Slashdot Mirror

John David Funge writes "In Dr David Ellerman's book Intellectual Trespassing as a Way of Life there are a number of interesting essays. But there is one particular essay, entitled "The Semantics Differentiation of Minds and Machines," that caught my attention and which should be of interest to Slashdot readers. In that essay Dr Ellerman claims that "after several decades of debate, a definitive differentiation between minds and machines seems to be emerging into view." In particular, Dr Ellerman argues that the distinction between minds and machines is that while machines (i.e., computers) make excellent symbol manipulation devices, only minds have the additional capacity to ascribe semantics to symbols." Read the rest of John's review. Intellectual Trespassing as a Way of Life author David P. Ellerman pages 290 pages publisher Rowman & Littlefield Publishers, Inc. rating 7 reviewer John David Funge ISBN 0847679322 summary Dramatic changes or revolutions in a field of science are often made by outsiders or "trespassers".

However, Dr Ellerman's argument appears circular. In particular, Dr Ellerman seems to have decided that, by definition, the only possible semantic interpretation for any collection of wires, capacitors, transistors, etc. that we would commonly refer to as a "computer" is as nothing more than a symbol manipulation device. While a computer is indeed (at the very least) a symbol manipulation device, what is there to prevent another mind ascribing additional semantic interpretations to the collection of wires, capacitors, transistors, etc. that we commonly refer to as a "computer"? In particular, what if my mind were willing to make the semantic interpretation that a computer is a device that can both manipulate symbols and can also ascribe semantics to symbols.

Moreover, what if I one day met a collection of blood vessels, skin, bones, etc. called Dr Ellerman? What would prevent me from ascribing to him the semantic interpretation that he is nothing more than a symbolic manipulation device? After all, Dr Ellerman concedes that their may be no way of distinguishing minds from machines purely on the basis of behavior. That is he specifically acknowledges that computers may one day pass the Turing test. So why would my mind not then be able to legitimately ascribe any semantic interpretation (that fits the observed behavior) I see fit to either humans or machines?

It seems that Dr Ellerman's essay considers two different types of physical devices that are potentially indistinguishable on the basis of behavior. Then arbitrarily defines one type of device (computers) to correspond to nothing more than symbolic manipulation and the other (human brains) to have the additional ability to ascribe semantics. Upon adopting these two axioms, he is then (somewhat unsurprisingly) able to conclude there is a distinction! But the distinction simply arises from the fact that he has arbitrarily defined a distinction in the first place.

In another essay in the collection, entitled "Trespassing against the Happy Consciousness of Orthodox Economics," Dr Ellerman argues that modern Western societies are not as free from slavery as orthodox economics would have us believe. In particular, he concludes that work in non-democratic firms is nothing less than a form of "temporary voluntary slavery". It would be ironic therefore if his essay on minds and machines were one day used to justify the slavery of (non-human) machines. Indeed, Dr Ellerman's characterization of the supposed intrinsic differences between humans and machines is sadly reminiscent of the despicable and unscientific arguments about intrinsic racial differences that were once used to justify human slavery."
You can purchase Intellectual Trespassing as a Way of Life from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Graeme Williams writes "Beginning Excel What-If Data Analysis Tools: Getting Started with Goal Seek, Data Tables, Scenarios, and Solver makes it easy to learn about some neat features of Excel, including the four data-analysis tools mentioned in the title. I found the book useful, but the style is dry and unadorned, and others may find it less approachable than I did. The examples around which the book is built are clear and straightforward rather than insightful, and presented plainly rather than with a lot of discussion." Read the rest of Graeme's review. Beginning Excel What-if Data Analysis Tools: Getting Started with Goal Seek, Data Tables, Scenarios, and Solver author Paul Cornell pages xxii + 167 publisher Apress rating 7 reviewer Graeme Williams ISBN 1-59059-591-2 summary A clear but bare introduction to a useful set of Excel tools

This book reads and feels more like a textbook than an introduction. Other beginner books are full of diagrams, icons and text in boxes. This book has almost none of that – the occasional tip or note is set off with horizontal lines. In other books, text in boxes often seems to be put there for no reason at all, but this book has exactly one diagram. Comparing this book to others, I feel as though we've lost the middle way.

The book seems to go out of its way to avoid diagrams. To fill out a dialog box, for example, the instructions are to click on the first field, type in the value, click on the second field, type in the value, and so on. I just don't understand why you wouldn't put in a screen shot, with the instructions, "Make it look like this". I don't know if screen shots weren't used because they're more expensive, or harder to translate, but if so, a table could have achieved a similar result.

Goal Seek is a simple one-variable equation solver. You put x in one cell and f(x) in another. You point Goal Seek at the two cells, give it a value of c and it attempts to solve f(x) = c. It's a simple enough feature, and the book goes through a number of straightforward examples.

The examples are relevant and clearly explained, but they seem only to be examples of themselves. They don't trigger any new ideas, and none of them jump out at you as "Neat!". I wish the author had put a little more creativity into the examples. They seem a little dry and occasionally repetitive, and don't seem to build on one another. An example shouldn't be just, "Here it is", but rather, "Here's something important to know about how it works" or "Here's an idea you can use in other places as well as here".

At the end of each chapter, there's a list of possible errors, but the suggested fixes aren't all equally helpful. If Goal Seek can't solve f(x) = c, the book suggests (page 19) changing the value of c! This is an area where a set of related examples would have been very helpful: first showing a simple example, followed by a more complicated example that fails, and finally with the failure repaired.

Data Tables are a way to automatically generate a one- or two-dimensional tables of values, given a formula and one or two sets of values. The book shows how to build data tables, going through a number of good examples, but I was somewhat mystified why this would be better than doing the same thing by hand. Building a data table by hand means you have to understand the difference between A1, $A1, A$1 and $A$1, which I guess is one reason for using the automatic mechanism. A1 and $A$1 are referred to as relative and absolute references, in case you want to google this particular mystery. But building a table by hand gives you more control over the layout. Unfortunately Microsoft has made the layout of two-dimensional data tables both odd and inflexible (the formula for the table is stuck in the upper left corner). It would have been clearer if the book had explained that the examples looked the way they did because that was the only way they could look. It would also have been useful if the book had at least briefly compared data tables to the manual equivalent.

Scenarios allow you to store versions of a spreadsheet that have different input values. This is neater than it sounds, since you can vary any number of input variables and calculate any number of output variables, including charts. You can also generate a summary sheet which tabulates the corresponding inputs and outputs. The book explains all this very well, going from a clear explanation to three good examples.

Any book with code samples risks confusion about whether the reader should type in the examples or download them, but this book crosses the line. In some examples (the most egregious example is on page 51), the discussion assumes that some cells have defined names, something that would only have been possible if the reader downloaded the example, since names were not included in the step-by-step instructions. The odd thing is that in some of the examples, the instructions DO include the defined name for each cell.

When presenting Excel examples like these, you have to deal with the possibility that a cell will have three pertinent properties: a formula, a value, and a name. This is another case where the book seems to lack a good designer who could show this graphically.

The Solver is a general-purpose equation solver that will handle multiple variables and multiple constraints. For a given function f(x1, ..., xn), the solver can either solve for f(...) = c, or maximize f(...). The book explains how to set this up, and the meaning of the dozen or so options (tolerance, maximum iterations, and so on) pretty clearly.

The Solver provides a sensitivity report (how much the result will change if one of the inputs changes fractionally), but this report is disabled if even one of the variables is restricted to whole numbers. There are two obvious ways around this: run the sensitivity analysis as though the constraint wasn't there (which would provide the counter-factual information about how much the solution would change if the whole number value changed fractionally); or run the sensitivity analysis without the restricted variables. Microsoft doesn't provide either of these workarounds, and the book doesn't discuss them either.

The sensitivity report is disabled if any variable has either an "integer" or "binary" constraint, but the book repeatedly mentions only integer constraints, which could be confusing to a beginner. It doesn't help that Microsoft gives the same error message ("Sensitivity Report and Limits Report are not meaningful for problems with integer constraints") for both cases.

The appendices are quite good – I'd almost recommend reading the book backwards. There's an overview of the data and financial analysis functions in Excel, such as average, median, floor, ceiling and mortgage payment, with enough detail to lead you to the right part of Microsoft's documentation. Another appendix describes ways of handling data that aren't discussed in the body of the book, such as Lists, Subtotals, sorting, filtering and consolidating data. These extras add a considerable amount to the usefulness of the book.

At $34.95 list, the book is expensive for an introductory book, but I'm not sure that should count against it. If you use the techniques described in the book, the time you'll save will quickly pay back the cost. On the other hand, if you need more explanation and discussion than the book provides, it's going to seem like a whole lot of money. I strongly recommend downloading the sample chapter. It will give you an excellent view of the book's strengths and weaknesses."
You can purchase Beginning Excel What-If Data Analysis Tools from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ajs writes "Monte Cook Presents: Iron Heroes is an advanced role playing rule book, based on Wizards of the Coast's d20 System (the rules that underpin the current edition of Dungeons & Dragons). What's unusual about it is that it presents both a setting and rules for "low magic" fantasy that doesn't sacrifice high adventure to get its gritty action." Read the rest of Aaron's review. Monte Cook Presents: Iron Heroes author Mike Mearls pages 240 publisher rating 9 reviewer Aaron Sherman ISBN 1-58846-796-1 summary d20 System variant Player's Handbook

Monte Cook Presents: Iron Heroes (I'm just going to call it Iron Heroes from here on) is published under Cook's imprint, Malhavoc Press, by Sword & Sorcery who are best known for their d20 System rules variants and supplements. Sword & Sorcery, in turn, is owned by White Wolf Publishing, well known for their World of Darkness line of storytelling games. Originally titled "Iron Lore", the title was changed before publication due to legal entanglements. But, enough about the publisher, let's discuss the book.

Mike Mearls, a regular contributor to Dragon Magazine and long-time d20 System author, has a vision, it seems. His Iron Heroes game gives us a window into a world where the fabled dragon-slaying knight doesn't carry a glowing trinket of a sword that solves his problems, but has to rely on his skills and experience. On its own, this would be a serious undertaking, but the goal of Iron Heroes is to balance such a world as closely as possible with the established mechanics, threats and rewards of the d20 System. This is something which I would have considered difficult enough to be impractical before I read Iron Heroes.

The book begins by explaining that inexperienced role players need not apply. This is intended as an advanced rulebook, and those not already familiar with d20 will have everything that they need, but may find the book daunting (this is the only major flaw I've found in the book). If you are aware of the d20 System, you will note that none of the usual d20 classes are there. Instead of the rogue, there is a thief. Instead of barbarian, there is a berserker. These are not capricious name changes, however, since the mechanics of each of these variant classes are quite different from their d20 equivalents. More on why in a bit...

To begin to explore the idea behind Iron Heroes, imagine the iconic fantasy setting that D&D generally presents. Now suppose that you make two changes: there are no overt gods interfering with the daily workings of the world (and hence, no divine magic), and magic itself is a wild and dangerous force, not to be toyed with lightly or without consequences.

These two changes produce a world in which the focus of high fantasy adventure turns from the wizard and the magic sword to the muscle-bound weapon master or the stealthy thief. To compensate for the fact that the characters will not have access to powerful magic, each of the core classes in Iron Heroes is substantially more powerful than their standard d20 counterparts. The base attack bonuses (BAB) increase at a faster pace and feats are gained much more quickly than in the SRD (the official, and freely available d20 System rules).

For the rest of the system, the mechanical differences can be summed up as follows:

• Feats are more tree-like, allowing progression and specialization in each feat.
• Skills and other actions can be used in creative ways by players and game masters alike, with a well balanced system for determining difficulty of unusual "stunts" and "challenges".
• Traits, a "variant rule" in standard d20, are a core mechanic in Iron Heroes.
• Since magical healing is rare at best, characters have reserves of hit points that they can make use of between encounters.
• Armor class is replaced by defense and damage reduction. Defense is the active capacity that a character has to avoid a blow. Armor, on the other hand, reduces damage taken by a character, using the standard d20 rules for damage reduction.

Of course, the most glaringly different element of Iron Heroes from d20 is the magic system. Magic is dangerous and unpredictable in Iron Heroes, so while there is an "arcanist" class, their spells are used cautiously and often with consequences. The magic system itself is quite different from d20. An arcanist pulls "mana" from elsewhere and focuses it using a "method". Methods are the mechanical effects of a spell, but the strength and "special effects" (to use a Hero System term) of a spell are determined by the amount of mana used and the player's preference respectively. This makes for a magic system which is much more flexible than in standard d20, but not as free-form as, say, the magic system from White Wolf's Mage. Magic is also quite a bit more limited in Iron Heroes, but I imagine that that will be addressed by later supplements.

The system is not easily combined with an existing campaign, so don't look to Iron Heroes for classes to add to your existing characters or for NPCs to introduce into other games. In a world full of magic items, for example, Iron Heroes combat classes would be far too powerful, and Iron Heroes arcanists would be hobbled by the restrictions on their magic use.

In short: this game marks—for me—what the d20 System and the Open Gaming License are all about. It presents a rich set of mechanics that build in compatible ways on what we already have access to, and gives us new ground to cover in the already well-covered ground of the fantasy role playing industry."

You can purchase Monte Cook Presents: Iron Heroes from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

apsmith writes "No matter what the subject, one has to admire a book written by an astronaut and former US senator, illustrated with photos of the author at work on the Moon. When the subject is one as potentially important to the future of our civilization as the energy resources geologist Harrison ("Jack") Schmitt sees buried in the lunar surface, along with our future in space, it becomes all the more daunting to take issue with it. Unfortunately Schmitt's potentially inspiring commercial justification in Return to the Moon: Exploration, Enterprise, and Energy in the Human Settlement of Space rests on a shaky foundation." Read the rest of Arthur's review. Return to the Moon: Exploration, Enterprise, and Energy in the Human Settlement of Space author Harrison Schmitt pages 336 publisher Praxis Publishing Ltd. and Copernicus Books rating 7 reviewer Arthur Smith ISBN 0387242856 summary Harvesting Helium-3 from the Moon

With NASA now planning a lunar return and several other countries planning missions, the time is certainly ripe for a book titled Return to the Moon. In fact, last November also saw the release of Rick Tumlinson's collection of essays from experts on the subject with the same title, and the Space Frontier Foundation has been running regular Return to the Moon conferences.

Schmitt's book acknowledges that context but sets out in his own direction arguing that the Moon will provide a critical contribution to our civilization's energy needs, and the lunar return discussed is primarily one of industry and commerce, rather than grand national programs. The argument for industrial use of our celestial neighbor hinges on the utility of helium-3 fusion. However, that technology and the science behind it is dealt with in a perfunctory 4 pages in this book; Schmitt leaves the main argument to scientific papers from the University of Wisconsin Fusion technology Institute that has been promoting it.

Helium-3 fusion, while having the advantage of lower radiation levels, is considerably harder than deuterium-tritium (D-T) fusion: the extra proton in helium means the ideal fusion temperature for He3-D mixtures is over four times as large. An alternative hydrogen-boron reaction would require almost 10 times the D-T temperature. That makes the traditional approaches to fusion reactors, creating very hot and dense plasmas, essentially impractical for He3 fusion. Non-traditional electrostatic confinement ( "Farnsworth fusor") technology gets around the high temperature problem by essentially shooting the nuclei directly at one another in a steady-state fashion. In principle any kind of fusion is possible with such a design. However, in practice the maximum power output obtained so far is 1 Watt - you would need a hundred of them just to power a light bulb!

So that leaves a huge and unknown technology gap in scaling things a factor of 1 billion or so to power plant size. Schmitt lightly skips over this problem with the note that "much engineering research lies ahead" and then bases an economic analysis on the assumption that such a plant would have to compete with fossil-fuel plants; we know roughly the numbers there. This does provide real constraints on the costs of retrieval of He3 from the Moon, so it's a useful analysis. But there's still the fundamental question of whether He3 fusion could ever be economically practical.

Schmitt doesn't let those questions slow him down; cost estimates for the "much engineering research" piece are folded into capital cost estimates for building up to 15 fusion plants, building and launching (and staffing) 15 lunar mining settlements, and operational costs for the whole system to reach the conclusion that it could, after the 15th set of facilities was completed, be close to competitive with electric energy from coal. That's not a bad accomplishment, but it rests on a lot of assumptions of unstated but likely very high uncertainty.

Ironically, the best reason for replacing coal, the threat of global warming from atmospheric CO2 release, is given short shrift as an "international political issue" in Schmitt's introductory chapter on our energy future. In this and in a bias toward non-governmental solutions, Schmitt's text unfortunately betrays the caution of an incompletely recovered politician.

Organizational approaches are covered in detail in chapter 8, where Schmitt compares models ranging from all-government to various public/private partnerships, to an all-private approach, analyzing each model according to over two dozen financial, managerial, and external criteria. After giving each a 1 to 10 rating, he multiplies by another subjective weighting factor and adds them all up. Somehow, the all-private model wins every time. The text surrounding these numbers suggests that, despite what the numbers say, several of the public-private partnership approaches make a great deal of sense. This ranges from the Intelsat multilateral model to simply encouraging government funding of the necessary research, development, and testing, and passing technology on to private industry to earn a profit.

Schmitt's discussion of lessons from Apollo is almost reverential, including a proposal for a "Saturn VI" heavy-lift rocket, to lower launch costs. It seems unlikely that the Apollo conditions can be duplicated, but he does have an interesting argument in favor of in-house engineering talent and having a large pool of young engineers. This and the letters of chapter 10 are perhaps too bluntly put to have an impact on NASA directly, but could certainly help inspire organizational virtues in a private venture, so NASA's more recent mistakes aren't repeated.

There is much that is good here. The book covers some ideas in detail, including the lunar geology issues for helium-3 recovery. Designs for mining equipment, the idea of finding markets first in space, and only later on Earth, and the proposal to make the miners permanent settlers, rather than just temporary visitors are all interesting concepts developed here. The author has included copious citations for more in-depth reading.

Much of the infrastructure Schmitt calls for could be applied to any other commercial utilization of the Moon, for example to help develop solar power satellites or lunar solar power facilities, to provide lunar oxygen (or hydrogen) for in-space use, for lunar tourism, and so forth. Schmitt believes the He3 approach provides easier access to capital markets due to lower start-up costs, so less government involvement may be needed than for those other commercial justifications for a lunar return. However, the status of He3 fusion itself seems sufficiently uncertain that relying on private equity to make it happen could still be a very slow process, at least once development reaches the point of billion-dollar space missions.

