Slashdot Mirror

McSnarf writes "What is CUPS, anyhow? And does it make sense to buy a book about a GPLed piece of software? CUPS is an acronym for Common Unix Printing System, software that was written to replace the rather powerless printing system found in Unix and Linux. If you run any current Linux distro, the chances are that you already use CUPS for printing." That being the case, read on for McSnarf's review of Michael R. Sweet's book on the topic. CUPS - Common Unix Printing System author Michael R. Sweet pages 650 publisher SAMS Publishing rating 10 reviewer McSnarf ISBN 0672321963 summary More than just a complete reference to CUPS

Background Information CUPS is developed and maintained by Easy Software Products, which is co-owned by the author of the book, Mike Sweet.

The complete table of contents for CUPS - Common Unix Printing System, aka "The Octopus Book" can be found here. The CUPS web site also contains errata lists and example code. In addition, Easy Software Products sells a companion CD for the book, only available on their web site.

Who should read it? If you do not use a printer with Unix or Linux, or if you do and you are perfectly happy with the results (maybe because the distro came with all the right stuff pre-installed), this book is not for you.

However, if you are serious about printing, if you are considering replacing the outdated legacy printing system that came with your Unix or Linux or if you are a developer even remotely interested in Linux/Unix printing, this book is for you.

Did I mention that the Octopus Book is also very helpful when it comes to understanding IPP, the Internet Printing Protocol? If you tried to read through all the RFCs on IPP out there and managed to understand IPP afterwards -- congratulations! I tried that, failed, bought the Octopus Book and finally understood.

How will it help users and admins? This book will show you how to install, administer and use CUPS. While the documentation that comes with CUPS is very good already, having everything in one handy package has its advantages, especially as the book goes into more detail than the on-line documentation. In addition, this book will explain to you in great detail how to extend CUPS. If you've ever wanted to be able to directly print some rather unusual file type -- or need a mechanism to create PDF files and email a copy of each PDF whenever you print them to a certain printer, this book will tell you how to do that.

Anything for developers? Sure. Complete API documentation with loads of example code. Everything from "How can I add good printing support to my application" to "How do I write a printer driver?" is in there. Likes and dislikes Of course, no book is perfect. This book comes close, but you should know that a lot of it is already available for free on the CUPS web site. It also lacks details on how to rip the old printing system out of your legacy Unix -- but if you've got root, this is something you should know anyhow.

Another thing - it is not as funny as Terry Pratchett. But I can live with that.

As you might have noticed, I really like this book. It definitely made my work much easier -- I work for a manufacturer of (among other things) large printers and this (by now well-worn) book has been granted dedicated space on a very crowded desktop.

You can purchase CUPS - Common Unix Printing System from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ollyg writes "Exim is a mail transfer agent that can be run as an alternative to Sendmail on most Unix and Unix-like systems. At my organization we use it to relay around half a million messages per day, although it's suitable for many other types of installation including those with local delivery, and far larger (or smaller) ISPs." Ollyg reviews here the official guide to Exim's current release, which weighs in at a hefty 621 pages. The Exim SMTP Mail Server: Official Guide for Release 4 author Philip Hazel pages 621 publisher UIT Cambridge rating Recommended reviewer Oliver Gorwits ISBN 0954452909 summary A thorough guide to the configuration and deployment of Exim v4.x

A bit of history, first. Exim is currently in its fourth version, and is developed by Philip Hazel at the University of Cambridge Computing Service. The third release was accompanied by an O'Reilly book, also written by Philip, but there were enough fundamental differences that this release warranted its own volume. And what a book: more than 600 pages straight from the horse's mouth (as it were); you can't go wrong.

The structure is flat, being twenty-two chapters and two appendices long, but I'd say there were three main acts if you take it cover to cover. Philip begins with five chapters that introduce the reader to Internet mail, Exim, and some rudimentary runtime configurations. There's nothing to fear here, as the text is beautifully self-contained, covering topics from the DNS to routing lookups. As Exim's runtime configuration is both flexible and easy to read, the quite technical examples given early on can be understood without flicking to and from other chapters in the book.

The next four chapters cover in a rather succinct manner the parts of Exim that route and transport your messages. By this point you should have a grasp of the philosophy and design of Exim, which allows Philip just to give you the details. This section does feel most like a reference manual but I'm not sure there's another way he could present the information without confusing the reader. The remainder of the book covers each of the Big Features of Exim, one per chapter. I'm guessing that Philip just kept on writing until he ran out of features, rather than time or space! These chapters feel far more like the heart of the book, and the author treads a fine line between thorough process description and distracting technicalities. The two appendices cover regular expression syntax and special variables (both being available to Exim's configuration).

The book would be ideal if, for example, you manage a mail system on your own and don't have a great deal more admin experience close at hand. Its great strength is the vast number of scenarios that Philip has thought up; it seems that if you can think of something that you want the application to do, it'll be in there somewhere. At my site however we do have a good number of people who are familiar with Exim, so armed with a copy of the (equally well written) reference manual we can usually get along just fine.

Those expecting the chatty, irreverent style of an O'Reilly text may be in for a disappointment. Philip writes in a clear, precise manner, and obviously knows the subject matter (literally) inside-out; but there's no messing around and you have to be committed to learning about the subject in question. Having said that, I don't want these last two paragraphs to put you off. If there's even a whiff of a chance of you having to come into contact with Exim or its runtime configuration, then I can do nothing else but strongly recommend this book. The detail's there in spades, it reads very well, and is a fine complement to the reference manual.

For more information, see also the Exim home page, as well as this book's website. You can't yet purchase the book from American retailers, though if you're in a hurry, bn.com stocks the previous version. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Eric Stats writes: "At one point in the not so distant past, Intrusion Detection Systems (IDSs) were network security applications reserved for Fortune 500 companies with enough IT budget to fork up the Big Dollar, or hard core packetheads willing to grep through tcpdump or shadow output. Over the past few years, a new pig on the block, Snort, has put that notion to rest. Instead of having to spring for hundreds of thousands of dollars for a feature-rich, state-of-the-art, IDS; open source fans now have an IDS that meets and beats most of the performance benchmarks and features of commercial, closed source IDSs. Jack Koziol's new book, Intrusion Detection with Snort, presents a comprehensive guide that those either novice to, or richly experienced with, the field of Intrusion Detection can use to get up to speed quickly on Snort." Read on for Eric's review. Intrusion Detection with Snort author Jack Koziol pages 400 publisher Sams rating 9 reviewer Eric Stats ISBN 157870281X summary Handbook on the open source Intrusion

What Koziol implies throughout Intrusion Detection with Snort, but never states outright, is that Snort holds an inherent advantage over closed source IDSs, in that the IDS itself can be tailored and customized for each individual deployment to a level not possible for closed source competitors. If you have had the displeasure of working with a rigid, uncustomizable, IDS you already know where this is going ...

In order for an IDS to be effective, or in some high-bandwidth cases, even usable, detailed network and business context must be applied to the IDS. In a nutshell, IDSs are not as plug-and-play as firewalls or other security applications. For example, if you know you are not running any HTTP traffic on the segment where the IDS is sniffing, you may not want your IDS to waste cycles looking for attacks on Apache. On the other hand, you may feel that the mere presence of HTTP traffic may indicate something innately suspicious, so it is of value to watch for any HTTP traffic. It all depends on what you feel are legitimate threats to the network you are attempting to protect. Snort gives you the power to "watch" for specific attacks, protocol anomalies, or other chatter that has no legitimate business running on your network. Other closed source IDSs don't, or can't, have the same flexibility. Only Snort can implement something as detailed as "Send a page to the CISO's phone if this particular subnet attacks these Apache servers with the chunked encoding exploit."

With Snort, novices can easily write attack signatures (called rules) enable or disable specific protocol decoders, and detect advanced attacks such as exploits utilizing polymorphic shellcode. Without this level of flexibility, you are likely to be flooded with alerts that are not relevant, or, even worse, miss an actual attack that causes irreparable data loss.

Like many open source applications, Snort's biggest downfall has been documentation. Who wants to write boring user manuals when he can write code, right? Well, that's all fine and dandy for Snort developers, but folks that want to actually use all of the neat features can't, unless you tell them they are there, and how to use them. Intrusion Detection with Snort bridges this gap, and offers a clear, concise, guideline that helps plan, implement and maintain Snort-based IDS.

Another oft-cited problem with Snort that Intrusion Detection with Snort addresses is the lack of Snort features that are not directly related to intrusion detection. In essence, Snort's developers have concentrated on creating the world's best application for detecting unauthorized activity, and left everything else to other applications. If you want to organize and manage the alerts generated by Snort you have to use another application (ACID). If you desire alerts via email or pager you need another tool (swatch or syslog-ng). If you want to centrally manage attack signatures for multiple Snort installations, guess what? You need another tool (IDS Policy Manager or SnortCenter). Finding, installing, and getting all of these tools to work right can be frustrating, so Koziol walks us through these issues, and in the end we have an IDS rivaling the expensive commercial solutions.

On to the nitty-gritty of the book. Essentially, this book is organized into logical three sections, even though the author did not choose to make these demarcations in print. The first section introduces us to intrusion detection in general and features of Snort. The second section is a detailed installation guide, which walks through setting up and installing the various components of a distributed Snort setup. The final section focuses on post-installation and maintenance tasks, as well as advanced topics.

In the first section, the different breeds of IDS (Host and Network) are honestly presented, Koziol acknowledging in great detail some of the major shortcomings of IDS technology. The book then moves to describing Snort in great detail in an unbiased fashion. Other books on this subject written by Snort contributors are less forthcoming with Snort's disadvantages. The inner workings of Snort (such as packet decoders and libpcap) and the largely undocumented preprocessors are described in detail, giving tons real world examples. The examples are somewhat current, and describe exploits commonly found 6-18 months ago. Although the actual exploits found in the wild may change over time, the strategies for discovering them with Snort should remain relatively constant. The book then moves into the activities required in planning for a Snort-based IDS installation. Some of this is common sense for experienced security practitioners, such as establishing an incident response plan (the "Oh shit, I've been hacked, what do I do now!?!?"), but is relevant for novices. Other topics introduced in this section are:

Sensor placement: where to place an IDS from a network design perspective for maximum benefit.

Inserting a sensor into an in place network: covers using taps, span ports, and dedicated hubs.

Specific hardware and OS considerations: basically, why a flavor of Unix is best for Snort.

Creating a unidirectional sniffing cable: allows network traffic to flow in a single direction, minimizing risk to an IDS segment.

The second section is a detailed guide to building a distributed or 3-tiered Snort IDS. Getting the three components, the sensor (where Snort is actually installed), the server (database, alert management, and reporting server), and the analyst console (secure place to access other components and store config files and scripts) up and working on Linux takes up the bulk of this section. The analyst console chapter walks through the ever-popular Analysis Console for Intrusion Databases (ACID). Attention is paid to configuring a secured setup that encrypts traffic between the various sensors, servers, and consoles. Various packages and tools are described, as well as condensing all of the Snort tiers onto one physical box. Installing and configuring on Windows is covered as well, although this choice of setup is not as thoroughly explained as the others. The third and final section picks up where most books that deal with a specific application or software package too often leave off, namely, keeping the damn thing working. A chapter is dedicated to tuning Snort, and what thresholds can be configured to maximize benefit and performance. Getting real-time alerting via email working with ancillary tools, is covered in a dedicated chapter. Developing a targeted ruleset (a set of automagically generated signatures that will only detect attacks that have the potential to be successful) using a custom shell script is described.

A very important topic in Snort administration, writing custom rules (attack signatures) gets its own chapter. The syntax for creating rules is clearly described, followed by concrete examples. The book works through writing rules by reading through raw packet captures (last year's Slapper worm is a particularly good example). This is followed by upgrading and managing rules, which is highly useful if you have a number of Snort installations to manage. Finally, Intrusion Detection with Snort closes with a chapter on advanced topics. The advanced topics chapter primarily covers the latest fad 'Intrusion Prevention.' Snort can be made into an IPS device via packet scrubbing or shunting. For packet scrubbing, the Snort Inline patch is used and the box is placed in between a trusted and untrusted network, dropping packets that match specifically created rules. Shunting is accomplished with SnortSam, which basically sends a request to a border router or firewall to block an attacking IP address for a predetermined period of time.

Overall Jack Koziol's Intrusion Detection with Snort is a viable text for learning Intrusion Detection with the worlds premier open source IDS, even if it is light on diagrams and pictures, but it still comes highly recommended from this reviewer.

You can purchase Intrusion Detection with Snort from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "I've seen a fair number of books for OS X and they range in target audience from the raw beginner such as Mac OS X for Dummies and Robin William's Mac OS X Book through to those for technical readers such as Mac OS X In A Nutshell (IAN)." Read on for honestpucks' review of the new edition of Todd Stauffer's Mastering OS X. Mastering Mac OS X (2nd Ed.) author Todd Stauffer pages 804 publisher Sybex rating 7 reviewer Tony Williams ISBN 0782141188 summary Good guide to OS X for intermediate beginners to intermediate users

Mastering Mac OS X falls firmly in the middle. Unlike IAN it spends a fair amount of time on the GUI and a major section is devoted to QuickTime and the iApps. Unlike Robin William's volume it covers high end topics such as AppleScript and the terminal and has a good section on troubleshooting. One thing lacking that I applaud is that it does not have IAN's large chapter summing up Unix commands.

The Good

The book is well structured, divided into 7 sections, 5 of increasing complexity, 'The Mac OS X Basics', 'On The Internet', 'Multimedia: Images Sound, Video', 'Networking, Coonectivity and Portables' and 'Advanced Mac OS X topics' - which covers AppleScript, the Terminal, and various servers including QuickTime, Samba and Sendmail. These are followed by a hardware and troubleshooting section and finally the appendices. The index is good and it has the by now traditional two level table of contents, the first listing just the chapter heads and the second listing all the sub sections as well.

Given that structure, the book touches all the bases and covers all the required topics well.

The writing is not bad, I think a stronger hand with the editing would have done wonders as it tends to the wordy.

The Bad

Once again a certain amount of the early stuff is either below the needs of the target audience or not really required. Oh, and Sybex do have a page for the book which includes a Table of Contents, sample chapter, index and errata but get a load of that URL and the author has a web page for the book but he hasn't touched it in over a year, since before this second edition was published.

Conclusion

It should be said that among all the books in this genre none are badly written, or badly structured. Personally I don't like the style of the 'Dummies' books and so I put it at the bottom of my list but others may not have the same feeling. That said, how do you choose among them? The choice boils down to two things, how close you are to the target audience for a particular book and how well it addresses the target audience. Mastering Mac OS X is targeted at "intermediate beginners (those who have some experience with a graphical operating system) and solidly intermediate to advanced users" according to the Introduction. I think that it covers the needs of the first group well but will probably fall short if you are already an "advanced user." For these people I'd recommend Mac OS X In A Nutshell. If you are a total newbie, then I'd recommend Robin William's Mac OS X Book.

You can purchase Mastering OS X from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Scott Abel writes: "If you are even considering a content management system for your organization, you owe it to yourself to read Managing Enterprise Content. The book is perhaps even more important to those of you who find yourselves in the midst of a content-management nightmare today." The goals here include saving money, time and effort in creating and using information (everything from Web content to help-desk troubleshooting scripts), and the book is not only suited to corporate environments -- read on for the rest of Scott's review. Managing Enterprise Content: A Unified Content Strategy author Ann Rockley, with Pamela Kostur and Steve Manning pages 592 publisher New Riders Publishing rating 10 reviewer Scott Abel ISBN 0735713065 summary Provides the concepts, strategies, guidelines, processes, and technological options that will prepare enterprise content managers and authors to meet the increasing demands of creating, managing, and distributing content.

The authors, Ann Rockley, Pamela Kostur, and Steve Manning, make the case for their "Unified Content Strategy" -- a practical and logical way of researching, planning, preparing, testing, implementing and selling content management across an enterprise. The lessons contained in this easy-to-read volume are not lost on smaller organizations, however; departments, small work groups, even individuals, will also benefit from learning innovative ways to effectively create, use and manage content.

The author's main message is that a well-planned "unified content strategy" can provide a dramatic improvement in the way content is created in an organization. A "Unified Content Strategy" is defined as "a repeatable method of identifying all content requirements up front, creating consistently structured content for reuse, managing that content in a definitive source, and assembling content on demand to meet your customers' needs." According to the authors, improvements that result from implementing such a strategy include "increased quality and consistency and long-term reduced time and costs for development and maintenance. In addition, reuse provides support for rapid re-configuration of your content to meet changing needs."

Of particular importance, the authors provide guidance on selecting a strategy before you get started; they explain their Unified Content Strategy, the importance of single sourcing (write it once, use it often), and how a properly planned content management initiative can help your organization deliver the right content to the right people at the right time in the format they desire. The authors also cover topics including: information modeling (the key to content reuse), content analysis, usability, IT and Business partnerships, metadata strategies, the importance of XML, tool selection, change management, training and more.

Section one of the book includes three chapters that address content creation, content reuse, and the return on investment a Unified Content Strategy can provide content-laden organizations. The authors set the stage for the introduction of their methods in Chapter One, "The Basis of a Unified Content Strategy," by illustrating the demons involved in what they call, "The Content Silo Trap" -- a common situation in which content is created by authors working in isolation from one anther, oftentimes re-creating the same types of content over and over again for different purposes (e.g. print, web, online help, marketing collateral, call center/help desk, computer-based training, etc.) The authors say content silos negatively impact the bottom line of any organization because they don't promote collaboration, leverage existing content creation activities, nor do they support the overall goals of the enterprise. Far too often, according to the book, silos create inconsistency, inaccuracy, and costly, unnecessary content re-creation expense. By adopting a Unified Content Strategy, organizations can enjoy faster time to market, reduced costs, improved quality and usability of content, improved workplace and customer satisfaction, as well as unique opportunities to innovate. Each of these topics is explored in the chapter with examples sprinkled throughout the book.

Chapter 2 describes, in detail, the "Fundamental Concepts of Reuse." It's an excellent chapter for those attempting to better understand the content their organizations create and how content re-use can help streamline the content creation process. The authors explore why you should re-use content, who's been doing it and why, as well as the two types of content reuse -- opportunistic and systematic -- and the benefits and drawbacks of each. Examples are provided for these methods in addition to a description of circumstances where reuse may not be appropriate. The entire chapter is available for download.

Chapter three, "Assessing a Return on Investment," helps readers determine the anticipated savings realized by adopting a Unified Content Strategy. A discussion of how to quantify and qualify the goals of such an effort are discussed, and information is provided to help you start assessing your actual costs (training, technology, consulting, lost productivity, etc). If you've got to sell your project to upper management and demonstrate potential ROI, this chapter is an excellent starting point. Don't overlook the section on developing metrics -- it's extremely useful.

Section two, "Performing a Substantive Audit: Determining Business Requirements," is a four-chapter compendium of information designed to help you establish where the content pains are in your organization and how you can address them. Chapter four and five help readers identify and understand their "content lifecycle" (to determine where improvements can be made to your existing processes) and chapter six, "Performing a Content Audit," seeks to help readers gain an "intimate understanding" of the nature and structure of the content to be managed. The authors describe how to perform a content audit, and provide several excellent examples of the process using scenarios that many readers will understand (medical devices, consumer electronics, banking institutions, learning materials). Instructions for building a reuse map -- a tool that identifies which content elements are reusable, where reuse would be beneficial, and whether the content would be reused "as is" (identical reuse) or with modification (derivative reuse) -- are provided. This section will not be lost on IT pros who have been using object-oriented programming reuse strategies for years. However, managing content is not the same as managing code. Content appropriate for public consumption has some unique considerations that the authors discuss in detail. Practical examples will help you think through content issues you may not have considered before.

Chapter 7, "Envisioning the Content Lifecycle," examines requirements gathering by using two fictitious companies as examples. A series of tables and explanatory text is provided to help readers better understand how to tie requirements to a return on investment. Readers are encouraged to use the exercise as the basis for designing improvements to your business processes and tool selection. In many organizations, IT departments are ill-equipped to develop solutions that address content lifecycle issues because IT staffers don't fully understand issues affecting content creation, management, publishing, archiving and translation. The authors attempt to shine light on this issue by exploring the importance of involving a team of subject matters experts, users, clients, etc. to help ensure the requirements gathered will help create new and improved business processes. The lesson: There's no sense automating a bad business process.

Section three tackles the issue of design by introducing the concepts of information modeling, metadata, dynamic content, workflow and implementation. Each chapter is jam-packed with real-world information and examples that simplify the concepts presented. Of particular interest is Chapter 8, "Information Modeling," which helps readers understand the significance an information model plays in the formalizing of content structure, and the subsequent creation of DTDs and schemas. As well, Chapter 9, "Designing Metadata," does an excellent job of exploring the role metadata play in labeling, categorizing and describing content, thereby enabling organizations to provide dynamic content to users on demand. This chapter is also available online. Visit "A Metadata Primer" at CMSWatch.

The remainder of the book discusses objectively the tools and technologies you can use to support a Unified Content Strategy. Such familiar topics as Extensible Markup Language, selecting tools, and evaluating vendors are discussed, as well as various authoring, workflow, and delivery systems -- necessary parts of any content management initiative. The book gives equal coverage to collaborative authoring, change management, implementation challenges and transition planning, although the authors admit they aren't able to cover each topic in as much detail as some readers might desire. Readers will need to seek out additional resources for such information. A useful glossary of terms, an extensive bibliography, and several appendices are also provided. Appendix A is a "Checklist for Implementing a Unified Content Strategy"; Appendix B explores the issues affiliated with "Writing for Multiple Media"; Appendix C examines vendors and their products; Appendix D includes a "Tools Checklist"; and Appendix E explores "Content Relationships."

The book could be improved by lengthening some examples, and by providing a few more case studies (although they are admittedly hard to obtain in such a new arena). As well, the book publisher should have abandoned their table structure for one that would better accommodate the information provided. However, providing access to a companion web site is a great idea that will allow the authors to provide additional information to readers when issues arise that are not discussed fully in the book.

Regardless of your particular situation, if you've got an interest in content management, I highly recommend Managing Enterprise Content: A Unified Content Strategy as well as the book's companion web site. The site provides a solid overview of the strategy, a free chapter from the book, a Return on Investment (ROI) calculator, glossary, white papers and more. The content on this site is extremely useful and is indicative of the quality content found in the book.

Scott Abel is a content management strategist who assists his clients in planning and preparing for content management initiatives. Scott is a frequent presenter at industry and professional service seminars, an instructor at Indiana University Purdue University at Indianapolis Community Learning Network, and vice president of the Society for Technical Communication (STC), Hoosier Chapter. You can purchase Managing Enterprise Content: A Unified Content Strategy from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael Palmer writes "OK, how well you know HTTP? Here's a pop quiz: QUESTION: Did you know that the Keep-Alive header was valid in HTTP 1.0, but has been deprecated in HTTP 1.1? A) What does "deprecated" mean? B) What is the "Keep-Alive header?" C) That's too bad - I kind of thought Keep-Alive was handy! D) Get with the program... HTTP 1.1 came out in 1999. The Internet boom is over already! Persistent connections are the default in HTTP 1.1 anyway." Answer (not necessarily your answer) and the rest of Palmer's review follows. HTTP: The Definitive Guide author David Gourley, Brian Totty pages 656 pages publisher O'Reilly & Associates; 1st edition (September 2002) rating excellent overview, plus detail in core areas reviewer Michael Palmer ISBN 1565925092 summary An overview of HTTP and related topics

OK, so I answered "C". I am going to make bold the claim that HTTP: The Definitive Guide, the long-awaited O'Reilly book on HTTP is ambitious enough in breadth and depth that if you answered "B," "C," or "D," you will find this book useful and informative. This is primarily due to clear organization of the book, as well as its friendly (even chummy) writing style.

Even if you are a technically-inclined sort from the Marketing department, and answered "A," you could get a good technical overview of the plumbing of the Web by skimming through this book; plus, having any O'Reilly book on the shelf in your cubicle would score you some street cred with the guys sitting over in Development -- this could be the one you've actually read. :-)

Breadth Unless you answered "D," HTTP is more complicated than you think. This is especially true if, as the authors of a good technical book should do (and these authors do), one spends some time touching on matters one level down (to TCP/IP, and other areas, in this case), and one level up (to HTML, generally, in this case). Because the authors are particularly concerned with HTTP performance, details of the interactions between HTTP and adjacent levels can be important.

The book is divided into five main sections: 1) an overview of HTTP, URLs, and connection management; 2) HTTP Architecture, including Web servers, proxies, caches, gateways, tunnels, robots; 3) Identification, Authorization, and Security; 4) Entities, Encodings, and Internationalization; 5) Content Publishing and Distribution, including hosting, publishing, load balancing, logging. So, even if you classify yourself as a "D," or even if you are hacking on an extensible open-source router software platform (in that case, you are an "F"), you will find yourself pulling this book from the shelf from time to time to check on something in one of these areas. The modular organization of the book is good.

The full Table of Contents is available on line.

Depth One (unfortunate?) thing about the Web is that its "architecture" (if you can even call it that) evolved and grew piece by piece. The design goals people had in mind back in 1993, or even in 1999, have been blown away by what has happened on the ground. Inter-company politics have also been a big factor -- never helpful for promoting standardization, or sound design. (Perhaps another problem has been the lack of an O'Reilly book on HTTP to tie everything together!) Hence, not only do you have a confusing mass of obsolete and/or overlapping specifications documents, you also have major differences between how different browsers, servers, and proxies adhere to these specifications in practice. This is one place the book shines: sprinkled throughout the pages are little tidbits about compatibility or performance pitfalls, gleaned from much practical experience. (The authors were some of the architects of Inktomi's Traffic Server "enterprise class" Web cache. Think "proxy caching for all of AOL's Web traffic.") As one example: "Technically, any Connection header fields (including Connection: Keep-Alive) received from an HTTP/1.0 device should be ignored, because they may have been forwarded mistakenly by an older proxy server. In practice, some clients and servers bend this rule, although they run the risk of hanging on older proxies." I can just imagine the series of bug reports leading to the inclusion of that piece of advice in the book. There are many other such warnings and bits of advice, generally aimed at HTTP application developers, often with an eye to performance tuning.

Here again, appropriate depth of discussion for a variety of readers is handled by clear organization of the book. The basic background material is laid out, and as the authors dive deeper into detail they may make a suggestion like, "If you are [not] writing high-performance HTTP software... feel free to skip ahead." Then, at the end of every chapter, there is a section labelled, "For More Information," which is a collection of relevant references and links, for those who want to dig into the source documents themselves.

Cautions This book review is addressed to the Slashdot crowd, a very technically savvy audience, so it's appropriate to mention what this book is not. It's not a detailed technical reference on all the topics mentioned in the table of contents (above); it would be tough to fit all that material into the book's 650-plus pages. However, the book is a good overview of HTTP and many related topics. The book does dip down into the grungy detail in many areas, but this won't be your only reference if you are a Web application developer.

Conclusion Overall, this is one of the more accessible O'Reilly books I own. In addition, while experts will certainly seek out greater depth in their particular area of expertise, few people are expert in the whole range of topics related to HTTP that this book covers. In addition, the book provides many tips drawn from practical experience, and references to more detailed material. HTTP, if not the heart and soul of the Web (perhaps that is Web content itself), could perhaps be called the Web's circulatory system. If you have a professional interest in Web content distribution, or Web application development, I believe this book deserves a spot on your shelf.

You can purchase HTTP: The Definitive Guidefrom bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes with the short review below of Sams' PHP and MySQL Web Development, 2nd Edition, which he says is aimed at "someone who has programmed before needs to know about both PHP and MySQL," and a good book for the intended audience. Read on for his thoughts on the book. PHP and MySQL Web Development author Luke Welling & Laura Thomson pages 815 publisher Sams rating 9 reviewer Tony Williams ISBN 067232525X summary New edition to for an excellent guide to PHP and MySQL

There is a good review of the first edition of this book here on Slashdot. For this second edition, I would add that Welling and Thomson have updated extensively and improved slightly a book that may well be the classic text on the topic.

PHP and MySQL are probably the most pervasive add-ons to Apache web servers across the web. Certainly they are both easy to acquire and common on a large range of web hosting systems, including several extremely low-cost ones. They also fit together extremely well.

