new idea built onto earlier ones, each new language concept introduced in an easy manner. The writing is excellent, it's hard to explain why I appreciated it so much. That may be the reason, the writing isn't forced or heavy or too light or obvious. It just allows the solid material of the book to shine through. Go to the ubiquitous O'Reilly website and grab the example chapter (the site also has a few Errata, the Table of Contents and the code from the book) and give it a look.

I think this may well become a classic, I may well in ten years time talk of Schwartz's books with the same awe I now talk of Brian Kernighan's. I'll certainly eagerly await his next book and keep this one close until it comes. Oh, and Randal, how about 'Software Tools for Perl Programmers'?

You can purchase Learning Perl Objects, References & Modules from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "The Missing Manual series has been around for quite some time, but I have never felt the need to buy one until I started doing some serious work with iPhoto. iPhoto 2: The Missing Manual was a good volume to assist." Read on for the rest of honestpuck's review. iPhoto 2: The Missing Manual author David Pogue, Derrick Story, Joseph Schorr pages 336 publisher O'Reilly/Pogue Press rating 8 reviewer Tony Williams ISBN 0596005067 summary An good guide to iPhoto2 for beginner to intermediate users

One of the things I like about Apple's iApps is that they hide a great deal of complexity behind a simple interface; they do indeed make the complex simple. The drawback to this is that I often find myself ignoring the more powerful aspects of the application and never using it to its full. It was here that the Missing Manual came to my help.

The target audience for this book would probably be a little less technical than myself or the average Slashdot reader, however when I find myself in a field I don't understand well I don't mind a little stuff for the absolute newbie. This book has an entire first section that deals with photography and digital photography in particular that may be a total repeat for some, I found it a welcome reminder of how to get a good photograph along with some extremely useful hints about the new technology and choosing a camera. It covers such topics as composition and lighting for a host of different situations such as landscapes, night, portraits, children and sports.

It then goes on to a section of similar size on the basics that covers getting the photos from your camera to the Mac, organising the photos using albums and keywords and then editing your shots.

A third section covers the various ways of publishing and showing your photos such as printing, CD, and web pages, and a final section with some tricks and tips on things like managing your libraries. There are two appendices: one very useful troubleshooting guide, and a menu-by-menu look at iPhoto 2.

I particularly appreciated the thorough treatment of how to get the most out of iPhoto when printing photo books and creating web pages in the third section; it was here that I really discovered how little I knew from just 'playing' with the application. The book is peppered with useful information and tips that take you beyond the level that most of us discovered when we ran and used the program. The authors have also provided some marvelous explanations of what is going on, the "why" as well as the "what."

The book is well written with a readable, light, almost witty style that somehow deceives the reader as to the depth of the material being covered. It is only when I reflected back on how much the book taught me that I realised how well it had done the job.

O'Reilly have their usual web page for the book with a sample chapter, Table of Contents and Index. Pogue Press have a neat idea - they have a page that features all the software mentioned in the book. A neat idea that I liked a lot.

In conclusion, I would recommend this book to everyone who is serious about digital photography on their Mac. If you have used iPhoto for a long time you may think the book a waste, but I'd be surprised if even long-time users didn't get their money's worth out of this book. I much preferred the style of this volume to IDG's iPhoto 2 for Dummies , the only other real competitor for this volume was iPhoto 2 for Mac OS X: A Visual Quickstart Guide , and that is a shorter volume with less depth and less advice for photography and nothing on the camera technology, though I think Engst's writing seems a bit clearer at times.

I wouldn't buy a "Missing Manual" for every iApp or the operating system, but if you take the slogan for the series seriously, "The book that should have been in the box" (for the box is entirely devoid of books), I think they are a marvelous help for becoming a true 'power user.'

You can purchase iPhoto2: The Missing Manual from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.