This vision for a new day in lunar exploration is very different from what we have been hearing from NASA, even in recent years when a human lunar return has been on the table. There is considerable evidence we have an urgent need for new energy sources. The possibility of exploitation of the Moon for human benefit has hardly crossed public consciousness yet, but it's something that we will increasingly be turning to as humanity reaches limits here on Earth. We should all be grateful Dr. Schmitt has helped here to get that ball rolling.

Arthur Smith is a part-time space advocate and volunteer with the National Space Society."

You can purchase Return to the Moon: Exploration, Enterprise, and Energy in the Human Settlement of Space from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nazarijo writes "Python seems to be devouring everything these days, with more and more people using it for serious projects. It's quickly supplanting Perl in some circles, and with good reason. It's a powerful, richly featured language with boatloads of extensions. And, unlike Perl, it's very easy to do complicated things in simple, legible code. Python books are still only a small part of the shelf at your local bookstore when you compare it to the popularity of Perl, but which ones are the gems and which ones are fluff? Having looked at a lot of Python books in the past couple of years, I think that Beginning Python: From Novice to Professional is the one that I'll most recommend to people." Read on for the rest of Jose's review. Beginning Python: From Novice to Professional author Magnus Lie Hetland pages 604 publisher Apress rating 8/10 reviewer Jose Nazario ISBN 159059519X summary Tour the Python language, from basics to advanced modules

Beginning Python is loosely grouped into three main sections. The first deals with Python fundamentals, all the goodies that are inherent to the language and the modules that it ships with. It's surprising to see how rich the language is out of the box, especially when compared to some other scripting languages. The second section would be the chapters covering popular extensions for a variety of services. These include network and web programming, SQL objects, and even GUI programming. And finally the third section is a set of 10 projects in Python, which bring everything together in a concise fashion.

I like this book a lot because it is very clear in its delivery, both the prose and the code examples used, and is consistently Pythonic. The Python language lends itself to a powerful programming style and, unlike Perl, many Python developers I know don't bother with a dozen ways to perform a simple action, they get it done and move on. What you wind up with is clear code that's easily understood by someone new to the language.

Unlike what the title would suggest, Beginning Python isn't only for the first few weeks with the language. The book is large and in depth, and the coverage of material is fantastic in many ways. You get a quick tour of the basics and then you move on to an overview of the language and then its common features. The inclusion of the 10 projects is another benefit to the intermediate user. She can refer back to this book for additional information and pointers from time to time, it wont sit still on her shelf.

That said, there are a few things in the book that I tend to disagree with. For example, the author dissuades you from using destructors in your code, but in my experience they're far more reliable, and a better place to do some cleanup, than he states. A few chapters are also a bit skimpy when they didn't need to be. For example, Chapter 18, which covers packagers like the distutils component from Python, needed to be fleshed out a lot more. This is a powerful feature in Python and sound docs on it should just be there. There's no reason to hold back on something so vital. The section on profiling in Chapter 16 is also a bit thin around the middle when it needn't be. While this seems like a minor point, having a reference to speeding up code (and measuring the improvements) is always nice. And finally, Chapter 17, which covers extending Python, is simply too short for its own good. A more in depth example would have been appreciated.

I have begun recommending this book to people I know that are smart and program in other languages, but aren't very familiar with Python. Many beginners books only take a person so far before they become a useless item on the shelf. This means that he $30 or more that was spent is now gone, so I've grown to be observant of how long I expect a book to be useful. I anticipate the useful shelf life of Beginning Python will be longer than average for most general purpose programming books for a single language. What's more is that it's not a dry reference book. Couple this to a Python cookbook for recipes and you have a two volume "mastering Python" series.

If you've been curious to learn Python and haven't yet found the book that speaks to you clearly, this may be the one. I'm pleased with the quality of the writing, the examples, and the quick pace of the book. While it's nearly 30 chapters in length, most of them are short and focused, making them easily digestible and highly useful. Overall probably the best Python books I've had the good fortune of reading."

You can purchase Beginning Python: From Novice to Professional from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

fires_of_heaven writes "Faced with some technical site interviews, I decided to rummage the web and came across a blog titled Landing The Job. I found the advice on the blog far more useful than the other random tidbits I found, so I emailed its author a quick note of thanks. The next day I found Landing the Internship or Full-Time Job at my doorstep. Normally, I don't bother with career books, but this title is written by people that have recently landed an awesome job at companies like Google and EA Games rather than a hiring manager or recruiter. It even includes the resumes they used to "Land The Job." Read the rest of Paul's review. Landing the Internship or Full-Time Job During College author Robert R. Peterson pages 299 publisher iUniverse rating 9/10 reviewer Paul Gerken ISBN 0595366813 summary A guide written by those that have recently landed jobs at Google, EA Games, Intel, Amazon, IBM, and others

The book starts out with a foreword by an IBM Executive and then covers 10 chapters which I comment on individually below. Each chapter is followed by a profile from either an intern or new hire at a fortune 50 company. The profiles include a Q&A and the resume of the individual. I found them to be practical and honest. For example, Ben Lewis who is profiled as an Xbox developer said that he sometimes feels that he can't make a difference at Microsoft.

As a busy computer science student, I can really appreciate how the contents are written. Each chapter has a "Bare Minimum To Do" list with suggestions on how much time each item should take. They also include "Common Mistakes" sections. I especially used the to-do list for the company research chapter.

Another observation I should share is that everything is by example. When cover letters are discussed, there are two example letters--when rejecting an offer is discussed there are example emails. There are even example dialogs for behavioral interviews and for salary negotiation. I think most career books endlessly rant on about methods and rules. Landing the Job seems to be more centered in reality.

The only complaint I have is that there are a few minor grammatical errors. Overall, I think this book is going to be a classic. I haven't had all my site interviews yet, but I know it will help me land my future job.

Chapter 10. HR Interviews and Salary Negotiation
In my opinion, this chapter should be first because it is the best one. It starts off by talking about why recruiters act the way they do. Then it covers salary negotiation which includes a sample dialog between a student with an offer and a manager. I used the "Offer Comparison" section and am sure I will use again. It walks through how to evaluate the worth of an offer step-by-step. It even has a sample offer letter that it walks through as an example.

Chapter 1. Building Unmatched Credentials
If you are like me you often skip the first chapter of books. I didn't read this chapter at first because it talks about how to get experience while you are in college before you are looking for a job. Since I am already looking for a job, it doesn't really apply to me. After looking over it again though, I think it has really good advice. For instance, it recommends that spending endless hours to increase your GPA by a tenth of a point is not as important as finding personal projects or interests in your field.

Chapter 2. Crafting a Successful Resume
This chapter walks through writing a resume from a brainstorm to text and pdf versions. I didn't follow the entire process because I already had a resume, but the examples really helped. I also used the resumes from the profiled new hires and interns at the end of each chapter for ideas.

Chapter 3. Writing a Strong Cover Letter
I didn't have a cover letter prior to reading this. This is one of my favorite chapters because it is a short and sweet guide to getting together a nice cover letter. It includes two sample cover letters written by a mechanical engineer and a computer scientist. It also explains when to use a cover letter. For example, it suggests that a cover letter on-top of a resume can be mailed to any company address--say their customer service department--generating job leads outside of typical HR channels.

Chapter 4. Researching an Organization
I used this chapter less than the others, but it does answer some vital questions--what you need to find out and where to find it. It covers research with the internet, at company career sites, and at libraries. It has a profile of an IBM new hire at the end explaining how company research helped him.

Chapter 5. Secrets of Applying Online
This chapter is amazing. I didn't know how to put together a text resume properly until I read this chapter. I didn't know that many online forms accept unicode 2.0 not ascii so you can add bullets, underlines, and other characters to text resumes. The end has a profile from an Intel new hire and how he got his job by applying online.

Chapter 6. Mastering Career Fairs
This chapter wasn't that much use to me since I've been to a lot of career fairs. However, I agree with all the advice which is basically to know what you are going to highlight from your resume, how to act calm and confident in front of a recruiter, and to pay attention to who is attending a fair. It also cites references of where to find career fairs.

Chapter 7. Learning the Art of Interviewing
This chapter covers interviewing in general and topics that are not specific to behavioral or technical interviews. I read this chapter twice and I think I'm going to read it again before my next site interview. It covers how not to be nervous, getting safety offers, phone interviews, dinner interviews, and what you should try to emphasis about yourself during an interview (as well as what not to say). The end profiles a PhD student deciding between Google, Amazon, and Microsoft.

Chapter 8. Behavioral Interviews
Although I don't often do behavioral interviews and I don't think they are that big of a deal, I found this chapter useful. It explains why employers like behavioral interviews so much (in a nut shell they are assume future behavior will reflect past behavior). It also has an example behavioral interview and example questions--they are hard ones too.

Chapter 9. Technical Interviews
It is clear that the author has had some serious technical interviews. This chapter covers brain teasers to quality assurance questions to hard-core programming questions. It has a huge section on example questions and solutions (which takes up about a 4th of the book). It covers how to write good pseudo code, how to handle the situation when you haven't a clue what the answer is, and even technical questions for non-computer majors like civil engineering and mechanical engineering.

This is an excellent book for any major in college."

You can purchase Landing the Internship or Full Time Job During College from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

A reader writes: "It appears that Neil Gaiman released two of his books (Anansi Boys and American Gods) as books on CD. The interesting twist is that they are being released as MP3 - which for the world of audio books is something pretty new. ". Indeed; MP3 audio books, I think, have given the book publishers the willies because of the DRM issue - anyone else seen this before? And also worth noting that Mirrormask was released in motion picture form and rocks. I think to describe it would be equal parts The Dark Crystal and Myst, combine with Carnivale and a dash of The City of Lost Children.

barryhawkins writes "It's safe to assume that people who are thinking of learning GNU Emacs or improving their Emacs skills are motivated. These people probably know their way around a command prompt, and likely know that Lisp is more than just a speech impediment. They need a book that offers expert advice without wasting time or insulting the intelligence of the reader: Learning GNU Emacs, 3rd Edition is that book." Read on for the rest of Hawkins' review. Learning GNU Emacs, 3rd Edition author Debra Cameron, James Elliott, Marc Loy, Eric Raymond & Bill Rosenblatt pages 534 publisher O'Reilly Publishing rating 9 reviewer Barry Hawkins ISBN 0596006489 summary An intelligent, graded treatment of the landscape of useful Emacs skills and how to internalize them

For a programmer, it is reasonable to question whether or not a word processor or graphical IDE is the right tool to edit a simple script or properties file. IDEs like Eclipse have become universals hammers, and to some of their users, any file containing text looks like a nail. Specific tasks are rarely handled well by universal tools, and text editing is no exception. Dave Thomas and Andy Hunt, authors of The Pragmatic Programmer and founders of the Pragmatic Bookshelf series, recommend that programmers adopt a text editor as an essential utility in their collection of appropriately-suited tools. The tried-and-true text editor is enjoying a renaissance of sorts, and one of the most extensible and customizable applications among text editors is the venerable GNU Emacs.

Tutorials and documentation for Emacs are abundant, but they often prove time-consuming and ineffective for actually learning Emacs. The printed version of the official GNU Emacs manual reads more like an application programming interface (API) document than an instructional guide. This book is a refreshing break from the documentation many have come to expect. Imagine having a group of leading experts on Emacs at your disposal to teach you how to use it in a conversational, consultative style. That is what has been bundled into this book.

The extensibility of Emacs is considered both a key strength and a confusing weakness of the application. The Emacs community has created all sorts of additional capabilities for Emacs, ranging from the impressive to the absurd. The authors have done well to judiciously select which Emacs capabilities to cover. For example, while Emacs does have the capability to function as an email client, other applications have long superseded its ability. The authors have chosen not to cover this topic, and instead devote the available space to learning Emacs' core functionality -- powerful, efficient text editing.

This edition of the book uses the space gained by the removal of esoteric topics to flesh out areas of more common interest. Peripheral areas of Emacs, such as compatibility modes for programming languages (other than Java and Perl), have been left for the user to research after gaining a solid foundation on Emacs as editor and work environment. Integration with the major version control systems has been expanded to include Subversion alongside the age-old standards CVS, RCS, and SCCS. Coverage of support for Java and Perl has also improved, as well as sections for editing HTML and XML. Users wanting to tap into the power of Lisp programming for Emacs should find the coverage satisfying as well.

The pace of the material is comfortable, and the order in which topics are introduced allows the user to progress smoothly through the book. Users with some experience can skip past the first three chapters, but would be advised to read through them, particularly those who are self-taught (which applies to most Emacs users). Given the amount of time the average user spends in Emacs, picking up one or two time-saving shortcuts would be well worth an investment of a few hours. Instructions are given in a way that reflects the fact that there are multiple ways to achieve the same outcome; the authors do not attempt to foist "the only way" to accomplish something upon the reader. Some readers will find that bothersome, desiring instead a simple, straightforward heuristic for performing a task. However, the typical users of Emacs tend to be people who embrace the fact that the world is not a simple, straightforward abstraction. The book reflects the authors' awareness of this nuance.

Perhaps the most distinguishing feature of this book is the chapter devoted to the use of Emacs on different platforms. Unix, Windows and Mac OS X users receive equal acknowledgment. The precautions and insights regarding subtle differences in Emacs when used on particular platforms can reduce users' frustration when getting started.

The mnemonic devices and conventions used in the book allow users to commit useful keyboard commands to memory. The memorization is further solidified by the exercises sprinkled appropriately through each chapter. Readers do not go for very many pages before it is time to be at the keyboard again, harnessing the power of muscle memory to reinforce the material presented. Those who spend any time at a shell prompt or in console applications will find that their new mastery of Emacs keyboard shortcuts translates into increased proficiency with command-line operations as well.

You can purchase Learning GNU Emacs, 3rd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

meryl (Meryl K. Evans) writes "Having been in process management in a software organization for over ten years, I've seen too many articles and books on the topic that worked better than Valium for putting me to sleep especially since they have no side effects. You know that Joel Spolsky is one of the best writers on the topic of software. However, in this book he stands aside and lets others demonstrate that he isn't the only one who can write about software in English and captivate you." Read on for Evans' review. Best Software Writing I: Selected and Introduced by Joel Spolsky author Joel Spolsky, editor pages 328 publisher Apress rating 8 reviewer Meryl K. Evans ISBN 1590595009 summary 29 essays by multiple authors covering a range of development-related topics. Joel on Software fans won't be disappointed in the selection of authors as they deal with the concepts Spolsky writes about on his site. Some readers may be expecting a book solely on software development. Even Joel goes beyond this. Some folks might be disappointed that most of the articles, blog entries, speeches, and essays are available somewhere on the Web. I only recognize a few of the authors and their articles, though, so I would've never known about the others had I not found this book.

The essays cover a wide range of development-related topics. They include coding style, outsourcing programmers, dealing with Excel as a database (gag, gag), using social software (and the things that are right and wrong with these shared spaces), emerging digital rights, and defining the two-phase commit process a la Starbucks. A few of them are nothing but comics. The one on Windows search will knocks readers out of their chairs laughing, at least it did me.

The book also contains business-related essays that address a few problems affecting many companies -- namely team compensation and forced overtime which often spills over the weekend. Joel introduces every essay and includes notes clarifying abbreviations, names, or terms that you most likely know. But other people who would benefit from the book may not -- cut Joel some slack for providing these notes.

The manager benefits from the book because she gains insight into the developer's perspective, which could help her become a better leader. The developer benefits because many of the issues covered can affect him no matter what language he uses for development. If you belong to neither management nor development, the best way to decide if the book is for you or not is to review the table of contents and reviews. If you find only one or two interesting possibilities, search for them online instead.

I'm one of those who belong to neither group. My software organization background has been along the lines of an analyst and process manager. Even I find that most of the essays are enjoyable or educational. Only one or two lost me.

While most of the content is available on the Internet for free and all of you can find it, the book is worth the bucks. It's nice having a collection of high-quality writing related to software and the business in one place instead of trawling the Web for it. Furthermore, you get an opportunity to read offline -- if you manage to tear yourself away from the monitor every now and then at least; I read most of the book while traveling on an airplane. The flight flew by, thanks to the book. I appreciated and absorbed the essays better by reading them in the book than I would have had I read them online.

You can purchase Best Software Writing I from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck (Tony Williams) writes "I have to admit that I can bristle at books that try to preach, so Perl Best Practices was on a hiding to nothing when I came to review it. I also have to admit to being torn about the author -- after all, he is one of those poor fools who insist on living in cold, unenlightened Melbourne, while I live in vastly superior Sydney. On the other hand, how can I dislike a man who manages to place a quote that involves my favourite character, Lady Bracknell. from my favourite comic play, 'The Importance of Being Earnest,' in the first few pages of his book?" Read on for Williams' review. Perl Best Practices author Damian Conway pages 492 publisher O'Reilly Media rating 8 reviewer Tony Williams ISBN 0596001738 summary Methods of coding to improve your Perl software

Many years ago I read a marvelous article that explained why so may early editors and word processors supported the keyboard commands of WordStar. When it's first born, a baby duck can be easily convinced that almost anything is its mother. The small bird imprints, and it takes a lot to shift its focus. "Baby Duck Syndrome" affects programmers in a number of ways, not just their choice of editor, and Conway is walking right into the middle and arguing with your imprinting on almost every page. A brave man; fortunately he has the street cred to make you at least listen.

So I carefully placed my bias and bigotry in the bottom drawer and prepared myself. I discovered a well-written, informed and engaging book that covers a number of methods (hey, 256 rules, come on Derrick, 2 ^ 8 rules can't be a coincidence!) for improving your Perl software when working in a team. That means all of us when you remember an adage a guru once told me: "Every piece of computer software, no matter how small, involves at least a team of two -- me, and me six months from now when I have to fix it." Conway puts it differently "Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live."

The first chapter outlines the why and where of the book. The why is to improve your code with three goals; robustness, efficiency and maintainability. The chapter finishes with a short exhortation to us to "rehabit." Don't like the word much but I applaud the aim.

Conway is far from timid. He jumps right in to the deep end of the wars, with formatting the appearance of your code. I thought the chapter was brilliantly written until he told me I shouldn't "cuddle else statements," at which point I realized what an ill-informed idiot he was. Oh, hang on. Hey, that almost makes sense. OK, that's a cogent argument for your point of view, Conway. I also have to admit that earlier you did say that your rules for this bit weren't gospel, that if you wanted a variation that was OK, just have a standard and make sure you can support it with a code prettier. Perhaps not a total idiot after all.

After successfully negotiating those shark infested waters, Conway -- obviously a man who knows no fear -- wades into naming conventions. Once again he gives coherent arguments, pointed examples and counterexamples. It all makes sense.