This book demonstrates just how well. It starts out with a quick course in PHP (OK, 160 pages is hardly quick but it seems to move along at a good pace), follows it up with a brief look at MySQL before a short digression on E-commerce leads into building authentication and secure systems with the two tools (a marvelous place to start when you're thinking about commercial-grade web systems).

Then, after some more on PHP, the final section covers some large projects, a shopping cart, email service, mailing list manager and web forums. The final chapter in this section is new for this edition and covers XML and SOAP.

The new edition has been updated extensively. All scripts work now perfectly in PHP 4.3

I like this book a great deal. Even after a fair amount of time with the previous edition I still find it useful. It is well structured for finding what you need, well written, and has few typos. (Though there are still some, including ones in code examples -- when will authors learn to work straight off running code into the manuscript and keep godforsaken editors away from it? Brian Kernighan managed it twenty-five years ago.)

This would not be the best book if you had little programming experience, nor would it be the best book if you had a fair amount of PHP experience.

You will want to have some program design experience and preferably some experience with database design as these are given short shrift. The book also lacks examples and discussion of some of the less database intensive parts of PHP and some of the more obscure tasks you may need to perform. It covers what someone who has programmed before needs to know about both PHP and MySQL while informing on methods of using both to build practical and sturdy web applications. If that sounds like the book you want then I heartily recommend this volume to you.

You can purchase PHP and MySQL Web Development from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

iConrad writes "I first found this book on EDN which described it by saying, 'It collects many ideas about what nanotech is doing and has the potential to do without the breathless hype.' I've read the Drexler books and pretty much everything else I can find about nano, so I already know that nano will save the world, replace humanity, etc., etc. (Sigh.) What I didn't know (and I think this book really told me) is what nanotechnology really is, what it is doing right now, what it will mean for businesses, and why I should care." Read on for the rest of iConrad's review. Nanotechnology: A Gentle Introduction to the Next Big Idea author Mark Ratner, Daniel Ratner pages 188 publisher Prentice Hall rating 9 reviewer Conrad ISBN 0131014005 summary A (mostly) non-technical introduction to nano

In other words, I started this book very skeptical, but it convinced me. I don't know how many of you have heard of Mark Ratner, but he is credited with being the first to speculate on using individual molecules as components in electronic circuits back in 1974. If you read about molecular electronics now (or go to any moletronics conferences) you'll see his name come up constantly. He is also associate director of the nanotech institute at Northwestern University, the first dedicated nanotech center in the country. This is not like reading a lot of the books out there - he really knows his stuff.

The book starts with a general introduction, talks about hype, nanobots, and the big budgets that are out there for nanotech research. It opens a lot of questions, including ethical issues and a little bit of skepticism which I think is very healthy for a science which promises a lot, but has yet to truly distinguish itself.

After the introduction, there is a chapter which gets to the heart of matters -- it explains that nanotech is not just the ultimate level of miniaturization, but that it is special since it is at the interface of bulk properties, quantum properties, and the key elements in life processes (such as DNA). It also sets the stage for the heart of the book -- chapters on tools for the nanosciences (ever wonder why nano wasn't real until now even though Feynman started talking about it in the 1960s?), a grand tour which will quickly dispel any illusions that nanotechnology is all about nanobots a la Bill Joy and Star Trek, and chapters on smart materials, biomedical applications, sensors, optics, and electronics. There is also recap of some basic science, but not many Slashdotters will need that.

While the hype may not be breathless, these chapters left me that way. What the Ratners discuss is real, in context, and discussed intelligently and thoughtfully. They gave me enough science to explain what they are talking about but not enough to distract me and they include a dash of some appropriately wry humor to lighten things up. There are illustrations throughout and a color inset in the middle. The illustrations are clearly from lab work -- their quality varies significantly, but I found them very useful indeed.

One of my favorite aspects of the book is the sidebars -- there are sections on DNA computing, quantum computing, swarm computing, nanotubes, lab-on-a-chip, and other applications. These are short, sweet, and, as always, to the point.

The book ends with two chapters on business and ethics. Unlike most nanotech books I've read, there was some substantial thought here. Ethical issues such as intellectual property concerns as well as health issues were treated at some length. The book doesn't come to conclusions on these points -- it attempts to present a balanced discussion and actively encourages readers to enter the debate. The business section was obviously written by someone who lived through the dot-com bubble (I'm guessing this was Mark's coauthor, Dan). Some of the points were obvious, but the analysis for investors is something well worth reading (attention VCs!) and again, the authors set the sights at a reasonable level. They point out that there are fortunes to be made, but not by accident. They also make some predictions about where the money is.

My only complaints about this book were that a few of the pictures were not of ideal quality, and that the companion web site wasn't very exciting (though they promise to update it.) All in all I found the book to be an ideal mix of technical and non-technical, a superb survey of a complex field, and an interesting read throughout. It leaves all of the other "introduction to nano" books in the shade -- perhaps because it is written by a pioneer in the field as well as someone who has thought about how to make it pay. I considered it required reading for anyone who wants to understand what nano is really about.

You can purchase Nanotechnology: A Gentle Introduction to the Next Big Idea from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

g00mba_b0y writes with this review of O'Reilly's Java Enterprise In A Nutshell. "As the name implies, this massive tome (971 pages stem to stern) covers a mind numbing range of technologies associated with 'Enterprise' Java software development. There are 17 sections in all, as well as your standard API reference pages. As you would expect, all of the usual suspects are there - Servlets, JSP's, EJB's, JNDI, RMI, CORBA, etc. In addition there were other enterprise technologies that I found useful as well - Messaging, SQL, Java Mail and so on." Note his disclaimer ("I am an avowed O'Reilly technical series fan, and proud of it. Whenever I want to understand a new technology I head to the O'Reilly shelf in my local Borders before I look anywhere else. So adjust your expectations accordingly.") and read on for the rest. Java Enterprise In a Nutshell author Flanagan, Crawford, Farley pages 971 publisher O'Reilly rating 4 out of 5 reviewer Jonathan House ISBN 0596001525 summary Quick reference for Java Enterprise technologies.

The Long Version: When I sat down with this book my intention was to skim through each section, look to see if there was anything that they missed, and crank out the 'ol review. What I found was enough content in each of the technical sections to draw me into actually reading the whole section. I mean, who would take the time to read a full section on CORBA nowadays unless there were interesting things there (yes, I see all of you CORBA proponents shaking your fists out there -- don't you have some IDL to write?).

Once I completed the reference sections I cracked open the latter half of the book to take a peek at the API section. I found it well organized, aesthetically pleasing, and about as useful as a screen door on a submarine. Note that this API publishing is not unique to O'Reilly -- It seems that most of the technical publishing companies still commit arboreal mass murder to publish these API sections. Note to publishers: When the half life of the information you are printing is measured in months, think about a different delivery mechanism. I actually timed how long it took to find a reference using JavaDoc API info and a book. IIRC the JavaDoc lookup was about 3 times faster.

Enough of that drivel. Back to the review. As you read through the different technical sections of this book the individual styles of the authors become apparent -- you can tell that different sections are written by different authors. This is A good thing -- you are getting the technical poop from the one that knows the subject best. To rely on a single author for this size of reference would leave a lot of gray area.

There is one specific area that I want to drill into, and that is the technical examples. I consider myself a relatively informed and skilled enterprise software architect (in the J2EE world -- don't get me started on that Dot Net crap). When I see a manual entitled Java Enterprise - I am expecting not only an API reference (see API rant above), but some real meat as to best practices in building enterprise level applications using this technology.

So how did this book do in the technical example area? I'd have to give it a "B." In most cases the examples were adequate to explain the technology at hand, but not really give deep insight into how best to take advantage of said technology. Now, don't get me wrong -- this book has earned a place on the "near" bookshelf (the place where I keep all of my most referenced manuals). My opinion is that when you are trying to serve to very different purposes (desktop reference / enterprise technology primer) something has to give.

Let me give a couple of examples of what I am talking about:

1. In the JDBC section there is a point where the book identifies OODBMS (Object Oriented DBMS) databases as a possible alternative to the rigors of Object/Relational mapping. Yes, the technology exists and does work, but how many companies out there run enterprise systems off of OODBMSs? It's a small market, and with the massive investments that most US companies have in RDBs, that equation is not going to change soon. To say that OODBs are an alternative is a good thing in a quick reference, but in my opinion needs a disclaimer if mentioned in an enterprise Java book. Along those same lines, it wouldn't have hurt to mention some of the available O/R mapping tools out there (go Open Source!).
2. In the Servlets section there is a point where an application implementation is mentioned to illustrate a technical point (binding a java.sql.Connection instance to a HTTP session). Right in the same paragraph the author mentions that this is a "bad idea" (no kidding -- unless you are an Oracle sales rep ...). Now why go to all of the effort of painting this example, and then telling the reader that they shouldn't ever do it? Guys, take the time to figure out a valid example that illustrates the part of the API that you are explaining, 'kay?

Again, don't get the wrong idea here. I'm definitely not panning this book. It's a valuable resource and worth the $30 - $40 that you are going to plunk down for it. But if you are going to write a desktop reference for Enterprise Java make sure that the examples are restaurant quality. After all, there is enough bad code out there in the world, and we can't have our beloved O'Reilly contributing to it, can we?

In Summary (Finally! he's almost done!):

As I mentioned before, this book has earned the right to be within arm's reach from my little work pod. Not only is it a comprehensive reference, it makes a handy workout aide as well (971 pages...). And do yourself a favor. If you haven't checked out the O'Reilly line of technical books, head down to the nearest bookstore, grab yourself a double latte (try the Irish Cream and Hazelnut mixed together), find a comfy chair and give the series a once-over. You'll be glad you did.

You can purchase Java Enterprise In A Nutshell from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "'Mac OS X Hacks' is a good grab bag of tips and techniques for getting the most from your Mac. While the tips are not as universally appealing (even among Mac owners) as those in 'Google Hacks' most people will find some value in the selection; experienced users may find it a little thin." Read on for the rest of honestpuck's review. OS X Hacks author Rael Dornfest & Kevin Hemenway pages 380 publisher O'Reilly rating 7 - Good reviewer Tony Williams ISBN 0596004605 summary Good grab bag of tips and techniques for getting the most from your Mac

The book is split into 9 chapters; 'Files', 'Startup", 'Multimedia and the iApps', 'The User Interface', 'Unix and the Terminal', 'Networking', 'Email', 'The Web' and 'Databases'.

For my money the last chapter is a complete waste of space since it only covers installing MySQL and PostgresSQL, and if you can't figure out how to install them from the documentation then you aren't smart enough to use them. A number of the other tips would come close to that level, I feel their only use may be to encourage people who would otherwise stay away to make some use of the terminal and similar tools.

Over a dozen people have contributed 'hacks' to the book, among them some major geeks such as James Duncan Davidson (Tomcat author) and Jon Udell (well respected O'Reilly blogger.) This accounts for the wide number of areas covered by the hacks.

When I first started reviewing the book I would have complained about a large number of the tips being too application specific, too general or too low in skill level. Since then I've had a friend who wanted to edit a movie and we both found the chapter on iApps useful, one with a brand new Bluetooth phone who liked the couple of tips on Bluetooth and another who found the cross platform Windows-Mac stuff useful. so I have to say that while some of the tips might seem useless now you may come to appreciate them later.

Overall the book is well written, well laid out and well cross-referenced and covers a wide range of information. My one major beef is still that there are too many 'tips' that are well covered by other material. Since you shouldn't really get this book until you are at least Mac proficient and probably own a basic Mac book or two then perhaps a tenth of the hundred tips will be covered in most Mac books and perhaps another five to ten you will have discovered on your own.

While O'Reilly doesn't offer a sample chapter of this book online they do have a page at Hacks that lists all the hacks and allows you to read eight of them. There is also a page in the catalog with the Table of Contents, Index and Errata.

Reading over my notes I feel split between raving about how good the book is - well written with a bunch of useful tips and tricks for any Mac user - and complaining about the useless nature of some of the tips. After taking another look at 'Google Hacks' and my review I realised where the conflict lies -- in my level of experience on the Mac. If you already feel comfortable with getting your hands dirty on your Mac then this book may well not satisfy you. If, on the other hand, you still have some trepidation about hacking at your OS X Macintosh then you'll probably love this book.

You can purchase OS X Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Just Some Guy writes "I recently received a promotional copy of Roderick W. Smith's "FreeBSD: The Complete Reference". I was pretty skeptical at first - it's my nature - but was pleasantly surprised at the range and depth of information presented in a very accessible format. While not ready to supplant Greg Lehey's "The Complete FreeBSD", it's certainly a worthwhile read for new and moderately-experienced users." Read on for Just Some Guy's full review. FreeBSD: The Complete Reference author Roderick W. Smith pages 869 publisher The McGraw-Hill Companies rating 9 out of 10 reviewer Kirk Strauser (Just Some Guy) ISBN 0072224096 summary (Most) everything you need to know about FreeBSD

Overview

This is a large book. At 869 pages, not including copies of the GPL and BSD License, it packs some serious heft (it weighs slightly more than three pounds).

It is divided into six main parts, which are further divided into 32 (!) chapters. The sections are:

1. FreeBSD Installation: Hardware requirements, installation instructions, and a general overview.

2. Basic System Administration: Partitioning, startup procedure, file management, printer setup, user management, software installation, kernel configuration, and X.

3. Network Configuration: Introduction to networking, dial-ups, client/server principles, basic firewalling.

4. Servers: In-depth explanation of file, mail, web, and shell servers, plus an overview of DNS, NTP, DHCP, and other random services.

5. Common User Programs: Introduction to KDE and GNOME. An overview of various network clients and office software. A short tutorial on The GIMP. The state of multimedia and games on FreeBSD.

6. System Maintenance: The basics of system monitoring. How to upgrade the OS and installed software. An overview of system security. How to compile software. Basic scripting. Troubleshooting and how to get help.

The Good

This book is an excellent starting point for people new to FreeBSD, or even to Unix-like systems in general. Each of the wide range of topics is covered in a reasonable amount of detail. Mr. Smith claims to have been working in the field for quite a few years, and it shows in the way each part of the OS is presented as a component of the whole. This isn't a "cookbook"; readers are introduced to each subject in a way that encourages them to make their own configuration decisions.

I was unable to find any factual errors, and I certainly looked for them. The author and proofreaders did a good job of checking their information before going to print. Since my copy was from the first printing, I'm especially impressed.

New users, in particular, will appreciate the hand-holding approach of the earlier chapters on installation and basic configuration. More experience administrators should be able to find enough new information about rather routine subjects to keep them interested.

Of particular interest was the almost complete lack of FreeBSD advocacy in the book. The introduction features a remarkably even-handed discussion of its relative strengths and weaknesses compared to other Unix and non-Unix operating systems. I greatly respect the author's decision to weigh the alternatives fairly and let the reader form his own opinion.

The Bad

FreeBSD: The Complete Reference is, unsurprisingly, a new entry in Osborne's "Complete Reference" series. As such, it's fairly comparable in size, layout, and scope to other books in the series such as Herbert Schildt's C++: The Complete Reference (my favorite C++ text). That's a pretty high standard to live up to, and I began my first pass through the book with a very critical eye.

My only real complaint is that, despite the title, this is not a "complete reference." Although The GIMP enjoys its own sub-chapter, the book makes no mention of certain high-profile features such as Vinum (FreeBSD's logical volume manager) or jails (chroot on steroids). It's obviously not possible to document every single component of the entire OS, but the name would seem to claim exactly that. Of course, even though FreeBSD: The Desktop Reference or FreeBSD: Reference For Users might be more appropriate, those would violate the series' naming convention. Still, don't be fooled by the title.

Although less important, every user has their own idiosyncratic ways of accomplishing certain tasks, and I tend to get distracted by recommendations that are counter to my preferred methods. Having said that, Mr. Smith makes some strange recommendations, such as editing the passwd file and compiling the password database afterward by hand rather than using vipw. His system certainly works, but I can imagine a new user scratching their head in puzzlement at the amount of work necessary to change their name.

The Ugly

Any book of this size and scope will have a few minor quirks, and this is no exception. For instance, the author needed to use several domain names as examples throughout the book. Rather than using the traditional "example.com," he decided to use his own creations. That in itself is no problem, except that he and his publishers have not registered those domains for their own use. I can only imagine the surprise when a curious newbie tries to access one of the hostnames in a web browser and finds that a prankster has register the domain and used it to mirror goatse.cx.

A more serious lapse, in my opinion, was the decision to include an installable copy of FreeBSD 5.0 on the CD that comes with the book. Unfortunately, freebsd.org refers to that version as a "new technology release," and it suffers from a rather long list of installation and stability problems. Some day in the future, the 5.x series will be considered stable and ready for use on production systems, but that's still a while off. I sincerely hope that no would-be new users become disillusioned with their newly-installed systems and give up on FreeBSD as a slow and unstable OS. Despite the drawbacks, though, I can understand the author's desire to focus on the new 5.x series instead of the more stable but older 4.x line. This book was published in 2003, and I doubt that he wanted to have to publish a second edition detailing the new release less than one year after initial release.

Summary

This is a good book with a lot of solid information for new and experienced users. It may have a few minor problems, but it is a well-written and approachable reference that should make a valuable addition to any FreeBSD administrator's bookshelf. I would recommend it highly to anyone migrating from other Unix-like systems, finding themselves in charge of a small network, or wanting to see what the fuss is all about. If you're a new user, though, do yourself a favor: download and install FreeBSD version 4.8 from http://www.freebsd.org/ instead of installing the copy on the book's CD.

You can purchase FreeBSD: the Complete Reference from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Max Tardiveau writes "I had the pleasure of reading Andy Kessler's Wall Street Meat, which has just come out in print. Despite the title, this book is not just for those familiar with Wall Street -- it is in fact very readable, and even enjoyable, by complete financial boobs (like yours truly), and provides some great insights into the world of investment and the stock market, especially as they relate to technology companies." Wall Street Meat author Andy Kessler pages 208 publisher Escape Velocity Press rating Very good reviewer Max Tardiveau ISBN 0972783210 summary An candid insider's view of Wall Street

Wall Street Meat is Kessler's story over the past fifteen years, from starting as a junior stock analyst at Paine Webber, to becoming a well-known technology analyst, to leaving Wall Street and going off on his own. Along the line, Kessler has bumped into many famous and infamous people, and he is very candid about what he thinks of these people (hint : it's usually not good).
In fact, one of the main characters is Frank Quattrone, who was just arrested last week for obstruction of justice and destroying evidence -- making this book rather timely.

Kessler spends a lot of time illustrating the fact that stock analysts are often clueless (and he should know, having been one for a number of years). To me, that was perhaps the most enlightening aspect of the book : I learned that even (very) highly paid analysts can be stupid, lazy, negligent, incompetent, greedy, and even sometimes dishonest (I know how shocking that might be to most of you, hopefully you can recover from that).

I found it interesting to get a behind-the-scene look at the life of analysts : the trips, the meetings with management, the lies and half-truths, etc... Also the bullshit that goes around, the phony rankings, the uninformed guesses. And of course these people get paid to be confident, so even when you don't know, you have to act like you do know.

If you really make it, you can even become a market-maker : someone whose recommendations actually affect your segment of the market. But Kessler makes it clear that this is a trap, and that many analysts have overestimated their power. After all, these stocks represent real companies, and whether these companies make money or not does eventually affect their stock price. Ah, the painful sting of reality.

Kessler follows the evolution of the profession of analyst from 1985 to the late 1990's, and comments at length on how that role has changed. Back in the old days, the commissions were high, research was a serious business. Interestingly, the Internet changed a lot of that, mostly because it made the commissions practically disappear, going from $0.25/share to less than a penny per share in just over a decade.

Kessler makes some interesting points about the unintended consequences of some of the regulations. For instance, during the 1987 crash, a lot of small investors could not get their trades executed because the traders stopped answering their phones. So the SEC put in a regulation to put a system in place that would execute small trades automatically.

That was the first step towards what we now know is inevitable -- a fully automated marketplace where human traders are used only for large or unusual deals. Therefore, in just 15 years, the world of investment and securities trading has undergone a complete transformation.

Another dramatic change during these years was simply the staggering amount of money that became invested in the market. In 1980, there was about $40 billion invested in professionally managed mutual funds. In 1996, that figure was over $1 trillion.

We are all more or less aware of these changes -- this book brings it all to life.

I found the first third of the book to be absolutely spellbinding, and I would heartily recommend the book just for that. The book opens with a few anecdotes that just made me guffaw aloud as I was reading them. The middle of the book was less exciting. There are lots of names being thrown around, which meant nothing to me. The final part of the book makes up for this, however, with a lot of good stories and observations about the late 90's dotcom boom and bust.

Kessler's style is direct, sometimes almost abrupt. No flourishes for this guy. I particularly appreciated the, how shall I put it, frank and honest evaluation of the many people mentioned in the book. It sometimes feels like target practice, but it's a refreshing break from the mutual admiration society.

The book is often funny, mostly fast-paced. There are a few uninteresting passages, and (much to my surprise) even two pages (1-2) repeated almost verbatim at pages 172-173. At $26, it is a bit steep (it comes out at 12.5 cents/page).

Kessler has written a number of columns for the Wall Street Journal. They are very readable, although some of them are now dated. If you want to get a feel for his style, I recommend reading a couple of these columns before you splurge for the book.

Having read it, I feel a bit more cynical about Wall Street, which is probably a good thing. I also feel like I have gotten a good peek into that universe, and it's not pretty -- no wonder so many things have been hitting the fan over the past couple of years.

Overall, I warmly recommend this book. Unless you're allergic to the world of investment, you should enjoy it and learn quite a bit from it.

You can purchase Wall Street Meat from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Reader java1dev submits the following brief review of O'Reilly's Java Data Objects, which he says provides excellent coverage of JDO. His capsule description of the book: "First, a high-level overview, followed by an in-depth coverage of the core features, and concluding by describing the more complex concepts in detail. Running throughout the book is an excellent intuitive example application that illustrates the features being covered." Read on for more of his review. Java Data Objects author David Jordan & Craig Russell pages 356 publisher O'Reilly & Associates rating 9 reviewer java1dev ISBN 0596002769 summary Excellent, example-filled introduction and practical guide to Java Data Objects.

Craig Russell, at Sun Microsystems, is the specification lead for JDO and David Jordan, at Object Identity, has been an active member of the JDO expert group since its inception.

Java Data Objects provides a thorough coverage of JDO and explains how it can be used in various architectures. The reader is expected to be familiar with Java but needs only a limited knowledge of databases. In brief, Java Data Objects (JDO) insulates you from needing to know a lot about databases. JDO permits you to develop applications using your preferred Java object-oriented model, without you having to write code to translate between Java objects and how the data is stored in the database--JDO takes care of all of that for you.

The first three chapters provide a high level overview of JDO by walking through a small application, exploring each of its interfaces at a high level, and introducing the architectures it might be used in. Even if you have been away from code for a while you will be able to follow most of the code example. You can stop here if you just want to understand what JDO is all about and where it can be used. These are recommended reading for a manager.

Chapters 4 through 9 are required reading if you want to start developing JDO applications. They really get you into JDO, so you can understand it and start using it. The first three of these cover how to define persistent classes and fields, how they can be mapped to various databases (done for you) and the class enhancement process (which makes a lot of JDO transparent to you). The next three (chapter 7 through 9) bring home the power of JDO. These cover how to connect with a database, establish a transaction context and create, read, query, update and delete database objects. The material is made concrete by illustrating it with a detailed and intuitive example application. This example is carried throughout the book with sections of it explained as the concepts are covered.

Each remaining chapter covers a different JDO concept or feature (including optional features) that were introduced earlier but not covered in detail to keep the earlier chapters more understandable. These remaining topics are identity, lifecycle states & transitions, field management, cache management, nontransactional access and optimistic transactions. You can read these chapters as you feel the need for a more in-depth understanding of these concepts.

The last two chapters explain how to use JDO in an application-server environment and an Enterprise Java Beans environment. These two chapters assume you are already familiar with these environments, but I think a lot of it is understandable even if you are not.

There are five appendices with everything from the lifecycle state transitions to the collected source code for many of the classes used in the example application.

You can purchase Java Data Objects from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

danny writes "From Airline Reservations to Sonic the Hedgehog is a history of the United States' software industry, down to 1995. Read on for my review." From Airline Reservations to Sonic the Hedgehog author Martin Campbell-Kelly pages 372 publisher The MIT Press rating 8 reviewer Danny Yee ISBN 0262033038 summary A History of the U.S. Software Industry

From Airline Reservations to Sonic the Hedgehog is a history of the software industry in the United States, down to 1995. It avoids technical details -- there's little about software engineering and programming languages, for example, or developments in computer science -- to focus on the economic and business accompaniments of technological change. And Campbell-Kelly is an academic historian, providing full references and a discussion of sources and avoiding hype or dramatisation. But From Airline Reservations is never heavy going: the less interesting tables can easily be skipped over, the references are out of the way as endnotes, and short, focused case studies make for compelling reading.

An introduction discusses industry statistics, other sources, and the restriction to the United States. The basic structure is then chronological and sectoral, with a three sector division into software contracting, corporate software products, and mass-market software products.

Two chapters cover software contracting. In the 1950s, IBM's Technical Computing Bureau and SHARE user groups were important players and FORTRAN and COBOL were developed. The Systems Development Corporation, set up to produce software for the national defense network (SAGE) required thousands of programmers and became a kind of "programming university," while the SABRE airline reservations system was the most important civilian project. As well as large systems integrators there were small software contractors, some of which were to grow rapidly.

The 1960s saw consolidation, with an increasing need for marketing and project management skills as well as casualties from a computer "utility" fad (early Application Service Providers) and the computer stocks crash of 1970. New firms continually appeared, however, with high turnover. Coverage of software contracting stops there, with a closing comment that: "Software contracting remains the most popular way of participating in the software industry, programming services enterprises outnumbering software products firms by 2 or 3 to 1."

There are three chapters on the software products industry. The first covers its origins between 1965 and 1970, with extended case studies of two leading products: ADR's Autoflow (flow-charting) and Informatics' Mark IV (file management). The significance of IBM's 1969 unbundling of hardware and software is also treated at length.

Next comes a survey of software products through the 1970s. These were classified by supplier (computer manufacturers and independent vendors, with some turnkey vendors, software brokers, and time-sharing services) and by category. The latter included systems (database systems, IBM's CICS, Unix) industry-specific (banking, manufacturing), and cross-industry (accounting, office automation, CAD) software. Campbell-Kelly suggests that the increasingly fine classification of software was itself significant.

The period from 1980 to 1995 saw "the United States' lead in software products become seemingly invincible." This is illustrated with case studies of IBM (a manufacturer) and three big independent vendors: Computer Associates (a consolidator), Oracle (databases), and SAP (ERP software). One reason for the success of the latter, a German company, was that European companies lagged those in the United States and had not yet invested in company-specific software.

Then come three chapters on the personal computer software industry. The first covers the pioneer period from 1975 to 1983, beginning with the origins of the microcomputer and the "first mover" advantage in operating systems held by Digital Research and then Microsoft. Also covered are programming languages and VisiCalc and other productivity software packages. In production and distribution "there was almost no point of contact between the booming microcomputer software industry and [that] for corporate mainframes and minicomputers."

The second chapter continues the story down to 1995. Much of this involves Microsoft, of course, but the chapter title is "Not Only Microsoft" and Campbell-Kelly argues that it has received disproportionate attention. Topics covered include the IBM PC standard, Autodesk and AutoCAD, the race for a GUI, battles between Lotus 1-2-3 and Excel and between WordPerfect and Microsoft Word, Adobe, and others. Success in the PC software industry came not just from luck, but from exploitation, deliberate or not, of the economics of increasing returns.

A third chapter looks at home and recreational software, in particular at games (and game consoles), CD-ROM encyclopedias, and personal finance software (Quicken versus Microsoft Money). Here Campbell-Kelly sees "a historical trend for software to become subordinate to the intellectual content or the complementary services offered".

Campbell-Kelly himself is British and there are occasional references to British and European companies, but the focus is on the United States. A final chapter looks at reasons for the success of the U.S. software industry: an early start and market size, clustering effects, and government support for R&D.

On "political" issues, Campbell-Kelly takes a more positive view of Microsoft than some: "Microsoft's monopolies and abuses do not seem any worse than some of the others described in this book." He also ignores free software completely, which is perhaps reasonable given the end-point in 1995, though the GNU Project and its antecedents would have made a interesting topic -- and hindsight suggests that the idea of free software was more significant than any specific product.