The book's page at O'Reilly has an example chapter and a good description, but no table of contents so here's a quick list of the headings:

1. Best Practices
2. Code Layout
3. Naming Conventions
4. Values and Expressions
5. Variables
6. Control Structures
7. Documentation
8. Built-in Functions
9. Subroutines
10. I/O
11. References
12. Regular Expressions
13. Error Handling
14. Command-Line Processing
15. Objects
16. Class Hierarchies
17. Modules
18. Testing and Debugging
19. Miscellanea

Suffice to say that Conway leaves no corner of Perl uncovered, offering well-reasoned and well-explained advice on improving your Perl code.

The book is also well-written and well-edited. The order of topics covered is a sensible one, and the book is appropriately structured. It reads and feels as if you are being given the wisdom from many a hard-won battle coding and maintaining Perl code.

My one complaint is that I found it dry: you are reading through pages of argument and examples without much relief. Perhaps this book might be best digested in a number of chunks, making the effort to use the ideas from each chunk for a while before moving on to the next.

Every so often I read a book from O'Reilly that makes me fear that they are slipping, then along comes a book like Perl Best Practices, and I'm reminded that when it comes to Perl, O'Reilly authors wrote the book. Once you've rushed through Larry's book and learnt the finer points with Schwartz and Phoenix's 'Learning' titles, you may well find that this is the perfect volume to complete your Perl education. If you believe your Perl education is complete, then buy this volume and I'm sure you'll find a lesson or two for yourself.

This book is not really aimed at the occasional Perl programmer (though many of us would probably benefit from its wisdom), but at the person who is professionally programming in Perl and wants to produce better quality, more easily maintained code. For this person Perl Best Practices is a 9/10. For the rest of us, the 'rehabiting' process might be a little too arduous; personally, I'm going to pick a few of the chapters and work on those for a while, maybe naming conventions and variables. For me I'll give it an 8.

You can purchase Perl Best Practices from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nazarijo writes "The security world has been taken by storm by intrusion prevention system (IPS) products in the past couple of years. After all, a typical intrusion detection system (IDS) only alerts you that something malicious may have happened, and an IPS reacts to it and can prevent the attack. Action in this scenario is obviously preferred to a passive bystander. Still, the IPS solution space is confusing to many." Read on for the rest of Nazario's review of a book designed to erase that confusion. Intrusion Prevention and Active Response: Deploying Network and Host IPS author Michael Rash, Angela D. Orebaugh, Graham Clark, Becky Pinkard, and Jake Babbin pages 424 publisher Syngress rating 7 reviewer Jose Nazario ISBN 193226647X summary An overview of host- and network-based IPS solutions

The June, 2003, report from Gartner on the death of IDS set off a lot of security industry activity. Everyone was busy trying to either defend the IDS product space, reposition their products as IPS devices, or trying to dismiss the Gartner position. Many security engineers had to suddenly evaluate the IPS products on the market and make purchase and deployment decisions, as well. However, there's been a lack of understanding of this marketspace for some time. If you've been curious about this technology, you may want to look at Intrusion Prevention and Active Response: Deploying Network and Host IPS to help you understand these solutions.

It would have been relatively easy to write a book that simply covered one facet of the IPS product space, such as network IPS systems. However, the authors have chosen to try and write a comprehensive overview of the tools currently available for both the network and the host, as well as ways in which they can be attacked and the scenarios they work in. While the book focuses on open source tools, including the Snort IPS extensions, the techniques apply to closed source, commercial tools as well.

In general I found Intrusion Prevention to be a decent first book on the subject, although a bit unfocused in its delivery. At times it seems to try and bite off more than it can chew, or go off on a tangent for too long (such as the many pages of nmap options), but in general the book does a fair job of delivering its promise. Through it you'll get a good overview of many of the technologies present in the IPS marketspace and what they offer. If you're up to it, you'll even learn a few ways to test the tools and weed out the snake oil vendors.

The book is heavy on actual system output and configuration examples. I like the explicit packet captures and snort rules, I think they go a long way towards illustrating the premise of an IPS system. As is somewhat common with Syngress press books, the formatting is a bit off at times (sometimes it's too wide or slips over the page boundary at the wrong time), but if you can work past that you're rewarded with a useful example.

For host-based IPS solutions, the book covers a number of approaches that aren't always evident as IPS techniques. Various stack protection mechanisms, including LD_PRELOAD techniques like Libsafe, GCC modifications such as StackGuard, and kernel modifications like LIDS, PaX, RBAC and GrSecurity are all described.

By now you can see that the book is pretty Linux and open source centric. This isn't too bad at all, since the basic functionality is present in most of the commercial tools, as well. These can include inline network data modification and reactions or application integrity checking tools. The open source versions, while they sometimes have fewer features, are excellent representatives of this technology.

The book really comes together in chapter 8, 'Deploying Open Source IPS Solutions.' Several vulnerable systems are set up, deployed in a fictitious network, and protected through a variety of IPS solutions which work together to create a layered security model. If the network can detect the attack, it's dropped or modified to remove the offending bits. If the malicious data gets through to the host, the host-level IPS tools remediate the problem. All in all a nice example chapter.

The discussion on how to evade IPS devices was a bit lacking, unfortunately. It seems squeezed in, and doesn't have the same level of detail as other chapters on similar topics. Detailed descriptions of the layer 3, 4 and application layer obfuscation techniques would have been useful to help explain this complex topic.

Before you begin thinking that the authors are entirely gung-ho on IPS technologies, they spend a long time discussing how they can be fooled and how they are fundamentally prone to false positives. This tempered stance is valuable, and they recommend that you take a limited set of functionality from your IDS system and make it reactive in your IPS.

There are only a couple of books that cover IPS technologies to any significant degree, and this appears to be the only one solely devoted to discussing IPS approaches for both the host and network. To that end, the authors have done a pretty good job of introducing the reader to what an IPS can give them, how to evaluate it, and what to expect in the real world. While the book itself has some production and layout problems, the material is worthwhile and will give the reader much-needed advice.

You can purchase Intrusion Prevention and Active Response: Deploying Network and Host IPS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

ijones writes "Brute Force, by Matt Curtin, is about an event that many Slashdotters will remember: the cracking of the Data Encryption Standard. In June of 1997, a 56-bit DES key was discovered, and its encrypted message decoded, by an ad-hoc distributed network of computers, cooperating over the Internet. Four and a half months earlier, RSA had issued a challenge to the cryptography community, offering $10,000 to the first group to crack a 56-bit DES encrypted message. In Brute Force, Matt Curtin offers his first-hand account of the DESCHALL team's winning effort." Read on for the rest of Jones' review. Brute Force: Cracking the Data Encryption Standard author Matt Curtin pages 291 publisher Copernicus Books rating 9 reviewer Isaac Jones ISBN 0387201092 summary Volunteers working collaboratively over the internet manage to crack the Data Encryption Standard.

Although I wasn't involved with the DES cracking challenge, I am friends with the author of this book. I took a Lisp course from Matt at Ohio State University and I'll be forever grateful that Matt introduced me to functional programming with a great deal of humor and enthusiasm. I don't think I've ever seen Matt stay so serious for so long, but his enthusiasm comes through clearly in this book.

Brute Force can be enjoyed by both nerds and non-nerds interested in cryptography or codes. Those who have been a part of this or subsequent DES challenges may be particularly interested in this book. Curtin covers some technical details of DES and the brute force attack that the DESCHALL team used to discover a DES key. He also discusses the political and historical significance of this event. This is a fairly technical book, but it goes out of its way to explain non-obvious technical topics, so one doesn't need a lot of technical background to understand it.

Curtin briefly explains a lot of stuff: the C programming language, firewalls, UDP, one-time pads, protected memory, etc., in order to make this book readable for novices. Although I generally did not need such explanations, I did not find them annoying or distracting, as they were fairly brief. In fact, it's fun to read concise explanations of such topics. Occasionally, Curtin does go into just a little too much detail. The chapter on Architecture gives an explanation of some of the many pieces of software that were involved in this effort. This chapter sometimes gets a bit bogged down with explanations of useful scripts that folks wrote to analyze data or forward packets through firewalls.

Brute Force is a very readable and enjoyable book. It is well organized as a narrative, though it is not chronological; Curtin presents the background and substance to each aspect of the story together, rather than chronologically. This can be slightly confusing sometimes, but I think it improves the over-all flow of the story.

In a way, Curtin gives away the ending to the book at the beginning (and in the title), but this isn't ancient history, and most readers will probably already know that DES was defeated by this effort. He still manages to maintain a good sense of suspense throughout the book. He presents tables and analysis of the effort, along with predictions about completion dates that volunteers had made at the time. Unfortunately, he doesn't tell us whether those tables turned out to be correct. What percentage of the keyspace was searched by Macintoshes? How many different kinds of client machines were there in the end? Did Ohio State University try more keys than Oregon State University? Which one is the real OSU?

One of the main themes running throughout the book was that of community. The DESCHALL project was made up of thousands of volunteers from all over the US. Anyone with some spare CPU cycles could get involved by downloading the client software. This may remind you of other distributed computing projects like SETI@home. The community was further broken down into sub-groups like schools who would compete for bragging rights. The organization of the DESCHALL project was much like an open source project, though the key-cracking tools were not open source. Spreading the Word is a chapter about how people started to hear about DESCHALL and what the earliest adopters were like. Some of the tables in a later chapter list the operating system and hardware that the clients were running, which was a pretty cool snapshot of the Internet from 1997. It included lots of OS/2 clients, labs full of SGI machines, and plenty of computers which were only connected to the Internet via dial-up modems. Special scripts were developed for such machines so they could phone home when they needed a new block of keys.

Though the key cracking clients were not open source, they were free as in beer, at least for Americans. Since such cryptography-related software could not be exported at the time, this was a US-only effort. There was a European team, however, with their own software, called SolNet, and Curtin keeps us updated on their progress. In fact the DESCHALL project had an impact on the political debate of this time with regard to the export and control of cryptographic technologies. Curtin gives us interesting periodic updates on the political debate as the DES cracking story moves forward. Cryptography control was defeated at that time, but the use of cryptography is a right that will need continued protection.

The political story of DESCHALL was one aspect of the historical impact of the project. Another impact was the explosion of volunteer distributed computing networks after the DESCHALL project, with SETI@home being one of the most obvious examples. DESCHALL clearly demonstrated the viability of this kind of computation. Curtin touches briefly on this here and there, but does not go into detail. I would like him to more clearly spell out the trends in Internet distributed computing. I would like to hear that DESCHALL was derived from project A and that it inspired projects B, C, and D. Was it was the original Internet distributed computing network? Was it a fad that has abated in the last few years? Curtin touches on this a bit, but says, "Some other distributed computing projects like DESCHALL were around," (pg 200.) He says which ones, but doesn't make any claims that DESCHALL inspired SETI@home, for instance. Perhaps such things are never quite clear in the free exchange of ideas on the Internet.

The political and community aspects of the story wrap up very nicely. Curtin outlines DESCHALL's impact on driving the AES standard, and its (perhaps much smaller) impact on the debates on key escrow and encryption exports. Brute Force is a very enjoyable read about an important event, and I can happily recommend my friend Matt's book to the Slashdot crowd. My only criticisms can really be summed up by saying, "I want to hear more."

You can purchase Brute Force: Cracking the Data Encryption Standard from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stern writes "Pamela Paul’s Pornified surveys the effects of pornography in America. On the basis of the book jacket, this might seem more appropriate material for iVillage than Slashdot, except for one thing: pornography pervades the Internet and drives the adoption of new technologies. You can’t fairly tell the story of one without the other." Read on for the rest of Stern's review. Pornified author Pamela Paul pages 320 publisher Times Books rating Worth reading reviewer Stern ISBN 0805077456 summary A study of the technology-fueled expansion of pornography and its effects on those who use it

Paul spoke with researchers and therapists, she surveyed the academic literature and commissioned her own study, and then, most remarkably, she tracked down more than 100 people who were willing to talk about their experiences with pornography. Men and women, detractors and fans, casual users and perverts. She arranges this material into chapters about how pornography affects men, on how it affects women, another on children, and so forth.

This is not a “gee whiz, look at all the dirty pictures” screed urging us to hang up our mice and go to church. It is more a summary of research than an opinion piece, and though the preponderance of the research presented is damning to pornography, defenders appear in most sections as well.

The book is remarkable in two ways. First, it presents a greater amount of hard data than I have ever seen on this topic before. Second, the interviews are amazing. Where does she find these people? The military man who masturbates by the side of the highway, the child porn addict who fantasizes about the girls he is teaching in Sunday school, the adult virgins with the almost clinically precise descriptions of what they expect in a woman (“I’m a big fan of full shaved,” etc.).

Pornified is worthwhile for this research and these stories, even if you disagree with the conclusions that Paul draws from them.

I found fascinating, for example, that a number of double-blind studies of the effects of pornography were completed over twenty years ago, but that the results were so damning that it has been difficult to follow up on them. The effects of dirty movies on the people who look at them were so profound that ethics boards at universities deny researchers the approval to show them to human subjects.

What are these effects? The book devotes chapters to this, and I can summarize only very briefly. For many people, porn has quasi-addictive characteristics, requiring escalation to maintain a constant level of stimulation. It dampens empathy, it changes expectations, and it damages relationships. The interviews in the book back this up; it contains example after example of people who started with modest porn searching online, then graduated to more heinous stuff.

And this is all about the Internet. Paul pays lip service to Playboy and smutty VHS tapes, but this is a story about X-rated websites, Usenet groups, and p2p file sharing.

Paul cites a study from 2000 that ties that the expansion of technological avenues for pornography to its growing more explicit, more dehumanizing, and more violent. In other words, alt.binaries.pictures.erotica was pretty tame. But then a.b.p.e.blonds and a.b.p.e.asians appeared, and these refined the expectations of their users, paving the way for the creation of a.b.p.e.bukkake and a.b.p.e.rape. And where the original newsgroup probably didn’t cause too much damage to anybody, the same can not be said for its increasingly brutal descendants.

Consider this — prior to the Internet, law enforcement believed that child porn had been basically wiped out. It was a crime from a previous age, like body snatching. But then came the Web. Between 1996 and 2004, child-porn cases handled by the FBI increased 23 fold. The research presented in Pornified argues that technology does not merely make it easier to serve an existing desire, it allows deep exposure that for many people results in stronger and more specific versions of the the original demand.

Paul presents most of this neutrally, but you can sense contempt for non-pornographic websites that link to porn sites, or endorse them. She doesn’t name any names, but the savvy reader will recognize Fark as one of her targets, and I suspect that Farkers figure among her interviewees.

Such “smut” can be defended, of course, and the book gives defenders their say. The obvious response is “porn has been around forever, so stop complaining that it is suddenly a threat to society.” But it seems to me that this response is disingenuous. You can’t compare an issue of Playboy and the Atari 2600 cartridge of “Custer’s Revenge” to the seamless infinity of smut that lives on the Internet today.

The second major response to the claims in this book follows the First Amendment. Regardless of harm, we must not start down the slippery slope of restricting access to objectionable material. Paul considers this, but her the book discusses concrete harm, and she argues that civil liberties are not absolute where one person’s rights hurt other people (not many argue for their right to cry “fire” in a crowded theater, for example).

Though Paul did not set out to explore the industry of porn production and distribution, in the course of her research, she did discover things I didn’t know. For example, she interviews one man who works in the oil industry and spends 25% of every working day surfing porn sites and submitting reviews to “porn aggregators” for a fee. It’s not about the money, though; he feels pride in his influence as a kind of porno tastemaker.

The material about pornography and children, and the chapter about sex addicts, were particularly strong.

Some of Paul’s interviewees play off the awkwardness of the topic, and one in particular starts something like a stand-up routine, criticizing the porn movies of the early 1980s for their lack of strong plotting. Personally, I thought it was funny that two women independently complained about the “cheesy... crappy” quality of black porn, relative to porn made for whites.

What’s bad? The topic is a difficult one, and perhaps impossible to approach without prejudice. Some readers will dislike Paul's conclusions and will dismiss the entire book as a result. Also, in the interviews, some stories leave out details the reader is bound to want to know. One of the interviewees is the “former CEO of a large international corporation,” who “lost his job due to pornography.” How? What happened? Did he dress in a leather teddy at a board meeting? The chapter about porn and relationships was less interesting to me than the rest, but your mileage may vary.

Paul comes to strong conclusions, and each reader will have to decide for himself whether or not he thinks her recommendations are wise. Her main goal, however, is probably to change the debate on pornography so that it is no longer simply about morality and free speech, but also includes a discussion of whether or not technology-fueled porn hurts people. In this regard, I think she is apt to be successful.

You can purchase Pornified from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Martin Ecker writes "The Red Book, also known as the OpenGL Programming Guide, is back in its fifth edition. It received the name Red Book because of the nice red book cover, and possibly also because it has remained the standard introductory text on the OpenGL graphics API for years, and always referring to it as "OpenGL Programming Guide" is too long. This fifth edition now also covers new features introduced with versions 1.5 and 2.0 of the OpenGL standard. So let me take you on a tour through the pages of this book to see what it has to offer." Ecker's review continues below. OpenGL Programming Guide (5th Ed.) - The Official Guide to Learning OpenGL, Version 2 author Dave Shreiner, Mason Woo, Jackie Neider, Tom Davis pages 838 publisher Addison-Wesley Publishing rating 8 reviewer Martin Ecker ISBN 0321335732 summary A very complete and thorough introduction to OpenGL

I should mention that the last edition I read of the Red Book was the first edition, and a lot of material has been added to the book in the meantime. Just as the first edition, however, the fifth edition is still incredibly complete and thorough. It contains explanations of pretty much every feature of OpenGL, even the rarely used ones. You want to know about the new occlusion queries added to OpenGL recently? It's in this book. You want to know about the accumulation buffer and its uses? It's in this book. You want to know about the (mostly deprecated) use of indexed color buffers? It's in this book. The only thing the book does not cover in detail is vertex and fragment shaders because they have their own book, the Orange Book (aka The OpenGL Shading Language) -- see my previous Slashdot review.

The Red Book is aimed at the beginning to intermediate graphics programmer who is not yet familiar with OpenGL. It assumes a basic background in computer graphics theory and working knowledge of the C programming language. The book consists of 15 chapters and 9 appendices that together span approximately 800 pages.

The first chapter gives a brief introduction to the basic concepts of OpenGL and describes the rendering pipeline model used in the API. GLUT, a cross-platform library that allows easily creating OpenGL applications, is also shortly discussed together with a program that shows GLUT in action. The following chapters proceed to explain the basic geometric primitives, such as lines and polygons, supported by OpenGL and how to render them in different positions and from different viewpoints using the various OpenGL matrix stacks. The authors also discuss here the basics of using colors, fixed-function lighting, framebuffer blending, and fog.