From Airline Reservations to Sonic the Hedgehog should command a wide audience: participants in the industry, both programmers and managers, students of economics and business, and the interested general public.

Danny's book reviews cover many other business, computing, and economic history titles. You can purchase Airline Reservations to Sonic the Hedgehog from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

JadeSky writes "Having played around with wireless networking at home a little bit, and then being faced with implementing a wireless network at the office for the purposes of in-house customer training in a cosmetically clean room (wires are ugly), I had been thinking for some time about the best way to implement a secure wireless networking solution. Amusingly enough, shortly after the idea of a wireless network at the office came up, I managed to win 802.11 Security in a raffle at the Kernel Panic Linux Users' Group monthly meeting. The book was thoughtfully donated (with a few others) by O'Reilly on the condition that the recipients contribute reviews. Since I've found the book genuinely helpful, I thought I'd let others know, and hence, my first Slashdot book review. Hooray!" This book emphasizes a multi-layer approach to wireless security; read on for more of JadeSky's review. 802.11 Security author Bruce Potter and Bob Fleck pages 192 publisher O'Reilly rating very good reviewer Gregory Ruiz-Ade (JadeSky) ISBN 0596002904 summary Securing wireless networks

With the amazing proliferation of wireless networks these days, there seems to be constant churning about how best to secure them, while at the very same time, barely anybody is actually doing anything about it. Potter and Fleck have offered up this little book, 802.11 Security, as a no-nonsense guide to understanding the problem of wireless networking security (or, as the case may be, the complete lack thereof) as well as demonstrating how to implement viable solutions.

Straight from the horse's mouth, "This book is aimed at network engineers, security engineers, systems administrators or general hobbyists interested in deploying secure 802.11b-based systems." The greatest attention is given to Linux and FreeBSD systems, though OpenBSD, Mac OS X and Windows are covered as client systems, too. The authors split the book into four parts: "802.11 Security Basics (Part I)," "Station Security (Part II)," "Access Point Security (Part III)," and "Gateway Security (Part IV)."

Part I, "Security Basics," gives a very good introduction to the concepts of wireless communications. Chapter 1 explains how radio transmissions work (and how antenna shapes affect them), and why radio transmissions are inherently insecure (i.e., anyone with an antenna in range can listen in). 802.11 is explained, as well as WEP, and WEP's problems. Chapter 2 describes in detail the risks involved with wireless networking, and gives examples of types of attacks which can be performed against wireless networks.

Part II, "Station Security," outlines in great detail what you need to do to make sure your wireless network clients are as secure as possible. We're given two goals for client station security: prevent any access to the client systems, and make sure that the clients speak secure protocols for any network services they access. To the paranoid, both these goals are rather obvious, but they're important enough that the authors spent time explaining them. They follow with a couple paragraphs on logging and security updates on the client systems, and the rest of Part II (Chapters 4 through 8) give specific information on how to best secure client systems of various OSes.

Part III (Chapter 9, really), "Setting Up an Access Point," delves into the intricacies of setting up and securing a wireless access point, from generic advice on how to configure access point appliances to more specific instructions on configuring host-based access points running Linux, FreeBSD and OpenBSD. Comparatively little time is spent on host-based access points in the book, probably because most people generally don't do things things way since access point appliances are so cheap and simple to configure/install.

The remainder of the book is spent on Part IV, "Gateway Security" (Chapters 10 through 15), which describes the infrastructure end of how most wireless networks will likely end up being integrated to wired networks. Basic suggestions for structuring the combined networks are given, and follow what I'd consider to be really good advice: wireless networks should be on their own interface of the gateway (or firewall), physically separated from both internal networks and the Internet. The authors strongly recommend against simply attaching the access points to the internal network, as that introduces too many security risks (an example involving ARP poisoning is given to illustrate why and how). The next three chapters detail the configuration of Linux, FreeBSD and OpenBSD as a secure gateway.

Chapter 14, "Authentication and Encryption", introduces the idea of using strong authentication and encryption mechanisms outside of WEP, using NoCat (which will run on Linux, FreeBSD and OpenBSD) and WiCap (for OpenBSD only) for authentication and IPSec for strong encryption. The idea the authors present here is that for the most secure setup, in addition to enabling strong WEP (as detailed in the rest of the book), your wireless network is set up to not allow clients access to anything until they are authenticated. Then, and only then, the gateway will allow wireless clients to access other network segments (i.e., the internal LAN, and/or the Internet), but only if all the communications over the wireless segment are done through secure tunnels. Sadly, the authors neglected to mention OpenBSD's, Windows 2000's or XP's ability to do IPSec, and their treatment of IPSec for FreeBSD and Linux certainly isn't very detailed, though pointers are given to the appropriate web sites for more information. 802.1x authentication (physical port authentication) is also explained in some detail, though it is of little use, since very little equipment deployed today has support for it. It is an interesting concept, though.

Closing out the book, Chapter 15 is appropriately titled "Putting It All Together." Here we get a final overview of all the pieces as well as how they fit together, and how certain aspects of the system as a whole affects both the administrators and the users of the system.

Overall, I'd have to say that this is exactly the type of "security in depth" book I've been needing to help me figure out how best to implement wireless networking at the office with minimal risk to the rest of the network. The authors write in a very approachable style and do a very good job of giving the necessary background before launching into any detailed discussions. I would highly recommend this book to anyone considering installing wireless networking without wanting to simultaneously install a simple back door to their network. Honestly, I haven't found much to complain about.

I'm of the opinion that, after reading this book, and using it as a guide to setting up a secure wireless network, I'll be able to sleep at night. Even though people can still war drive (or even war fly) and find your access points, even if they managed to crack the WEP keys and associate to the AP, the network will still be secure because of the multiple layers that have been put in place.

You can purchase 802.11 Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Scott Abel writes "Kurt Ament has hit the nail on the head! His latest effort, Single Sourcing: Building Modular Documentation is a valuable reference for those of us who seek to save time, effort, and money by implementing a productive method of creating information once and reusing it often." It's not a big book -- just 246 pages. Read on for Abel's brief review. Single Sourcing: Building Modular Documentation author Kurt Ament pages 246 publisher William Andrew Publishing rating 10 reviewer Scott Abel ISBN 0815514913 summary How to build modular documentation you can re-use in different formats for different audiences and purposes Ament covers the issues -- step by step -- that many others only discuss. He lays out a simple roadmap, complete with real world examples that have worked -- or not worked -- for his clients.

In Chapter 1 (About Single Sourcing), he carefully defines "single sourcing" and explains related concepts (reusable content, modular writing, and assembled documents) in ways that are easy to understand and free of techno-jargon. And, he does us all a big favor by addressing the negatives associated with using technology to assemble documents by explaining that it actually takes more creativity to write content that can fit into multiple media, for multiple audiences, than it does to continually rewrite information over and over again each time it is needed.

Chapter 2 (Building Documents) and Chapter 3 (Structuring Content) are of particular value to those seeking to understand the shift in thinking required to master single sourcing. Writers, programmers and managers will all benefit from these chapters. Each chapter is packed full of tips and examples you can begin using today!

Chapter 4 (Configuring Language) explains how to "configure" your writing to support and increase usability while Chapter 5 (Leveraging Technology) touches on issues including conditional text, conventions, localization, translation, variables and more. As are the previous chapters, Chapter 5 is written in clear, concise language and is not a chapter business types should skip. In fact, it's just the opposite. Managers and decision makers need to understand the concepts explained in this chapter because many of the benefits a single source strategy can deliver are made possible by combining good planning with the right technology. And, while this chapter is certainly not about selecting software tools, the author helps his readers understand some of the issues they will need to understand as they begin thinking about their strategy and the types of functionality they'll need to support with the tools they select.

What I like most about "Single Sourcing" is that Ament went straight for the meat of the issues. He doesn't belabor points or confuse the reader by jumping back and forth from subject to subject (as so many poorly written IT-related books do). Instead, he supplies us with a book you can read in an afternoon and use the information contained within the next day at work.

But, be forewarned. You're going to want your sticky notes and your highlighting markers nearby. Chances are you'll be using them a lot!

Other resources:

• Kurt's site: http://www.infotektur.com
• Book site: http://www.infotektur.com/books/singlesourcing/ind ex.html

Scott Abel (abelsp@netdirect.net) is a content management strategist who assists his clients in planning and preparing for content management initiatives. Scott is a frequent presenter at industry and professional service seminars, an instructor at Indiana University Purdue University at Indianapolis Community Learning Network, and vice president of the Society for Technical Communication (STC), Hoosier Chapter. You can purchase Single Sourcing: Building Modular Documentation from bn.com, though new copies are currently out of stock. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

rjnagle writes "When Marc Prensky asked a colleague who had just returned from a training course how it was, she replied, 'AFTRB.' (Another #$#$^&# Three Ring Binder) . In his book, Digital Game-Based Learning , Prensky, an instructional game designer and founder of games2train, argues that computer games are more effective learning tools because they sustain interest and attention in settings where people are normally bored." To follow that train of thought (or if you just liked Ender's Game), read on below for Nagle's lengthy review of the book. Digital Game Based Learning author Marc Prensky pages 442 publisher McGraw-Hill Trade rating 5/5 reviewer Robert Nagle (aka Idiotprogrammer) ISBN 0071363440 summary Visionary book on instructional design and game design.

Digital Game-Based Learning (DGBL) consists of two parts. In the first part, Prensky argues that the prevalence of video games has actually rewired our brains and made traditional learning methods less effective. In the second part, Prensky makes the case that DGBL can be used successfully by corporations to train people and offers practical advice (based on vast experience) about how to deploy game-based training methods. Throughout the book, Prensky examines aesthetic, cognitive and pedagogical questions surrounding such games and provides dozens of case studies to illustrate his points.

Prensky argues that current learning methods for young learners fail to engage learners used to interactive media. Learners now expect interactivity. Prensky writes:

Games Generation workers rarely even think of reading a manual. They'll just play with the software, hitting every key if necessary, until they figure it out. If they can't, they assume the problem is with the software, not with them--software is supposed to teach you how to use it. This attitude is almost certainly a direct result of growing up with Sega, Sony, Nintendo, and other video games where each level and monster had to be figured out by trial and error, and each trial click could lead to a hidden surprise. Games are almost all designed to teach as you go.

Prensky believes that the instructor-led classroom and the teach-test method are actually historical artifacts no more than 200 or 300 years old. The teach-test instructor-led class and its instructional methods arose partially from the rise of the printing press and the widespread availability of reading material.

Why then does the teach-test method still prevail? One reason may be the generation gap and technology gap between learners and teachers. Even technologically savvy educators have biases towards methods that worked while they were learners themselves. The way we learn is to some extent a byproduct of the cultural and technological milieu we mature in. Twenty years ago educators were extolling the virtues of reading books while youngsters (including me) were "wasting" their time before the boob tube. Nowadays, undoubtedly, there is a tension between educators pushing "media literacy" (media, in this case, often equaling conventional TV broadcasting) and students too busy making additions to their online Sims house or watching webcams of friends to care. No matter how much you may try to keep up, I once told a group of middle-aged Ukrainian teachers, your students will always be more hip to the technology than you.

This is not merely a matter of age but of comfort level. Growing up with a technology (especially at an early ago) makes using it second nature. According to the neurology and psychology research that Prensky cites, the brain reorganizes and rewires itself in response to cultural stimuli, so a child who plays videogames at night is bored at class not because of "short attention span" or bad study habits but because the child's brain has programmed itself to respond better to "twitchspeed" interactivity. Prensky cites John Bruer's statement that achieving this kind of brain reorganization requires students to spend "100 minutes a day, 5 days a week, for 5 to 10 weeks to create desired changes because "it takes sharply focused attention to rewire a brain." Then Prensky adds, "Several hours a day, five days a week, sharply focused attention--does that remind you of anything? Oh yes -video games!" (p 43) . Interestingly, Prensky cites research about how children with attention deficit disorder are using video games to retrain their brain and help them to concentrate. For the game-playing child, going to school means having to "power down" and endure teaching methods ill-suited to him. (p44).

After Sesame Street showed that you could educate children by entertaining them (and sustaining their interest), games (and sometimes even instructional technology) have focused on how to sustain this interest. In an age where pop-ups, 15-second promos and CNN updates are everywhere, it is no wonder that "gaining attention share" is the central concern. Children have learned the art of selectively being able to tune out media. How then to keep their attention? Interestingly, this concern parallels that of game developers looking for better ways to sustain gameplay.

A child once described playing educational games as "hard fun." When people are "playing," they forget inhibitions and self-consciousness to concentrate on the game's mission (i.e, "learning objectives"). When I taught English to college students overseas, I was surprised to find that one of my weakest and least confident student interacted adeptly to an immersive role-playing game with a strong English language component. From my viewpoint, she was quickly comprehending spoken dialogue and responding appropriately. From her viewpoint, she had just crossed the bridge and now could start digging for gold. Cognitive breakthroughs often require distracting activity to allow the mind to refocus (visionary Alan Kay wrote, "people have more brainstorms on the jogging path than at their desks."). Educators typically view educational gaming as useful mainly for drill and practice, but as gaming environments become more complex, edugames may be more useful in providing roundabout paths towards concepts hard to reach by traditional methods. To use just one example, computer aids allow students to manipulate data and geometric figures as a way to experiment with mathematical principles. Indeed, one of Prensky's most successful game projects, the Monkey Wrench Conspiracy, taught young learners/players how to do 3D computer design by setting them in a spaceship with a mission to make repairs before the spaceship blows up.

The most fascinating section for me was Prensky's juxtaposition of game design principles alongside instructional design principles. Even if one doesn't accept Prensky's historical analysis (and thoughtful detractors like Kurt Squier have pointed out shortcomings) or his argument that games should be more widely used for training, Prensky's theoretical overview of game design should interest people in both the education and game camps. Both game designers and instructional designers are obsessed with epistemology: how to reveal information to the player/learner in a way that sustains interest; how to use conflict to change the player/learner's behavior or attitudes; how to provide enough feedback for the player/learner to change behavior; how to present a simplified view of the world without distorting it; and how to permit freedom of exploration within the constraints of an object-oriented world or of a lesson plan. These are concerns, by the way, that also interest writers of plays and fiction, except that the "player" is split into two roles: that of character (who is controlled by the playwright/writer controls) and audience (who can emphasize and anticipate, but can't change outcomes).

Prensky's grid that maps learning content to game styles (p156) indicates that sufficient varieties of games exist to tackle any training challenge. Electronic Jeopardy style games can drill employees about company policies (and these templates are commercially available and widely used). Realistic simulation games, although probably more costly to produce, may actually reduce training costs whenever the actual equipment or training environment is expensive to begin with. Better that the potential pilot crash-land a few Flight Simulator planes, or that the combat soldier accidentally kill a few civilians within a simulation environment than for real. Prensky offers good questions for evaluating the educational value of computer games: do people using it think of themselves as players rather than students? Is the experience addictive? Does it encourage reflection? Would the game be considered "fun" by someone outside the target audience? Despite the similarities, there are important differences, Prensky would argue, between games that entertain and those that educate. For one thing, successful games require visual external action to sustain attention. But this is not needed for certain domains of learning. Games may be good for learning the process of putting together a Burger King hamburger (p264), but would a game be practical for learning Java programming? Or Freud's theory of the unconscious? It's probably not impossible to design such a game; both Java and psychoanalysis involve understanding low-level mechanisms of causation, recognizing aberrant patterns and being able to select the correct algorithm from the available repertory of solutions. Role-playing and collaborative simulations would help. But what the learner needs most is FEEDBACK, game or no game. The assumption behind Prensky's advocacy of game-based learning is that content needs "livening up" or that external motivators (like video games) are needed to drive the students toward learning. I am not questioning the value of these "external motivators." But I have to wonder whether Prensky's pedagogical approach implies that certain kinds of learning activities cannot be self-motivating. Sure, a game about Java programming might amuse the CS student, but the more crucial question (I would argue) is whether this student finds the very activity of programming in java to be "hard fun."

To Prensky's credit, he does not insist that game-based learning is the best strategy for every learning situation. Perhaps the most compelling part of the book is a discussion of more than 40 case studies where computer games have been cost-effective at training. They range from an animated courtroom game (Objection) to a customer service game (where in the world is Carmen Sandiego's Luggage?) to a Sexual Harassment gameshow and many fine examples from Prensky's own company (which can be sampled online for free). He offers helpful advice (undoubtedly gained from experience) about how trainers can launch and even manage such a project. Among his suggestions: befriend IT as soon as possible; choose urgent learning needs that are "boring, complex or difficult," and offer game-based learning in conjunction with more traditional methods and give learners the option NOT to learn via the game method. Prensky offers practical suggestions to companies with training budgets ranging from the hundreds of thousands of dollars to nothing. Although the book is two years old, it still gives a good sense of what your money can get you these days.

Critics usually argue that "e-learning" doesn't compare favorably to live teachers. That is missing the point; the real question is whether e-learning (and game-based learning) provides comparable learning at a lower cost. As e-learning and game-based learning becomes more cost-effective, Prensky predicts a fairly radical transformation of the teacher/trainer's role. To some extent, this has already occurred with the advent of collaborative and student-based learning. But trainers may spend more time choosing the best learning tool for students (or creating new ones!) than actually teaching in a classroom. Is this bad? Prensky mentions that "any teacher who can be replaced by a computer, should be." In this world of game-based learning, Prensky argues, teachers can play a vital role in ensuring that students adequately reflect on the problems or conflicts that arose during the game/learning activity. Games are good at interactivity but bad at reflection. They offer ample opportunities for learning by doing, Prensky says, but minimal opportunities for reflection. One student, asked what he learned from playing SimCity, said, "I learned that if I don't feed the people, they will starve and die." That is clearly insufficient. A good instructor can help the student explore issues more deeply: how do politicians decide about allocating resources? Does the feedback offered to politicians give an accurate reflection of society's needs and problems? What strategies worked or did not work within the context of the game? Would these strategies also work in real life? Reflection is not necessary for every learning context, but today's trainers can make sure students have enough reflection to reap the benefits of game-based learning.

Prensky's book is an excellent introduction to this exciting field. He writes superbly and has a good grasp on learning theory and software design. Although clearly an enthusiast, he never implies that DGBL is the only or best teaching method. Many of Prensky's successes involve computer games as a primary component, but computer games don't need to play a central part in a lesson to be useful for learners. For example, a student can attend a traditional foreign language class and practice at home using a computer game. Ultimately computer games may have more value as supplemental material than as primary material.

Prensky's critique of the traditional trainer is sometimes unfair, especially the "generation gap" thing. Technology is not essential for reaching younger learners (and some experts have decried its overuse). Resourcefulness, a well-designed curriculum and motivational ability trumps game-based learning every time (even Prensky would agree with that, I think).

If we accept Prensky's premise that instructional methods are somehow determined by the prevailing state of technology, one starts down the path of saying that instructional methods are subject to obsolescence. New teaching methods may be more cost-effective or more motivating, but they don't necessary repudiate the value of "old-fashioned" methods (indeed, there will come a time when DGBL will be regarded as old-fashioned, so Prensky better watch out what he says). Using teaching methods so dependent on a technology, I would argue, has the unfortunate effect of rendering teachers helpless in the wake of massive technological breakdown. If a trainer/facilitator skilled in DGBL suddenly found his classroom without Internet access, could he still train employees effectively? One of my most edifying experiences as a teacher came at a Albanian university in Vlore lacking not only computers, but also copy machines and yes, sometimes even electricity. Every day I walked to class, mentally having to plan for contingencies (no electricity, inability to obtain photocopies from a nearby shop) for the day's lessons. While I still managed to pull off some funky lessons (with battery-powered cassette players, magic markers, magazine pictures and large posterboards), I couldn't help wondering if my "innovative teaching methods" merely burdened me with more things that could go wrong. The flip side of Prensky's magnificent vision is the nightmare scenario of teachers so overwhelmed with newfangled technological aids that they opt for the tried-and-true (but technologically primitive) methods rather than risk losing a class to downtime.

Although the spectacular successes mentioned in the book were informative, it also might have been helpful to examine cases where DGBL have failed or turned out to be not particularly remarkable. Every so often, a new theory or learning method hits the world, and suddenly educators use this method whether it is appropriate or not. When is DGBL not appropriate?

When making the business case for DGBL, Prensky overlooked two important things. First, the obsolescence of technology and technological standards (and the perception of obsolescence) diminishes the value of custom-built games for corporations. This seems to be an argument for using cheaper mass-market games rather than convincing the CEO to fund an ambitious game project. Also, I'm surprised that the book didn't spend more time on one obvious advantage to DGBL: digital assessments. Computer games make it easier to verify that learners performed required tasks and to keep the performance data in digital form to demonstrate compliance. That would be a big selling point for human resources.

I've written elsewhere that as immersive games become more sophisticated and develop their own society and values, real life will start to resemble a video game and videogame prowess may become an end worth pursuing for its own sake. Now that weapons and radar systems look more like computer games, for example, military recruiters might be happy with legions of game addicts manning their battalions. As it becomes easier to gain knowledge and experience completely from computer games, the notion of having to learn things from real life will start to seem very strange.

Other Resources

Marc Prensky has put generous excerpts from the book online for free. His company website contain a lot of fun free/demo games, including (my favorite) "The Challenge." Expect it to be slashdotted for a while. You can also buy the book here.

Kurt Squire of MIT's Games-to-Teach project , has written a preceptive article, Reframing the Cultural Space of Computer and Video Games and many other things on game-based learning , including an excellent critique of Prensky's book.

Dr. Sivasailam "Thiagi" Thiagarajan writes frequently on using games for training. His Thiagi website contains lots of freebies as well as a free monthly newsletter with lots of game/training ideas.

Gamasutra has a separate section on writings about educational games. Free registration is required.

Although not explicitly about game-based learning, Steven Poole's book, Trigger Happy offers a sophisticated aesthetic analysis of videogame narratives and engagement.

Robert Nagle (aka Idiotprogrammer) is a linux nut, technical writer and trainer with a background in instructional design and game design. He works for Texas Instruments in Houston. You can purchase Digital Game Based Learning from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

peterwayner writes "If you're looking for more proof that good stories happen to those who can tell them, pick up a copy of James McManus's Positively Fifth Street, an adrenaline-charged, first person account of a reporter sent to cover the World Series of Poker in Las Vegas. But why sit on the sidelines? He decides the only way to capture the true flavor is to risk his advance and enter. Along the way, he uses his journalistic license to justify trips to strip clubs, interviews with all of the female players, examinations of the ex-stripper wife of the tournament host, investigations of a murder, and winning bigger and bigger bets at the poker table." Sounds like fun. Read on for the rest of the review. Positively Fifth Street: Murderers, Cheetahs, and Binion's World Series of Poker author James McManus pages 416 publisher Farrar, Straus and Giroux rating 8 reviewer Peter Wayner ISBN 0374236488 summary Journalist enters poker tournament.

This book is a bit of an oddity in the literature of poker, a subject that McManus teaches along with creative writing at the School of the Art Institute of Chicago. Most of the books in the field are manuals designed to teach a beginning player how to calculate the odds, bluff at the right time, and size up the rivals. The books may be informative and helpful, but the largely clinical approach does little for the casual reader.

McManus doesn't bother much with the rules of the game because he's out to explore the nexus of lust, competition and desire that gives Las Vegas such a hold on the human undersoul. To ensure that no one mistakes this for a traditional poker book, he opens with a sex-and-drug-saturated rendition of the murder of Ted Binion, one of the owners of the casino that sponsors the poker tournament each year. None of the wealth begat by poker helped Binion after he had the misfortune to marry the one ex-stripper who would later face murder charges for his death.

Despite witnessing the pain and agony visited by the money upon Binion, McManus still can't resist chasing after his share in the tournament. He has four kids to take care of and his wife is home clipping coupons. Sure, he could just write about the tournament and play it safe, but wouldn't it make sense to enter just to get a feel of it? And gosh, if he wins, he could really pay down that mortgage. Bad Jim, as he calls himself, thinks it makes perfect sense and grabs some poker software for practice.

Bad Jim has plenty of other journalistic rationalizations up his sleeve. Some of the book is devoted to his interviews with female poker players, a relatively rarity with the politically correct power to trump any complaint that this is just a thinly veiled excuse to leave the kids at home and play poker. This angle reaches a humorous climax when he finds himself in a showdown against one female and confesses, "no one wants this woman to win the event more than I do, just not this pot."

A queen on the board means that the woman wins, "paying Bad Jim back personally for two hundred years of poker domination by men, plus millions of years of the other kind." Any other card lets Good Jim take home the cash to support his wife and daughters. Who will win, Politically Correct Jim or Old School Jim?

The book is a seemingly endless stream of these confrontations where the action on the tables reflects a tension between our high-toned aspirations and baser human longings. There are plenty of learned allusions to remind us that he does teach writing at a fancy college, but they are mixed into a narrative driven by sex and greed. Has evolution given us a need for competition and battles to the death? Is poker a good substitute now that we're more civilized? Has the poker prep software given nerds and geeks an edge over the "leather-assed Texas road gamblers?"

His seemingly endless good fortune and his ability to string the conflicts into a story with various remain the strength of the book. He just can't seem to lose. And this is a good thing because the jury in the Binion murder trial is taking forever to make up its mind. Something needs to keep the tension building and Bad Jim's good luck delivers.

So he manages to string us along for almost 400 pages until we find out who wins the tournament and whether Binion's wife goes to jail. It's a terrific exploration of power, sex and death boiled into one short visit to Las Vegas. It's even better if you love poker because the endless descriptions of the hands must be a bit hard on those who don't see the fun in sitting around a smoky hall dealing cards. If you do, though, this is a wonderful read.

Peter Wayner is the author of Translucent Databases and Disappearing Cryptography. You can purchase Positively Fifth Street from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Slashback this evening with a few more notes on AMD's upcoming Opteron processor, Siva Vaidhyanathan (three times quickly), Oregon's open source bill, and more. Read on below for this round of updates and amplifications. That Charlie's no dummy. softwareJoe writes "Tim Bray has come right out saying that if IP chancer Charlie Northrup manages to enforce his most recent claim, the consequences would be 'disastrous.'

'It would become impossible to have Open Source implementations of key pieces of the infrastructure. This would be harmful, perhaps fatal, to the grand plans of those who want to deploy Web services everywhere,' Bray is reported as saying, in XML Industry Newsletter ."

Waiting for the low-power version. Jethro writes "Ace's hardware Opteron review was a very interesting read which shows some real Java webserver benchmarks on SUSE and Debian Linux, and real world database performance in MySQL and MS SQL server 2000. A lot better than those synthetic mysql benchmarks that Tom's hardware served up."

And Distinguished Hero writes "[H]ardocp.com ([H]ardNews 1oth Edition) is reporting that the Opteron processor does not actually have an integrated dual channel controller. This explains why all the Opteron reviews only used a single channel configuration. While the integrated memory controlled is not dual channel, it can be bypassed by an external (Northbridge) memory controller connected to the processor via the HyperTransport bus."

One more: EconolineCrush writes "Yesterday's Opteron launch gave us all glimpse at AMD's new 64-bit platform, but the Opteron is a server and workstation chip that will be out of reach for the majority of consumers. AMD's upcoming Athlon 64, however, will bring 64-bit computing to the desktop. Drawing heavily from what we've seen of the Opteron's performance thus far, Tech-Report has posted its thoughts on what it will take for the Athlon 64 to succeed. It's an interesting read for anyone salivating at the thought of an affordable 64-bit desktop platform."

Ma'am, can you please ask those anarchists in the carrels to pipe down a bit? BrianWCarver writes "Readers may recall a Slashdot interview with Siva Vaidhyanathan, Professor at NYU, and author of Copyrights and Copywrongs. Vaidhyanathan is working on a new book, The Anarchist in the Library, and was interviewed on the blog, Eyeteeth. This is a brilliant and amazing interview where Vaidhyanathan discusses how creative communities share, the DMCA, the American industrial production of culture, the USA Patriot Act, the importance of libraries and librarians, and the policies of the FCC. It is a must-read for those who care about the future of creative and democratic culture."

Technically, Oregon is not Washington. Daniel Phillips is among the many folks who have been following the progress of a bill in Oregon (HB 2892) to encourage open source software, and he points out this Register story (picked up from NewsForge, actually), writing "Apparently, moving Oregon's open source bill forward comes down to convincing the house speaker."

Reader PotatoHead fleshes that out just a bit: " Despite reports detailing the demise of HB 2982, this bill continues to be a topic at the Oregon Legislature. We have broad support for HB 2892, but need everyone to continue showing support in the form of your phone calls, e-mails, faxes and snail-mail to your Oregon Representatives. We have the attention of the Oregon Legislature in a pretty big way and need to keep up the good work if HB 2892 is to move forward against the constant efforts of the usual industry lobbyists. If you don't already know, here is how you contact your representative. Please take a moment --right now-- and show your support for HB 2982. Every contact matters as we continue to move forward with HB 2892!"

Sir, can you direct me to the nearest buggy whip store so I can beat this dead horse? If $98 billion seems to you a bit much for the music cartel to charge students for even the most indiscriminant file swapping, you may be interested in following the chilling effects that it generates, too: PL_2003 writes "A follow up on a previous slashdot article. It really seems like the recording industry is determined to continue its fight.Check this NYTimes article (free reg. required). My Take: Couldn't they use their brains for a better business model?"

OK, here are the rules ... Grub (mentioned previously) is apparently causing consternation among many webmasters. Though they claim the client honors robots.txt , it seems that only the central servers check it (and don't honor it properly) and that grub clients don't don't check it at all. Ooops.

Time to round up and segregate the arrogant. jtheory writes "There's an AP story today here on Yahoo news) that the Justice department has dropped its probe into the recommendation policy of a Texas Tech bio professor. It's encouraging that all he had to do to stop the investigation was make some very minor changes in his policy, but it's still horrifying to me that he got into trouble in the first place. Is it even safe to encourage strict Creationists (or others with strong anti-scientific beliefs) to become doctors? Would they ignore animal research results, etc?"

Martin Ecker writes "NVIDIA's book The Cg Tutorial: The Definitive Guide to Programmable Real-Time Graphics, published by Addison-Wesley is a book that many 3D graphics programmers have been waiting for. Finally a book is available that introduces NVIDIA's high-level shading language Cg (short for 'C for Graphics') and the concepts involved with writing shader programs for programmable graphics pipeline architectures to the interested reader." If you are such an interested reader, you'll find the rest of Ecker's review below. The Cg Tutorial: The Definitive Guide to Programmable Real-Time Graphics author Randima Fernando, Mark J. Kilgard pages 384 publisher Addison-Wesley Publishing rating 8 reviewer Martin Ecker ISBN 0321194969 summary An excellent introduction to the high-level shading language Cg (C for Graphics) and its uses in real-time 3D graphics.

The first half of the book teaches the basic language constructs of the Cg shading language and shows how to use them in concrete example shaders, whereas the second half concentrates on more advanced techniques that can be achieved on today's programmable GPUs with Cg, such as environment or bump mapping. Even these more advanced techniques are explained in a clear and easy-to-understand manner, but the authors do not neglect to present the mathematics behind the techniques in detail. Especially the more serious 3D programmer will appreciate this fact. The explanation of texture space bump mapping must be the easiest-to-understand explanation of the technique I have read to date, which alone makes it worth to have this book on my shelf. At this point it is important to note that the book does not discuss the Cg runtime which is used by applications to compile and upload shaders to the GPU. The book focuses exclusively on the Cg language itself. So if you're already familiar with Cg and want to learn how to use the Cg runtime, this book is not for you and you should rather read the freely available Cg Users Manual.

The book contains many diagrams and figures to illustrate the discussed equations and show the rendered images produced by the presented shaders. Note that most figures in the book are in black and white which sometimes leads to funny situations, such as in chapter 2.4.3 where the resulting image of a shader that renders a green triangle is shown. Since the figure is not in color the triangle that is supposed to be solid green ends up being solid gray. However, in the middle of the book there are sixteen pages with color plates that depict most of the important color images and also show some additional images of various applications, NVIDIA demos, and shaders written for Cg shader contests at www.cgshaders.org.

Accompanying the book on CD-ROM is an application framework that allows you to modify, compile, and run all the example shaders in the book without having to worry about setting up a 3D graphics API, such as OpenGL or Direct3D. The application framework uses configuration files to load meshes and textures and set up the graphics pipeline appropriately for the shaders. This way the Cg shaders can be examined and modified in isolation with the results being immediately visible in the render window of the application. Thanks to this framework application even readers that are not yet familiar with a 3D graphics API or even 3D artists interested in programmable shading on modern GPUs can begin to learn Cg and experiment with real-time shaders.

A final note for programmers using Direct3D 9: The high-level shading language included with the latest version of Direct3D, simply called HLSL for High-Level Shader Language, is syntactically equivalent to Cg. Everything written in the book about Cg equally applies to HLSL. Thus, the book is also an excellent guide for programmers that only intend to work with HLSL.

This book truly is the definitive guide for all beginners with the Cg language, and also more advanced 3D programmers will find the chapters about vertex skinning, environment mapping, bump mapping, and other advanced techniques interesting. Once you've started writing shaders in Cg you will never want to go back to writing them in low-level assembly shading languages ever again.

You can purchase The Cg Tutorial: The Definitive Guide to Programmable Real-Time Graphics from bn.com. The book's official website has additional information and ordering options besides. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

adamba writes: "Why are manhole covers round?" "How many gas stations are there in the United States?" "How would you design a remote control for venetian blinds?" "What company is famous for interview questions like those?" You might not know the answer to the first three questions, but you probably know the last one. The notion of asking "Microsoft interview questions," quick logic puzzles and brainteasers, has become accepted wisdom for many technology companies. In comparison, the questions asked during traditional interviews, such as "Describe your typical day" and "What is your greatest weakness?" seem too simplistic, too easy to handle with a prepared answer, too prone to allowing weak candidates to slip through: they simply don't reveal enough about the person. While the Microsoft questions appear to be a better way to evaluate people, the issue has never really been seriously examined. Microsoft's success would seem to make the argument pointless: Can $250 billion in market capitalization be wrong?" Read on for an interesting look at the details and justifications for this kind of interview. How Would You Move Mount Fuji? Microsoft's Cult of the Puzzle author William Poundstone pages 288 publisher Little Brown & Company rating 9 reviewer Adam Barr ISBN 0316919160 summary The scoop on Microsoft interviews--with answers!

Now comes a new book, How Would You Move Mount Fuji? Microsoft's Cult of the Puzzle - How the World's Smartest Company Selects the Most Creative Thinkers by science writer William Poundstone. Poundstone talked to various people who have been involved in Microsoft hiring, including those who were interviewed, and those who gave interviews (full disclosure: I worked at Microsoft for ten years and was one of the people he talked to). He includes a lengthy list of questions, and most interestingly for many people, he also includes answers.

In the book, Poundstone traces the origins of this type of question, providing some fascinating information on the history of intelligence testing. He then chronicles how a certain type of puzzle interview caught on in the high-tech industry. Microsoft was not the first company to ask such questions, but it certainly popularized it.

Poundstone explains that responding to a problem you can't solve could be thought of as the fundamental problem in Artificial Intelligence (AI), and then continues,

"The problems used in AI research have often been puzzles or games. These are simpler and more clearly defined than the complex problems of the real world. They too involve the elements of logic, insight, and intuition that pertain to real problems. Many of the people at Microsoft follow AI work closely, of course, and this may help to explain what must strike some readers as peculiar--their supreme confidence that silly little puzzles have a bearing on the real world."

It could be--or maybe Microsoft employees assume that since they were hired that way, it's a great way to hire (and complaints from those who were not hired are just sour grapes). Most developers I knew thought of AI as a pretty academic discipline, and were more concerned with putting a dialog box up at the right location on the screen than trying to pass the Turing Test.

Nevertheless, as companies seek to emulate Microsoft, the questions have caught on elsewhere. And as Poundstone put it, such questions have now "metastasized" to other industries, such as finance.

This makes the effectiveness of these questions an important issue. Poundstone first presents evidence that "Where do you see yourself in five years" and "What are you most proud of" are fairly pointless questions. In one experiment he describes, two trained interviewers conducted interviews with a group of volunteers. Their evaluations were compared to those of another group who saw a fifteen second video of the interview: the candidate entering the room, shaking hands, and sitting down. The opinions correlated strongly; in other words, when you are sitting in an interview telling the interviewer what you do on your day off and what the last book you read was, the interviewer has already made up his or her mind, based on who knows what subjective criteria. As Poundstone laments, "This would be funny if it weren't tragic."

Puzzle interviews could hardly be worse than that, but it turns out the evidence that they are better is doubtful. Poundstone shows how intelligence tests are on very dubious scientific standing, and points out that Microsoft's interviews are a form of IQ test, even though Microsoft does not admit that publicly. In his 1972 book of puzzles Games for the Superintelligent, Mensa member James Fixx wrote, "If you don't particularly enjoy the kinds of puzzles and problems we're talking about here, that fact alone says nothing about your intelligence in general". Yet virtually every Microsoft employee accepts the "obvious" rationale, that only people who do well in logic puzzles will do well at Microsoft.

There is another important point about puzzle-based interviews: although you would think that they were naturally more objective than traditional interviews--more black or white, right or wrong, and therefore less subject to interpretation by the interviewer--in fact, interviewers' evaluation of answers can be extremely subjective. Once you have formed your impression of a candidate from the enter/handshake/sit-down routine at the start of the interview, it is easy to rationalize a candidate's performance in an interview, either positively or negatively. They needed a bunch of hints to get the answer? Sure, but they were just small hints and it's a tough problem. They got the correct answer right away? No fair, they must have seen it before.

Given the ease with which the answers to logic puzzles can be spun, it is highly probable that Microsoft interviewers are also making fifteen-second judgements of candidates, without even realizing it.

Three years ago Malcolm Gladwell wrote a New Yorker article about job interviews called The New-Boy Network. Gladwell quotes much of the same research as Poundstone, and relates the story of Nolan Myers, a Harvard senior who is being recruited by Tellme and Microsoft. He has done a one-hour interview with Hadi Partovi of Tellme, and spoken to Gladwell, the author, in a coffee shop for about ninety minutes. His initial interaction with Microsoft was much briefer: he asked Steve Ballmer a question during an on-campus event, which led to an exchange of emails.

As Gladwell writes, "What convinced Ballmer he wanted Myers? A glimpse! He caught a little slice of Nolan Myers in action and--just like that--the C.E.O. of a four-hundred-billion-dollar company was calling a college senior in his dorm room. Ballmer somehow knew he liked Myers, the same way Hadi Partovi knew, and the same way I knew after our little chat at Au Bon Pain."

So Steve Ballmer, who obviously does not feel that he is choosing people based on traditional interviewing techniques, and in fact was one of the originators of the "Microsoft questions," is more prone to making fifteen-second judgements than he would probably admit.

The flaw, if any, may simply be in ascribing too much value to the puzzles themselves. The actual questions may be secondary: the company might do as well asking geek-centric trivia questions, like "What was the name of Lord Byron's niece?" That does not mean Microsoft is hiring the same people that an investment bank is going to hire. The cues they look for may be different: instead of a firm handshake and the right tie, they may be looking for intelligent eyes and fast speech, or whatever non-verbal cues ubergeeks throw off.

A Microsoft interview candidate will typically talk to four or five employees, and in general must get a "hire" recommendation from all of them. Even if the employees are actually basing their recommendations not on puzzle-solving ability but on a subconscious evaluation, it is unlikely that all of them will be subconsciously using the same criteria. Emitting the proper signals to satisfy four different Microsoft employees may be as good a judge of a candidate as any, and Microsoft may be good at interviewing simply because it tends to hire people that are similar in some unknown way to the current group of employees. If another company adopts puzzle interviews, they may discover that they are not hiring the smartest people, just the people most like themselves.

In the end, the best thing that can be said about puzzle interviews is that as a screening technique, they are no worse than traditional interviews. And there are some side effects: some candidates may be more prone to accept a job with Microsoft because of the interview style, and imparted wisdom about the technique may function as a useful pre-screening of prospective applicants. And of course, employees may get a kick out of showing a candidate how smart they are, although this can have a downside: How Would You Move Mount Fuji? has several examples of interviewers who seemed more concerned with proving their intelligence than in gauging that of the candidate. One former Microsoftie admits they asked candidates a question they did not know the answer to, just to see what they would do.

Two chapters of the book, entitled "Embracing Cluelessness" and "How to Outsmart the Puzzle Interview," attempt to help interview candidates who are confronted with such puzzle questions. The official advice is scarce: Microsoft's Interview Tips page advises candidates "Be prepared to think," which isn't much help, since presumably nobody is advising the opposite. Some of the recruiters who go to college campuses have their own little tips; for example, one recruiter named Colleen offers a quote from Yoda: "Do or do not, there is no try." Other recruiter tips include "Stay awake" and "Always leave room for dessert." Luckily, Poundstone gives advice that is a bit more concrete than that.

Microsoft puzzles can be divided into two types: those where the methodology is more important than the answer, and those where only the answer matters.

The "methodology" puzzles break into two classes, "design" puzzles ("How would you design a particular product or service?") and "estimation" puzzles ("How much of a certain object occupies a certain space?"--for example, "How much does the ice in a hockey rink weigh?")

Design questions exist because at Microsoft, responsibility for product development is split between two groups, the developers and the program managers. Developers write code: program managers design the user interface, trying to balance the needs of users with the technical constraints from developers. As Poundstone points out, while estimation questions and general logic puzzles are universal, the design questions are reserved for program managers.

The reason is that program management does not require the specific skills of development. Designing software is something any reasonably intelligent person can attempt, so the design questions are aimed at finding people who are really good at design. In fact one program manager I worked with told me that the best way to distinguish a potential program manager from a potential developer was to ask them to design a house: a developer would jump right in, while a program manager would step back and ask questions about the constraints on the house.

(Developers, meanwhile, are usually asked to write code on the whiteboard, an experience that program management candidates are spared. Books exist that discuss coding problems in more detail, such as Programming Interviews Exposed: Secrets to Landing Your Next Job by John Mongan and Noah Suojanen, which covers many standard programming questions and even includes answers to a few of the logic puzzles that Poundstone addresses).

Poundstone does include some of these design questions and provides sample answers. But the "answer" to these questions is really the process involved: ask questions, state assumptions, propose design. That's all you need to know about them. If you are wondering why Microsoft did not use this logical procedure when confronted with the question "Design a response to the open source movement," but instead seems to have spouted off the first five things that popped into its collective head--that's just more proof that performance in interviews is not necessarily a great indicator of future job performance.

Another recruiter, Stacey, gives the following interview tip: "The best interview tips I can give you are to relax and think for yourself. For a Microsoft interview, be prepared to answer both technical and problem solving questions. Ask clarifying questions and remember to think out loud. We are more interested in the way your are thinking through a problem then we are in your final answer!"

That approach works for the "methodology" questions: design and estimation. What about the other kinds--the more traditional brainteasers? For those questions, forget your methodology. What Microsoft interviewers want is the right answer.

James Fixx, writing three years before Microsoft was founded, offers some advice that may hearten potential Microsoft recruits: "One way to improve one's ability to use one's mind is simply to see how very bright people use theirs." With that in mind, we can follow along with Poundstone as he explains the solutions to the puzzles that the very bright people at Microsoft ask during interviews. He certainly delivers the goods: 100 pages of answers. Unfortunately, it's not clear whether seeing those answers help you tune up your brain to answer problems that do not appear in the book.

In his book, Fixx spends some time trying to explain what, as he so delicately puts it, "the superintelligent do that's different from what ordinary people do." For example, trying to describe how a superintelligent person figures out the next letter in the sequence "O T T F F S S", he advises people to think hard: "Persistence alone will now bring its reward, and eventually a thought occurs to him." Talking about how to arrange four pennies so there are two straight lines with three pennies in each line, he writes "The true puzzler...gropes for some loophole, and, with luck, quickly finds it in the third dimension." Further hints abound: "The intelligent person tries... not to impose unnecessary restrictions on his mind. The bright person has succeeded because he does not assume the problem cannot be solved simply because it cannot be solved in one way or even two ways he has tried." This advice sounds great in theory, but how do you apply it in practice? How do you make your mind think that way? As Poundstone quotes Louis Armstrong, "Man, if you have to ask 'What is it?' you ain't never goin' to know."

Poundstone recognizes that the flashes of insight that Fixx describes, and that Microsoft interviewers expect, are more of a hit-or-miss thing than the inevitable result of hard thinking by an intelligent person: "What is particularly troubling is how little 'logic' seems to be involved in some phases of problem solving. Difficult problems are often solved via a sudden, intuitive insight. One moment you're stuck; the next moment this insight has popped into your head, though not by any step-by-step logic that can be recounted."

During interview training I participated in when I worked there, Microsoft would emphasize four attributes that it was looking for when hiring: intelligence, hard work, ability to get things done, and vision. Intelligence was always #1, yet despite this, Poundstone says that the official Microsoft people he talked to would shy away from the word "intelligence", preferring to use terms like "bandwidth" and "inventiveness". Indeed Microsoft's Interview Tips web page says "We look for original, creative thinkers, and our interview process is designed to find those people." No mention of the word intelligence or any notion that interviews are some sort of intelligence test.

In fact, although I think that most Microsoft people would consider the puzzle tests to be mainly a test of intelligence, they may do better at testing some of the other desired attributes. Psychologist and personnel researcher Harry Hepner once said, "Creative thinkers make many false starts, and continually waver between unmanageable fantasies and systematic attack." Poundstone explains that you have to figure out when your fantasies have become too unmanageable: "To deal effectively with puzzles (and with the bigger problems for which they may be a model), you must operate on two or more levels simultaneously. One thread of consciousness tackles the problem while another, higher-level thread monitors the progress. You need to keep asking yourself 'Is this approach working? How much time have I spent on this approach, and how likely is it to produce an answer soon? Is there something else I should be trying?'"

This is great advice, not just for a puzzle, but for a job, and life in general. So watching someone think through a puzzle might be a great way to see how they would tackle a tough problem at work--the "hard work" and "get things done" abilities that Microsoft is also looking for. As James Fixx writes in the sequel More Games for the Superintelligent, "While the less intelligent person, unsure of ever being able to solve a problem at all, is easily discouraged, the intelligent person is fairly sure of succeeding and therefore presses on, discouragements be damned."

Unfortunately, the typical Microsoft interviewer is not looking at the approach to puzzle questions as a test of perseverence. Someone who tries five different attempts might demonstrate more resourcefulness than someone who just "gets it"--but they would get turned down. Interviewers who ask puzzle questions are probing the "intelligence" category, and they want the right answer.

The last chapter of the book is titled "How Innovative Companies Ought to Interview" and deals with a soon-to-be-problem: How will the industry be affected by the publication of this book? Will interviews still work if everyone knows the secrets?

Knowledge of Microsoft-style questions is already out there on the Internet. Since the candidates who participate in the interviews do not sign a Non-Disclosure Agreement, they are free to tell others the questions they were asked, and from these reports databases of questions have been built up. Poundstone includes the URLs of several sites, including Kiran Bondalapati's "Interview Question Bank", Michael Pryor's "Techinterview", Chris Sells' "Interviewing at Microsoft", and William Wu's "Riddles". These sites generally don't include answers, but certainly knowing the types of questions to expect can be an advantage.

Microsoft employees are aware of such sites. Once, when I sent email describing the questions I had asked a Microsoft candidate, I got a nasty reply from someone else at the company: Didn't I know that the question I had asked was posted on a website of known Microsoft interview questions? On the other hand, with no official internal Microsoft list of questions, some employees are undoubtedly using these sites to come up with material. Even within Microsoft there is debate about which questions are reasonable. In an unscientific survey I took of former Microsoft program managers, opinion was divided on the validity of some of the questions. A question described by one person as a good test of a candidate's ability was dismissed by another as foolish.

Poundstone does point out that some questions are silly and should not be asked ("Define the color green"), but he gives serious answers to others which I don't think are worthwhile either, including "If you could remove any of the fifty U.S. states, which would it be?" and "How do they make M&Ms?" Furthermore, I would argue that if an entire class of questions can be "tainted" by How Would You Move Mount Fuji?, they don't deserve to be asked in the first place. Estimation questions might be invalidated by the revelation that the way to solve them was to multiply together a bunch of wild guesses. The strategy of using a design question to to differentiate program management candidates from developer candidates might also go the way of the dodo. Is that necessarily a bad thing?

How Would You Move Mount Fuji? is worth reading even if you don't plan on interviewing at Microsoft. It has some interesting history, a few good Microsoft tidbits, and puzzles that are entertaining on their own. For those considering a job at Microsoft, the book may ratchet up the "arms race" of questions. Microsoft employees may assume that people interviewing have read the book--so if you are going to interview there, or anywhere else that imitates their style, you should probably read it too.

You can purchase How Would You Move Mount Fuji? Microsoft's Cult of the Puzzle from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

jpetts writes "If you have an interest in cryptography and spend even a small amount of time looking at the subject on the Internet, you will almost certainly have come across the name Bruce Schneier. His book, Applied Cryptography is widely regarded as the most accessible, and one of the most important books on cryptographic algorithms ever published. Schneier has also published other books, including the less technical Secrets and Lies, an thought-provoking book aimed at getting people to think about the whole of the security landscape, not just cryptography. Now, together with Niels Ferguson, renowned cryptographic expert, and longtime collaborator, another immensely valuable book on security has just appeared." Read on for the rest of jpetts' review. Practical Cryptography author Neils Ferguson and Bruce Schneier pages xx + 410 publisher Wiley rating 10/10 reviewer James Petts ISBN 0471223573 summary Pure Hands-On Cryptographic Gold; invaluable guide for cryptographers.

Schneier is one of the world's foremost experts, not just on cryptography, but also on security. It was as he delved deeper into the security of cryptographic systems that he realised that even though - theoretically at least - cryptography could be made arbitrarily secure, this was one of the more tractable problems in the security puzzle. For this reason, his company, Counterpane repositioned itself as a managed security company, rather than continuing to focus solely on cryptography. This transition was also reflected in his publication of Secrets and Lies (SL), which is very different in tone and focus from Applied Cryptography (AC). So where does Practical Cryptography (PC) fit in, and what does it offer? For me, the answer is that it lies pretty much squarely in the middle of the line reaching from AC to SL.

There is no shortage of products in the cryptography arena, but the vast majority of these attract undisguised scorn from professional cryptographers (at least those who can be bothered to comment on them), and although I am only an amateur in this field, I take it as axiomatic that only peer-reviewed cryptosystems (algorithms, protocols, etc) which have stood the test of time are worth taking even a preliminary peek at. This includes many that are described in AC. However, One of the problems with AC, openly acknowledged by the author, is that it contains essentially no implementation details. Furthermore, the cryptographic field has moved on since its publication, most notably with the adoption of Rijndael as the Advanced Encryption Standard, now a mandated Federal Information Processing Standard.

The source code to AC has been available from pretty much the moment of the book's publication, but one of the problems which faced a would-be cryptographic coder, is how to produce a working cryptographic product based on the routines that one could lay one's hands on. Merely incorporating the source code in a program does not a cryptosystem make: as Schneier points out cryptography is hard. And this is where this new book is invaluable: it tells you in great detail how hard it is, what the hardest parts are, and how you can maximise the return on the effort you may invest in developing cryptographic software.

The book pulls no punches, and does not gloss over any issues relating to implementing cryptographic systems. It deals with all the major components of a practical cryptosystem: the book's major sections are titled Message Security, Key Negotiation, Key Management and Miscellaneous.

Within each of these sections there are several chapters, covering virtually all the salient points imaginable, right down to the fundamentals. For example, the first chapter of the Key Management section deals with the clock. It explains from first principles the need for a clock: "At first glance, [a clock] is a decidedly un-cryptographic primitive, but because the current time is often used in cryptographic systems, we need a reliable clock." It is this sort of attention to particular implementation details that turns PC from a mere recipe book into an invaluable reference and a true cookbook.

Another invaluable feature is the generous use of pseudocode snippets, not only for algorithmic details, such as MACs and block cyphers, but also for higher-level operations like sending and receiving messages.

Ferguson and Schneier are refreshingly frank, too. Where they believe strongly in something, they let you know it. For example, the first paragraph of chapter 23, Standards, contains the statement that "[s]ecurity standards rarely work," while the authors go even further when dealing with X.509 certificates, stating on p.339, "[w]hatever you do, stay away from X.509 certificates. If you need a reason, read [40] and weep". This candour is refreshing, especially when juxtaposed with the weasel words that so many consultants and software vendors seem to rely on. However, this advice is not just given in curmudgeonly fashion, and when the authors discuss the matter of X.509 in a different context, they add, humorously, "[i]f you must use X.509, you have out condolences."

I am tempted to continue to analyse the book at great length, but to save space I will just highlight some further jewels from this work:

• Implementation issues such as swap files, language-specific memory handling behaviour, caches, etc. are covered in enough detail for you to understand how to do things, and more importantly, how not to do things.
• Randomness, pseudo-randomness and entropy are covered in enough depth for an implementor to avoid pitfalls, and pseudocode examples are given.
• Mathematical topics such as prime numbers, groups and large integer arithmetic are described in excellent detail.
• PKI, its promise, and failure are covered with wit and wisdom.

As you can probably guess from the above description, I believe that the real value of this book lies in the fact that two renowned experts, in both theory and practice, are sharing what works, and more importantly what you should avoid like the plague when working with cryptosystems. This information has until now generally only been available by listening to people like Schneier and Ferguson talk, either one-to-one or at conferences. Even then, the authors point out that even talking to "experts" is not without danger: chapter 25 begins "There is something strange about cryptography: everybody thinks they know enough about it to design and build their own system. We never ask a second-year physics student to design a nuclear power plant. We wouldn't let a trainee nurse who claims to have found a revolutionary method for heart surgery operate on us. Yet people who have read a book or two think they can design their own cryptographic system. Worse still, they are sometimes able to convince management, venture capitalists, and even some customers that their design is the neatest thing since sliced bread." Given this statement, some people might claim that this book is a little hubristic, but I disagree. Paranoia, self evaluation and a healthy scepticism are pre-requisites for assessing, deploying and implementing cryptosystems, but since a sine qua non of reliable crypto is open examination and peer evaluation, I believe that the authors are here simply offering advice, which once you understand more about the issues surrounding crypto, is merely common sense. Schneier and Ferguson have both "earned their bones" in the glaring light of crypto, and this book admirably fills an obvious gap in the literature of the field. There is not, to my knowledge, another book like it on the subject, and had it been published at around the same time as AC, I am sure that it would have been regarded by the NSA as even more dangerous than that book. After all, it is frighteningly easy for the uninformed to take good cryptographic algorithms and protocols, and through ignorance turn them into worse-than-useless crypto products.

Is there anything I didn't like about the book? Frankly, no. Some might complain that it is priced too high (it lists at USD50 for the softcover, and USD70 for the hardcover), but it is printed on acid-free paper, and the density of useful advice is such that it outstrips in value many works which cost half the price or less.

If you are interested in crypto, do yourself a favour: buy this book.

You can purchase Practical Cryptography from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes "Ben Hammersley's Content Syndication with RSS is a step-by-step guide to implementing RSS. This standard is gaining popularity among the Web community, and some of your favorite sites might syndicate their content as RSS feeds. The new O'Reilly publication focuses on many aspects of this standard, and is of primary interest to developers, Web site designers, data architects and anyone interested in distributing their data around the Web." So if you have a steady stream of information for your customers, family, or fans, read on for the rest of Alex's review. Content Syndication With RSS author Ben Hammersley pages 222 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003838 summary Introduction and guide for RSS implementations

The first three chapters are primarily discussing the multiplicity of RSS standards. While with some other technologies it might seem a bit excessive, remember that RSS is a forked project with the forks at this moment bearing little resemblance to one another. The abbreviations even have different abbreviations - RSS means Really Simple Syndication if you are using RSS 0.91 or RSS 0.92, that was developed by Dave Winer. RSS means RDF Site Summary if the version you're using RSS 1.0. The development credits in this case go to RSS DEV team. To confuse you even more, the RSS 2.0 standard is deciphered as... correct, Really Simple Syndication again.

Hence chapter 4 discusses Winer's implementation (simplistic and user-friendly), while chapter 6 focuses on RSS 1.0 (RDF-compliant and data-architect-friendly), and chapter 8 talks about RSS 2.0 (improved RSS 0.9x). Chapter 4 is available online as a PDF file. Section 4.4 is recommended for those interested in promoting their RSS feeds as it provides pretty good reference to meta data.