Chapter seven contains a description of display lists, a unique feature of OpenGL that allows to store OpenGL API calls for efficient multiple use later on in a program. Chapter eight then moves on to discuss what an image is for OpenGL, which brings us straight to chapter nine on texture mapping, one of the largest chapters in the book. This chapter discusses everything you need to know on textures, from specifying texture images in uncompressed and compressed form to applying textures to primitives using the various kinds of supported texture filters. Also depth textures and their application as shadow maps are presented.

In chapter ten the authors discuss the buffers that make up the framebuffer, such as the color buffer, depth buffer, and stencil buffer. This chapter summarizes some of the things already presented in the earlier chapters and then describes the various framebuffer operations in more detail. Also the accumulation buffer and its uses, such as motion blur and depth of field effects, are discussed. Chapter eleven and twelve are on the tools provided by GLU, the GL utility library, in particular tesselators, quadrics, evaluators, and NURBs. GLU is nowadays rarely ever used in production code, so these chapters mostly demonstrate just how complete the Red Book is in its coverage of OpenGL. This also applies to chapter thirteen on selection and feedback, which are rarely used features, mostly because of the lack of hardware acceleration.

Finally, chapter fourteen is a collection of topics that didn't fit into the other chapters, such as error handling and the OpenGL extension mechanism. Additionally, this chapter presents various higher level techniques and tricks, for example how to implement a simple fade effect, how to render antialiased text, and some examples of using the stencil buffer. The final chapter of the book - newly added in the fifth addition -- is a short introduction to the OpenGL Shading Language (GLSL, for short). Even though the OpenGL API functions required to use GLSL are presented, this is only a quick overview of how programmable shaders are used in OpenGL. For a more detailed description of GLSL the reader is referred to the Orange Book.

The book closes with quite a few appendices on the order of operations in the OpenGL rendering pipeline, the state variables that can be queried, the interaction of OpenGL with the operating system-specific windowing systems, a brief discussion of homogeneous coordinates as used in OpenGL, and some programming tips. Also a reference of the built-in GLSL variables and functions is included, which is a bit odd considering that the Red Book actually doesn't really concentrate on programmable shaders or GLSL. It's a good reference nevertheless.

The book contains a large number of images and diagrams, all of them in black and white except for 32 color plates in the middle of the book. The illustrations are of high quality and generally help make the explained concepts and techniques easier to understand. Most of the color plates depict spheres, teapots, and other simple geometric objects, so they aren't overly eye-catching but do serve their purpose of showing what can be achieved with OpenGL.

The Red Book remains the definitive guide to learning OpenGL. Whenever someone asks me "What book should I read first to learn OpenGL?" this is the book I refer them to. Apart from being a good introduction, it also contains many interesting tips and tricks that make the experienced OpenGL programmer come back to it often. If you've read through this book in its entirety you pretty much know everything there is to know about OpenGL.

Martin Ecker has been involved in real-time graphics programming for more than 9 years and works as a games developer for casual arcade games. In his rare spare time he works on a graphics-related open source project called XEngine. You can purchase OpenGL Programming Guide (5th Ed.) - The Official Guide to Learning OpenGL, Version 2 from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Jim Holmes writes "Mary and Tom Poppendieck's Lean Software Development: An Agile Toolkit is a great read for anyone interested in agile software development. That includes developers, leads, and managers interested in speeding up development cycles, improving quality, and getting their customers the best value. This book's been out since May, 2003, but it's well worth picking up. The concepts within are absolutely applicable now, and will continue to be for quite a few years." Read on for the rest of Holmes' review. Lean Software Development: An Agile Toolkit author Mary and Tom Poppendieck pages 240 publisher Addison Wesley rating 9 reviewer Jim Holmes ISBN 0321150783 summary Toolkit for getting agile development in your organization.

Lean Software Development is full of pertinent comparisons between the current state of software development and the massive changes in manufacturing over the last three decades, specifically demonstrated by the Toyota Production System, and 3M's innovative atmosphere for bringing products to life. The Poppendiecks make a great case as to how similar changes in software development can reap great benefits in the software production industry. Who It's For The book's very useful for anyone involved in or around the software development process: developers, leads, managers, and corner-office types. Corner-office types won't get as much out of the book as those in the trenches, but the Poppendiecks' arguments against overly-constraining process management systems may help high-level managers come to understand that such systems can actually hurt production.

Who It's Not For This book isn't for closed-minded folks who think the waterfall method and a preponderance of documentation and process control are the bee's knees. The book talks specifically about how Six Sigma, Capability Maturity Model (CMM), Capability Maturity Model Integration (CMMI), and Project Management Institute (PMI) certification can drag down development productivity and quality. Also, it's not for folks who are unwilling to consider that shorter delivery cycles improve feedback, quality, and lower cost.

(Note that the authors specifically point out that agile development does not mean tossing out all documentation and process.) What It Covers The book is labeled a "toolkit" for lean development, and it describes 22 "tools" -- that is, approaches which will help an organization move to a leaner development system. The authors start off with a great explanation of what lean practices are and how they can benefit software development. They then move on to more detailed coverage of important principles.

The book's broken into chapters covering the seven principles the Poppendiecks lay out as fundamental to agile practices: eliminating waste, amplifying learning, deciding as late as possible, delivering as fast as possible, empowering the team, building in integrity, and seeing the whole. Those seven principles may sound like marketing blabberspeak, but the Poppendiecks nail each section down with terrific discussions of applicability.

They've also got great examples tying the principles into how manufacturing has so drastically improved its processes. Each chapter concludes with a "Try This" section aimed at getting your group moving in a lean direction.

The second biggest benefit after the book's content is the extensive reference list. There's an impressive bibliography, and each chapter is loaded with footnotes referencing various books, articles, etc. This gives interested folks a great guide for further reading.

The book's summary chapter is especially good. It concisely wraps up the book in the somewhat tongue-in-cheek format of an instruction sheet for the tools the Poppendiecks have laid out. The "Caution - Use Only As Directed" section is particularly useful because it shows how one should not use the principles: "Eliminate waste does not mean throw away all documentation," and "Deliver as fast as possible does not mean rush and do sloppy work." The summary also breaks out high-level details for implementing in large and small companies. The authors are particularly helpful in pointing out strategies for dealing with difficult process improvement programs such as Six Sigma, CMM, and/or CMMI. They point out the political aspect of how to approach implementing agile methodologies in organizations constrained by such "helpful" policy systems.

There's also a note for folks working in safety-related fields where regulations and immense processes dictate how to do work: Shortening cycles in such environments can better ensure people aren't killed by software failure. What It Doesn't Cover Despite the great coverage of the principles and tools, this book isn't a detailed guide for implementing agile processes at your organization. The authors are very adamant that no two organizations function alike. Implementing agile processes requires some careful forethought before jumping in. The authors don't advocate any one methodology over another, so don't look to this book for help in deciding whether you want XP, FDD, SCRUM, or any one of the other alphabet-soup-of-the-day agile buzzwords.

Additionally, I thought a few items were given pretty cursory coverage. One example is in the chapter on late decisions where the authors breeze right over implementing a quick persistence layer to put off deciding on exact database implementation. I particularly would have liked more detail in that item. On the flip side of that; however, is the great detail given to value stream mapping, feature implementation burn rates, and several other very, very useful items - so my complaint is really that one particular item I'm working on right now wasn't covered as well as I'd have liked. Bottom Line This really is an important addition to your reading list if you're at all interested in learning how an agile environment can increase your speed, quality, and cost effectiveness. It's a great book if you're in need of guidance on how to look at and improve your current environment. It's also a great book if you need backup for convincing either your co-workers or management that a move to agile is necessary.

You can purchase Lean Software Development: An Agile Toolkit from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nazarijo writes "The field of investigative forensics has seen a huge surge in interest lately, with many looking to study it because of shows like CSI or the increasing coverage of computer-related crimes. Some people see a career opportunity there, and are moving toward computer forensics, marrying both law enforcement and investigations with their interest in things digital. Central to this field is the study of data storage and recovery, which requires a deep knowledge of how filesystems work. Brian Carrier's new book File System Forensic Analysis covers this topic with clarity and an uncommon skill." Read on for the rest of Nazario's review. File System Forensic Analysis author Brian Carrier pages 600 publisher Addison Wesley Professional rating 9 reviewer Jose Nazario ISBN 0321268172 summary The standard for digital filesystem forensics

It's easy to think that computer filesystems are relatively simple things. After all, if 'dir' or 'ls' don't show what you're looking for, maybe an undelete program will work. Or will it? To be a decent, trustworthy expert in forensics (a requirement if you plan to participate in any criminal investigations), you'll have to learn how filesystems really operate, how tools like undelete and lazarus work, and how they can be defeated.

Carrier's book isn't a legal book at all, and it doesn't pretend to offer much insight into the law surrounding forensics. Instead it focuses on technical matters, and is sure to be the gold standard in its field. This is important, because it comes at you expecting you to have some knowledge, even if only informal, of what a filesystem contains. With a basic understanding of data structures, you'll get a wealth of information out of this book, and it will be a good reference long after you've first studied it.

File System Forensic Analysis is divided into three sections. These are arranged in the order that you'll want to study them to maximize the benefit you can hope to achieve, namely an understanding of how to examine filesystems for hidden or previously stored data. The first three chapters cover a fundamental series of topics: Digital Investigation Foundations, Computer Foundations, and an introduction to Hard Disk Data Acquisition. While they start at a basic level (e.g. what hexadecimal is), they quickly progress to more developed topics, such as the types of interfaces (SATA, SCSI, IDE), the relationship of the disk to the computer system as a whole, and how data is stored in a file and filesystem at a basic level. A lot of examples given use Linux, due to the raw, accessible nature of UNIX and UNIX-like systems, and the availability of tools like 'dd' to gather data.

Part 2 covers "Volume Analysis," or the organization of files into a storage system. This introduces the basics of things like partition tables (including how to read one). The next few chapters cover PC-based partitions (DOS and Apple), server-based partitions (BSD, Solaris and GPT partitions), and then multiple disk volumes like RAID and logical volumes. With this introduction, the final chapter of the section covers how to use these filesystem descriptions in practice to look for data during analysis. Filesystem layouts, organization, and things like journals and consistency checks are covered with a clarity and exactness that's refreshing for such a detailed topic.

Having covered the basics of filesystems, Part 3 covers the bulk of the book and material. Several chapters follow that specifically show you how to analyze particular filesystems by using their data structures to direct your reads. A range of filesystems are covered, including FAT, NTFS, EXT2 and EXT3, and the BSD types UFS1 and UFS2. Each filesystem has two chapters, one devoted to concepts and analysis, another entirely about data structures. Dividing each filesystem type like this lets Carrier focus first on the theory of each filesystem and its design, and then the practical use of its design to actually understand how to pull data off of it.

The real strength of File System Forensic Analysis lies in Carrier's direct and clear descriptions of the concepts, the completeness of his coverage, and the detail he provides. For example, a number of clear, well-ordered and simple diagrams are peppered throughout the book, explaining everything from allocation algorithms to NTFS alternative data streams. This use of simple diagrams makes the topics more easily understood, so the book's full value can be appreciated. This is the kind of thing that sets a book apart from its peers and makes it a valuable resource for a long time.

Finally, Carrier brings it all together and shows us how many aspects of filesystems can be examined using his "sleuth kit" tools, freely available and easy to use. Without appearing to hawk this tool at the expense of other valuable resources, you get to see how simple and direct filesystem manipulations can be done using a direct approach. This kind of presentation is what makes File System Forensic Analysis a great foundation.

Overall I'm pleased with File System Forensic Analysis, I think that Carrier has achieved what few technical authors do, namely a clear explanation of highly technical topics which retains a level of detail that makes it valuable for the long term. For anyone looking seriously at electronic forensics, this is a must have. I suspect people who are working on filesystem implementations will also want to study it for its practical information about NTFS. Overall, a great technical resource.

You can purchase File System Forensic Analysis from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Pankaj Kumar writes "Controversies aside, JBoss has emerged as a credible alternative to commercial J2EE App Servers for developing and deploying Java based server applications. Besides the usual advantages of open source and GPL licensing, what sets it apart is its JMX based microkernel, a light-weight framework to run independently developed Java programs within a single JVM. Together, these make it possible for one to pick and choose components and assemble a custom server anywhere between the two extremes (and beyond!) of a simple Servlet Container and a full-fledged J2EE Server. JBoss - A Developer's Notebook by Norman Richards, a JBoss developer at JBoss, Inc., and Sam Griffith, Jr., a software consultant and trainer, is a no-fluff How-To guide on doing stuff with JBoss in O'Reilly's new Developer Notebook format." Read on for Kumar's review of the book. JBoss - A Developer's Notebook author Norman Richards & Sam Griffith, Jr. pages 150 publisher O' Reilly rating 7 reviewer Pankaj Kumar ISBN 0596100078 summary A How To Guide on Working With JBoss

True to the format, this book doesn't waste pages on paeans to architectural elegance, internal design or conceptual deliberations, and limits itself to the basic needs of most professionals -- how do I do this or that with JBoss, where to start, what steps to carry out or what code to write, and what happens behind the curtains.

Books dealing with J2EE products tend to be fat and bulky, but this (note)book doesn't fall in that category. By covering only JBoss specific aspects and avoiding general J2EE topics, this rather thin book has managed to include a good deal of difficult-to-find information about JBoss. In fact, while going through its pages, I got a feeling that the authors have taken care to be different and complementary to the online documentation available in the JBoss Application Server Guide and JBoss Wiki.

In support of the above claim, let me compare the coverage of how to deploy applications under JBoss, an important activity with any J2EE container, in the JBoss Guide, JBoss Wiki, and the book under review. The JBoss Guide covers application deployment as part of the JMX based microkernel architecture and design, describing, in excruciating detail, the internal components responsible for the deployment and and how they interact. The JBoss Wiki takes a more externally focused approach, talking about hot deployment capability, relevant directories and configuration files in an installed system, and steps in a typical deployment process. In contrast, Developer's Notebook goes through the whole process of creating the deployable WAR file for a web application, deploying that to JBoss by copying the created file to JBoss's deploy directory, and verifying successful deployment or looking for errors. It even talks about how to modify a deployed application. Needless to say, the last one is most useful to someone who just wants to deploy his or her application.

True to its lab notebook style, the book makes important, though not integral, observations about specific topics in the page margins. For example, a note in the margin of deployment steps tells you that you can include a deployment package within another deployment package, up to an arbitrary level of nesting, a la Russian doll packaging. I found this informal way of communicating relevant stuff quite effective.

Another noteworthy aspect of this book is that it makes generous use of appropriate tools, such as Ant and XDoclet, to get things done. This can be either good or bad, depending upon your familiarity with these tools. For me, it turned out to be a mixed bag. I know Ant and am happy writing Ant scripts for packaging and deployment. It is different with XDoclet, which I haven't had a chance to use so far. But perhaps the authors know better and one should just get familiar with it before working on any project involving JBoss and Enterprise Java Beans.

It is difficult, if not impossible, to cover each and every aspect of software as feature rich and complex as JBoss in any single book. This leaves the somewhat unpleasant task of choosing topics to the the authors and editors, for the selection may or may not match the needs of a particular reader. At the same time, it increases the responsibility of a reviewer like me who must help a prospective buyer decide for or against making a purchase, based on her needs.

Let me attempt to do that by making two lists: first, what is included and then, what is not.

What is included (paraphrased Table of Contents):

• How to install, start, examine (through JMX Console) and shutdown JBoss Server.
• How to package, deploy, observe and undeploy an application.
• How to create a web application with database access and user authentication.
• How to use MySQL as database for a JBoss application.
• How to setup user database, login modules and enable SSL.
• How to configure logging for various components of JBoss.
• How to map schema, objects and relations to database tables.
• How to monitor and manage a JBoss application with MBeans.
• How to create a custom JBoss with modules that your application needs.

A similar, comprehensive, list of what is not included is simply not possible. Still, I have gone ahead and created the following based on my experience with JBoss. Keep in mind that these reflect the kind of applications I have worked on and may not be representative of your needs.

• How to use JBoss as a J2SE container.
• How to develop Web services with JBoss.
• How to create, package and deploy an application consisting of JBoss services, web applications and web services.
• How to troubleshoot class loading problems.
• How to isolate applications within a single JBoss server instance.
• How to profile for performance bottlenecks.
• How to run multiple instances of JBoss Server on a single machine.

I can only hope that the authors will take this as a reader feedback and include some of the above in a future edition.

So, what else is there not to like about this book? One thing that caught my attention was the relative absence of insight into why things worked the way they worked: What are the underlying patterns and how can the awareness about these patterns be applied to other similar situations? These are the things I look for in a new product or technology, and have found them to be much more helpful than just a compilation of step-by-step descriptions of doing things. Perhaps the Developer's Notebook format doesn't allow for such digressions, still I think inclusion of such insights would have improved the book.

Overall, I would say that JBoss - A Developer's Notebook is a good introductory book for those who are thinking of getting started or are just getting started with JBoss. If you have already worked on JBoss and are looking for more advanced or esoteric stuff, then this book is perhaps not for you.

You can purchase JBoss - A Developer's Notebook from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Aeonite writes "Cybernetics (that is to say, the sort associated with Cyberpunk) has long been an interest of mine, and so I was eager to dive into Digital People: From Bionic Humans to Androids , which is about exactly what it proclaims to be about. Sort of. The book does indeed cover everything from Bionic Humans to Androids, but the continuum of artificial beings is heavily weighted towards one end of the spectrum. Overall, the book is quite comprehensive in dealing with physical aspects of artificial intelligences, but when it comes to the nature of intelligence itself, the book barely dips its toe in the water. As the author himself says, the question here is not "Can machines think?", like Turing, but rather 'Can machines live?'" Read on for the rest of Aeonite's review. Digital People: From Bionic Humans to Androids author Sidney Perkowitz pages 248 publisher Joseph Henry Press rating 7 reviewer Michael Fiegel ISBN 0309089875 summary A detailed exploration of the history of artificial beings

Where Have We Been? The book opens with a 13-page introduction ("Androids All Around Us") that sets up the material to follow, exploring the nature of artificial things and how we bond to them, personifying everything from the obviously inanimate cars and computers, to seemingly lifelike robots like MIT's Cog and Kismet, Sony's AIBO and Tiger's I-Cybie. The lines between what's alive and what's artificial are blurred even further when one considers that some 10 percent of the U.S. population are by definition bionic, possessing some degree of artificial parts -- everything from prosthetic limbs, to artificial hearts and hips, to breast implants and hearing aids. Not that this is anything new; the author tells us, for instance, that Aristotle imagined artificial beings in the 4th Century BCE, and several of the Norse gods and heroes had artificial hair and limbs. The difference now is that we're on the verge -- how close is up for debate -- of creating artificial, intelligent life, and it is the author's argument that now is the time to start thinking more about what that means. "To create artificial minds and bodies," he says, "we must first better understand ourselves."