Chapter 9 is perhaps of special interest to Web developers and administrators out there. It presents several code samples to properly parse RSS and present the result in readable HTML. The examples include (a) parsing with XML::Simple in Perl, (b) parsing with Perl regular expressions, (c) parsing with XML::Simple and sending the headlines to cell phones via WWW::SMS, (d) parsing via XSLT transformation. Python, PHP and ASP folks might feel left out due to the abundance of Perl examples, but if you got so far in the book, you can probably apply the regular expressions example or search for appropriate support for RSS format in your preferred language.

Going beyond the standard itself, RSS directories, aggregators and readers are discussed. Author makes a distinction between the last two by classifying Meerkat-like services into aggregators and desktop or Web applications designed to present the information to the user into readers. The chapter also provides information about Syndic8, its API, and describes the feed registration process. OReilly's Meerkat is also discussed in chapter, together with reference table for its API (you can make Meerkat generate HTML or RSS news headlines on certain topic or using certain keywords by providing a right query to its Web interface).

The book is quite a smooth read for a text describing the details of data specification. The chapters are informative and the book is not overloaded with useless information just to increase the page count. The tips are quite useful for someone, who is knew to the field and answers some questions not covered by standards (e.g., how often should you request an RSS feed, what to do if you're being screen-scraped, etc.)

I like the way the author divided the chapters into RSS 0.9x/2.0 and RSS 1.0 and kept two worlds apart. Most of the time you probably won't be interested in developing a feed to support both standards, but would like to focus just on one. The examples in Perl are perfect with me, although for someone new to Perl or programming in general those examples with abundant regular expressions might look a bit convoluted. Kudos to the author for not expanding on the topic, like many do, and providing an example of a script for RSS manipulation in every possible language out there.

What's missing? I wish more pages were dedicated to desktop RSS readers. FeedReader, HotSheet, Syndirella, Beaver and SharpReader are excellent end user applications currently gaining some popularity among those who'd prefer to browse the favorite headlines at a glance, instead of going to a dozen of sites every morning. To be fair, there's a huge list of readers in Appendix, and some applications mentioned above only came around in the last few months, which was probably after the book hit the press. Some sites also didn't make it into the book. I like DailyRotation and FreshNews that borrow from Meerkat's versatility and provide their own feed portal.

Overall, the book is a pretty good developer's guide to RSS standard. Accompanied with helpful illustrations and numerous tips it's an excellent resource for those unfamiliar with RSS and a helpful reference for those who have been doing Web syndication for a while.

You can purchase Content Syndication With RSS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ginormous writes "Philip Taubman's new book, Secret Empire: Eisenhower, the CIA and the Hidden Story of America's Space Espionage is perhaps the most exciting book ever written about the Eisenhower administration. (Did you know the Eisenhower administration was exciting?) It traces the story of how aerial reconnaissance developed from conventional planes (modified bombers and such) outfitted with cameras through the high-altitude, high-speed U-2 and SR-71 planes and the Corona satellite." Read on for more on this book. Secret Empire: Eisenhower, the CIA and the Hidden Story of America's Secret Espionage author Philip Taubman pages 370 (including fun photos!) publisher Simon & Schuster rating 10/10 reviewer ginormous ISBN 0684856999 summary A great historical thrill ride of the development of the U-2, the Corona satellite and more.

In the early days of the Cold War, the United States knew almost nothing about the Soviet's military capacity and had to risk the lives of hundreds of airmen in flights over Soviet airspace. Eisenhower, a five-star general, understood both that the human cost was too high and that the cost of not knowing how many missiles and bombs the Soviets had was even higher. He trusted a group of businessmen, engineers and professors -- including Polaroid's Edwin Land, Lockheed's Kelly Johnson and MIT's James Killian -- to help solve the problem.

Taubman, deputy editorial page editor at the New York Times, is a talented storyteller with an eye for good anecdotes. He spoke to dozens of the men who flew the planes and built the satellites, as well as those with an inside line to the thinking of the President himself. Although the story lacks the human drama of a tale like "The Right Stuff," it has more life than expected from a story where the heroes are machines. Even readers with background knowledge about the military or intelligence systems will learn a lot about what went on in the crucial first decades of the Cold War, when technology took spying to new levels and perhaps prevented World War III. The book is largely based on documentation that was declassified in the late 1990s, offering a fly-on-the-wall view of what went on in crucial, highly secret meetings. The writing transports readers through closed doors, allowing them the relive the urgency of the era.

A truly fascinating aspect of the book is how some of America's greatest scientific achievements and achievers were either unknown or had some of their work supressed during their lifetime for national security. These guys are heroes for their work and it's too bad they couldn't be recognized back in the 60s. It's great to do it now.

Secret Empire also is relevant to the current situation, and Taubman touches on spying in the post-Cold War world. Washington eventually became too dependent on satellites and technological spying, at the expense of human agents who are much more effective against bands of terrorists. Still, the book makes obvious that satellites have rightly become an essential piece of the nation's intelligence battery. The story of how they got there in the first place is fascinating, and Secret Empire is the first book with access to classified documents that does justice to the story.

FMI: see the website at www.secretempirethebook.com which has some really cool original documents from the book's research.

You can purchase Secret Empire: Eisenhower, the CIA and the Hidden Story of America's Secret Espionage from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

dvdweyer writes "This book deals with administration of UNIX (one wonders why the book doesn't bear the title "Essential UNIX Administration"), all major UNIX platforms are covered, most of them in their almost latest version when the book went to press (Linux: Red Hat 7.3 and SuSE 8.0, Solaris 8 and 9, FreeBSD 4.6, AIX 5, HP-UX 11/11i, Tru64 5.1), SCO and IRIX were dropped for this edition, FreeBSD was added. Other UNIXes (e.g. Debian Linux) are not mentioned, but this makes the book only a little bit less useful on those, with some imagination the information can be used, except for special topics (e.g. package management). This book is on system administration and not targeted on desktop users, as such it doesn't cover KDE, Gnome or any desktop application." Dvddwyer's section-by-section review continues below. Essential System Administration, 3rd Edition author AEleen Frisch pages 1176 publisher O'Reilly rating 9/10 reviewer dvdweyer ISBN 0596003439 summary a well-done standard for all who need a thorough introduction as well as a work of reference in UNIX system administration.

Content Introduction to System Administration

This chapter claims to make you think like a system administrator, I didn't feel any different after reading it, maybe I already think like one ;-). Most of it is about use of superuser privileges (su, sudo). Other parts are communicating with users (talk, wall, motd - but no mention of e-mail or phone) and GUI-based vs. command-line administration.

The Unix Way

Here starts the real stuff: files, processes and devices. A very gentle but thorough introduction to all possibilities of file and directory ownership (chmod, chown, mode strings, numeric modes), next is a description of how files map to disks. The processes are covered on a fairly abstract level, only something about various types (interactive, batch, daemon) and attributes (but no way to show them, not even an example usage of ps or top - that's left for chapter 15). The part on devices is basic, but shows the some commands to list information about devices. Last part in this chapter is about the generic UNIX filesystem layout.

Essential Administrative Tools and Techniques

Here are some of the most important commands and techniques for everyday use: man, grep, awk, find (including how to pipe). Some of the examples are fairly complicated for a novice, a basic knowledge of piping and shell usage is assumed. Next are some methods of handling files and directories (cp, mkdir, diff, rm), periodic execution (cron), logging (syslog, managing log files) and software package management (the most important commands to Linux rpm, Solaris pkg*, etc.) and manual software installation (.configure, make, make install).

Startup and Shutdown

Contains a fairly detailed description of what happens when a system boots up or shuts down. This includes all the gooey stuff about initialization files, runlevels and how to customize those. Last but not least is a short troubleshooting guide, "When the System won't boot."

TCP/IP Networking

The chapter starts with a gentle introduction to TCP/IP and related hardware and explains step-by-step a starting TCP/IP session with dumps and comments. Going on it digs deeper and explains IP addressing, subnets and even a little bit IPv6. The first hands-on part deals with network configuration (ifconfig, configuration files, DHCP, name resolution). A short troubleshooting guide (ping, arp) rounds off the chapter.

Managing Users and Groups

This part starts with a description of the essential files (/etc/passwd, /etc/shadow, /etc/groups) and how to add/remove users and other aspects of user and group management. The default tools for each distribution are also mentioned. Then a whole slew of pages are dedicated to password selection, cracking and enforcing password policies (though I prefer stronger passwords than those given on page 301). The last pages give an introduction to PAM (mostly Linux) and LDAP (mostly OpenLDAP).

Security

This is indeed a very good introduction to UNIX security and its lines of defense (though I did miss "disable remote root login" and "give users no shell when they don't need it"), next are common mistakes, setuid/setgid access modes and ACLs. A short introduction to PGP/GPG and role-based access control is given. The next big part is about network security: OpenSSH, TCP Wrappers and nmap are introduced; the ubiquitous advice "disable what you don't need" is also given. Firewalls are briefly mentioned, some links to actual products e.g. ipfilter or Netfilter would have been nice. A nice checklist-style guide to hardening an UNIX system is given and the chapter concludes with managing problems and monitoring. I did miss some links to resources on the Internet and a reminder on the importance of frequent patching (Sun recently published a nice whitepaper on this topic).

Managing Network Services

This chapter builds on the foundation built in the chapter on TCP/IP, as such it covers various basic networking services and starts with name resolution via DNS, mentioning configuration and usage of the common tools (BIND, nslookup, host, dig). This is followed by a part on getting out of the local network (routed, gated), getting others on your network (DHCP) and managing (netstat, ping, traceroute, SNMP) and monitoring (tcpdump, snoop). The chapter ends with short introductions to dedicated packages (e.g. NetSaint, MRTG/RRDTool).

Electronic Mail

Next is a chapter on that other big network nuisance^W service: mail. It starts with a gentle introduction to the basics (SMTP, MX records, POP/IMAP). The part on MTAs starts with everybody's darling *cough* sendmail which is covered exhaustively. The other MTA covered is Postfix, which also receives fairly extensive coverage. The rest of the chapter covers mail processing (fetchmail, procmail), there is no mention of other MTA, MUAs, or other modern mail processing tools (e.g. against spam). Though this chapter is well done, and a nice introduction to mail in general, I would prefer to get rid of it in favor of a "mail-is-only-for-dedicated-servers" policy. A short note on how to deactivate or remove the default MTA should be included in the previous chapter (yes, I know that not everyone shares this point of view).

Filesystems and Disks

A very long chapter on filesystems and disks with tons of information on how to create, mount/unmount, repair and monitor filesystems, including some stuff about logical volume managers and RAID. Nicely indexed, it makes a good reference but is boring to read it all (I didn't :-). The last pages are a short introduction to NFS and Samba, but do not cover all the advanced aspects.

Backup and Restore

Covers the tedious taks of backup with all the different aspects: planning backup, strategies to manage the workload, what media to use, what tools are available in a standard setup (tar, cpio, dump, dd, mt, restore). Next is a coverage of the package Amanda and what to look for in commercial packages. Last but not least "restoring from scratch" is covered.

Serial Lines and Devices

Herein is all the stuff about serial devices (tty, termcap, terminfo, stty), usage of USB is covered for FreeBSD, Linux and Solaris.

Printers and the Spooling Subsystem

Contains lots on "old school" printing (BSD spooling facility: LPD, System V printing, AIX spooling facility), a short note "Print Services for UNIX" on Windows NT/2000 (works pretty well for basic usage) and on providing print services for Windows by Samba. LPRng and CUPS also get a few pages. Closeout for this chapter is font management under X, which contains a rant on how cumbersome font management is ;-).

Automating Administrative Tasks

This chapter appeals to a healthy laziness which might save some manual work. It contains some samples and introductions, the best it can do is make appetite for more. Included are: shell script (C-shell), tips for testing and debugging, Perl (including there is more than one way to do it-proof), Expect, C and the lesser known tools Cfengine, Stem. It closes with some short notes on how to create a man page for your own software.

Managing System Resources

This chapter wants to make you think a about system performance before you try to manage it. General steps are given: define, determine, formulate, design, implement, monitor and return to start ...

After the general introduction the chapter gets hands-on with monitoring - ps (it is in there after all ...) with all System V and BSD options, pstree and top are covered. The /proc filesystem is mentioned with some samples of how information can be gathered. Process limits are discussed, including how to disallow the creation of core dumps. Signaling and killing processes with kill and killall is covered next. The next chunks in this big chapter are managing CPU (nice, AIX and Solaris scheduler, cron), memory (paging, recognize memory problems), I/O (performance, disk quotas), network (netstat, some notes on DNS and NFS)

Configuring and Building Kernels

This chapter is essentially a bunch of short guides on what to look for when configuring and building a kernel, for Linux lilo is also explained.

Accounting

This is an introduction to what components are relevant for accounting, and how to enable/disable it. As such it shows what can be done with the standard tools on BSD-style accounting (sa, ac) and System V-style accounting. A few pages are dedicated to printing accounting.

Appendix: Administrative Shell Programming

This is a more thorough introduction to shell programming that could have been integrated in the chapter Automating Administrative Task. Other than that it is a solid, short reference to shell programming.

Index

Last but not least is a very concise index (50+ pages), which makes it easy to find anything that's in the book.

What's bad

There's not much I really disliked in the book, I can recommend to anyone who needs an introduction to UNIX system administration or a general reference text. Some points are: it's not on UNIX CD Bookshelf v3.0, which is a pity for reference usage, there are almost no links to WWW sites of interest, almost all links to further information are to other O'Reilly books (granted, most of them are quite good) and sometimes I found the order in which themes are discussed slightly less than optimal for "junior administrators".

What's good

Almost everything (writing style, coverage), except those few issues mentioned in "What's bad". The very good index makes it easy to find the information that is applicable in your special situation, even with all those different UNIXes. If you are looking for a general UNIX reference and/or introduction, look no further (you might want to compare it with "The UNIX Systems Administration Handbook", and decide for yourself, note that the USAH does not cover AIX).

You can purchase Essential System Administration, 3rd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ursus Maximus contributes this review of Python in a Nutshell, writing "Perhaps the best book about Python ever written, this is the perfect capstone to anyone's library of Pythonic books, and also the perfect introduction to Python for anyone well versed in other programming languages. For newbies to programming, this would still be a good second book after a good introductory book on Python, such as Learning Python by Mark Lutz." Read on for the rest of his review. Python in a Nutshell author Alex Martelli pages 636 pages publisher O'Reilly rating Excellent, superb, 5 stars reviewer Ron Stephens ISBN 0596001886 summary Complete reference book for the Python programming language

Written by my favorite author and Pythonista, Alex Martelli, this book manages to fill three roles in extremely pleasing fashion. First and foremost to me, it is a great read, straight through. Mr. Martelli's prose is always sparkling and always keeps the reader interested. No matter how many Python books you have read, you will learn some nuances from this book, and it is about the best review of the whole Pythonic subject matter that I can imagine. While there is absolutely no fluff whatsoever in these 636 pages, it still makes for rather easy reading because the explanations are so clearly thought out and explored as to lead one gently to understanding, without in any way being verbose. It is obvious that Alex Martelli took his time and put in sufficient thought, effort, and intellectual elbow-grease to make this work a classic for all time.

Secondly, this book is the ultimate Pythonic reference book, the best fit to this role I have yet seen. You will keep this book in the most cherished spot on your book shelf, or else right at your side on your computer desk, because you can almost instantly find any topic on which you need to brush up, in the midst of a programming project.

Third, Python in a Nutshell is the most up-to-date book on Python (as of April 2003) and includes the best and most complete expositions yet on the new features introduced in Python 2.2 and 2.3. These topics are not only covered in depth, they are integrated into the text in their proper positions and relationships to the language as a whole. They are explained better here than I have seen anywhere else, so much so as to make them not only understandable to me (a duffer), but indeed so that they appear seamlessly Pythonic, as if they had been a part of the language since version 1.0. Topics explored in depth include new style classes, static methods, class methods, nested scopes, iterators, generators, and new style division. List comprehensions are made not only comprehensible but indeed intuitive.

The book is surprisingly complete. It covers the core language as well as the most popular libraries and extension modules. It is difficult to choose any one portion of the book to highlight for extra praise, as all topics are treated so well. It is a complete book, the new definitive book about Python.

Everything about this book speaks of quality. In addition to the top notch writing and editing, O'Reilly really did the right thing and published this book printed on the highest quality paper, paper so thin that the 636 pages are encompassed in a book much thinner than one would expect for such a size, but strong enough to resist wear and tear. The text is most pleasing to the eye. Holding the book, and turning its pages, gives one a feeling of satisfaction.

Any job worth doing is worth doing well. Alex Martelli and O'Reilly have done justice to a topic dear to our hearts, the Python programming language. Perhaps, in years to come, the passage of time may make this book to be no longer the most up-to-date reference on the newest features added to Python. But time can not erase the quality craftsmanship and the shear joy of reading such a well thought out masterpiece of Pythonic literature.

You can purchase Python in a Nutshell from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. Ron Stephens would also like you to check out Python City, with "27+ reviews of books about Python. 67+ links to online tutorials about Python and related subjects Daily newsfeed of Pythonic web articles, new sourceforge projects, etc."

peterwayner writes "If you're a bit tired of programming books, API descriptions, tables of keywords, and arguments about which data structure is buzzword compliant, super-mega-efficient and intuitively easy to grasp, turn to Developing Online Games , a book that seems to have very little interest in many of the traditional challenges for programmers. The authors spend four lines discussing the best computer language for the job (C/C++), conclude that objects give "far more flexibility in design" and then move on to fun questions like how to make a online game compelling for achievers, socializers, killers and explorers. This book is a wonderful psychoanalysis of the gamer's mind and it should be the first and last book read by game developers about to start a quest to capture the hearts, minds and subscription fees of people on the Internet." Read on for the rest of Peter's review. Developing Online Games author Jessica Mulligan and Bridgette Patrovsky pages 495 publisher New Riders rating 8 reviewer Peter Wayner ISBN 1592730000 summary The Sociology of building online games.

The book's strength lies in the deep experience of the authors and the efficient, occasionally gimlet-eyed voice they use to analyze their collective addiction. Jessica Mulligan's bio lists work on more than 50 online games like Ultima Online, while Bridgette Patrovsky's includes time building games for Electronic Arts, Sony and Interplay Online Services. If you believe that Online games are the latest thing, Mulligan would like you to know that you're wrong. She wrote a column celebrating the 30th birthday of the Online game in 1999. Rick Blomme wrote Spacewar back in 1969 and Dave Arneson started an RPG named Blackmoor in 1970 or 1971. It was so long ago, he can't be quite sure.

All of this experience weighs a bit heavily on the authors. The book is more of a core dump than a logical progression and that means we hear bitter echoes of the past. One section is entitled "Yes, it really will take 2-3 years to complete" and another is called "No, More Programmers Won't Make it Go Faster." These sections don't add much to the usual literature about herding cats, but they do offer a strong reminder that this isn't a task for slackers who never could get around to forming that garage band.

The better parts are aimed at the design of the games themselves. While game players are slaying monsters or saving Princesses, game designers are questing after a full Player Satisfaction Matrix. Good games sate the player's need for socialization, accomplishment, discovery and conflict as they journey from the state of confusion (0-1 month), on to excitement (2-4 months), glide through the state of involvement (5-48+ months) before landing in boredom (until VH1 starts making "Behind the Game" documentaries). The trick to good design is making sure that there's plenty to feed the player's involvement.

For instance, you may be driven to create a new persistent world that emphasizes socialization because you're tired of all that death. The authors gamed that scenario and decided that "killers do have a positive role to play from the point of view of the socializers." Good can't exist without evil acting as a contrast and besides, players can usually find some other passive/aggressive technique for stabbing each other in the back even if knife objects aren't instantiated.

The authors tend to view the online realms as ecosystems. If you want to "increase the number of achievers," then the authors advise that you "reduce the number of killers, but not too much" while maybe "increas[ing] the number of explorers." I suspect that these recommendations are to be taken with a grain of salt, but they do reflect the observations of people who've spent a long time managing these games. I'm even tempted to develop my own Sim Sim that lets you simulate the process of crafting a simulation.

Ultimately it's hard for the authors to offer much more than these recipes and matrices. The details about the management, the strategies for stopping cheaters, and the intricacies of player relations are essential parts of the journey, but those are only half of the battle. Making the characters sing and the world come to life is a job for the artist.

This book is like many of the simple guides for writing a screenplay. They talk about arcs, hinge points and beats, but end up counseling that the screenwriter should aim to make each of these "good," This book can't tell you how to make your characters "good," but it can give you much insight into how others have done it before.

You can purchase Developing Online Games from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

WatkinsDore writes "The Executive's Guide to Information Technology is a book focused on the 'business' pieces of managing IT, such tasks as IT organization design, vendor selection and management, communicating with business users, IT human resource management, establishing IT steering committees and managing the overall demand within the IT department." Read on below for more of WatkinsDore's review. The Executives Guide to Information Technology author Baschab / Piot pages 500 publisher John Wiley & Sons rating 9 reviewer Quentin Watkins ISBN 0471266094 summary A guide to the business aspects of managing IT with a focus on senior executives and IT managers

This book is interesting because it fills a well-known gap between current book offerings that address vocational issues, such as "how to program in java" and academic research such as the most effective data access algorithms.

In fact, it addresses some of the questions that have been asked by slashdotters in the previous few months for books on the general management of IT, principally in these Ask Slashdot questions: Books on IT (not Project) Management?,Best Computer Books For The Smart?, and General IT Books?

The Executive's Guide to Information Technology is targeted at IT managers, and also senior executives who want to better understand how IT can be effectively managed.

Interestingly, it starts by analyzing the question "Why have an IT department at all?" and answers the question with productivity statistics and other anecdotal evidence of the importance of IT. The premise of the book then emerges, asking "If IT is important, then why does it seem to fail so often, and cause so much trouble for companies?"

The answer, predictably, is that IT is often a poorly managed function within a company. IT managers seldom receive the appropriate business training to manage a large, mission-critical function and budget, and non-technical executives get lost in the maze The authors show that many of the symptoms of poor IT departments (overspending, overstaffing, project budget overruns and failure to complete) are caused by, or at least are related to poor management within IT.

The remainder of the book covers the key topics that, according to the authors, are the key components to the effective management of IT departments. (The table of contents for the book appears below.)

Review:

Overall the book does a good job making the case that the key principles it outlines are the best predictors of a successful IT department. The book is replete with real-life, and often-humorous anecdotes from the authors' experiences in turning around distressed IT departments. IT managers will quickly recognize many of the symptoms of an IT department in trouble. The book is written in a easily readable, conversational tone, and there are charts and graphics throughout to further explain key points.

At just over 500 pages, the book is lengthy compared to competing offerings; however, it is written in a way that lets the reader pick and choose specific chapter topics, without losing much of the context. At $75, it at first seems a bit pricey for a general management book, but low for a textbook. Compared to other books on a price-per-page basis, the book seems more reasonable based on the large volume of content and page count (over 500 pages).

The book also has a CD-ROM with documents, spreadsheets and links to the underlying research that went into the book.

Slashdot even gets a mention in a couple of chapters as a good source of "unbiased customer experience information" although the authors say that for many blogs "it can take some effort to separate fact from opinion on the blogs, and the signal-to-noise ratio on a given topic can sometimes be low."

In all, the book is a relatively easy read, thought provoking, and a great reference for IT managers (or aspiring managers) who want to learn to think like senior executives and ensure that their IT departments are firing on all cylinders. Based on previous threads on Slashdot, the book fills a clearly needed niche on the general management of IT.

The book also has a supporting website that has information on the book - www.exec-guide.com.

Table of contents:

1. The Effective IT Organization
   1. The IT Dilemma
   2. Sources and Causes of IT Ineffectiveness
   3. Information Technology Costs
2. Managing the IT Department
   1. The IT Organization
   2. The IT Director
   3. IT Direction and Standard Setting
   4. IT Operations
   5. Application Management
   6. IT Human Resource Practices
   7. Vendor Selection
   8. Vendor Management
3. Senior Executive IT Management
   1. Working with the Business
   2. IT Budgeting and Cost Management
   3. Effective Decision Making and Risk Management
   4. IT Demand Management and Project Prioritization
   5. IT Performance Measurement
   6. IT Steering Committee

Highlights:

Opening chapters on "why MIS departments matter" and the symptoms of under-performing IT departments.

Vendor selection and vendor management chapters.

IT steering committee chapter - why have one, what it can help IT accomplish.

IT budgeting chapter - shows key components of IT budget, how-to's and benchmarking information.

Nice forward by Professor Lynda M. Applegate from Harvard Business school.

Lowlights:

Portion of chapters on IT organization describing in painstaking detail the exact roles and responsibilities for every position on the IT team. This stuff needs to be there to make the book comprehensive, but not new news for experienced IT professionals.

You can purchase The Executive's Guide to Information Technology from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alan Eibner submitted this review of Addison-Wesley's Open Source Web Development With LAMP. He writes "The number of books about Web development technologies is astounding. Some claim you can learn everything you need to know in 24 hours. Others require several complementary volumes in order to learn the subject. Why another web development book? And what sets this one apart from the rest?" Read on for the rest of Alan's chapter-by-chapter review. Update: 04/11 18:22 GMT by T : I'd called this an O'Reilly book rather than Addison-Wesley; sorry, now fixed. Open Source Web Development with LAMP author James Lee, Brent Ware pages 496 publisher Addison-Wesley rating 10 reviewer Alan Eibner ISBN 020177061X summary All the Open Source web technologies in one easy to read place.

Open Source Web Development with LAMP (henceforth OSWB) has a difficult goal: to teach you enough about all the LAMP (Linux, Apache, MySQL, Perl/Mod_Perl/PHP) technologies that you can start developing static and dynamic websites right away. How on earth can they cover so much in one ~500 page book, you ask?

The Theory The authors do not intend to teach every little bit about the web technologies they cover. No book binding is that strong, but the reason is more subtle than that. When you try to cover everything, you lose perspective about the pros and cons of the technologies.

Instead, the authors try to teach you enough about the technologies to hit the road running, and provide you pointers to websites, man pages, and other books where you can learn the pieces they don't cover. I think the authors' words themselves describe it best -- quoting from the Introduction:

"Based on experience, we believe that 80 percent of the utility of any complicated tool is the result of knowing 20 percent of the uses of that tool, whether that tool be software, hardware, mechanical, or electronic. Swiss Army knives are excellent and versatile tools, but most of the time, you just use the blade or the screwdriver.

The purpose of this book is to introduce you to that 20 percent -- the blade and the screwdriver -- that opens up the most functionality, and to make you aware of the remaining 80 percent so you can use the other tools when most appropriate."

This is the goal of the book -- a goal that I believe they fulfilled superbly.

The Authors James Lee is the lead author of OSWB. He's a Perl and Open Source trainer, programmer, hacker and who-knows-what-else at Onsight, Inc.. He's also co-author of Hacking Linux Exposed first and second editions. (./ review of HLE 2nd edition)

Brent Ware, co-author of OSWB, has a PhD in Physics, has done the Dot Com thing, failed to get independently wealthy, and now gets paid to play with lasers, but would rather be climbing mountains. He was also a contributing author to Hacking Linux Exposed.

(Descriptions are based on their Bios, intuition, and unsubstantiated rumors.)

The Book

• Part I: Structural
  • Chapter 1: The Web Explained
  • Chapter 2: Linux - the Choice of a GNU generation

    These two chapters are mainly here for folks new to Web development in a Linux/Non-Microsoft environment. They do a superb job of explaining why LAMP is a good solution for both technology and monetary reasons. A great read, especially for your manager who keeps asking why you shouldn't use some proprietary development tools. It also shows you what HTTP actually looks like, and the difference between static HTML, dynamic websites, and embedded web programming languages.

  • Chapter 3: Apache Webserver

    Next they provide information about configuring Apache, creating password-restricted access, and other security considerations. At about 20 pages, this is fast and concise, but contains all you really need to know when setting up your Apache server.

  • Chapter 4: Perl

    Following the 20/80 rule, the authors manage to teach you the Perl you'll need to know in order to generate web content. They don't go into things like creating network sockets, shared memory, or the Foo::Bar::Never::Necessary module. What you do get is all the I/O, flow control, datatypes, regexps, system access, scoping, best practices (use strict, etc), and enough OO to use modules that require it. (Database access via DBI is covered later, don't worry.)

  • Chapter 5: MySQL

    Here they teach you to install MySQL databases, tables, and enough SQL to do what you need to do. The examples are excellent and frequently amusing. This is also where the book starts to really begin its integration of multiple technologies. We'll be referring back here later when we start programming web front-ends to MySQL databases.

• Part II: Static
  • Chapter 6: WML

    For those that don't know, WML is the Website Meta Language. WML allows you to create static HTML files using a very powerful suite of pre-processing, macros, eperl, and HTML shortcuts. By creating site templates, WML can manage all your links and layout, leaving you to concentrate on the content of each page. OSWB is the only book I know of that discusses WML.

• Part III: Dynamic
  • Chapter 7: CGI

    First, the authors discuss how dynamic HTTP actually works -- GET/POST requests, variable passing, types of fields, and security implications. This will be important for all the remaining chapters of the book. The chapter then continues with a focus on perl and CGI.pm for CGI development, including a fully functional CGI/MySQL/DBI project.

  • Chapter 8: mod_perl

    For those who want to get more performance out of dynamic perl-created content, mod_perl is the answer. The authors explain the ways you can create mod_perl code, the differences between this and the CGI.pm environment, and then continue with a mod_perl MySQL/DBI project. This chapter is worth the cost of the book alone.

• Part IV: Embedded Languages
  • Chapter 9: Server Side Includes

    I think most people agree that SSI is pretty much dead, when compared to the more functional languages we have nowadays. The authors give a very complete synopsis in about 10 pages.

  • Chapter 10: Embperl
  • Chapter 11: Mason
  • Chapter 11: PHP

    If you want to use an embedded language (where the code is inside the HTML files themselves) then you're much more likely to use one of these three languages. I'd never heard of Embperl or Mason before, but they seem to be an excellent middle ground between CGI and mod_perl. They both are explained extremely well. Since they are based on Perl, much of the background was already covered in Chapter 4, so the authors concentrate on the important features, rather than the language constructs.

    PHP is, of course, completely different than Perl, and thus Chapter 11 needs to teach everything from the constructs and datatypes up to database integration. Yet somehow it manages to do so with ease. It also concludes with a database-driven project ripe for you to modify for your own needs.

Short notes

Some short comments that didn't seem to fit anywhere else in this review:

• Distro: OSWB does assume a Red Hat installation for its example configurations, but does a good job of remaining distro-agnostic aside from pathnames, and letting you know the differences you're likely to face.

• Humor: Lee and Ware are funny - reading this book is really enjoyable because they are constantly weaving humor into it.

• Security: Security is discussed whenever appropriate in the book, which is not a surprise, given the authors' association with Hacking Linux Exposed.

• Omissions: The "What We Didn't Talk About" section is excellent. Most books deny what they haven't covered. OSWB tells you exactly what they haven't taught you, and point you to the places you can get more information if you need it.

• Projects: The book has many projects that let you learn and experiment with the languages directly. Each one could serve as a branching-off point for your own website's needs.

• Integration: Since OSWB covers all the technologies, you don't have constant overlap or redundancies; that lets it stay lean and tight. For example WML allows you to include perl code, but since you already learned perl in Chapter 4 the authors don't need to start from the ground up. However, they do keep introducing us to new and neat features in all their subsequent code examples.

The Website

The OSWB website at OpenSourceWebBook.com is written in the languages they discuss, and all the original source code used to build the website and the rest of the code in the book is available for download. Snippets of the code for the website is shown as examples with commentary in the book, letting you really see how everything fits together. These guys fall squarely into the practice-what-you-preach category.

The Verdict By not trying to teach every nuance and advanced feature of each of these languages and technologies fully, you actually have a much better book. At the end you have an excellent understanding of what tools are out there, and can best choose the ones you should use for a given purpose. I came away from this book and immediately used a combination of WML templates + mod_perl + MySQL to create a very robust dynamic web application using only the info in the book and a few choice man pages.

I'd recommend this book both to nitty-gritty web developers, and also to non-techies who want to be able to understand the technologies that are out there, to help create informed decisions when starting any web development project.

You can purchase Open Source Web Development With LAMP from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Reader JonKaye contributed this review of Reviewing Practical Statecharts in C/C++. He writes "Since I am not from the embedded system world, I was a bit apprehensive about approaching this book. While I can see that author Miro Samek has a directed target for his audience, I strongly feel that this book is a 'must read' for technical developers in all areas who want to improve their program design abilities or developers who want to understand the philosophy, use, and implementation of statecharts intimately." Read on for the rest. Practical Statecharts in C/C++: Quantum Programming for Embedded Systems author Miro Samek pages 389 publisher CMP Books rating 10/10 reviewer Jonathan Kaye ISBN 1578201101 summary Practical and methodologically sound approach to improving software design using statecharts

As the title indicates, this book brings the topic of statecharts from the realm of expensive design tools to the practical realm, illustrating its points with full examples and extensive commentary.

Essentially Samek postulates that the slow adoption by developers of best practices by statechart design is due to lack of understanding of the fundamental nature of statecharts and how it is perceived as requiring expensive tools to use well. Samek insightfully discusses how statecharts as a best practice embody "behavioral inheritance" as a fundamental design concept that stands as a peer alongside the conventional pillars of object-oriented programming, namely inheritance, encapsulation, and polymorphism.

The book is very technical and written in an academic style, with ample references to original sources as well as detailed code reviews and many reader exercises. I would caution anyone from approaching this book as a quick or light read. For me, it took a seriousness and good understanding of C and C++ to follow Samek's examples and achieve the "a-ha", which was always worth it in the end. The book contains full, working code to incorporate statecharts into my own work, implemented both in C and C++.

The two basic parts of the text are (1) an explanation of statecharts and their methodological implications, and (2) a description of how to apply statecharts as a data structure in real applications, namely embedded as control strategies for "active objects." In several places in the text, Samek makes an analogy between statechart (and active object) semantics and quantum mechanics. This parallel was an interesting philosophical argument, but didn't add much for me in terms of accepting his "quantum framework" as a best practice -- I was sold by his methodological arguments he had presented already.

Speaking from experience in writing a book about using statecharts to build simulations (www.FlashSim.com), I can say Samek is a visionary who extended my perception of statecharts several steps. I know I will be quoting from it and referring to it in my work to come. This book has earned a prominent place on my bookshelf, and I would heartily recommend it to any other developer who wants to create correct, verifiable, scaleable, and solid designs (which should be ALL developers!)

You can purchase Reviewing Practical Statecharts in C/C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cpfeifer writes "Performance has been the albatross around Java's neck for a long time. It's a popular subject when developers get together "Don't use Vector, use ArrayList, it's more efficient." "Don't concatenate Strings, use a StringBuffer, it's more efficient." It's a chance for the experienced developers to sit around the design campfire and tell ghost stories of previous projects where they implemented their own basic data structures {String, Linked List...} that was anywhere from 10-50% faster than the JDK implementation (and in the grand oral tradition of tall tales, it gets a little more efficient every time they tell it)." Want to kill the albatross? Read on for the rest of cpfeifer's review of O'Reilly's Java Performance Tuning, now in its 2nd edition. Java Performance Tuning, 2nd Edition author Jack Shirazi pages 570 publisher O'Reilly and Associates rating 9/10 reviewer cpfeifer ISBN 096003773 summary It's the most up to date publication dealing specifically with performance of Java applications, and is a one of a kind resource.

Every developer has written a microbenchmark (a bit of code that does something 100-1000 times in a tight loop and measure the time it takes for the supposed "expensive operation") to try and prove an argument about which way is "more efficient" based on the execution time. The problem, is when running in a dynamic, managed environment like the 1.4.x JVM, there are more factors that you don't control than ones that you do, and it can be difficult to say whether one piece of code will be "more efficient" than another without testing with actual usage patterns. The second edition of Review of Java Performance Tuning provides substantial benchmarks (not just simple microbenchmarks) with thorough coverage of the JDK including loops, exceptions, strings, threading, and even underlying JVM improvements in the 1.4 VM. This book is one of a kind in its scope and completeness.

The Gory Details
The best part of this book is that it not only tells you how fast various standard Java operations are (sorting strings, dealing with exceptions, etc.), but he has kept all of the timing information from the previous edition of the book. This shows you how the VMs performance has changed from version 1.1.8 up to 1.4.0, and it's very clear that things are getting better. The author also breaks out the timing information for 3 different flavors of the 1.4.0 JVM: mixed interpreted/compiled mode (standard), server (with Hotspot), and interpreted mode only (no run time optimization applied).

Part 1 : Lies, Damn Lies and Statistics
The book starts off with three chapters of sage advice about the tools and process of profiling/tuning. Before you spend any time profiling, you have to have a process and a goal. Without setting goals, the tuning process will never end and it will likely never be successful.

The author outlines a general strategy that will give you a great starting point for your tuning task forces. Chapter 2 presents the profiling facilities that are available in the Java VM and how to interpret the results, while chapter 3 covers VM optimizations (different garbage collectors, memory allocation options) and compiler optimizations.

Part 2 : The Basics
Chapters 4-9 cover the nuts and bolts, code-level optimizations that you can implement. Chapter 4 discusses various object allocation tweaks including: lazy initialization, canonicalizing objects, and how to use the different types of references (Phantom, Soft, and Weak) to implement priority object pooling. Chapter 5 tells you more about handling Strings in Java that you ever wanted to know. Converting numbers (floats, decimals, etc) to Strings efficiently, string matching -- it's all here in gory detail with timings and sample code.

This chapter also shows the author's depth and maturity; when presenting his algorithm to convert integers to Strings, he notes that while his implementation previously beat the pants off of Sun's implementation, in 1.3.1/1.4.0 Sun implemented a change that now beats his code. He analyzes the new implementation, discusses why it's faster without losing face. That is just one of many gems in this updated edition of the book. Chapter 6 covers the cost of throwing and catching exceptions, passing parameters to methods and accessing variables of different scopes (instance vs. local) and different types (scalar vs. array). Chapter 7 covers loop optimization with a java bent. The author offers proof that an exception terminated loop, while bad programming style, can offer better performance than more accepted practices.

Chapter 8 covers IO, focusing in on using the proper flavor of java.io class (stream vs. reader, buffered vs. unbuffered) to achieve the best performance for a given situation. The author also covers performance issues with object serialization (used under the hood in most Java distributed computing mechanisms) in detail and wraps up the chapter with a 12 page discussion of how best to use the "new IO" package (java.nio) that was introduced with Java 1.4. Sadly, the author doesn't offer a detailed timing comparison of the 1.4 NIO API to the existing IO API. Chapter 9 covers Java's native sorting implementations and how to extend their framework for your specific application.

PART 3 : Threads, Distributed Computing and Other Topics
Chapters 10-14 covers a grab bag of topics, including threading, proper Collections use, distributed computing paradigms, and an optimization primer that covers full life cycle approaches to optimization. Chapter 10 does a great job of presenting threading, common threading pitfalls (deadlocks, race conditions), and how to solve them for optimal performance (e.g. proper scope of locks, etc).

Chapter 11 provides a wonderful discussion about one of the most powerful parts of the JDK, the Collections API. It includes detailed timings of using ArrayList vs. LinkedList when traversing and building collections. To close the chapter, the author discusses different object caching implementations and their individual performance results.

Chapter 12 gives some general optimization principles (with code samples) for speeding up distributed computing including techniques to minimize the amount of data transferred along with some more practical advice for designing web services and using JDBC.

Chapter 13 deals specifically with designing/architecting applications for performance. It discusses how performance should be addressed in each phase of the development cycle (analysis, design, development, deployment), and offers tips a checklist for your performance initiatives. The puzzling thing about this chapter is why it is presented at the end of the book instead of towards the front, with all of the other process-related material. It makes much more sense to put this material together up front.

Chapter 14 covers various hardware and network aspects that can impact application performance including: network topology, DNS lookups, and machine specs (CPU speed, RAM, disk).

PART 4 : J2EE Performance
Chapters 15-18 deal with performance specifically with the J2EE APIs: EJBs, JDBC, Servlets and JSPs. These chapters are essentially tips or suggested patterns (use coarse-grained EJBs, apply the Value Object pattern, etc) instead of very low-level performance tips and metrics provided in earlier chapters. You could say that the author is getting lazy, but the truth is that due to huge number of combinations of appserver/database vendor combinations, it would be very difficult to establish a meaningful performance baseline without a large testbed.

Chapter 15 is a reiteration of Chapter 1, Tuning Strategy, re-tooled with a J2EE focus. The author reiterates that a good testing strategy determines what to measure, how to measure it, and what the expectations are. From here, the author presents possible solutions including load balancing. This chapter also contains about 1.5 pages about tuning JMS, which seems to have been added to be J2EE 1.3 acronym compliant.

Chapter 16 provides excellent information about JDBC performance strategies. The author presents a proxy implementation to capture accurate profiling data and minimize changes to your code once the profiling effort is over. The author also covers data caching, batch processing and how the different transaction levels can affect JDBC performance.

Chapter 17 covers JSPs and servlets, with very little earth shattering information. The author presents tips such as consider GZipping the content before returning it to the client, and minimize custom tags. This chapter is easily the weakest section of the book: Admittedly, it's difficult to optimize JSPs since much of the actual running code is produced by the interpreter/compiler, but this chapter either needs to be beefed up or dropped from future editions.

Finally, chapter 18 provides a design/architecture-time approach towards EJB performance. The author presents standard EJB patterns that lend themselves towards squeezing greater performance out of the often maligned EJB. The patterns include: data access object, page iterator, service locator, message facade, and others. Again, there's nothing earth shattering in this chapter. Chapter 19 is list of resources with links to articles, books and profiling/optimizing projects and products.

What's Bad?

Since the book has been published, the 1.4.1 VM has been released with the much anticipated concurrent garbage collector. The author mentions that he received an early version of 1.4.1 from Sun to test with. However, the text doesn't state that he used the concurrent garbage collector, so the performance of this new feature isn't indicated by this text.

The J2EE performance chapters aren't as strong as the J2SE chapters. After seeing the statistics and extensive code samples of the J2SE sections, I expected a similar treatment for J2EE. Many of the J2SE performance practices still apply for J2EE (serialization most notably, since that his how EJB, JMS, and RMI ship method parameters/results across the wire), but it would be useful to fortify these chapters with actual performance metrics.

So What's In It For Me?

This book is indispensable for the architect drafting the performance requirements/testing process, and contains sage advice for the programmer as well. It's the most up to date publication dealing specifically with performance of Java applications, and is a one-of-a-kind resource.

You can purchase Java Performance Tuning, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ggoebel writes "Extending and Embedding Perl is, as it boldly states on the cover, 'The definitive guide to XS, embedding, and the Perl internals.' This book is well organized and information dense. One could spend days sifting through the available perlapi, perlcall, perlembed, perlguts perlxs, perlxstut, and h2xs documentation. After which you'll probably understand very well references to nethack's 'You are in a maze of twisty little passages all alike.' Or you could get yourself a copy of this book and find your way out of the maze." Read on for the rest of ggoebel's review. Extending and Embedding Perl author Tim Jenness and Simon Cozens pages 384 publisher Manning (August 2002) rating 9 of 10 reviewer ggoebel ISBN 1930110820 summary The definitive guide to XS, embedding, and the Perl internals

Most of the available documentation on extending and embedding perl is written from the prospective of the core perl developers for core perl developers. This book is written for advanced Perl programmers who for whatever reason need or wish to peer into that netherworld between Perl, C, and the glue that interfaces Perl with other languages. It is a deliberate thorough guide led by authors that are both extremely knowledgeable and also capable of communicating that knowledge.

While it would greatly reduce the learning curve, no prior knowledge of C is required to read this book. This is a surprising claim and while it won't be easy, this reader is proof that someone with little true knowledge of C can in fact read and for the most part comprehend what the authors wish to convey.

There are clearly areas for improvement. Things like NULL being used throughout chapter 3, only to finally be defined later in a footnote in chapter 4. And other cases of terms being used before they are explained. Things that leave the reader juggling unnecessarily until the information is provided that lets understanding fall into place. But for the most part, if you are a competent juggler and are patient your questions will eventually be answered. You won't walk away a C programmer, but you will learn enough to solve the problems which led you to consider reading this book in the first place.

One thing I liked very much about the layout of the book is how it switches back between presenting sections on C programming and Perl. The authors revisit C each time it is necessary to understand the next Perl internals topic. Those that are learning C or need the review receive the relevant information just before it is required.

Over the course of the book, you'll learn about interfacing from Perl to C and C back to Perl. For those that must plug references to Tolkien in things Perl... you can go back and rephrase that into an appropriate reference to Bilbo's book "There and Back Again". You'll also learn the perl api, data structures for core variable types, and how to work with scalars, arrays, hashes, strings, regular expressions, file handles, typeglobs, typemaps, objects, callbacks and PDL with C and C++. And there is even mention of working with Fortran, Java, and more esoteric alternatives.

The book finishes with an in depth look at Perl internals: the parser, tokenizer, op code trees, execution, and compiler. And closes with a discussion of the Perl development process: How it may be monitored and participated in.

What's missing? Detailed coverage of the I/O subsystem and the regular expression engine. I.e., topics which might themselves make for a good book. There was also light coverage on things like scratchpads. There were times while reading when I didn't know whether the issue being discussed was fully covered or curtailed. But you will certainly find better coverage of the issues in this book than elsewhere. This is an impressive book. I hope it will greatly influence the way Perl6 internals are documented.

You can purchase Extending and Embedding Perl from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "It must be difficult when writing a book for 'power users' to decide what exactly needs to be put in and what can be safely left out. This volume does the job quite well, covering the simple stuff quickly and early while devoting a great deal of its 750 pages to topics of more interest to serious users of Apple's new(ish) operating system. It also declares its audience early, the preface devotes a page to explaining the target audience and states it is 'aimed at folks with a more technical bent than the average user--the power user.'" Read on to see what Honestpuck thinks of O'Reilly's OS X in a Nutshell. Mac OS X In A Nutshell author Jason McIntosh, Chuck Toporek & Chris Stone pages 768 publisher O'Reilly rating 8 - Almost excellent reviewer Tony Williams ISBN 0596003706 summary An Excellent book on OS X for 'power users' that will remain useful.

The Gist The book is quite well structured, and organized into into 5 parts. The first is a quick overview of the Macintosh GUI. The second part, "System Configuration," is mainly devoted to getting the system running well (covering preferences, networking, the file system and Java). The third section, "System and Network Administration," is a good guide to several lower-level tasks, including an excellent chapter on directory services and NetInfo. The fourth is about development, including Apple's IDE "Project Builder" and CVS. The final part covers the Unix underpinnings of OS X and X Windows. This includes a Unix command reference of over 200 pages.

The Good The book is also well written, with light, easily understood prose and some good screen dumps, tables and diagrams to make some of the more complex points easily understood. I appreciate the detailed contents section, good quality index and black chapter tabs at the side of each page for finding the information I need.

Everything seems to be covered, though you may sometimes find yourself needing to go elsewhere for more depth, but this is really only to expected in a book that is trying more for breadth across an entire operating system than depth in one particular area.

Despite having used and developed on a Mac for over 15 years and OS X since the late beta stage I still found myself discovering something new and useful every few pages in the book.

The Bad The section of the book I appreciated least was the Unix Command Reference. 200 pages, most of which are adequately covered by the online man pages or a quick 'command --help'. Not that it isn't useful having this information on paper, and not that this section isn't more complete than the man pages and less error-ridden. It's just that my favourite operating system has a large number of commands that are hard to find by name alone. Online, I tend to rely on apropos to find what I need. Back when you paid a large amount of money for a Unix license they came with hard copy manuals that included a permuted word index of the same top slug that apropos searches, which made them infinitely more useful. O'Reilly could improve the heck out of this book by giving us the same thing for what I felt was otherwise an almost totally wasted 200 pages (though I admit that the combination of the chapter on NetInfo and the command references for nicl and niutil etc. actually have me now understanding and using NetInfo well.)

Once again O'Reilly have provided a web page for the book that is mostly marketing material -- though in this case the Errata page is useful. At the bottom of the page they have a number of links to "Related O'Reilly Articles" but have only listed three by the authors of the book, leaving out, for example, X11 and Open Office on Mac OS X by Wei-Meng Lee and Configuring sendmail On Jaguar by James Duncan Davidson to name two MacDevCenter articles I've found incredibly helpful.

Conclusion

This book is not quite in the "must buy" category. If you do want a book to help you with the more technical aspects of OS X or to help you move to OS X from Unix or Windows hacking then this one is worth a serious look. It certainly better covers the technical aspects than OS X Bible and others of that style (such as the Missing Manual or Robin Williams' Little Mac OS X Book.) The only other volume that really compares is OS X Unleashed and it has way too much coverage of the simple stuff and the various applications, is not as well structured and has a wordier, less terse and technical style. It's also more expensive and twice the size and weight.

You can purchase Mac OS X in a Nutshell from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ggoebel writes "Programming Web Services with Perl is principally a book on implementing solutions using XML-RPC and SOAP in Perl. It also covers complementary and alternative standards such as WSDL, UDDI, and REST in some detail. And on the periphery, it finishes with a whirlwind tour of developing message routing, alternative data encoding within XML, security, transactions, workflow, internationalization, service discovery, extension, and management techniques and specifications." Read on for ggoebel's full review. Programming Web Services with Perl author Randy J. Ray, Pavel Kulchenko pages 496 publisher O'Reilly (December 2002) rating 9 of 10 reviewer ggoebel ISBN 0596002068 summary practical balanced guide to XML::RPC and SOAP::Lite

The book assumes the reader will have the knowledge of an intermediate level Perl programmer. I.e., the reader is assumed to have a working knowledge of references, data structures, and object-oriented Perl. On the other hand no previous knowledge of XML, XML-RPC, SOAP or XML related technologies is required.

It should also be mentioned that both of the authors Randy J. Ray and Pavel Kulchenko are also the principle developers of the most popular XML-RPC and SOAP Perl modules: XML::RPC and SOAP::Lite respectively. That said, the book is not a soap box for the authors to tout the merits of their tools.

Rather, it is a practical book which starts with grounding fundamentals. Readers should walk away with a core understanding of XML-RPC and SOAP and not just a particular tool set for working with them. The authors examine the alternative XML-RPC and SOAP tools, illustrate how they are used, and give practical and even handed reasons why their modules should be preferred. Which comes down to issues of features, active development, support, and the amount of work required to code to a particular interface. They then settle down to a comfortable and thorough guide to XML::RPC and SOAP::Lite.

The topics and issues are illustrated throughout using real world web services. For example creating an XML-RPC client for O'Reilly's Meerkat news wire, or a SOAP client to covert use.perl.org's journal stream to RSS. Code is presented to the reader filtered down to highlight each particular issue as it is discussed. This is nice in that it avoids listing slight variations of the same code multiple times, but on the down side it can also leave the reader flipping back and forth to reassemble an example in their head. Full code for each example is provided in the appendices. And all of the example code may be downloaded from O'Reilly.

All-in-all, the book is a thorough practical introduction to working with XML-RPC, SOAP and related technologies. When I started reading the book, I was a bit disappointed to see that it only covered XML-RPC and SOAP related services. When I finished, I was impressed with how very much information they'd managed to pack into so few pages.

And yet, I was left wishing there'd been a more through coverage of interoperability issues between other SOAP implementations and things like custom de-serializers. To be honest interoperability and de-serialization are mentioned, and the authors do an excellent job of referring the reader on to sources for continued reading on most other topics.

The book does an admirable job balancing content, length, and information density. Not to mention an excellent job delivering the information that will still be relevant years and not just weeks from the date published. Most of the topics I'd wished to see covered in more depth are those that are still developing and consequently most likely to become quickly dated. In short a well balanced practical guide to applying XML-RPC and SOAP to solve problems.

You can purchase Programming Web Services with Perl from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Chris Beasley writes "I have a PHP book that's 567 pages long. I have two SQL books: one has 377 pages; the other has 719. Yet I consider 295-page 'Build Your Own Database Driven Website using PHP & MySQL' by Kevin Yank more valuable than any of these books. Why? Because, while I may find only a quarter or, at best, half of these books useful on a regular basis, all 295 pages of Yank's new release are of value to me on a daily basis." Build Your Own Database-Driven Website Using PHP & MySQL, 2nd Ed author Kevin Yank pages 295 publisher SitePoint rating 5/5 reviewer Chris Beasley ISBN 0957921802 summary A tutorial-style book for beginning PHP/MySQL Programmers

Unlike the arbitrary structure exemplified by so many programmers' references, Build Your Own Database Driven Website using PHP & MySQL is written more like an instruction manual, with chapters arranged in the order in which you should use them.

The first chapter explains the installation of PHP and MySQL; the next two cover usage basics. In Chapter 4 you're already pulling information from your database and publishing it on the Web. Chapters 5-10 refine what you've already accomplished, and delve into advanced topics in both PHP and MySQL.

If you're familiar with Yank's original tutorial, on which he based this book, your familiarity will end with the closing pages of Chapter 10. Chapter 11 addresses the storage of binary data in MySQL, a topic that was of great interest to me personally as I'd never done it before. In keeping with the rest of the book, Chapter 11 is a step-by-step guide, and explains the storage of binary data in a practical, down-to-earth manner that inspires you to give the book's teachings a try. Already I'm searching for an excuse to build a system, just to experiment with what I've learned. Chapter 12 covers cookies and sessions in PHP. The usage of cookies and sessions is essential to any online authentication or shopping cart system, and this topic makes a great final chapter that complements the book's other lessons.

This book makes good on its promise to teach you everything you need to know to build a database driven Website, but fortunately for us the author decided to throw in a few extras -- these take the form of four reference appendices. Appendix A covers MySQL syntax, which, while covered throughout the book, is easily referenced through this well-organized appendix. Appendix B explains MySQL functions, while Appendix C covers MySQL datatypes in considerable detail, so much so that I found this information easier to use than the official MySQL online reference. Finally, Appendix D covers the PHP functions that are used with MySQL.

If you progress in your programming skills you'll eventually need to buy a complete programmer's reference for PHP, although you probably won't need to buy an SQL reference unless you start using a more robust database solution than MySQL. However, if you want to build your first database-driven website, or even if you have built one before but want a practical reference, I can't recommend this book highly enough. Build Your Own Database Driven Website Using PHP & MySQL will guide you step by step through the development process -- who could ask for more?

You can purchase Build Your Own Database-Driven Website Using PHP & MySQL, 2nd Ed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Duane Gran contributes this review of Patterns of Enterprise Application Architecture, writing "The title of this book is a mouthful and the author, Martin Fowler, confronts headfirst complex topics of concern to software developers and architects. Fowler is a respected figure in software engineering circles, and his latest book is an attempt to codify best practices he learned in the trenches and through peer relationships. Many of the patterns will resonate with experienced developers, but Fowler's talent explaining abstract concepts will afford even the most grizzled reader many 'aha!' moments." Read on for the rest of Duane's review. Patterns of Enterprise Application Architecture author Martin Fowler pages 560 publisher Addison Wesley Professional rating 10/10 reviewer Duane Gran ISBN 0321127420 summary Excellent analysis of complex problem solving

The book is honest and upfront about grey areas in addition to (nearly) hard and fast rules. Fifty one patterns are described in an organized fashion, grouped by theme. The first section gives an overall narrative tying together the concepts while the remaining 4/5 of the book is devoted to short chapters on each pattern. In this way the book works well on two levels, as a reference and a tutorial. Code examples are given in Java and C# where most appropriate for the given pattern, however most examples use Java.

Much of the book centers around the task of Object-Relational mapping between the in-memory model of an application and the datastore. There are a surprising number of design choices in enterprise systems and I often found myself nodding in agreement with the logic behind the patterns. After establishing that mixing presentation and domain logic is a mistake worthy of horse-whipping, a plethora of smart alternatives are given.

I found this to be one of the more enlightening books I've read, and place it alongside Effective Java and Design Patterns Explained as canonical books for the Java developer. I'm a fan of the O'Reilly Java series, which excels in the HOW-TO category of books, but I've recently taken to the Addison-Wesley publications, which deal less with the nuts and bolts, and for lack of a better word are more like WHY-TO books.

Aside from being an excellent book, I also liked that it is hardbound and includes a bookmark (simple nylon strap from the binding). This is a fitting presentation for such a quality book.

The only complaint I might have is that sometimes the code examples are a tad brief for my taste. The author is fond of declaring a class as follows:

class ArtistMapper ...