The bulk of the book is split into two parts. The first, "Artificial Beings: Meaning and History" is semi-self explanatory, featuring three chapters that cover the history of robots, automatons and the like, from ancient times to the present day.

Chapter 2, "The Virtual History of Artificial Beings", is devoted entirely to fictional beings -- not only R2D2, Robocop, The Six Million Dollar Man, and other modern examples, but also Mary Shelley's Frankenstein, Pygmalion's ivory statue, the bronze Talos, Jewish golems and Frank L. Baum's Tin Man and Tik-Tok, among others. Interesting tidbits abound here: for example, the revelation that the term Robot -- first featured in Karel Capek's R.U.R. (Rossum's Universal Robots) -- comes from the Czech word "robota," which means "forced labor." Also interesting is the acknowledgment that for all the attention paid to Asimov's three laws of robotics, many of his stories deal with situations where those laws are broken, bent or otherwise shown to be invalid.

Chapters 3 and 4, on the other hand, cover real examples of artificial beings and bionic devices, from classical times to the early 1990s. Everything from Jacques de Vaucanson's musicians and Pierre Jaquet-Droz's automata, to explorations with galvanism in the 18th Century, to the development of computers and robots through the first half of the 19th Century are addressed. Again, the author digs up some fascinating insights and revelations here: mention of iron prosthetic legs in ancient Indian poetry; wooden and bronze legs for Greek and Roman soldiers; and the idea that advances in medicine since World War 2 have allowed soldiers to live with grievous wounds more often, which in turn has led to an increased need for development of better prosthetics.

Where Are We Now? The second part of the book, "How Far Along Are We?", spans five chapters, and covers mind-body interfaces, methods of robotic locomotion, sensory input, self-awareness and the like.

Chapter 5, "Mind-Body Problems", is very theoretical, offering more questions than answers, particularly as compared to the respectively crunchy material already covered. Can an artificial brain support a conscious artificial mind? Is a soul something special and unique to humans, or just the collective perceptions of a 3-pound mass of watery tissue? The following two chapters are a bit more crunchy, covering "Limbs, Movement and Expression" and "The Five Senses, and Beyond", respectively. Both provide plenty of concrete examples of the subject matter, with today's most advanced robots -- Honda's P2, P3 and ASIMO; Tokyo IT's snakelike ACM R-1; NASA's Robonaut, Spirit and Opportunity; and MIT's Kismet -- covered in reasonable depth. Problems and limitations of robots are also dealt with, including sensory bandwidth limitation, facial detection failure rates, the concept of "good enough" speech recognition, etc.

Chapter 8 takes us upstairs, covering "Thinking, Emotion and Self-Awareness" and the basics of what it means to have a robot brain. The world's three "smart" digital beings are covered in some depth here: ASIMO, the oldest, can walk backwards, keep balance, react to body language, recognize its name and wave hello; Kismet, who consists of only a head and face, can react to movements and expressions, but requires 15 networked computers to do so; and Sony's QRIO is only 23 inches tall, but can have 20,000 word conversations, sing in harmony, and greet people it knows by name, based only on facial recognition. Also covered are Commander Data's emotion chip, monkeys controlling robot arms with their brains, and the infamous light-seeking eels, ever a favorite on Slashdot.

Chapter 9, "Frankenstein's Creature or Commander Data", explores the ramifications of robotic development, and how they differ from society to society. In Japan, where roughly half of the world's million robots reside, artificial creatures have a mostly civilian role, whereas in America, military applications have a larger role. Does this result from religious differences? The author, citing Robert Christopher, suggests that Buddhists take a different view of robots than do Christians because Buddhism "does not place man at the center of the universe, and in fact, makes no particular distinction between the animate and the inanimate." Samurai swords have souls, and machines have ghosts.

Where Does That Leave Us? What, in the end, does this mean for us? Can machines be truly human if they never grow up, have no accumulated cultural experience? What does it mean for humans when the cost of labor rises while the cost of robots falls? Will it happen in our lifetimes? Turing predicted that a machine would pass his infamous test by the end of the century; Kurzweil says it will happen by 2029. Who's to say? Not the author -- he leaves off with no conclusions but that the journey will be uplifting, and will give us a sense of wonder at what we might accomplish.

This seeming lack of conclusion leaves the book a bit shallow, though one can't truly fault the author for not answering such a difficult question, especially since he backs away from "going there" at several points in the book. The author's refusal to speculate deeply about such matters make it clear why certain examples were "missing" from Part 1. While relatively minor works such as Marge Piercy's 1991 "He, She and It" were covered there, William Gibson's Neuromancer was notably absent (the author is only mentioned once, in passing, on page 189). And in a section that covered Blade Runner, The Terminator, Robocop and the Six Million Dollar Man, where were Ghost in the Shell and Max Headroom, both of which cover the nature of what it means to be artificial? The answer can probably be found in chapter 5's final sentence, which reads (in part): "...although the full mind-body recipe remains unknown for us and our artificial kin, a great deal of progress has been made on the bodily ingredient..." In other words, "we don't know much about the mental stuff, so let's look at the physical." This particular focus means that the book skews heavily towards a discussion of robots and robotics, with comparatively little attention paid to bionics and cybernetics; a better subtitle might have been "From Robots to Androids".

Also a bit troublesome is the fact that several areas -- particularly those dealing with more recent developments -- are glossed over, mentioned briefly, even tantalizingly, and then left behind. Electro-Active Polymers and the AMRI (Artificial Muscle Research Institute) are mentioned only in passing, and although brain-machine interfaces are mentioned several times, it's never with any real depth. The book's Filmography suffers from this focus on the past as well; only two of the 23 films and TV shows listed are from the past decade, with Star Trek and The Terminator left to represent the 1990s all alone. Although the book's historical perspective is intriguing, I would have preferred to hear a bit more about current events and examples.

Overall, Digital People is an enjoyable read, and is heavy with substance for those interested in learning about the history of artificial beings and robots, from ancient times to the 1990s. Those looking for more about cybernetics and human-machine interfaces might find themselves wanting more, but if your own tastes run more towards Asimov than Gibson, you won't be disappointed.

You can purchase Digital People: From Bionic Humans to Androids from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Simon P. Chappell writes "I don't know about you, but I hardly bother with browser bookmarks any more. I used to have so many bookmarks, back in the early days of Netscape's 4 series, that I would have to regularly trim and edit my bookmark file to prevent my browser from crashing on startup -- that's a lot of bookmarks, folks! Now, I go to my favourite web search engine, enter a couple of appropriate search terms and voila, there's my page! Search engines are so ubiquitous that we rarely give much thought to the technology that powers them. Lucene in Action by Otis Gospodnetic and Erik Hatcher , both committers on the Lucene project, goes behind the HTML and takes you on a guided tour of Lucene, one of a generation of powerful Free and Open-Source search engines now available." Read on for the rest of Chappell's review. Lucene in Action author Gospodnetic and Hatcher pages 421 (7 pages of index) publisher Manning rating 9 reviewer Simon P. Chappell ISBN 1932394281 summary Solid introduction to Lucene Who's it for? Lucene is a library and framework, rather than a complete application. It truly is an engine, around which you are expected to build and extend your own application. Like Lucene, the book is targeted at those who are looking for a tool to build their own search facility application rather than just "download and go." The book does include a number of case studies of Lucene usage (including at least one download and go search engine) but those are included to show how to use and adapt Lucene to fit differing environments rather than as ends in themselves. The Structure The book is sensibly divided into two parts. The first part looks at "Core Lucene" functionality, while the second part addresses "Applied Lucene".

Part one has six chapters, covering the central components and inner workings of Lucene. It's here that the book starts with a tutorial introduction, familiarising the reader with the concepts of Lucene as a search engine around which you wrap your own code. The other five chapters move steadily through good search engine fare, with indexing getting the whole of chapter two to itself The discussion of how to retrieve text from the documents being indexed is mentioned here but postponed until chapter seven, where it is dealt with exhaustively. Chapter three covers searching, and especially how Lucene ranks documents.

Chapter four examines analysis. In it's chapter introduction, the book explains that "Analysis, in Lucene, is the process of converting field text into it's most fundamental indexed representation, terms." This process is performed by an analyser, which tokenises text according to it's own built in rules; each analyser will have a different emphasis, some want only dictionary words, others might explicitly include acronyms and sometimes you'll want an analyser that will block stop words (those words in languages that are part of the structure, but that add nothing to the information being conveyed by the text; classic examples of stop words in English include "a", "and" and "the").

Chapter five looks at advanced search techniques; everything from sorting search results, searching on multiple fields to filtering searches. Many free or open source software tools are extensible, and Lucene is no exception. Chapter six addresses creating and using custom components within Lucene, everything from custom sort methods to custom filters.

Part two, the final four chapters, cover Applied Lucene. It is dedicated to practical uses of Lucene and answers the question "So, what can I do with a search engine?" Chapter seven covers ways and means to parse common, non-plain text document formats. The primary formats covered are RTF, XML, PDF, HTML and Microsoft Word. The ability to parse and index these file formats will cover the search engine needs of the majority of Lucene users. Chapter eight looks at a number of Lucene tools and extensions that are available; many of them being free and open source software. Chapter nine covers ports of Lucene. While for many users, Lucene being a Java library is not a problem, some users want its functionality in environments that do not have Java. The chapter looks at ports written in C++, C#, Perl and Python. Lastly, chapter ten takes a thorough look at seven Lucene case studies. Perhaps the "star" case study is the one about Nutch, a download and go search engine written by Doug Cutting , the original author of Lucene.

There are three appendices. The first offers installation advice for Lucene; a useful addition that those newer to working with Java libraries will surely appreciate. The second appendix has a very well explained description of the Lucene index format. This is the kind of information that can be hard to find, so it is welcome in a book of this sort. The last appendix contains a number of categorised resource references. The number and breadth of the resources provided could provide quite an incredible education in information retrieval theory if the reader was inclined to read them all. What's to Like? There are several things to like about this book. Let's start with the fact that the authors are part of the core development team of Lucene. This gives them both credibility and an excellent understanding of the internal workings of Lucene. Co-author Erik Hatcher is a fantastic writer, having previously been a co-author of the only Ant book worth bothering with, Manning's Java Development with Ant . (Full disclosure: I do know Erik personally.)

The structure of the book is well thought out and each chapter does seem to move your understanding forward when combined with what you learned from the proceeding ones. The division into core and applied Lucene is also helpful. While you'd hope that this was the case, it often isn't; hence I note it as a positive.

I especially appreciate that this book does not fill up page after page with API documentation. The authors appear to have grasped that if you have Internet access to download the software, you might just be able to access the documentation online; rather, they concentrate on the way to use the software. What a concept!

As a part of Manning's "in Action" series, the book has excellent layout and has obviously been thoroughly edited by both technical evaluators and copyeditors. This might seem to be a small thing to some, but a well-edited book stands out clearly from the crowd. What's to consider? If you are looking for a book on using and configuring a download and go style of search engine, this book would be less suitable. While the case study on Nutch is of good length, it would be too short to useful as a configuration guide. Conclusion I enjoyed reading this book. If you have any text searching needs, this book will be more than sufficient equipment to guide you to successful completion. Even, if you are just looking to download a pre-written search engine, then this book will provide a good background to the nature of information retrieval in general and text indexing and searching specifically.

You can purchase Lucene in Action from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

evanak (Evan Koblentz) writes "Last year, at the PhillyClassic videogame event, I noticed a teenager wearing an ironic t-shirt. His shirt showed an original Nintendo controller and said 'Know your roots.' Sadly, it's not just modern youngsters who are unaware of their technological roots -- sometimes even we self-proclaimed adult über nerds are equally unaware. Regarding videogames, this is especially true, and now industry pioneer Ralph Baer is trying to rectify the situation. His attempt takes the form of a sincere autobiography, although with mixed results. The book is titled Videogames: In the Beginning." Read on for the rest of Koblentz's review. Videogames: In the Beginning author Ralph Baer pages 260 publisher Rolenta Press rating 8 reviewer Evan Koblentz ISBN 0964384817 summary Autobiography of the inventor of home videogames

According to Rolenta publisher Lenny Herman (the author of Phoenix: The Fall & Rise of Videogames), Baer became interested in documenting his own experiences a few years ago, when the mainstream media began heaping praise with increasing frequency on Atari founder Nolan Bushnell.

Baer begins his story as expected: a detailed explanation of why he, not Bushnell, should be called the father of videogames. Baer, as Slashdot readers probably know, invented the prototype console that eventually became the Magnavox Odyssey. He explains that he suggested building a game feature to differentiate Loral Electronics' high-end televisions in 1951, but that his idea was declined by management; that he got serious about the idea and built his first prototype while working at defense contractor Sanders Associates in late 1966; and that Bushnell attended a demonstration (and signed the guestbook) in 1972 before founding Atari and consequently building his own version of Pong.

That's fair, and if Baer were to conclude the first chapter with the book's subtitle -- "the inventor of home videogames" (note the qualifier of "home" vs. "all") -- then it would be an acceptable story. However, he takes the argument into a different and surprising direction. He asserts that everything before his time -- such as Willy Higginbotham's 1958 oscilloscope-based tennis game at Brookhaven National Laboratory and MIT hacker Steve Russell's Spacewar from the 1960s -- were not "real" games simply because they used non-standard screens and weren't commercially viable. (But so what? They were no less entertaining. By common sense, and not a console purist's definition, a "videogame" is a game played on a video screen, period. I'm sorry if Bushnell gets credit for the invention of practical, home videogames where Baer rightfully deserves it, but that's no reason to indict the whole history of creative computer science.)

Happily, the Baer drops the matter after the first chapter, and continues telling the story of his adventures working with Sanders and Magnavox. Better yet, it turns out that these adventures are fascinating and worth reading no matter when or what Baer originally invented. Among the technologies he helped to develop were methods for delivering game content over cable television networks, the use of cartridges for storing game data, interactive videotape and videodisk systems, instant-replay features for sports games, and methods for drawing on the screen. He also invented the famous electronic Simon toy. For most of this time, he made a living by designing military simulators for Sanders Associates. In addition, for most of these issues, Baer includes not just prose about the how and why, but also detailed and full-color technical notes, illustrations, and even schematics. There are also sections focusing on the business issues he faced while trying to get Magnavox and other large corporations (such as Coleco and Nintendo) interested in his unproven ideas, which of course were correct, or else you wouldn't be read this. Another section of the book deals with lawsuits involving Bushnell.

Baer has two more treats for us before closing his autobiography. First, he includes eight appendices, focusing on the Simon and other toys; a television games chronology; a Magnavox timeline; notebook entries from 1966-1972; patents; schematics and experiments; timelines of all of his projects sorted by date and category; and a bibliography. Second, for hands-on readers, there is an optional CD available for $10, which includes the necessary information for building your own Brown Box prototype and with video of Baer demonstrating how to play it. (My review copy didn't include the CD, so I'm basing this on what's stated in the book and on an email from the publisher.)

Overall, I recommend checking out this book. There are other videogame histories, but none so thorough from the perspective of a pioneer who actually lived it. If you can get past the controversial first chapter, you will find a great tale of ingenuity, persistence, ambition, and justice, along with some very cool technological insights. Or, as summarized by Steve Wozniak on the back cover, "I can never thank Ralph enough for what he gave to me and everyone else." Game on!

You can purchase Videogames: In the Beginning from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nazarijo (Jose Nazario) writes "When you arrive to work one morning, you find that your coworker's workstation is acting funny. A quick forensic examination reveals it's been compromised and used to scan the network for more vulnerabilities. When did this happen, and where else is this going on in you domain? With a host integrity monitoring solution, you'll be a lot further along at answering those questions than piecing it all together after the fact. And you can accomplish this with two freeware tools, as described in Host Integrity Monitoring Using Osiris and Samhain, a new book from Syngress Publishing." Read on for the rest of Nazario's review. Host Integrity Monitoring Using Osiris and Samhain author Brian Wotring, with Bruce Potter and Rainer Wichmann pages 450 publisher Syngress rating 8 reviewer Jose Nazario ISBN 1597490180 summary Use freeware tools to ensure your site's security is intact

Host integrity monitoring is the process by which system and network administrators validate and enforce the security of their systems. This can be a complex suite of approaches, tools, and methodologies, and it can be as simple as looking at loggin output. In the past, tools like Tripwire were used to check the configurations on hosts. The freeware version of this tool was limited in its manageability, which was available mainly in the commercial version.

Tools like Osiris and Samhain came along to fill the gap and have since evolved into mature projects themselves. Like any existing software tool out there, any new book should be evaluated not only on its own but also in he context of the existing documentation. Both Osiris and Samhain have decent amounts of documentation available already (Samhain seems to have a larger user documentation repository online than the Osiris tool does), and the book contributes to these docs quite well.

Host Integrity Monitoring shows you how to set up these tools and put them into production on Windows, UNIX, and OS X. Wotring's writing is fairly good, and his examples are usually pretty clear. The pace of the material is good, and there's not a whole lot of domain-specific expertise beyond system administration skills required to make use of the book. At times some of the formatting of the text gets in the way, but that's trivial compared to the quality of writing (which is pretty good).

Overall the material in the book is decent. The book opens with an overview of what host integrity monitoring is, why you should use it, and some of the basic premises. Then it goes on to discuss Samhain and Osiris, starting with their basic installation and then on to their advanced usage. They differ enough that each project merits its own pieces of documentation, even though they're similar in spirit. You'll learn how to schedule scans, integrate with other tools like Swatch, and in general administer a site installation.

The author of the book, Brian Wotring, is more familiar with Osiris than he is with Samhain, and it shows. More material (100 pages) is devoted to using Osiris than is given to Samhain (60 pages), which is to be expected. The coverage of both is sufficient, though, and fills the major parts of the book.

There are three major strengths to this book over the existing docs. The first is seeing not just the tools themselves covered but also the threats they cover in place. The second is having the two tools covered side by side, allowing you to see how to accomplish the same task with each. And thirdly, there are two appendices that are true gems of this book. The first covers how to get your Linksys Linux based AP device monitored using the Osiris tool, which isn't a small feat. The second is how to write your own modules for Osiris and Samhain, for which this appears to be the only documentation for Osiris (Samhain's website has a How To on writing modules). Again, these add value to the book over the freely available documentation.

I would have liked to have seen the chapters devoted specifically to Osiris and Samhain, chapters 6 (Osiris) and 7 (Samhain) broken up into two or three chapters covering their installation and use. The length of these chapters can make finding some material difficult at times. I would have also have liked to see the use of the "bold is input, normal text is output" technical book convention. In many examples finding the user input text can be challenging.