From the UML diagrams provided I was often able to conclude that ArtistMapper extends AbstractMapper or that ArtistMapper implements Mapper, but as I read the examples I yearned for completeness. Two guesses come to mind as for this choice:

1. The author explains that the code examples are meant to facilitate understanding, not to provide boilerplate code. Fowler's appreciation for the complexity of software systems leads him to caution the reader to implement the examples without careful consideration to the context in which they are deployed. Partial code examples forces the reader to fill the gaps, and in the process may think more critically about it.
2. There is often more than one way to do things, like abstracting an interface in Java. The choice of extending an Abstract class or implementing an interface implies a subtle, but far-reaching, development choice. Similar to the previous point, I think Fowler may want the reader to choose a concrete class implementation appropriate for his or her application.

On the whole, I really enjoyed the book and would recommend it without hesitation to fellow software developers and architects.

You can purchase Patterns of Enterprise Application Architecture from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alan Knowles writes "Ever started looking for a PHP script to solve that problem in your company - Managing the passwords, keeping track of equipment, or making information available on the web. Normally after a few hours of hunting, you track down something that looks close to what you want, you download it, get it going, then start digging around the code. At this point, you cringe in fear of two problems, the spaghetti mess that you are about to deploy, the ongoing maintenance nightmare and the horrors of modifying it to fit your needs. Well this book isn't going to solve these issues, but at least if a few more of those budding open source developers read it, the world would be a better place." Read on for the rest of this review; Yes, the book is still available. PHP MySQL Website Programming Problem - Design - Solution author Chris Lea, Mike Buzzard, Jessey White-Cinis, Dilip Thomas pages 504 publisher Apress rating 9 reviewer Alan Knowles ISBN 1861008279 summary Effective learning through the Problem, Design, Solution approach

In brief: This book takes you through designing a PHP website, featuring the usual bundle of generic features, simple content management, adverts, forums and an on-line shop. It's not intended as a definitive codebase of the absolute best design, but fills a big gap between trying to develop PHP with functions and lots of include files, and the full Computer Science bible of Design patterns.

For those people (and there's a lot of them) who have grown from Word macros and Visual Basic, then had a lot of fun learning PHP, this book provides an excellent gentle path towards using classes in PHP and applying them to real world problems. Like a lot of Wrox books, it's jam-packed with code, with a good flow of new information in each chapter.

What I liked

As a programmer who many years ago swore blind that there was no reason for using classes and objects on websites (the equivalent to a misspent youth), this book gives good clear examples on how they can provide advantages over just 'include' and a few functions.

The book is enjoyable to read; it focuses on the step-by-step delivery of a very dynamic website,starting with the basics of designing the file layout and how the files will work together. It then goes into more detail on delivering each feature, provides enough general ideas to help most PHP enthusiasts and budding developers understand the basics and advantages of OOP programming (although there are a few functions thrown in to ease in those not conversant with OOP).

The website that you learn to create (using the Problem - Design - Solution approach) is available for you to see online here.

Although a lot of the code is focused around implementing a reasonably simple set of Patterns, Data Objects and Page execution scripts, there are a few gems in there.

• Utilizing quite a few PEAR classes including the Database abstraction layer, Mail Sending.
• A nice section on the basics of RSS and XML, not to detailed level, but a good warmup for anyone coming from a System Admin or Simple Visual Basic level.

Ok, It's not for everyone. If you've done any Java or C++, this book is going to be a bit below you. Design Patterns are not mentioned directly in the book, although a number are implemented. The book misses out on quite a few important ideas, like templating php sessions in the body, although it does touch on the subject near the end. Given the target audience, of PHP of beginner to intermediate level, it does have a few unusual code styles in places, which hopefully the readers will not over-apply.

What you will learn from this book

• Elements required to build a useful 3-tier web application
• Design and construct an interactive User Interface (UI)
• Provide a CMS environment to manage content securely and extensively
• Create visitor accounts, to register and manage unique site visitors
• Build a simple news management and delivery system
• Create a syndication application
• Generate a sustainable revenue stream from advertising
• Implement an online visitor poll
• Create a fully featured discussion forum
• Build an online shopping cart system with checkout features

Summary While personally this isn't the book for me, as I've learned far too much PHP for my own good, it's the book you wish half the sourceforge PHP project coders would read before starting their project, saving you a wasted download. In the end it's ideally suited to a PHP website development training course, and could almost be the course book. (However, it's better written than most of the school books I remember).

You can purchase PHP MySQL Website Programming from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

alvinc writes "Mark Rais' new book Linux for the Rest of Us is an excellent choice for beginning Linux users. It also has enough solid, fundamental information to be a refresher for experienced Linux users. The book's philosophy is that Linux is a viable alternative OS that is also fun, and this viewpoint is reflected in the narrative's friendly tone." Read on for the rest of Alvin's review. Update: 03/26 20:51 GMT by T : Since bn.com isn't stocking this book, author Marc Rais wrote to suggest that you can order this book straight from the publisher. Linux for the Rest of Us author Mark Rais pages 108 publisher Eagle Nest Press rating 8 reviewer alvinc ISBN 0972679006 summary A gentle introduction to Linux.; may have some relevant tips for experienced users but should be invaluable to novices.

The author uses many anecdotes and personal experiences which give the instruction a real-world feel and which also gives it a human element. I enjoyed the occasional tongue-in-cheek humor as well.

The book is very concise, written in a quick guide format, which I found more user-friendly than some of the larger, intimidating tomes available on the subject. The 108 pages are densely packed with information with step-by-step instructions on installing, formatting hard drives for dual boot use, using the bundled graphics and text editors, and configuring a Linux machine for use as a server. It includes essential elements in a quick reference format in the manner I would draw up my own cheat sheets.

I think the book would also make a great gift for new users. Its small size encourages browsing by people who may be hesitant about taking the plunge into Linux. It is a practical way for Linux fans to encourage others to try Linux.

There are a few shortcomings, but these are the exception rather than the rule. Initially I was a little dismayed that the author did not spend more time on the desktop environment and describing some more features of KDE/Gnome etc. I would have also liked for the author to help guide beginners with tips for other useful programs such as Evolution.

One of the strongest aspects of this book, aside from overtly doing new Linux users a huge favor by helping them along the tricky steps, is that the author includes a healthy dose of real-world experiences.

And real-world experiences are indeed included, as I slowly realized that although the author, Rais, was both very gentle and down to earth in tone and writing, his experiences with Linux and technology are significant. His subtle remarks throughout the book about how he helped set up Linux servers with colleagues almost hides the point that some of these servers were involved in serving content to staging servers for some high profile sites, including Netscape.com and aol.com.

I would have enjoyed some further anecdotes about the author's own experiences. He includes a number of useful tips from his experience, but as I read the section "Stories from the Field" I felt like the author probably had a lot more to share and only for sake of brevity did not include more.

Rais maintains a very helpful and encouraging tone, which is rare among users as experienced as he is. The author obviously knows Linux well and still walks the reader through the subject matter much as a mentor would.

The book is also a substantive reference of sorts, enabling easy lookup of critical line commands or troubleshooting errors. It's limited in scope in some areas, and few Linux experts would pick this up as a reference, but as a tool to encourage hesitant new users, it is beneficial.

Linux for the Rest of Us is convenient, easy to read, and inexpensive. Also, note that all proceeds (after tax and print costs) are to be donated to charity.

You can purchase Linux For the Rest of Us from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

emmastory writes "I finally (finally) picked up Mac OS X: The Missing Manual. I've been meaning to grab it since I first heard that David Pogue wrote a book on OS X; I've been a fan of his for a while. I remember reading his stuff in Macworld -- on System 7, even -- when someone gave me a subscription (many) years ago, and his New York Times columns have generally been pretty good as well." Update: 03/25 16:43 GMT by T : Ha! The original headline was missing OS X's "X" -- now in place. Read on ... Mac OS X: The Missing Manual (Second Edition) author David Pogue pages 712 publisher O'Reilly and Associates/Pogue Press rating An excellent book that merits its title. reviewer Emma Story ISBN 0596004508 summary An intensely thorough look at using OS X, updated to include Jaguar.

Mac OS X: The Missing Manual is exactly what you'd expect if you've read any of Pogue's other books or columns: it's clear and straightforward without seeming dumbed down. His writing tends to be fairly light and often funny, making for particularly readable technical books. That's not to say it's without substance, though -- within the first chunk of this book (which is pushing six hundred pages) I'd already had a dozen of my existing questions answered as well as plenty I hadn't even thought to wonder about.

It seems pretty definitely directed at people who've been using Mac OS for a long time and are switching to OS X. Given what OS X is, it's not surprising that it takes some getting used to, despite vaguely looking like Mac OS. If you've never used OS 8 or 9 and don't have any existing Mac habits to unlearn, you might not even need a book like this -- but I suspect it would still be pretty useful. Pogue also takes time to address issues people might have switching to OS X from Unix or Windows, but the focus is on comparisons to older versions of Mac OS. As the title implies, Apple documentation tends to be slim to non-existent, and this is by far the most thorough OS X book I've seen yet. It functions exactly as promised -- I keep my copy on the shelf over my desk, and when I have a question about something I remember from OS 9 or why something I know from BSD doesn't work under 10.2, I can just look it up.

The second edition is more of the same -- the book is bigger, fatter, and covers Jaguar. It was published in October 2002, so it's not quite up to the minute, but it's certainly not outdated yet. I shelled out another twenty bucks when I first saw it, and I don't regret it -- the only major complaint I'd had about the first edition was that its usefulness was somewhat impaired when 10.2 came out. It's possible I'll feel the same way about the second edition when faced with 10.3 -- but maybe Pogue will write another book.

I would recommend this book for just about every OS X user, regardless of how recently you switched -- people who installed it back during the public beta will probably get just as much out of the second edition as those who just bought their first-ever Mac. However, you'll probably find it more useful if you're coming from older versions of Mac OS than if you've just switched from another Unix or Windows, but that's not to say it isn't worth reading in those cases. It's relatively cheap for an O'Reilly book (712 pages, list price is $29.95) so you can't really go wrong.

You can purchase OS X: The Missing Manual from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nellardo writes "The book C++ Templates: The Complete Guide, by Vandevoorde and Josuttis, Addison-Wesley 2003, is an authoritative treatment of exactly what it claims: the template mechanism of C++. If you are a C++ programmer, you should have this book on your shelf. If you aren't a C++ programmer, move along -- this book is highly specific to C++, and won't be much help in understanding the template mechanisms of other languages. Of course, if you aren't a C++ programmer, you probably wouldn't even give this book a second glance in the first place." Read on for the rest of Brook's review. C++ Templates: The Complete Guide author David Vandevoorde & Nicolai M. Josuttis pages 528 publisher Addison Wesley rating 10 for C++ programmers, 0 for anyone else. reviewer Brook Conner ISBN 0201734842 summary A thorough, exhaustively complete treatment of a complex subject. An essential reference for C++ programmers and a lengthy and boring book for anyone else.

The C++ programming language is widely regarded as a good systems programming language, albeit a complex one fraught with low-level details and issues (though arguably this is what makes it good for certain kinds of systems programming). For perhaps a decade now, C++ has had a template mechanism - in programming language circles, it might more properly be called a form of parametric polymorphism. The template mechanism, like many other forms of parametric polymorphism, is potentially extremely powerful, but the complexity of C++ makes it tough to thoroughly master. That's where this book comes in.

Most likely, an experienced C++ programmer has at least used templates. If nothing else, use of the Standard Template Library (or STL) requires at least knowledge of how to use templates. If you use C++ enough to care about templates, you probably know what they are, at least roughly, and if you don't, this isn't the book from which to learn about them. It very clearly requires (and explicitly states in the introduction) that you need to know C++ before making effective use of the book.

Designing template classes, however, is another kettle of fish, and if you're in a position where you're building template classes for someone else to use, you probably need this book. Unless, like the book's authors, you moderate comp.lang.c++.moderated. If you are such a super C++ guru, you may still find this book useful - it is a truly stupendous catalog of the capabilities and subtleties of C++ templates. If nothing else, you'll find examples for well nigh every use to which you are likely to put C++ templates.

The book's strengths, then, are its authoritative and exhaustive detail. On the downside, its examples are dry and flavorless. Perhaps this is intentional, as a way to suggest how some feature can be used in a variety of situations. I prefer a combination of specific, concrete examples, followed by a generic example. The specifics motivate the need for a capability, while the generic showcases the broad, interrelated aspects of the capability. The authors didn't follow that approach. I would suspect this comes in part from their mutual roles in C++ standards bodies - a specific example could be seen as too limiting, and so were left out.

Another drawback, to my thinking, is its resolute focus on C++ to the exclusion of all other languages. Don't get me wrong - I read the title, and it's a C++ book, so I don't expect it to teach me Scheme, much less Haskell. However, I think the complexities of C++ templates might have been easier to tackle and understand with at least pointers to other ways it could have been (and has been) done. If nothing else, citations of alternative approaches would be a useful source for the motivated reader. As it is, it doesn't even deal with differences between C++ implementations - it doesn't even list GCC in the index.

All in all, though, C++ Templates: The Complete Guide is exactly what it claims to be. It's an in-depth treatment of C++ templates and how they work. It isn't a cookbook for practical applications, nor is it a guide to further in-depth exploration of parametric polymorphism. But it is definitely a handy reference for the working C++ programmer to have on her shelf. If you're a working C++ programmer, I'd recommend it. If you aren't, you might want to pass on this one.

You can purchase C++ Templates: The Complete Guide from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Wee writes "Linux Server Hacks is not a book which will teach you system administration. In fact, if you aren't already familiar with how to set up and run Linux, this book will likely confuse you. It is also not a book which will teach you how to break into Linux servers. The word 'hack' in this case is not a pejorative. What LSH will do is show you how to fully tweak that Linux box you already run. It will show you new (and possibly better) ways to do the things you already do. The book will probably not make you a better admin, but it will almost certainly save you some time or give you at least one 'Why didn't I ever think of that?' head-scratcher." Read on for the rest of Wee's review. Linux Server Hacks author Rob Flickenger pages 221 (including index) publisher O'Reilly rating Very Good reviewer Wee ISBN 0596004613 summary 100 tips and tools useful for those who work with Linux servers (and workstations).

About the book LSH is not just about the Linux operating system, per se. Despite the title, it spends more time covering applications which can run on Linux than it does the Linux operating system itself. It is composed of 100 "hacks" all grouped together into like areas, such as "Monitoring" and "Networking". The style sort of reminded me of O'Reilly's Cookbook series, and I find it to be an easy format to read. Indeed, if the book was larger, it could have easily been called "The Linux Server Cookbook."

After a somewhat cheesy forward by ESR and a recognizably standard O'Reilly preface, LSH starts out the hacking with a section called "Server Basics," and it's here that most of the Linux-specific tips are. You get to learn how to pass args to LILO, stroll through /proc, tweak the Linux kernel, play with hdparm and so forth. This chapter left me thinking that this was all stuff every admin should know, and not much of it was new to me (if you've used Linux for more than a couple years you probably won't find much here that you haven't at least heard about before). If you are new to Linux however, then this chapter will be valuable even if you stop reading the book right at chapter two.

If the book had to be divided into two parts, the first chapter would be titled "Part 1: Linux the OS." The balance of the book would then be called "Part 2: Linux Applications." Subsequent chapters each tackle one area of services or applications that run on Linux, such as CVS or rsync or ssh, and it's very easy to find something interesting purely by looking through the table of contents. The book's grouping of hacks into like topics helps, I think, because you can easily pick out what you want to see more of without having to wade through that which you don't find terribly interesting. For example, if you only deal with your personal Linux workstation, then you can easily disregard the "Information Servers" chapter without missing other valuable content. I personally found the "Networking" and "Monitoring" chapters to be the most useful. The "Backups" chapter was interesting, the "Scripting" chapter not so much. Each chapter starts with a summary of what's to come, so if the table of contents isn't enough to find the good bits, then just reading those summaries can give you an idea of whether you'll find anything useful to you.

The book includes a fairly complete index, but I didn't use it very much. I found the table of contents, with its list of each hack's title, to be useful enough. I suspect that when I pick the book up a couple months from now looking for something I had read about I'll get more use out of the index.

What's to like

As I mentioned above, the book is very easy to read. Flickenger has a "conversational" writing style I found easy to parse. If you hang out with Linux geeks very much, you'll recognize his way of communicating and easily assimilate what he has to say. His advice is sound, his skill level high (the same can be said for the other contributors as well). The book's layout and organization made it easy to find specifics and will ensure that it gets used as a reference later on.

You might be wondering about the code samples in this book: there are a lot of them. I didn't check, but I think each hack had at least one CLI listing or bit of example code. This made the book much more valuable than if it simply told you want to do; "seeing" the hack in action helped tremendously. In fact, I'd have felt disappointed if Flickenger hadn't included as many examples as he did. Most of the code is Perl, with some shell mixed in. The example code is well written and properly placed, so if you don't know Perl or shell you'll still be able to make use of the hack.

Each hack can stand on its own. This makes the book easy to read, and ensures its place as a reference. I didn't read the book sequentially at first, but I went through the whole thing regardless. Some hacks refer to other hacks, and I found myself reading the book as if it was hypertext, as is mentioned in the preface. Again, this also means less time spent reading that which you already know (or find boring) and more time spent thinking about something more useful.

The book is distribution-agnostic. I couldn't find anything that would upset a Debian user or would flummox a Mandrake fan. While this might have more to do with the bulk of the hacks being on the application level, I found the lack of an axe to grind refreshing nonetheless.

The book doesn't assume l33t-ness nor coddle the reader. It assumes you know your stuff and are a professional, and in doing so finds its voice rather well. This gave me a sense of admiration for the author and allowed me to absorb the knowledge being imparted with ease.

Although not specifically about the book, O'Reilly has set up a website devoted to their "Hacks" series of books. Users can send in their own hacks, which helps flesh out the content in the print edition.

What could be better

ESR's forward, titled "How to Become a Hacker," was just silly. The forward added nothing to the book, and I find the whole "zen of hacking" schtick tiresome after only a short while. Yes, "hack" is a cool word, but one which easily suffers from overuse: it suffers a lot in ESR's forward. The forward also contains a plug for ESR's book, which I thought was somewhat tacky.

LILO is referred to in several places, but there is not a single mention of GRUB. Where the boot loader was being discussed, an "If you use GRUB, you'd want to do it this way..." aside would have been welcome.

The "Information Servers" chapter is very large, but only deals with BIND 9, Apache and MySQL. If you don't work with any of these three, then fully one quarter of the book will be useless to you. I would have really liked to see mail servers (especially Postfix and Qmail) mentioned, and including tweaks for an ftp daemon would have made the book that much more valuable. I would have also liked to see sshd covered; the book contains only ssh client hacks. Finally, a hack or three about PostgreSQL would have been nice.

The "Scripting" chapter could have been replaced with a "Security" chapter. There are only 4 scripting hacks, and they aren't all that useful. Although the book has a security-conscious mindset running throughout it, I felt the lack of a section devoted specifically to security was a glaring omission. In fact, I almost didn't buy the book when I noticed that the table of contents didn't list a security chapter. It was only after reading a hack or two that I could see security was going to be mentioned.

Another area I expected to see was one with hacks involving package management. A whole chapter dealing with this topic would have certainly been welcome to users of Red Hat, SuSE, et al. I suspect that such a chapter might have broken an unwritten editorial rule about remaining distribution neutral, however. And Debian users would have found anything beyond an apt-get one-liner superfluous, so I can forgive the "omission."

Although the title of the book is "Linux Server Hacks," someone using Linux as a workstation would also find the book helpful. For example, Flickenger includes two hacks on burning CDs, a hack on displaying the load average in the title bar of an xterm window, and so on. I got the impression that the server-centric focus wandered into desktop land quite a bit. Because of this, I thought that some hacks involving window managers should have been included. I've tweaked vnc to run blackbox on more than one occasion and expected to see things like that mentioned. This is a niggling complaint, however.

I found myself wishing the book was longer. At US$24.95 the price was right, but I would have rather paid US$34.95 for 150 total hacks.

Finally, the book looked somewhat rushed. There were more than a couple formatting errors (typeset characters visible, etc) sprinkled throughout, and all the code examples were unindented; it was as if all the tabs were stripped out by the printer. While the lack of indenting might confuse those who don't know Perl or shell, the only "real" consequence of this is that the lack of tabs in the makefile examples on pages 27 and 28 prevent them from working.

Summary

Based on this review, it might seem that the bad outweighs the good where Linux Server hacks is concerned. I don't think this is the case, and I would caution anyone against taking that view (rather, I'd have them glance through the book at the bookstore before deciding not to buy it). I think it should be noted that given the usually high quality of O'Reilly titles, it's far easier to spot what could be better than what is likeable. Like the old saying goes, nobody notices a clean kitchen unless it isn't.

None of the "bad" things would keep me from recommending this book, and I found Linux Server Hacks to be a very useful -- both as a future reference and as "thumb through while waiting for the train" sort of read. There's not much in it which is "new", and most of the hacks would border on common sense for the seasoned sysadmin (although I'd be willing to be that even the most grizzled admin would find something new or interesting). Indeed, nearly all the information in the book can probably be found on the web somewhere. It is nice, however, to have everything collected in one place and organized into specific groups. Linux Server Hacks would make a good addition to the bookshelf of anyone, regardless of their skill level, who finds themself administering a Linux machine, be it a server or workstation.

Table of contents

1. How to Become a Hacker
2. Preface

1. Server Basics
2. Revision Control
3. Backups
4. Networking
5. Monitoring
6. SSH
7. Scripting
8. Information Servers

You can purchase Linux Server Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

peterwayner writes "One mathematician I know told me that the most important lesson he learned was how to read a math book. It did no good, he said, to just start plowing through the theorems because that brought confusion. The key was to skim the book five or six times to get an idea of what the writer was trying to do. Then, and only then, was it possible to figure out the equations. This is what Barry Mazur tries to do in his book Imagining Numbers . There are some equations, graphs and diagrams, but first and foremost he offers plenty of poetry, philosophy and history to lay a foundation for understanding imaginary numbers." Peter's review continues below -- despite its complicated, abstract subject matter, he says that it's "simple enough to be accessible to most who will be interested in it." Imagining Numbers author Barry Mazur pages 267 publisher Farrar, Straus and Giroux rating 8 reviewer Peter Wayner ISBN 0374174695 summary How to imagine imaginary numbers like the square root of minus fifteen.

Much of modern mathematical literature is structured with crisp, scripted precision. First there is theorem one, then theorem two, which leads to theorem three, which could only be followed by theorem four, and so on until we reach theorem n. If you want to learn the mathematics of complex numbers (a +bi), then classic texts (this or this) will get you there.

Some may like this logical progression, but it leaves others cold in the same way that crisp, modern architecture by Mies van de Rohe leaves some craving a more layered, fractured, ornate, organic and just plain fun place to live and work. Less isn't more, as Robert Venturi said, less is a bore.

If you happen to feel a chill when churning through an assembly line of theorems, you might enjoy the treatment of Mazur, a professor at Harvard who seems to spend as much time reading poets like Rilke or Stevens as he does examining old mathematical texts. Mazur is not the kind of machine that turns coffee into theorems-- he's too busy stopping to smell the rhetorical flourishes.

The book isn't aimed at mathematicians per se. The publisher, Farrar, Strauss and Giroux specializes in mainstream literature and that's probably the best pigeonhole for this book. Mazur wants the reader to understand how to think about imaginary numbers, not evaluate some integrals -- and that reader could really be anyone with the desire to think about mathematical things. The book is simple enough to be accessible to most who will be interested in it.

In many ways, Mazur attempted a much harder task than just teaching complex analysis. It's one thing to learn how to find the roots of polynomials, but it's another thing to try to help people get a feeling or an intuition for the square root of minus fifteen. Integers are easy to understand and even feel by counting out things, but imaginary numbers don't seem to exist. Mathematicians have spent many years trying to find the best metaphors and structures to understand how to find answers for all polynomials and it's never been an easy struggle.

The best part of the book is, without doubt, the historical treatment of how other mathematicians confronted the question of irrational and complex numbers. These ideas have always been hard to grasp and it took time to evolve the most compact and consistent nomenclature.

If you're interested in mathematics as more than just a mechanism that churns out answers, you'll probably enjoy the book. It's a light, friendly, philosophical expedition looking for a way to make imaginary numbers work in our minds.

Peter Wayner is the author of Translucent Databases , a book on how to imagine databases that hold no information yet still do useful work. You can purchase Imagining Numbers from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "It has been quite a while since I have come across a book I'd label 'essential.' The last for non-programming computer users was Robin Williams' The Mac Is Not A Typewriter which I bought for a number of new Macintosh users." Now, though, honestpuck has found another book which he says is required reading for modern computer users -- read on for his review of O'Reilly's Google Hacks. Google Hacks: 100 Industrial-Strength Tips and Tools author Tara Calishain and Rael Dornfest pages 318 publisher O'Reilly rating Excellent reviewer Tony Williams ISBN 0596004478 summary Excellent compendium of tips and tricks for everyone on using Google and its API

The book in brief Google Hacks by Tara Calishain and Rael Dornfest and published by O'Reilly will appeal to an even wider audience, I can imagine buying this for friends who haven't cottoned on to 'net searching at all and friends who complain "Google returns too many sites." People who are afraid to code shouldn't be put off by the "Hacks" in the title: O'Reilly have obviously taken a wider meaning of "hack" than just a neat piece of code. This book is a marvelous compendium of tips and tricks for Google, ranging from simple ways of getting the search results you want, through using Google's newer services such as phone books and image search, all the way to advanced ways of using scrapers and the Google API.

The book demonstrates 100 hacks, of which close to half are useful for everyone -- newbie, programmer and non-programmer alike. The first 35 hacks, in chapters one and two, will educate you about the intricacies of getting the best out of searching both Google's main web catalog and the newer 'Special Services and Collections.' This is the part of the book that should be essential reading for Google users -- in the two days I've had this book these have proved invaluable. The rest are for those who are either looking for extremely advanced search tips, increasing their web site's Google page rank, or programming an application to use the Google data -- all topics well covered in this volume.

What's Good In This Book

To start, it is well written, well laid out with a good contents section, good index, and some appropriate introductory material before getting down to the first hack. Each of the hacks are numbered and a single hack will often cross-reference other hacks that add information relevant to it. The hacks in each chapter nicely add on each other in both complexity and function.

The hacks themselves seem to cover every area of Google that you might want. They range from the downright frivolous (there is a chapter "Google Pranks and Games") to serious ways of improving your search results and excellent examples of good ways to use the Google API.

Most of the code fragments are in Perl, and among the hacks are ways of getting the job done without over extensive use of extra modules such as XML Parsers and SOAP::Lite (including a hack that uses regular expressions to parse the XML).

What's Bad In This Book

It's hard to find anything bad to say, apart from some frustration that a couple of the hacks that interested me used ASP or VB rather than a more portable language.

Oh, another minor quibble, the allied web site O'Reilly Hacks Series has been slow and has none of the code in the book or any of the URLs mentioned listed anywhere -- it seems more geared towards marketing the books than helping the readers.

(DISCLAIMER: I use Rael Dornfest's Blosxom blog software and have contributed a plugin for his software.)

You can purchase Google Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Hello Kitty writes "As far back as 1981, the videogame industry was pulling in more than Hollywood and Vegas combined; that year it raked in $5 billion, and for the most part did so one quarter at a time. So why haven't the arcade games so formative to geek youth (okay, geek 30somethings, young in the glory days of arcade play) gotten their due from the rest of popular culture? Lucky Wander Boy, DB Weiss' debut novel, is a step toward correcting that oversight. It's also a meditation on the bardo (the Buddhist notion of that which lies between the moment of death and the afterlife), on the excesses of the late dot-com era, and on where Pac-Man went in that split-second between disappearing on one side of the screen and reappearing on the other. And oh, yeah, it has a lead character screwed up just like your hysterical older relatives thought you would be if you didn't quit playing those nasty computer games. Bust out the rasterized graphics and Atari cartridges -- it's a party." Hello Kitty's review continues below. Lucky Wander Boy author DB Weiss pages 272 publisher Plume rating 9 reviewer Hello Kitty ISBN 0452283949 summary the Big Videogame Chill

It's the mid-90s and Adam Pennyman's got no particular place to go, so he finds himself in a Los Angeles apartment with a cranky soon-to-be-ex girlfriend and a copy of MAME, everyone's favorite game emulator. His collection grows until he feels compelled to document it, or his life as realized through his gaming, in an unpublishable text called the Catalogue of Obscure Entertainments.