Host Integrity Monitoring Using Osiris and Samhain is not only about these tools but about how to accomplish host integrity monitoring on the cheap (since the code is freely available). While you can find docs on each project, this book complements those docs nicely and provides a nicely wrapped package about how to get the most out of each tool. If you've been thinking about how to ensure that no one is tampering with your system, these tools, and this book, should definitely make your solutions list.

You can purchase Host Integrity Monitoring Using Osiris and Samhain from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ben Rothke writes "If you review the thousands of Internet RFCs, you'd be hard pressed to find a protocol that lends itself to philosophical overtones, save for one -- the Network Time Protocol (NTP). The nature of time is abstract, difficult to measure and highly subjective. Yet time is a critical element in everyone's life, and in the effective operations of corporate networks." Read on for the rest of Rothke's review. Expert Network Time Protocol: An Experience in Time with NTP author Peter Rybaczyk pages 176 publisher Apress rating 9 reviewer Ben Rothke ISBN 1590594843 summary Expert Network Time Protocol is a fascinating look into NTP, and the stories behind the science

NTP is built on top of the TCP/IP protocol suite and is used to ensure accurate time-keeping with a trusted time reference. These references can be radio signals, GPS satellites, atomic clocks, Internet-based time servers and more. NTP is powerful enough to synchronize network clocks with millisecond accuracy.

In Expert Network Time Protocol: An Experience in Time with NTP, Peter Rybaczyk merges the philosophical aspects of time with the nuts of bolts of the NTP protocol. The book is composed of two parts, the first concerned with the meta-philosophy of time, and the second detailing the inner workings of NTP. The attempt in part one to merge technology and science with philosophy is a daunting task, and most often does not succeed. The notable exception to this is Douglas Hofstadter's Gödel, Escher, Bach: An Eternal Golden Braid.

Rybaczyk creates Sam, a fictional character who walks through the history of time. It is unclear who this Sam is -- whether he is supernatural being, or someone who got root on a time server. The author writes that the transcendental nature of time and the nuts and bolts of NTP are inseparable, but I personally found it difficult to determine what message part one was meant to convey. Fortunately, part one takes up but the first 34 pages.

Where the book shines, and where most readers will find value, is in part two, which details how to effectively design, configure, deploy and operate NTP. Where part one is conceptual, part two is extremely practical. Chapter 3 opens up with a comprehensive overview of the what, how and why effective time-keeping via NTP is needed.

The book details from a business perspective why synchronized and accurate time is a universal need. From transactional integrity, airline departures, sporting events, job shift changes, to FedEx pickups and more, nearly every activity requires time synchronization to work at peak levels. Effective network administration also requires time synchronization for network login procedures, directory synchronization, backups, and routing stability to work accurately.

From an information security perspective, password and digital ID synchronization, log file accuracy and auditing, and access control security are just a few of the areas where correct time can mean the difference between success and failure.

Where time synchronization is crucial, though, is in the realm of digital forensics. An otherwise painstaking digital forensic process might be worthless if time-related evidence from network devices is not correctly synchronized. If network devices are not correctly synchronized, you can basically forget about using them in any type of legal case.

Attorney Ronald Coleman, partner and computer law litigator at the New Jersey-based Coleman Law firm explains that in a computer law case involving serious discrepancies in network log times, the prosecution would conceivably drop the case. Similarly, a civil case to recover damages from an attacker is seriously undercut by these seemingly innocuous timing mistakes. "The network managers' lack of diligence at ensuring that the time was synchronized on their systems," explains Coleman, "opens them up to serious questions in front of a jury as to whether the logs and the system data are reliable at all -- especially with a gap of more than a couple of minutes, which might be explained away by which clocks were being relied on." In fact, an error of this magnitude would make the entire network administration suspect. That could be a disaster, Coleman says, where the network tracing record plus the human beings who sloppily set the automation in motion are going to be the chief sources of evidence against the alleged computer criminal. "A snafu such as seriously unsynchronized logs is just the sort of opening that could raise the level of doubt needed to undermine the other side's case."

Chapter 3 concludes with an interesting look at the cutting edge of time protocols, specifically the Interplanetary Internet. The Interplanetary Internet project is an attempt to synchronize computer time within the realm of deep space. NASA will in due time establish a deep space infrastructure whose purpose is to support the communication needs of multiple missions. Such an infrastructure would require time synchronization, but within a radically different framework from what exists today. The Interplanetary Internet and its underlying time synchronization are intended to solve that.

Chapter 4 brings the reader back to earth and provides vital information about how to design an effective NTP architecture. The key to designing the most appropriate NTP architecture for a given infrastructure is to first understand the different modes that NTP devices can operate in. The chapter details the five different NTP modes, the mode categories, and gives configuration information about each mode.

The chapter also provides information about NTP security. While NTP versions 3 and 4 provide added security (including symmetric private key cryptography and support of the Autokey protocol), it is ultimately up to the organization to determine what level of NTP security they need. Those organizations that don't require accurate time won't need much NTP security. But for those organizations who business requires synchronized and accurate time, such issues will drive the implementation of how they deploy NTP and its security functionality.

Chapter 5 details how organizational motivations (again, from a business perspective) will affect how you design your NTP architecture, and then describes several use scenarios. The book notes that designing an effective NTP deployment is a process that embodies four key steps: choosing a time source, deciding upon the NTP topology, determining the NTP features to configure, and then monitoring and managing the NTP operations. The chapter then goes on to describe various ways these steps can be carried out. The chapter provides a comprehensive overview on how to deploy NTP, be it on a dedicated time server, via already deployed products such as Cisco or Juniper routers, or on Unix/Linux/Windows file servers.

It is important to note that NTP is just the protocol. The actual implementation of NTP requires separate software client and server applications. The book focuses on the protocol and does not get into any specific vendors, other than a few screen shots from the configuration menu of a Symmetricom time server.

The author notes that on the surface, NTP is simple and almost inconspicuous, and overshadowed by better-known protocols such as HTTP, FTP and DNS. But once you start digging into NTP, you are dealing with one of the most pervasive elements of existence, namely time. Within NTP's scope, one could be dealing with atomic clocks, GPS satellites, clock selection, encryption algorithms and much more. So while at its heart, NTP may be a simple protocol, there is a complex infrastructure beneath it.

NTP is one of the most fundamental, yet overlooked services in the TCP/IP suite, and time synchronization is one of the most overlooked areas in networking. Hopefully, a book such as this can spark a renaissance. For far too long, time synchronization has not been afforded due diligence, and the effects have at times been disastrous. A view of the archives of the Risk Forum digest attests to this fact.

After a somewhat murky start in part one, Expert Network Time Protocol: An Experience in Time with NTP provides the reader with a superb synopsis of nearly everything he needs to know about NTP and effective time synchronization on his network, from an experienced implementer in the field. It is a fascinating look at one of the most humble, yet fundamental protocols on the Internet. For those who care about the correct time on their network, this book is required reading.

Ben Rothke, CISSP is a New-York based security consultant with ThruPoint, Inc. and the author of Computer Security: 20 Things Every Employee Should Know. He can be reached at ben@rothke.com You can purchase Expert Network Time Protocol: An Experience in Time with NTP from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Daniel Holmes writes "In addition to using PHP to 'just get the job done' for years now, I've been running a humble user group here in the Midwest. As such, I have read numerous books on and around the subject, always looking for something great to inspire my colleagues, group members and myself alike. There are a metric ton of books out there that will walk you through PHP syntax -- this is not one of them. If you are looking for a book on rapidly developing prototype sites, or writing lots of HTML-embedded PHP, just keep looking. But if you have read even one of those books, or just felt like your programming style itself could use a little upgrade, then go get yourself a copy of PHP 5 Objects, Patterns, and Practice by Matt Zandstra." Read on for the rest of Holmes's review. PHP 5 Objects, Patterns and Practice author Matt Zandstra pages 437 publisher Apress rating 10 reviewer Daniel Holmes ISBN 1590593804 summary A powerful tour though PHP 5's object-oriented features; leveraging the power of design patterns and developer best-practices.

For around 40 bucks, you will get a book separated into three main parts, as the title suggests; plus an Introduction, Conclusion and Appendix. However, you also get an amazing level of detail, insight, and plenty of lessons from the (even non-PHP) programming greats. In just over 400 pages I saw hints as well as direct references to some of the best texts in the business: The Pragmatic Programmer, "the GoF", "Enterprise Patterns" and a host more that I will touch on later. The point is: if you have seen true object-oriented development, and have had trouble using these concepts in PHP; don't despair any longer. Matt has done all the work for you--all you need is a weekend or two to do a little reading. Part I - Introduction As you would expect, Part I really sets the stage for the whole book. It points out where the typical state of PHP development is, and (frankly) why we all need to read Matt's book. He does this by telling a great story of a project life cycle gone badly. As many of you know, systems are easy as they are small, but as they grow things often get out of control without proper care and feeding. This section is important as so many good PHP developers don't even know why their code has grown so rapidly out of their control. Don't skip it, even if you know better.

Part II - Objects In Chapter 2, we read the story of the evolution of PHP as a language -- specifically in regards to its object-oriented (OO) constructs. This is nice in that the author presents it in a way so as to not insult the procedural crowd -- something I often struggle with around this topic. Matt's writing style is immediately approachable; he does not come off as the pretentious object-oriented zealot you might expect from the lengthy title.

You also learn that his lessons will take you way beyond just the syntax. Knowing the ins and outs of PHP's oo syntax is not enough: "You must first choose the right participants for your system, and decide the best ways for them to interact." Now that's something you rarely get in a PHP book.

In Chapter 3, we begin to review the new syntax introduced in PHP 5; just to make sure we are all on the same page. One nice feature here is that Matt uses "sidebars" to point out everything that isn't available in PHP 4. This makes it easy to pass over if you are starting with PHP 5, but it also makes the information available for the rest of us.

It is important to note that this chapter gradually and effectively introduces the layers of OO syntax available in PHP 5. Each lesson or feature simply builds on the next. This makes it nice because you can stop, try things out, read some more, etc.

Chapter 4 takes us a little deeper into PHP 5's OO syntax. It is quite helpful that Zandstra breaks up Chapter 3 and Chapter 4. If you are new to OO syntax, the end of Chapter 3 makes a great place to stop and reflect for the night. Seriously, go to bed and let it sink in.

As you can imagine, the "Advanced Features" include concepts such as:

• Static methods and properties
• Abstract classes and Interfaces
• Error handling and Exceptions
• Final classes and methods
• Interceptor methods aka "Object overloading"
• Destructor Methods
• Object Cloning
• The magic __toString(): converting objects to strings.

These are not particularly easy topics to master the first time you hear them. However, I think Matt finds a great balance of code and presentation to get the ideas across.

His section on Exceptions alone should be required reading for anyone using PHP 5. Again, not only does he show what they do, he really explains how they will actually help you out.

By the time you get to Chapter 5, you are ready to learn a handful of tips and techniques you can use to keep yourself out of trouble. First off, as PHP is lacking support for true namespaces, Matt shows us the PEAR method of using naming conventions to avoid namespace conflicts. We also learn about using include, require and the new (and possibly controversial) __autoload() function. Of course, there are pitfalls with nearly all of this, and Matt makes sure we know them before we leave the chapter.

Finally he walks us through various reflection techniques. Naturally, starting with simple, function-based reflection. Then taking us through a very complete tour of the new class-based, Reflection API. If you haven't used this, it is a very clean way to expose every nook and cranny of your objects and classes at runtime. Something that can save your sanity in a language that lets you change your API on the fly. Again, it's not just a bunch of talk; there are plenty of great examples to get you there.

By the time you get to Chapter 6, it is time to take another break. Better yet, if this is all new to you stop and play with the code for a bit. Sure you could keep reading, but it will really help if you have the syntax and concepts down so you don't keep flipping back.

Again, Zandstra doesn't just jump straight into design examples; rather, he walks you through why you should even care. Sure, many of us have features in mind and run straight for the finish line ... but this can really get painful on older systems. He even takes a moment to point out one of the biggest traps for developers new to OO. "The presence of classes does not guarantee object-oriented design, even in languages like Java, which forces you to do everything in a class."

The chapter hooks you right away with an example done procedurally and another in OO using appropriate abstract methods. The point is clear: with proper design, you can get away from the Giant If-Else Blocks of Doom and pave the way towards actually keeping up with your client's requests.

Finally, he defines and relates the concepts of Responsibility, Coupling, Cohesion and Orthogonality.

Another great nugget of advice has been planted in this chapter. According to Zandstra, the art of selecting and defining objects "...is far more than just finding the 'things'" in a system. "If you see a class as a noun, a subject for any number of verbs, then you may find it bloating as on going development and requirement changes call for it to do more and more things."

Never before have I seen a simple sentence more completely dispel the inappropriate "object oriented" lessons you may have learned in school. If anything; if you find that it hits too close to home, you will pay attention to what he is about to say!

After telling a story about classes gone badly: "How should we think about defining classes? The best approach is to think of a class as having a primary responsibility, and to make that responsibility as singular and focused as possible. Put the responsibility into words." He continues, referring to the writings of Peter Coad: "If your sentence gets too long, or mired in clauses, it is probably time to consider defining new classes along the lines of some of the responsibilities you have described."

Our tour continues through the basics of polymorphisms and encapsulation. After which, Matt provides us with "four signposts" to help identify problems that can creep into our designs:

• Code Duplication
• The Class that knew too much
• The Jack of All Trades
• Conditional Statements

For more detail on these tell-tale signs that are probably represented somewhere in your code, go buy the book.

Matt really surprised me in this chapter. After getting us up on all the OO syntax and concept basics, he pulls out the UML. What was so surprising is how easy and approachable he made this introduction. In just a few pages, you learn enough to diagram and interpret inheritance, associations, aggregation and composition, and actually know what all that means. As an added bonus, he even gives a useful introduction to sequence diagrams.

Now, a chapter on UML (or some diagramming set) is usually included in any pattern book. But, this is different from those others. Matt provides s a short, easy to understand introduction to just enough UML to communicate your concepts and processes. A very cool bonus indeed.

Part III - Patterns As Matt says in chapter 1, this book stands on the work of giants. He makes this obvious in parts III and IV. While some may say that he is just repeating what others are saying, I would disagree. The value he adds in basing the patterns in examples you can actually picture writing yourself is worth every delicious page.

After walking us though the why-and-how of how "design patterns" came to be, Matt again makes us actually care about spending the time to learn as many as possible and to use them when it is appropriate. Again, he does a great job of breaking these tough concepts into bite-sized chunks. Don't get me wrong, though; you'll be full after reading the chapters in this section.

I won't go into great detail, but I need to at least provide you with an idea of the patterns you will learn about in this section.

In chapter 8, Matt describes some of the most low-cost, high-return concepts around: composition, decoupling, "patternitis" and the golden rule of OO development -- "Code to an interface, not an implementation."

In chapter 9 he introduces us to some "creational" patterns: The singleton, abstract factory, factory method and prototype.

Chapter 10 focuses on "structural" patterns. The ones he focuses on are the composite, decorator and the facade.

You should note, most of this is PHP written as if we were developing a civ-style, Web-delivered game. This is much easier for "the rest of us" to digest and apply these examples than the GoF's examples of building a large-scale word processor. No disrespect to the bible that is the GoF, but if you have read about design patterns, and still need a little help applying the ideas to your day job, parts III and IV were written for you.

Chapter 11 introduces us to some great task and message management patterns: Interpreter, Visitor, Strategy, Command and Observer.

Finally, Chapter 12 drives us home and provides us with a great look at even more great patterns and explains how they fit into the three tiers of sustainable web development: presentation, business logic and data retrieval and storage.

Presentation

• Registry
• Front Controller
• Application Controller
• Templates and Template Views
• Page Controller

Business Logic

• Transaction Script
• Domain Model

Data Access and Storage

• Data Mapper
• Identity Mapper
• Unit of Work
• Lazy Load

Part IV - Practice This is a very important section: like the intro, please don't be tempted to skip it. Matt reminds us while learning code and code design is great, it teaches you nothing about the day-to-day tasks associated with actually keeping the project alive and kicking.

In "Borrowing the Wheel," he shares with us a fantastic piece of advice; one that many PHP developers could stand to listen to:

When this temptation [to reinvent the wheel] comes over me I remind myself of projects past. Although the choice to build from scratch has never killed a project in my experience, I have seen it devour schedules and murder profit margins. There I sit with a manic gleam in my eye, hatching plots and spinning class diagrams, failing to notice as I obsess over the details of my component that the big picture now is a distant memory (p. 294).

Please, take another moment to read that again. If this sounds eerily familiar, please stop reading my review and head strait for your nearest book dealer.

In these chapters we naturally get the (hopefully) obvious hints: use version control, write tests, use PEAR, etc. But, where else will you find all this along with excellent references on actually using PHPUnit2, writing your own PEAR Packages for managing even your own code, actual phpdoc syntax and examples ... not just the act of documenting your code, but using the phpdoc command line tool. And with the section on using cvs, you will have absolutely no excuse but to save your life with some form of version control.

Matt even devotes an entire chapter to managing automated builds with Phing, the PHP equivalent of Apache's ant or C's make.

Most of this information is available in countless forums, articles and websites where you could learn about all of these topics for "free." Or, you could read this section in an afternoon or two and begin amazing your friends and better managing your code right away.

Part V - Conclusions Matt's summary and overview is a great recap of the journey he has put us on. But, on top of that, he outlines some of the essentials that he had to leave out. Here he at least mentions the importance of tools such as bugzilla, mail lists and a wiki for all that other documentation.

Looking at the Bibliography (and all the places he gives credit where credit is due) is like looking at the reading list of nearly every great programmer. You will find books such as: Core J2EE Patterns, Design Patterns (GoF), Extreme Programming Explained, A Pattern Language, Patterns of Enterprise Application Architecture, The Pragmatic Programmer, Refactoring and UML distilled. This is, of course, along with many on-line articles and websites.

Sure, you could spend years reading all of these sources (and some you still should) but unless you get paid to read, do yourself a favor and get some of the best of all of these texts, tailored to you in PHP and delivered in just over 400 pages. My General Impressions

As I mentioned earlier, one of my favorite features of this book is that the examples are "real." This is not some collection of abstract examples like building the next great competitor to Word -- these are website concepts we mere mortals can relate to, such as product catalogs, games, invoices, and the like. You know, the stuff we actually do for a living.

This book does not cover loops, conditionals, functions, operators or any of the non-OO basics of PHP, and believe me, I am grateful. If you would like an introduction to the language of PHP, simply check out php.net or one of the many great introductory books.

I would certainly recommend this book (as if there was any doubt) to any PHP developer. This is especially true for anyone interested in learning more about using objects and classes more appropriately than ever before.

I would also recommend this book to any Java, Ruby or Python developer out there who hears the letters PHP in a sentence and immediately responds with any number of colorful phrases. As we have all read the Pragmatic Programmer by now, we know we can learn something from reading up on any language, and PHP has never been better than it is today.

Finally, I would tell any web application developer who is looking for a quick way to absorb and comprehend the meat of some of the best development and design books ever written.

Read it for yourself and I think you will agree: the desk of nearly every PHP application developer will one day be holding a copy of this book.

Daniel Holmes maintains the PHP User Group in Kansas City since its inception in 2000. He is also the Systems Integration Manager at JCCC in Overland Park, KS. You can purchase PHP 5 Objects, Patterns and Practice from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Joseph Brenner writes "Every now and then, a beginning programmer asks if there's any point in learning to program in Perl 5, when Perl 6 is going to change everything soon. There are a number of answers to that: one is to point out that Perl 6 is still years away, another is to point out that it is promised that Perl 5 code will run under Perl 6 without modification (a module that begins with the traditional "package" statement is Perl 5 code; if it begins with the new "class," then it's Perl 6)." Read on for the rest of Brenner's review of Scott Walters' Programming in Perl 6 style using Perl 5, a book which answers that question a whole different way. Perl 6 Now author Scott Walters pages 379 publisher Apress rating 7 reviewer Joseph Brenner ISBN 1590593952 summary Programming in Perl 6 style using Perl 5

Scott Walters here pursues what might be thought of as the third answer: you can learn Perl 6 now and immediately begin writing programs in a "Perl6ish" sort of way, using appropriate CPAN modules that have been used to implement approximations of Perl 6 behavior: Perl6::Variables, Perl6::Export, Perl6::Contexts, autobox, Perl6::Classes, Switch, and so on.

There are many caveats about using these tricks in production code, however, and Scott Walters doesn't shy away from warning you about them (e.g. p.43 "Source filters are dangerous" where he discusses their increased start-up overhead and potential bugginess -- though he doesn't mention my own peeve which is that they're very confusing when you try and use the Perl debugger).

So possibly the book is not really quite so well suited to an actual beginner-- who probably should not be told about "use Switch 'Perl6'", but the device of spending the early stages of the book directed toward a beginning audience makes it a very useful review for people like myself who have been reading the Apocalypses, but don't remember every detail.

And on the other hand, the book includes some prominent early warnings about common gotchas that beginning programmers seem to be prone to -- e.g. using dynamically defined variables instead of just using hashes.

The standards for writing English in the Perl world are pretty high -- the core members of the Perl community have always cared a lot about clear writing, and it's arguably the world's best documented language (critics will no doubt add that it needs to be). Unfortunately, I can't say that Perl 6 Now quite lives up to this standard. This is a book that was written in a hurry, and it shows: hasty sentences and minor organizational problems abound (e.g. one or two items seem to be discussed in the wrong place; there are an awful lot of explicit forward references, and yet there's at least one place where something was used in an example before being discussed a few dozen pages later). But then in Scott Walters defense, this is certainly a book that needed to be written in a hurry, because its subject matter is such a moving target.

And where the book really shines is in its code examples: short, clear and to the point; the author repeatedly shows how something can be done in Perl 5 code and how it's expected to work in Perl 6. These examples are always clearly labeled "Perl 5" or "Perl 6" in the comments, so that the two can't be confused.

The subjects of some of the examples are pretty cool: e.g. he talks about using PDL ("Perl Data Language") to crunch audio data in MOD format, which I was completely unfamiliar with. A *.mod file essentially contains the "sheet music" for multiple parts (really, MIDI) plus sound samples that specify how notes will sound for each voice. This is discussed in Chapter 7, which is also the free sample chapter. I also liked random walking Arizona's highways as an example of Graph navigation (Chapter 8, p 159), and I appreciate the fact that he downplays inheritance in favor of delegation in his discussion of objects (Chapter 14, p. 262).

All in all, this book is a fun read for the Perl fanatic.

(Note: the title Perl 6 Now bears a strong resemblance to an emacs package I've been working on called perlnow.el, but there is no relation.)

You can purchase Programming in Perl 6 style using Perl 5 from bn.com; it's also available in eBook format (password protected PDF, using your email as password) for $15. Source code and and a sample chapter are available online: Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nazarijo (Jose Nazario) writes "A group of people out there, let's call them 'elite hacker d00ds,' are able to skillfully craft Windows rootkits that evade almost any known detection system. Some people want to know how this is done, be they aspiring elite hackers, security professionals who have to try and find these rootkits, or just interested parties. If you're one of them, Grog Hoglund and James Butler's new book, Rootkits: Subverting the Windows Kernel is for you. It's focused like a laser on how to defeat detection at various levels in the Windows OS once you're in." Read on for the rest of Nazario's review. Rootkits: Subverting the Windows Kernel author Grog Hoglund and James Butler pages 352 publisher Addison-Wesley Longman rating 9 reviewer Jose Nazario ISBN 0321294319 summary A highly technical tour of how to develop and detect Windows rootkits

Some may wonder if Hoglund and Butler are being irresponsible by writing a book that shows you how to bypass detection. If you look closely, however, you'll see that all of the methods they outline are detectable by current rootkit revealing mechanisms. And they also show you how to detect many new rootkits in the process. I consider this book to be a responsible contribution to the community, professionals and amateurs alike, in the finest tradition full disclosure.

The book is organized into three major sections, even if it's note explicitly marked as such. The first section serves as an introduction to the topic and some of the high level concepts you'll need to know about Windows, control mechanisms, and where you can introduce your code. The second part is a highly technical tour of the techniques used to hook your rootkit in and hide it, And the third section is really one chapter covering detection of rootkits.

The first few chapters, which serve to introduce the topic, get technical right away. Chapter 2, for example, shows you some basic mechanisms for hooking in your rootkit. If you're getting lost at this point, you'll want to probably augment your reading with a Win32 internals book. The resources listed by the authors, though, are great. By this point you can also see that the writing is clear and the examples contribute perfectly to the topic. Hardware hooking basics are covered in chapter 3, which should give you some indication of the book's pace (quick!).

By the time you get to chapter 4 and discussing how to hook into both userland and the kernel, you're getting at some very valuable material. Although the book focuses on kernel hooking, a brief description of userland hooking is provided. Chapter 5 covers runtime patching, a black art that's not well known. This is almost worth the full price of admission, but the material gets even better.

In chapters 6-9 you get into some serious deep voodoo and dark arts. In these chapters you'll learn the basics of direct kernel object manipulation, layered device drivers (which can save you a lot of work), hardware manipulation, and network handling. All of these are techniques used by rootkit authors to varying degrees and effect, so you should become familiar with them. The code examples are clear and functional, and you'll learn enough to write a basic rootkit in only about 150 pages. Simple keyboard sniffers and covert channels are described in the code examples. Useful stuff.

I can't say I found many errors or nits in the book. There's some problems at times getting the code formatting just right, and what appear to be a few stray characters here and there, but nothing too obvious to me. Then again, I'm not a Windows kernel programmer, so I don't feel qualified to comment on the correctness of the code.

In the finest tradition of using a blog and dynamic website to assist your readers, the authors have set up rootkit.com, which nicely supplements their book. Most of the resources they mention in the book are available here, as well as a great array of contributors and evolving techniques. Without the book the site is still useful, but together they're a great combination. Too many books lose their value once you read them, and some books stay with you because you're having difficulty understanding the authors. Rootkits will stay near you while you develop your skills because it's a lot of material in a small space, and although it's very clearly written, there is a deep amount of material to digest. You'll be working with this one for a while.

My only major wish for this book is for it to have covered detection more significantly. One chapter covers how to detect rootkits, and although you may be able to look for some specific telltale signs of rootkits depending on how they were introduced, a more complete coverage of this approach would have made the book even more worthwhile.

Rootkits is an invaluable contribution in the wider understanding of advanced attack and hacker techniques. Previously, much of this material was known to only a handful of people, and assembling your own knowledge base was difficult. Hoglund and Butler write clearly, use great code examples, and deliver an excellent book on a high technical and specialized topic. If you're interested in learning how to write your own rootkit or detect someone else's rootkit on your system, you should definitely start with this book.

You can purchase Rootkits: Subverting the Windows Kernel from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Shalendra Chhabra writes "Jonathan Zdziarski has been fighting spam since before the first MIT spam conference in 2003, and has now released a full-on technical book, Ending Spam, on spam filtering. Ending Spam covers how the current and near-future crop of heuristic and statistical filters actually work under the hood, and how you can most effectively use such filters to protect your inbox." Read on for the rest of Chhabra's review. Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification author Jonathan A. Zdziarski pages 312 publisher No Starch Press rating 8 reviewer Shalendra Chhabra ISBN 1593270526 summary Very Good Book Covering Statistical Models and Techniques Implemented in Current Spam Filters

Spam (unsolicited commercial email) and phishing (fraudulent emails) are causing losses of billions of dollars to businesses. Many initiatives are currently underway for fighting this challenge. On the legal front, a Virginia court recently sentenced a prolific spammer, Jeremy Jaynes, to nine years in prison, and a Nigerian court sentenced a woman to two and a half years for phishing. Michigan and Utah have both passed laws creating "do-not-contact" registries in July/August 2005, covering e-mail addresses, instant messaging addresses and telephone numbers. Technical initiatives to fight spam include server- or client-side spam filtering, using Lists (Blacklists, Whitelists, Greylists), Email Authentication Standards (IIM, DK, DKIM, SPF, SenderID), and emerging sender reputation and accreditation services.

Ending Spam is the first book explaining the fine details of the theoretical models and machine-learning algorithms implemented in these filters. The book is divided into three parts: introduction to spam filtering, fundamentals of statistical filtering, and advanced concepts of statistical filtering.

The first section of the book discusses the history of spam, spam kings, different approaches for fighting spam such as blacklisting, whitelisting, heuristic filtering, challenge response, throttling, collaborative filtering, Authenticated SMTP, Sender Policy Framework and SenderID, spammer fingerprinting, etc. However, the author omitted any mention of locally-sensitive hash functions (such as Nilsimsa Hash) to counter spammers' random insertion of words, the use of CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart), Greylisting, Identified Internet Mail, and Domain Keys (now Domain Keys Identified Mail).

In the next chapter, the author clearly explains various components of a Language Classifier Pipeline, including the Historical Dataset (aka wordlist, database, dictionary, filter memory), Tokenizer, and the Analysis Engine with its feedback loop. However, the process flow of a language classifier could have been more generalized, e.g. incorporating an initial text-to-text transformer. This chapter also covers the advantages and disadvantages of various training modes for filters, such as Train Everything (TEFT), Train-on-Error (TOE), and Train Until No Errors (TUNE). This part concludes with the description of Paul Graham's famous spam-filtering technique using Bayesian classification (as described in "A Plan for Spam"), Gary Robinson's Geometric Mean Test, Fisher-Robinsons Inverse Chi Square (including the source code for the inversion function), and some other tricks for optimizing spam- filtering accuracy.

The second part of this book deals with the fundamentals of statistical filtering. The author explains HTML and Base64 encoding, followed by a detailed description of tokenization techniques (e.g. Sparse Binary Polynomial Hashing). Then there's a discussion of the various tricks that spammers use for penetrating filters. Although these tactics are mentioned in John Graham-Cumming's "Spammers Compendium," Jonathan has very elegantly explained why some tricks work for spammers and some don't. This part concludes by addressing some of the resource, storage and scaling concerns raised by the large number of features generated from tokenization techniques.

The third part of this book deals with advanced concepts of statistical filtering. This includes the testing criteria for measuring accuracy of an email filter, and some advanced tokenization concepts, e.g. chained tokens (taking word-pairs and phrases into account, instead of individual words) generated using a sliding 5-byte window as mentioned in Sparse Binary Polynomial Hashing. The next chapter describes the Markovian Model implemented in the CRM114 Discriminator, but the author fails to describe different weighting schemes for features implemented in the Markovian-based version of CRM114. The author then describes the Bayesian Noise Reduction Technique for purging "out of context" data from the mail text. This chapter concludes with a very nice summary of collaborative algorithms and techniques, such as Message Innoculation, Streamlined Blackhole List, Fingerprinting, Automatic Whitelisting, URL Blacklisting, and Honeypot email addresses for snaring spammers' address harvesting bots.

The most interesting part of this book is the appendix, where the author presents interviews with John Graham-Cumming of POPFile, Brian Burton of SpamProbe, Marty Lamb of TarProxy, Bill Yerazunis of CRM114 Discriminator, and Jonathan Zdziarski of DSPAM (himself). I loved this section.

The salient points of the book: it's very easy to read; each chapter begins with a very thought-provoking introduction, and concludes with a crisp "final thoughts" section. The number of technical errors are very few in this print, and the illustrations are of good quality. Since the book is geared more toward the Bayesian and statistical generation of spam filters, the absence of certain spam-busting technologies is acceptable. However, a noticeable omission is the lack of discussion about measuring spam-filter accuracy, and what impact this has on setting filtration thresholds. A section on the economics of tradeoffs, and the use of a Receiver Operating Characteristic curve (ROC) would have been very helpful.

Overall, by putting together Ending Spam, Jonathan Zdziarski has made another significant contribution (after DSPAM) to the anti-spam community. Whether you are a system administrator, anti-spam researcher, engineer or a newbie interested in fighting spam, this book is a great reference.

William S Yerazunis and Richard Jowsey also contributed to this review. Shalendra Chhabra is a Graduate Student in Department of Computer Science and Engineering at University of California, Riverside. He is on the development team of CRM114 Discriminator and has presented his work at MIT Spam Conference 2005, Cisco Systems, and Stanford University. You can purchase Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

SFEley (Stephen Eley) writes "Todd Cochrane's Podcasting: The Do-It-Yourself Guide has been heavily pushed in the podcasting community as the first of a wave of podcasting books to be released in the next several months. All of these books will surely cover the same themes, more or less: what podcasts are, how to listen to them, and how to produce your own. The popularity of podcasting is exploding right now, with coverage in every press outlet and Apple hyping it as The Next Big Thing. It's easy to see that there will be a huge demand for these books, even if they don't do much more than state the obvious. So what about this one? Other than being the first, does it offer any compelling virtues for the would-be podcaster or listener?" Read on for Eley's answer to that question. Podcasting: Do-It-Yourself Pirate Radio for the Masses author Todd Cochrane pages 281 publisher Wiley rating 4 reviewer Stephen Eley ISBN 0764597787 summary How to find, record, and publish podcasts

Before we can even begin to talk about the book, we ought to cover the preliminaries. If you've been living under a rock for most of 2005, you may not know that podcasting is the latest Internet publishing wave, getting most of the same hype that blogging has gotten but much faster. In its simplest form, it's just people producing audio files (talk, music, whatever) and syndicating them over an RSS feed. Listeners can then use one of several apps to automatically download them and load them onto an MP3 player. The mainstream media, feeling some embarrassment for missing the last few Web boats, has jumped on podcasting and given it, frankly, a lot more press than it probably deserves right now.

A note on the author: Todd Cochrane produces Geek News Central, a very popular tech podcast wherein he reads out news headlines and offers commentary. He also founded and manages the Tech Podcast Network, a consortium of other technology podcasts that band together for cross-promotion, content standards and advertising, and he's the main force behind the heavily advertised and sponsored Podcast Awards. It's fair to say that Cochrane has done a lot for podcasters in various ways, and although I've disagreed with him on some of the details of his projects, I respect him highly for his tremendous energy and the work he's done to make podcasting a respectable form of media.

Another note (and disclaimer) on myself: I also have my own podcast, a moderately popular one that narrates science fiction short stories. In a practical sense this makes me both a podcaster and a literary editor. Which means, in turn, that I have a sensitivity both to poor information on podcasting and poor writing.

And with all that said... I'm afraid Podcasting: The Do-It-Yourself Guide is a marginal book at best. It doesn't suck, and there's nothing horribly wrong with the information it gives, but it has two endemic problems. Cochrane's responsible for both, but I put the real blame on his editors at Wiley, who likely ignored them in their rush to get the book out before any others.

The first problem is the writing. It's possible that this bothers me more than it would others. Todd Cochrane may be an intelligent, selfless, wonderful guy -- I truly believe that he is -- but the man can't write. The entire book exhibits a rushed, forced-casual, eighth-grade English paper style that grates on me like nails on a chalkboard. Cochrane even admits this in his acknowledgments: "Early on, I made it clear to Chris [Webb], my acquisitions editor, that I was a geek/tech guy first and that he did not want to see my English grades. Even so, he assured me that I was their man, and I went to work."

Well, Chris Webb, you're a dumbass. You picked someone who admitted he couldn't write to write a book on a breakthrough technology. As a result, the book is vague, meandering, and frequently redundant, e.g.: "You will want to use this Recording Control window to control your default recording device." That phrase ("You will want to ...") crops up everywhere: the book's not only in second person, but it's a second person that tells the reader what he/she wants. The only sentence opener that appears more often is "Obviously" -- which frequently precedes a thought that is neither obvious nor related to the sentence before it.

You will also want to ignore the poor punctuation and comma splices, the frequent intersplicing of Notes and Tips paragraphs that seem indistinguishable (in both font and content) from the main text, and very often, the simple use of the wrong words. In many cases this is simply amusing: "[Dave Winer's] analogy was that it was taking longer to download the video than it was to play it." Uh, that's not an analogy, dude. In at least one case it leads to a technically incorrect statement: "The reading on the software-controlled meter in my audio-recording package showed nearly 40 dB of baseline noise," when what he really meant was a noise floor of -40 dB. Two very different things.

The other major problem is the narrow perspective. It's really Podcasting: The Do-It-Todd-Cochrane's-Way Guide. Everything in this book is about Cochrane. Every example is his own podcast, every screenshot of a Web page is his own, and he's got multiple photos of himself in various dorky situations. Any photos of other podcasters? Mur Lafferty, perhaps, or Soccergirl? You wish. I have no problem with Cochrane using himself as a starting point, but it's a very diverse field, and nobody podcasts with quite the same gear or the same techniques as anybody else. Cochrane says he spent significant time interviewing software developers for the chapters on applications, but there's no indication anywhere that he spoke to any other podcasters in writing this book. That's a huge mistake, rushed deadlines or no rushed deadlines. Not only does it reduce the book's utility, but it also makes the prose seem dreary, monotonic, and egocentric.