Unimpressed, his girlfriend starts edging out of his life just as a chance meeting with a former friend lands Adam a copywriting gig at Portal Entertainment, a dot-com ostensibly in the process of turning various videogame properties into movies. (The real business, of course, involves turning smoke and mirrors into venture cap; alumni of, oh, D*N or El*ctr*m*dia are encouraged to up the dosage of whatever they're taking to quell the flashbacks during the passages describing Portal's office culture.)

But Portal puts Adam within reach of the gamer's Grail: Lucky Wander Boy, a rare and bizarre game created by the reclusive Araki Itachi. Lucky Wander Boy was years ahead of its time, and so intricately coded that no one, no one, ever reached third level. Or have they? Adam nearly did once, long ago, and has been haunted ever since by a memory of gameplay that just couldn't have truly happened... could it? Adam will go far to find out. Very far indeed.

I love me some metaphysical conceits in my fiction, so strictly for the description of the Lucky Wander Boy game I'd rate this book highly. (It doesn't exist. It couldn't exist. I want it to exist. Dammit.) The author's done a fine job capturing a certain kind of thinking that occurs when smart people start reading deeper meaning into their obsessions.

Adam's ruminations on many of the classics (Pac-Man, Microsurgeon, Donkey Kong, Super Mario Bros., et al.) ring player-true -- which is why it's so glorious and scary when he goes off the rails with you right beside him. If you played in the days when primitive graphics and freshly-minuted archetypes made gameplay somehow even more addictive, this book will cause howls of recognition. Best of all, it's well-written and for the most part affectionate to the subculture; be glad this quasi-historical novel was written by the promising Weiss and not by that maiden aunt of yours who wouldn't let you have any more quarters.

You can purchase Lucky Wander Boy from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

kaisyain writes "When I was a kid we moved into an old Victorian house. From the street the house looked impressive and fascinating. When you got up close, however, you noticed the paint was peeling, the widow sashes were rotted away, doors couldn't open or close because they didn't hang true, and at some point someone had cheaply redone the kitchen in a style that was very much not Victorian. Pete McBreen's Software Craftsmanship reminds me of that house." Read on to see if you agree with kaisyain's withering review. Software Craftsmanship: The New Imperative author Pete McBreen pages 192 publisher Addison-Wesley rating 2/10 reviewer Justus Pendleton ISBN 0201733862 summary A good start with a terrible finish that answers few of the questions it raises.

The back of the book claims that it will present an alternative method of software development, "a craft model that focuses on the people involved in commercial software development." McBreen offers his "software craftsmanship" model up as an alternative to the mainstream "software engineering" model that dominates much of the literature. It is a position that I am personally sympathetic too, so you'd think I'd be favorably disposed toward the book. Instead I found myself angry at the author for his strawman arguments, illogical conclusions, unfounded assertions, and irrelevant asides.

The book starts off well enough. McBreen points out that, historically, software engineering literature and theory have been dominated by huge projects from the military and government and small, complex, esoteric projects from academia. Neither of those extremes reflect the reality of developing applications for most developers today. McBreen offers up a method of working patterned on craftsmen of old, with a basic breakdown of master craftsman, journeyman, and apprentice.

All of this sounds well and good, but how about some details for what this means in practice?

First we have to wade through some arguments against licensing the profession. (Although craftsmen of old did that all the time, maybe he doesn't want us to extend the metaphor too far.) And then we have to read about how to be a good user. (The back of the book says it is written for programmers, so why do I need a section titled "Stop Choosing Developers Based on the Lowest Bidder"?)

As you're reading chapters like "Becoming a Software Craftsman", "Learning from Software Engineering", and "Design for Testing and Maintenance" you slowly begin to notice that none of this has anything to do with software engineering per se. After all, what is software engineering? McBreen gives a definition on page 7 taken from the IEEE:

Software engineering is the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software; that is, the application of engineering to software.

He promptly forgets about this definition in his zeal to set up strawmen for his software craftsmanship model to knock over. "The software engineering view states that COBOL is a dead language with no future." "Unlike software engineering, software craftsmanship takes a long-term view of things." "A key difference between software craftsmanship and software engineering is the emphasis that craftsmanship puts on learning and coaching." "Software engineering, therefore, has to deal with the problem of developing software where incremental development and evolutionary delivery are not feasible strategies." He suggests that journeymen review the work of apprentices and that master craftsmen then review the reviewed work: "Although the software engineering paradigm might consider this type of secondary review to be a waste of time, it is an essential part of practicing any craft." "You cannot do software engineering on a low budget...software engineering projects take a lot of time...software engineering denigrates anecdotal evidence."

Where does he get this stuff from? Did I read that right, he thinks formal software engineering would complain about too many code reviews? I must have missed that issue of IEEE Software.

He seems to think software craftsmanship is somehow vastly different from this thing he keeps calling "software engineering" but anyone even vaguely familiar with software engineering literature will have a hard time spotting any actual differences. On page 113 he seems to be against "code walkthroughs" although I fail to see how they are any different from "A master craftsman...[inspects] everything that the journeymen and apprentices create." On page 124 he rails against software engineering's use of "best practices." He doesn't seem to understand that "best practices" are nothing more than anecdotal evidence and an attempt to gather and disseminate information of "master craftsmen."

This symptom is worst in the concluding section, "What to do on Monday", which is intended to be a set of things you can do to end your slavish attachment to software engineering and start out on the path of software craftsmanship. What revolutionary things does he advocate that software engineering must clearly be diametrically opposed to? He suggests we carefully evaluate the portfolio of interview candidates; pay talented staff extremely well, perhaps even more than managers; we should design for testing and maintenance; pay more attention to usability over glitter on user interfaces; create a learning environment to encourage perpetual learning.

What does any of that have to do with software engineering vis a vis software craftsmanship? Is there some reason I can't pay my developers extremely well and still have a systematic, disciplined process?

McBreen's entire premise is flawed because he doesn't seem to understand what software engineering is. His argument seems to be with a specific process, not with software engineering itself. He offers some useful advice but none of it is earthshaking and none of it is really an alternative to "software engineering." Indeed, none of what he talks about is especially new, either. It is basically the same "surgical team" model that Fred Brooks described decades ago, something he alludes to but never outright acknowledges and explores.

McBreen makes a lot of smaller missteps along the way that damage his credibility but they are really too many to enumerate. At the end of the book, you not only don't have any clear idea of what makes software craftsmanship different from a well-run software engineering shop, you also have no clear idea why you spent $29.99 on a 180 page book softcover book.

Interested readers can purchase Software Craftsmanship from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Gianluca writes "Web sites get defaced every day -- that's routine practice for aspiring crackers who want to gain popularity by proving their bravery. Too often their attacks are aimed at unprepared, defenceless servers which were improperly secured by clumsy administrators. Just reading a book won't save you from the next cracker attack. However, having a solid knowledge of the basics of web security and a list of effective checkpoints for configuring your server, will definitely help you to prevent at least the most trivial mistakes." Gianluca reviews here Wrox Press' Professional Apache Security to see how well it can provide that kind of knowledge -- read on below. Professional Apache Security author Tony Mobily et al. pages 360 publisher Wrox Press rating 8.0 reviewer Gianluca Insolvibile ISBN 1861007760 summary A comprehensive overview of security related issues of interest for web admins, security analysts and web developers

The book walks through the most common tasks of an Apache administrator. It covers, for example, proper installation and maintenance, common practices in security and remote attacks. Some basic notions of system administration are also given, for those areas which affect the web server behaviour.

Topics of specific interest for security freaks include system hardening, intrusion detection mechanisms, monitoring and logging, server chroot()ing, session tracking, cryptography and SSL.

Throughout the book there are descriptions of common attacks like Cross-Site Scripting (XSS), CGI vulnerabilities, Denial of Service (DoS), Distributed DoS (DDoS), Reflection DDoS (RDDoS), cookie spoofing and session hijacking. Script kids be warned: there's no easily exploitable information on how to attack a web server inside the book.

What's to like
The book is well written, and an enjoyable read. It uses a very precise and yet friendly language to guide its readers through the covered subjects. Using this straightforward approach, it explains some thorny topics starting from basic notions and assuming no previous knowledge.

The explanation of essential topics like the HTTP protocol and server architecture, forms and CGI mechanisms, system configuration, etc. are nicely integrated with more tangled and scarcely documented issues. It is worth mentioning:

• the chapter on "jailing" the web server (which explains in detail how to correctly prepare a complete yet secure chroot'ed "sandbox" for Apache);
• the chapter on prevention of XSS attacks (explaining these types of attacks, and how to write CGI scripts to avoid them);
• the appendix dealing with usage and configuration of mod_rewrite.

Everything is supplemented with hands-on examples, information and tricks valuable to the intermediate reader; the clear explanations of basic topics will provide complete instructions for the beginners.

Further pro's of the book include updated information (issues related to Netscape 7, IE 6, Mozilla 1.0, Apache series 1.3 and 2.0), coverage of less known topics (e.g.: P3P) and a wealth of references to the relevant sources of information like RFCs, W3C specifications and CERT Advisories.

What's to consider
The downside of writing for both beginners and intermediate readers in just 360 pages is that the depth of the information provided is necessarily limited. The book is clearly targeted to less experienced system administrators, who will be able to quickly grasp the most important concepts revolving around Apache security and secure administration. Intermediate users are likely to find some paragraphs quite trivial, however they will be rewarded by the many pearls of wisdom offered in the more detailed sections. Expert system administrators might be disappointed by the lack of more in-depth and hard-core technical explanations.

The summary
The best aspect of the book is that it assembles basic notions, rarely available information and hints derived from the authors' experience to produce a neat, clearly written and comprehensive guide to Apache security. This will enable beginning web admins to understand the key points in managing and securing a web server, while providing experienced ones with a quick reference to the most important security practices.

Table of Contents
Introduction
Chapter 1: Installation
Chapter 2: Secure administration
Chapter 3: HTTP Security and Cross-Site Scripting Attacks
Chapter 4: Authentication and authorization
Chapter 5: System security
Chapter 6: Apache in jail
Chapter 7: Denial of service attacks
Chapter 8: Cookies
Chapter 9: CGI security
Chapter 10: Logging
Chapter 11: Session tracking
Chapter 12: Apache and cryptography
Chapter 13: SSL and Apache
Appendix A: Security resources
Appendix B: Apache with mod_rewrite
Appendix C: Sample SSL Accelerator implementations

You can purchase Professional Apache Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Wrox Press seem to have become masters at putting together volumes from a large number of authors. This 600-page volume is another example. This way of working does have some drawbacks, there is a little repetition of some basic stuff throughout the book, but not enough to truly detract from it." Read on for the complete version of honestpuck's review. PHP4 Web Development Solutions author Raj Kumar Dash, Bryan Waters, Alison Gianotto et. al. pages 601 publisher Wrox Press rating Fair reviewer Tony Williams ISBN 1861007434 summary Mid to high level exposition of web site development in PHP

In brief: The book, after some expository material, details 11 projects of increasing complexity. They use PHP, MySQL, PEAR::DB, Smarty and PHPLib. The target audience, according to the book jacket, are programmers who already have a good knowledge of PHP, SQL Databases and XML. Frankly, I think they overdo the amount of experience you need to use and benefit from this book. If you are on top of all those topics well enough to consider yourself "professional" then this book may be too simple. If, on the other hand, you are, like me, conversant with PHP and SQL but would like to take yourself up to "professional" use of technologies like XML, templating and WAP enabling then this book will be good.

What's Good About This Book

The book is stuffed full of code examples -- and while you can download them in a ZIP file of over 3Mb you shouldn't think of this book as a "cookbook" as such. It shows various methods for performing most of the tasks you need to build solid backend web site systems to deal with a large variety of data. The projects cover importing and exporting of XML, messaging systems, forums, content management, using templates for both HTML and WML, search facilities and both simple and complex content management among other topics.

The projects are well designed. I'd have to say that among the 11 projects most web site requirements are covered somewhere. The code is well engineered and some thought has gone into making it readable, understandable and useful. The explanatory material is well written, if too short.

One thing I did appreciate about this book is how much they left out. No coverage of PHP fundamentals, SQL fundamentals and simple stuff like web forms might be covered once, at most. I certainly didn't need another book on my shelves explaining the basics.

What's Bad About This Book

My largest criticism of this book is one shared by too many modern titles for computer programmers; there is too much explanation and too much repetition. The section on SQL is the perfect example. Most projects contain some tables describing each database table, a diagram of the relationships and then the full SQL required to build them, their indices and some example data. For their proposed target audience this is way too much information, and as it is safe to assume that everyone who buys this book has a decent 'net connection, why put a printout of SQL available online in a PHP book? I could have easily written the SQL myself and having it in the book doesn't make it much easier and since it was available online it was a total waste of space.

I also have to take exception to, an (admittedly short) chapter devoted to installing and configuring PostNuke. It gives you no more information on this simple task than the online documentation. As someone who has installed PostNuke a couple of times and never needed any assistance beyond the readme files (and the first was long before I considered myself a good PHP programmer) I felt this was a complete waste of space and not "web development" at all.

My final criticism is once again shared by too many modern titles, there isn't really enough discussion of the design decisions and complications. There are enough code examples and walk throughs to satisfy anyone, but not enough key design decisions are discussed at all, with only a few short examinations of any real design problems. I would have appreciated some walk throughs of such things as code that was too slow, problems with race conditions, methods for mixing static and generated parts of a site and all the real world stuff that intrudes when your site gets slashdotted and that code that was so neat with a hundred visitors a day becomes a thousand. Then show how the code they provide is better, avoids the problems and how to get my code to the same state. Since this book is "professional" a little more real world, please.

You can purchase PHP4 Web Development Solutions from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Frank Krasicki writes "The Adventures of Kavalier & Clay has already won numerous prizes for literature including the Nobel prize for fiction in 2001. As imposing as that may sound, this is an entirely accessible and enjoyable read." It's also set in the world of comics; read on for the rest of Krasicki's review to find out why he considers it an "entirely pleasant and entertaining book." Update: 03/07 16:39 GMT by T : That's Pulitzer prize, not Nobel. The Amazing Adventures of Kavalier and Clay author Michael Chabon pages 636 pages publisher Picador USA (paperback edition) rating Excellent reviewer Frank Krasicki ISBN 0312282990 summary A convincing historical fiction of the Golden Age of Comics

As someone who grew up reading comics during the Silver Age of Comics (approximately 1958 - 1970 or so), I was fortunate to own, read, and come to love the comics from the Golden Age (approximately 1939 - 1949 or so). Michael Chabon's novel spans the years from 1939 through the mid-fifties and comic books are the thematic motif he uses as a vehicle to explore that time and that jaw-dropping social innocence. Anyone who has even a passing interest in comic books and their origin will enjoy this book. In it, Chabon creates a convincing parallel universe that includes a historical facsimile of what the Golden Age of Comic books may have been like.

This is a book that explores the very big ideas of human transformation, Jewish mysticism, and the subtle variations on the concept of escape, all sugar-coated in rich layers of wishful but impossible remembrance.

The setting of the book is a mythical New York City. Chabon revisits The Empire State Building - home of Empire comics, the General Motors pavilion of the World's Fair (1939), and a Naval base in Antarctica.

Our first hero, Samuel Louis Klayman (Clay) may as well be the skinny boy we all remember from the body building ads that illustrated a bully kicking sand into the boy's face as the ad exclaimed, "Tired of being picked on?". Clay is described as, "seventeen when the adventures began: big-mouthed, perhaps not quite as quick on his feet as he liked to imagine, and tending to be, like many optimists, a little excitable. He was not in any conventional way, handsome.", "He slouched, and wore clothes badly; he always looked as though he had just been jumped for his lunch money.", and "...an omnivorous reader...". Clay is an inventory clerk at Empire Novelties Incorporated Company who occasionally gets, "to do an illustration" for an ad.

Josef Kavalier, on the other hand, is Clay's cousin who, in 1939, escapes from German occupied Prague via Asia, Japan, and finally San Francisco to Brooklyn, NY. Josef arrives believing that Sam is a commercial artist who can get him a job doing the same thing.

Joe is older than Sam. He is nearly nineteen and his hobby is stage magic and it is learned from Bernard Kornblum, "an 'eastern Jew, bone-thin, with a bushy red-beard". It is Kornblum who smuggles Josef Kavalier out of Prague along with the clay body of a giant-sized, androgynous Golem disguised as a cadaver. The Golem's casket is Joe's first significant escape. The character of Josef Kavalier will remind older readers of Jerzy Kozinski, author of The Painted Bird whose late night television appearances in the 1960's recounted his own talent for hiding from the authorities.

Once Sammy discovers Joe's ability to draw, he announces, "... I'll tell you what. I'm going to do better than just get you a job drawing the Gravmonica Friction-Powered Mouth Organ, all right? I'm going to get us into the big money." From here on forward, the young men team up to become Kavalier and Clay. The analogy to Golden Age comic's masters such as Simon and Kirby, Siegel and Shuster, and others is unmistakable and, in the hands of Chabon becomes a transcendent metafiction that is replete with real and manufactured historical acknowledgments that will have many readers rubbing their chins in admiration of the precision of Chabon's clever inventions.

Kavalier and Clay create a comic book character called The Escapist. Their comic quickly rivals the economic success of Superman and Captain Marvel. In the hands of Kavalier and Clay The Escapist becomes a vehicle through which Joe Kavalier expresses his hatred of Hitler and all things Nazi. Chabon uses The Escapist comic book as a vehicle to meticulously describe the historical development most comic book heroes explored from the early forties until the Congressional hearings that challenged the influence of comics on children and eventually, temporarily, censored the industry.

Concurrent to describing the evolution of The Escapist from comic book sensation to radio show and product merchandising windfall, Chabon traces Kavalier and Clay as their lives are woven by their venture.

The third, main character is Rosa Saks who is first a model for Joe Kavalier, then lover, and eventually a romance comic book creator. In a perfectly plausible subplot, she first engages Joe Kavalier to underwrite the cost of helping Jewish children escape from occupied territories on a ship called the Ark of Miriam in an effort to save his own brother Thomas.

Rosa also becomes the inspiration for The Luna Moth, a female superhero comic book that expanded the number of titles Kavalier and Clay created. "Luna Moth was a creature of the night, of the Other Worlds, of mystic regions where evil worked by means of spells and curses instead of bullets, torpedoes, or shells. Luna fought in the wonderworld against specters and demons, and defended all us unsuspecting dreamers against attack from the dark realms of sleep." Rosa falls in love with Joe as his art blossoms in The Luna Moth. A footnote informs us that, "Thirty years later" The Weird Worlds of the Luna Moth "quickly became a head-shop bestseller".

Sam Clay, on the other hand, discovers his homosexual preference. Through Sam Clay, Chabon explores the social mores of that time and masterfully examines the topic as a third rail subject pertaining to the comics industry.

Further adventures and life complications evolve these characters - too many to describe without spoiling the fun of reading. This is an entirely pleasant and entertaining book that is nothing more or less than a light, leisurely read assuming you have an interest in the general topic or historical period.

I will add that, like the comics of that time, there is nothing heavy about the reading despite the introduction and resolution of a remarkable pastiche of sublime themes and subplots. These are all handled with a genuine love and thorough understanding of the subject matter.

In an Author's Note, Chabon closes with this remark, "Finally, I want to acknowledge the deep debt I owe in this and everything else I've ever written to the work of the late Jack Kirby, the King of Comics." The book is a wonderful tribute.

Michael Chabon's website is: http://www.michaelchabon.com/ and well worth a visit.

You can purchase The Amazing Adventures of Kavalier and Clay from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Eater writes "Over the last decade, we've seen an explosion in the area of books dealing with the subject of Internet security. Few have defined the genre as well as Firewalls and Internet Security: Repelling the Wily Hacker by Bill Cheswick and Steve Bellovin. Security gurus rejoice... the 2nd edition is finally here!" Eater compares this new version to the original in his review below. Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Ed. author William Cheswick, Steven Bellovin, Aviel Rubin pages 455 publisher Addison-Wesley rating 9 reviewer Eater ISBN 020163466X summary Long-awaited second edition of the security administrator's favorite classic.

Those familiar with this classic have undoubtedly recommended it to other hackers seeking a definitive text. Firewalls and Internet Security has provided a roadmap for security conscious sysadmins since its publication in 1994. It mixed sound policy recommendations with examples of UNIX-based implementations, all rooted in experience from working in AT&T corporate security.

Although many of the ideas laid out in the original edition are just as relevant in today's Internet, much has changed technically since 1994. Alas, this month Addison-Wesley has released a new second edition ... nearly complete rewrite (and 135 page expansion) of the original classic.

A glance at the new edition indeed reveals significant changes. Avi Rubin has been added as an author. The preface details some of the predictions made from the first edition... some of which came true, and others that didn't. Most sections have been vastly expanded, if not completely restructured.

Denial-of-services (DoS) attacks, infamous in the previous decade, are explored in greater depth. Replacements of deprecated tools have been given new sections (ssh is detailed following the chapter on the "r" commands, for example.) The myriad of enumeration tools available today are discussed (i.e., Nessus, hping, nmap).

Intrusion-detection tools, almost completely absent from the first edition, are given space in the new book, although not nearly as much as I would have liked. Much has been added on the subject of cryptography and authentication. Forthcoming standards like IPV6 and DNSsec are discussed.

Those who've read the original will recall the "Evening with Berferd." the chapter detailing a break-in the authors were able to watch and analyze in real-time. This inspired more than a few honeypot oriented projects. The second edition introduces a second real-world scenario, the "Taking of Clark," which illustrates forensic measures to be taken after after a host is compromised. Fans of Foundstone's Hacker's Challenge will find it familiar.

The defining thread across all of these topics is what makes this book a classic: the emphasis of the "why," not just the "how." Although the examples are mostly geared towards UNIX users, the guidance and policy suggestions are directly applicable to any platform where the reader is responsible for making security decisions.

Perhaps the greatest aspect of this book is its availability: it's on the web here. Those who are working in the security field, or those interested in it, will benefit from owning the hard-copy available from Addison-Wesley.

You can also purchase Firewalls and Internet Security, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Verity Stob writes "There is a turning point in the emergence of a programming methodology. It doesn't matter how big and popular the website is, nor how many papers have been published in the ACM journals or development magazines, nor even whether the first conferences have been a sell-out. A methodology hasn't made really made it until somebody has published a Proper Book. With Aspect-Oriented Programming with AspectJ author Ivan Kiselev is bidding to drag AOP into the mainstream. He is motivated, he says in his introduction, by the recollection of the 25 odd years it took for the object-oriented concept to spread from its Simula origins in frosty Norway to being the everyday tool of Joe Coder. He aims to prevent this delay happening to AOP." Read on for Verity Stob's review of Kiselev's book. Aspect-Oriented Programming with AspectJ author Ivan Kiselev pages 274 publisher SAMS rating Excellent reviewer Verity Stob ISBN 0672324105 summary Introduction to a new programming technique using an extension to Java

He has divided the book into four parts. Part I provides a brief sketch of AOP and introduces its concepts. AOP builds on OOP, asserting that we need a new programming entity called, wait for it, an aspect. Mr Kiselev's explanation of aspects reminded me of that bit in The Hitchhiker's Guide to the Galaxy when the planet Golgafrincham divided its population into A types (who were the leaders, the scientists and the great artists), the C types (who were the people who did all the actual making of things and doing of things), and the B types, who comprised everybody left over: telephone sanitizers, advertising account executives and hairdressers. As I understand Mr Kiselev, the AOP view of things is that objects and classes (A type thinkers) and low-level procedures and APIs (C type doers) can be nicely encapsulated using traditional components. But aspects, software's little hairdressers, get their fingers into everything, and until now there has been no way to encapsulate them. This of course is what AOP in general and specifically the AspectJ superset of the Java language set out to do.

AspectJ's eponymous aspects are constructs not unlike ordinary classes. Mr Kiselev has not resisted the temptation to make an aspect Hello World example, and it looks reassuringly so-whatish:

package intro;

import java.io.*;

public aspect HelloWorldA
{
public static void main(String args[])
{
System.out.println(Hello, world!);
}
}

Mr Kiselev then lays out his stall of New Things. A join point is any point in execution flow that AspectJ can identify and -- to get slightly ahead of ourselves -- execute some extra code. The most frequently used kind of join point being the call to a method. Pointcuts specify collections of join points; as a regular expression is to an instance of matched text, so a pointcut is to a matching join point. An advice (with horrid plural 'advices') is the code to be executed when a given pointcut is matched. If you are familiar with Eiffel's pre- and post-conditions, then you'll understand if I say that it is common for advices to run in the same way, topping and/or tailing the execution of a method. The differences are that aspects are specified from outside the method without touching the method or its class's code, and that aspects can be applied to multiple methods in one go. Mr Kiselev concludes this section of the book with a few simplistic examples of 'here is class A, here is class B' kind.

In Part II Mr Kiselev rolls up his sleeves and takes us through an extended, realistic example. I did wonder if perhaps it weren't a wee bit too realistic, as it is a miniature website application for news story submission and reading -- sort of Slashdot Ultralite -- all done using JSP and a MySQL database. Just explaining this setup, without even using any AspectJ, consumes a 15-page chapter. Since I am a C++ programmer who has not had any contact with JSP, I was initially anxious that I might not be able to follow this. However, recalling that www.[name withheld].com, the clumsiest, ugliest corporate website on the Internet, is programmed in JSP, I reasoned that if the dolts that programmed that site could understand JSP then it couldn't be very hard. So it proved.

The first example comprises adding password protection to the application. This is achieved by adding an advice that intercepts calls to doStartTag() methods. The advice can test if the user is logged in and, if he isn't, throw an exception that will dump him back at the login page. (Who says exceptions aren't 21st century gotos?) At this point Mr Kiselev admits that the cute 10-line implementation that he initially shows is in reality a non-starter; for one thing not all pages that must be secured define doStartTag() methods, for another the aspect can't reach an instance variable it needs to read because it is declared in protected scope. The second problem is easily overcome. AOP offers a mechanism by which extra classes can be bodged ('introduced' is the preferred verb in the AOP community) into the hierarchy as parents of existing classes. He uses this to add an accessor method for the field in question. The other problem is not so neatly smothered, and it is somewhat ruefully that Mr Kiselev produces his final, two-page solution. But I think that it is greatly to Mr K's credit that he does this - it tastes like programming in the real world as I have experienced it.

For the rest of Part II, Mr K demonstrates other applications of AOP using the AspectNews code. This includes Eiffelish design-by-contract stuff, improved exception handling, various debugging and tuning techniques (specifically logging, tracing and profiling) and a chapter on runtime improvements - stream buffering, database connection pooling and result caching - which show the AOP way to do things, usually where I would expect to be putting in proxy classes.

In part III we get down and dirty with the AspectJ language. This is the part where the book explains the obscure stuff: how to make a pointcut that picks up object preinitialization, or make an advice that goes off only when you are exiting a method on the back of an exception. I skimmed this bit - I guess it will become vital when I start using AspectJ in earnest. It looked good and clear on a flick through. A brief part IV contains some patterns, to give one a start when engaging AspectJ in earnest. Apparently it is horribly easy to create infinitely recursive situations, so if you here a faint popping sound from your machine it will be the stack colliding with the heap. There are seven appendices, supplying such things as a summary of the API in AspectJ's packages and hints on obtaining and using the Open Source supplementary tools mentioned in the book (Tomcat JSP container, MySQL database and Ant make replacement). AspectJ itself, now escaped from Xerox PARC, can be downloaded from the Eclipse website.

Complaints? None really. Oh all right, here's a nitpicklette because it's you: at page 75 Mr Kiselev adopts the irritating Internet habit of writing 'loosing' when he means 'losing'. Note to publisher SAMS proofreaders: do I win 25 cents?

For the rest, this is a lucid and readable book that describes the Next Big Methodology. I'm a bit alarmed at the prospect of squeezing new actions into the cracks of existing code, but I dare say I'll grow to love it.

A word of warning to the eager: since this technology is currently implemented as a species of preprocessor that relies on having all the source code available at once, so it is rather slow and probably isn't going into production shops for a while. There again, I seem to remember the comparable Cfront C++ compiler doing rather well, before we had platform-native C++ compilers.

And to the sceptics: if you think you can ignore AOP, don't forget the fate of the A and C type inhabitants of Golgafrincham, who having sent their B type telephone sanitizers into exile were all wiped out by a germ caught from a particularly dirty telephone.

You can purchase Aspect-Oriented Programming with AspectJ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.