So there's my overview. For those who think the book may still have some use to you (and it might, if you can put up with the above) I'll break it down by section:

Part I: Listening to the Podcast Revolution This section has three chapters, and they're useless. The book begins, "Do you have specific interests? How about triathlons? I have to admit, most radio broadcasts don't deal with those kind of subjects. But that's about to change." Yeah, okay. The problem here (beyond the clumsy writing) should be obvious: if you have no idea what podcasting is, you're not interested enough to buy a book on podcasting. The first chapter, "What Is a Podcast?" has Cochrane spiraling around the subject of podcasting for twelve pages without ever giving a simple definition. Then we've got two chapters which together describe the leading software tools used to download podcasts, and tutorials for using them to subscribe to -- can you guess? -- Todd Cochrane's podcast. To be fair, it was a pretty decent overview of the major client applications at the time of the book's writing; which means it's already obsolete, as iTunes 4.9 has totally changed the landscape since then. Of course, that can't be helped. The real weakness of this section is its superfluity: if you're willing to pay $20 for a book on podcasting, it's because you want to make podcasts. Even Grandma's not going to buy this book to learn how to listen to them.

Part II: Joining the Revolution: Your Own Podcast Here's where the book starts to get genuinely interesting. The obligatory but stupid chapters on listening to podcasts are behind us; now it's all about making them. The first chapter here, "Choosing a Podcast Format," actually has little to criticize. His basic message is sound: Follow your passions; develop a show structure and follow it; and be aware of copyright issues if you're playing music. All of that is good advice, and his detailed description of his own show structure and notes is appropriate here. This is followed by a completely unnecessary chapter about computer choices, in which he shows his Windows colors and comes off a trifle condescending toward the Mac. ("In researching materials for this book, I found I could not do the reviews justice unless I had a Mac, so I purchased a Mac Mini ... I knew that if I could record a podcast on a Mac Mini, it would probably make the Mac fans happy.") Then, at last, he delivers the first truly crunchy chapter: "The Semiprofessional Podcast Studio." This chapter's honestly very good, running the gamut of sound cards, microphones, mixers, Firewire interfaces (he dismisses USB interfaces rather unfairly), digital recorders, even quiet case fans. Some of it's hand-waved, and some of it's so vague it's just silly: "A condenser microphone is generally never found in households. People might have them, but they usually are not aware that they do." On the other hand, his discussion of quality sound cards does have much of value (barring the "40dB of baseline noise" misstatement I mentioned above), and he gives one of the best descriptions of mixers and effects processors for novices that I've found. If you have no idea what sort of equipment you might need for quality sound in your podcast, you'll get a decent grounding here. Not an excellent grounding, but perhaps enough to parse a little bit more of the serious sound FAQs on the Web.

Part III: Recording Your Podcast and Performing Postproduction Tasks (Yes, the man can't even name things with brevity.) There's one weak chapter here and two great ones. In "Recording Locations," Cochrane reveals that you can podcast at home, in your car, at a restaurant, or walking around. Whee. Then we get to the actual process of recording and postproduction, and the book honestly shines. He describes step-by-step how to set up Audacity (the excellent freeware Win/Mac/Linux sound editor) to record, how to set up a typical mixer, and best of all, how to set levels properly. Levels are the bane of any audio amateur, and these half-dozen pages are gold; it's the one thing a novice podcaster is likely to turn back to and reference several times over in his first few recordings -- or ought to, anyway. His advice on noise reduction, amplifying, and normalizing is spot-on, the steps listed for MP3 encoding are simple but solid, and he even gives several good options for ID3 tagging. (A step too often overlooked by podcasters.) I could complain about a few weird digressions -- e.g., the postproduction chapter tells you how to upload to Openpodcast.org, which is an utterly bizarre thing to advise -- but they're easily ignored, and overall this section truly shines.

Part IV: Hosting and Preparing to Publish Your Podcast This section's ... okay. His chapter on hosting is mostly a treatise on how to evaluate service agreements, which is valuable enough in itself but can be overkill for someone just starting out. There are a few math exercises for estimating bandwidth -- useless when you don't know your potential audience size -- and a brief list of "podcast-friendly hosts" which is, of course, already obsolete. His coverage of publishing methods is about weblog software -- wait, scratch that, it's about MovableType. He's infatuated with MT, and devotes several pages on a step-by-step for hacking MT's code and templates to support enclosures with full-source RSS code listings, then mentions virtually offhand that Wordpress and Radio Userland support enclosures out of the box. This is another case where having multiple podcaster perspectives would have helped. Finally, we get a chapter named "The Life Breath of a Podcast: RSS 2.0 With Enclosures," just barely longer than its title, which covers how to use FeedForAll to hand-crank an RSS file if you don't have blogging software that will make one for you. It might have been a valuable chapter if he'd spent any real time explaining RSS 2.0 or enclosures.

Part V: It's Show Time A closing section that's nearly pointless, but mercifully brief. There's an entire chapter about using graphical FTP clients -- lame because anyone who's that blinking-twelve was lost back at Chapter 6. The meaty chapter is called "Feedback, Promotion, and Paying the Bills," and it has some moderately useful information and some large gaps. Feedback apparently means "have a mailing list and a voicemail line, and hang out on Skype." Okay. Promotion's about directory listings and exchanging promos with other podcasters; then he offers a long commentary on advertising and why it's a fine thing to have. Unfortunately, other than creating a media kit he has nothing much to say on how to contact and market your show to advertisers. And the final chapter of the book, "Where Do We Go From Here?" offers a few vapid musings of the sort all podcasters talk about over beer: we're going to kill mainstream radio, podcasts will band together and commercialize, all the starving children of the world will have an MP3 player ... And Yes, in his final sentences he invokes the already-tired "Podcasting Revolution" chestnut. Not much to say here, but rest assured, he says it.

So there you have it. That's the entire book. Worth buying? That depends. If you're itching to get started with podcasting, if you're an absolute beginner when it comes to sound recording, if the online resources at Podcast411 and other sites don't float your boat, and if you can't wait a few more months for books like Podcast Solutions and Podcasting for Dummies to come out ... then sure. There are at least three or four good chapters in here with information you can use. It's not all the information, and you have to take Cochrane's style and limited viewpoint with a big grain of salt, but it'll get you started. For less than twenty bucks, at least it isn't a high-risk investment.

On the other hand, if you're the bootstrapping type, or you already know most of what you're doing, then there's not much in here you can't figure out online and through experience. And if you're patient, there will be other books, and I'm almost positive they'll be better written.

You can purchase Podcasting: the Do-It-Yourself Guide from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "A professional programmer could at any time be tasked with developing a nontrivial application using a language or Web technology with which he or she is unfamiliar. A common response is to quickly scan code snippets in Internet newsgroups and online tutorials, copy and paste code that looks applicable to the task at hand, and then lose valuable time trying to make it all work and control what was created -- not unlike Dr. Frankenstein's experience. A smarter approach is to learn the language basics in sequence as rapidly as possible, not getting bogged down in excessive sample code. For developers seeking to learn PHP using the latter approach, Steven Holzner's Spring Into PHP 5, published by Addison-Wesley, would be an excellent choice." Read on for the rest of Ross's review. Spring Into PHP 5 author Steven Holzner pages 340 publisher Addison-Wesley rating 8 reviewer Michael J. Ross ISBN 0131498622 summary A comprehensive and no-nonsense primer on the basics of PHP.

This title is another entry in Addison-Wesley's promising "Spring Into" series, which, as suggested by the name, is aimed at developers who want to jump into a new technology and get up to speed as quickly as possible, but without missing any of the essentials. In the case of Holzner's PHP book, this goal is pursued by presenting the information in so-called "chunks," with each spanning just a few pages. Every chunk attempts to cover only one or a few related ideas, and is designed to build upon earlier chunks. The bulk of the explanation takes the form of code samples, which fortunately are short enough in length and clear enough in composition to be easily digestible. This is in stark contrast to far too many other programming books on the market, whose code samples can span multiple pages, making it difficult for the reader to discern all of the ideas that the author is trying to get across -- especially when the reader has to flip back and forth between pages. Even worse is how some authors (such as Deitel and Deitel) use lengthy code listings -- sometimes even complete applications -- to demonstrate many ideas at once, which can be quite confusing, especially for the newbie reading about a challenging language for the first time. As Holzner notes in his preface, his book is example-oriented, with dozens of tested code samples. But none are overwhelming.

Spring Into PHP 5 was published on 12 April 2005. It is organized into nine chapters, covering a range of topics: PHP essentials; operators and flow control; strings and arrays; functions; PHP in HTML pages; Web forms and input validation; object-oriented programming and file handling; PHP and databases; cookies, user sessions, FTP, e-mail, and hit counters. The book has two appendices. The first one, on PHP language elements, is remarkably complete, considering that it only fills 18 pages. Owners of the book will likely find themselves turning to this material quite frequently. The second appendix lists the most commonly used functions in PHP, particularly those dealing with arrays, strings, and files. These two appendices combined go a long way to making this book more than an approachable primer -- it could serve as a reference book for the language for any reader not required to dig into the more obscure intricacies of PHP. Readers with those needs will have to use more detailed sources, such as the online PHP Manual.

Each one of Holzner's chapters explains the core concepts, using the bite-sized chunks mentioned earlier. This approach is somewhat similar to the "recipes" found in many books published by O'Reilly Media, and it works well here for introducing a computer language. Holzner's writing style is clear yet never condescending, and concise yet never cryptic. The intended reader only really needs an understanding of simple HTML and how to edit text files, to make this book worthwhile and usable. The book is meaty with information, and yet not too lengthy. This is a refreshing change of pace from countless other computer language books that are bloated with redundant sample code and overly wide margins, apparently in an attempt to entice the consumer with maximum page count per dollar.

Some programming books try to move the novice along at too rapid a pace, which can get quite discouraging if and when the reader is unable to follow the discussion, and particularly if trying to follow the author in building a working example. But a far more common mistake among programming books, is to drag out the process with humongous code listings or redundant verbiage (such as following the senseless rule of telling the reader something three times -- a technique that makes far more sense for speechwriting). Holzner sets and maintains an excellent pace, partly by keeping the code snippets reasonably sized, and partly through his modular approach of presenting ideas in chunks.

The physical book itself is well made and attractive, with a readable font face and size, and intelligent use of bolding to highlight those lines of code upon which the reader should focus. My only complaint in terms of the presentation, is that the gray background used for the code samples could be lightened up a bit, to make the text itself stand out more, especially the bold text. All of the screenshots are in black-and-white, which works just fine, as there would be no value in using color in the majority of the sample Web pages.

The author does an excellent job of explaining and illustrating all of the most commonly used and needed elements of the language. But he provides little guidance as to when a particular technique or approach should be used over another. For instance, when explaining how the programmer can use PHP to connect to a MySQL database, the author presents two alternatives -- direct layer and Pear::DB -- but no recommendations as to the choice of one over the other. On the other hand, one might argue that to include recommendations of techniques, as well as language best practices, would require the book to be much longer than it is, which would detract from the book's goal of getting a programmer up to speed on PHP in an efficient manner. The serious programmer who wishes to take PHP to the next level, can be expected to read more advanced books, to learn from expert PHP developers posting in online newsgroups, and to learn from experience as the programmer creates his or her own applications.

Another potential point of criticism could be that the book does not adequately explain how to use PHP with the various available database systems, only covering MySQL (the industry's favorite for use with PHP). But the database chapter, number 8, provides just enough information for the beginner to get started and to try out the basics. For simple database needs, the material in that chapter might be sufficient. Yet for more extensive MySQL usage, including installation and administration, other resources will need to be consulted. This book is clearly not intended to be one of those PHP + MySQL combo books that have proven so popular during the past few years.

The publisher's Web site for the book does not appear to have any collection of errata. Here are some that I found: On page 6, in the NOTE, "scripts can be used" should read "scripts cannot be used." On page 20, "#/ message to the user" should read "# message to the user." On page 49, in Table 2-4, in the last line, the formatting is partly wrong. Examples 3-1 through 4-14 contain incorrect indentation. On page 158, the last line in the $_FILES['userfile'] values is missing $_FILES['userfile']['error']. In Examples 5-19 and 5-20, the <head> and <h1> tags are missing ": Take 1." On page 169, the formatting of Example 6-2 is inconsistent with the others.

Aside from the errata, there were some other weaknesses -- none of them serious: The chapter summaries are useless, like in most other technical books, as there's not enough details to be instructive, and more details would make them even more redundant and space-consuming. On page 176, in Figure 6-6's caption, "Navigating" should be "Redirected." On page 197, the discussion of HTTP authentication is too brief to enable the typical reader to implement it. For instance, there is no mention of where to set $_SERVER[ 'PHP_AUTH_USER' ] to make it work. Chapter 7, on object-oriented programming and file handling, should be split into two chapters. Combining them makes no sense, and the author does not even transition from the first topic to the second.

Like others in the "Spring Into" series, this title is reasonably priced, at only $29.99 list for over 300 pages of quality material. The publisher, Addison-Wesley, has a page on their Web site devoted to the book, which includes a book description, a table of contents, an index, source code from the book, and a link for downloading a sample chapter (in PDF format), namely, Chapter 3, which covers strings and arrays. The site also has a link to a bonus chapter (also in PDF) that explains how to draw graphics interactively on a Web server and then send them back to the browser. Oddly enough, the page's title is "Spring Into PHP 5 - $20.99," but there's no indication as to how to get the book for only $20.99. That could simply be a typo. But there is a link to purchase the book online for $26.99. For those looking to spring into Web server-side development in general, or PHP in particular, it would be money well spent.

Michael J. Ross is a freelance writer, computer consultant, and the editor of the free newsletter for PristinePlanet.com. You can purchase Spring Into PHP 5 from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Craig Maloney writes "Artificial Intelligence (AI) is a very hot topic today in computer circles because of the interest in modeling behaviors on machines that we find in nature. Many books have been dedicated to studying and expanding the field of AI, but generally fall into two categories: those that concentrate on AI as a research topic, and those that concentrate on AI in the field of game development. Artificial Intelligence for Computer Games (AI for Computer Games) is unique in how it takes classical AI and merges that knowledge into AI for game development. It's an approach that will be fascinating to those currently studying AI, but the approach limits the usefulness of this book to a select audience of AI researchers interested in game development." Read on for the rest of Maloney's review. Artificial Intelligence for Computer Games author John David Funge pages 127 publisher A K Peters, td. rating 6 reviewer Craig Maloney ISBN 1568812086 summary An introduction to Gaming Artifical Intelligence

AI for Computer Games begins with a brief introduction to the historic roles that AI has played in games such as Pac Man and Mario, and how these Non-Playable Characters (NPCs) achieved fame through their roles as NPCs. The NPCs play important roles in games, and their behavior can ultimately determine if the game is entertaining or frustrating. The author then describes the differences between the field of Artificial Intelligence as compared with Gaming Artificial Intelligence. Later he shows how these two fields can intertwine with each other, and how Gaming Artificial Intelligence can be useful to AI researchers via game-playing robots and other similar experiments. The author also introduces the architecture of the components of a game. They are:

• Game State: The current state of the world
• Simulator: Encodes the rules for how the game state changes, and the rules for the game (physics, etc.)
• Renderer: The display of the game
• Controllers: The player and NPC methods for interacting with the game.

The book then focuses on simulating a gaming environment for the NPCs and player to operate in. The author uses a game of Tag as the game framework for the rest of the book, with the player and the NPCs playing the classic game of chasing and hiding. The roles of the game state, simulator, renderer and controllers are explored in depth in this section.

Next, AI for Computer Games discusses NPC perception. Players in a gaming environment are hindered by what the renderer will display to them, so likewise, the NPCs should not have omniscience in the game. The author recommends a strategy for handling this for NPCs: use the render engine for determining the perception of the NPCs as well. This allows the players and NPCs to work from the same rules. The author also describes how NPCs can handle partial observability, as well as prediction.

The rest of the book deals with the NPCs' abilities to react, remember, search, and learn to the game environment. This is the heart of the book, and provides a good analysis of the various methods available to the developer to model complex behaviors. The section on learning is especially interesting, as the idea of rewarding the algorithm when it performs correctly seems both strange and obvious at the same time (although the author points out that sometimes the algorithm can do undesirable things in order to obtain that reward). There are many ideas in these sections for perfecting the AI of the game, and the author expertly describes each one and where each would best be used.

AI for Computer Games was both enlightening and frustrating at the same time. The author obviously possesses a lot of knowledge in the AI field; the frustration is in his telling of that knowledge. The book reads much like an academic paper on AI applications in games, and could put off many potential readers with its rather dense descriptions of complicated material. The book also suffers from being rather short. The book is 127 pages in total length with code snippets, diagrams, and other page artwork. The brevity makes the book easy to pick up and read for a bit, but the density ensures you'll be re-reading several chapters in order to catch what the author is trying to convey. The code snippets also suffer from brevity. The code snippets are in C++, but are primarily constructors, with precious few methods defined. The author has excellent ideas; using an environment where the player and the NPCs are equals removes much of the complexity for the example AI to handle. Unfortunately the execution in this book leaves me wanting more.

You can purchase Artificial Intelligence for Computer Games from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

swsuehr writes "Performance Tuning for Linux Servers provides information and resources for Linux administrators looking for a guide to the background, options, and commands available for enhancing the performance of a Linux server." Clear enough -- but read on for Suering's review of the book to see if it might help you at that task. Performance Tuning for Linux Servers author Johnson, Huizenga, Pulavarty, et al pages 547 publisher IBM Press/Pearson rating 8 reviewer Steve Suehring ISBN 013144753X summary Information and techniques for performance enhancement of Linux servers.

The Particulars

The book is 547 pages. Of that total, 507 are the content of the book while 13 pages are used for an Appendix. The Appendix is provides a look at some of the tunable parameters in the Linux kernel through interfaces such as sysctl and /proc. This appendix alone makes the book good reference material. The book is divided into five sections including an overview of Linux, performance analysis tools, system tuning, performance characterization, and case studies. The book covers the 2.6 kernel series and the 2.4 series where appropriate.

The book is published under the IBM Press brand but is most definitely not an IBM-centric book. The book is largely, though not completely, distribution neutral. Distribution neutrality means that you don't have to be running any certain flavor of Linux in order to follow the examples in the book. The book covers Red Hat Enterprise and Novell SuSE Linux Enterprise but does so in a non-intrusive manner such that most of the references are simply used to illustrate a certain point rather than requiring the reader to follow a step-by-step process. For instance, BSD and System V initialization processes are both covered in Chapter 1.

The book wasn't written by a single author. In fact, it appears to be the work of numerous authors, each contributing certain sections or chapters. With this type of format it's very easy for a book to lack cohesiveness. This isn't the case with Performance Tuning for Linux Servers where the material shares the same tone throughout. Truthfully, I didn't know that there were so many contributors until I was writing the review, that's how well the material flows together.

A Look Inside

Performance Tuning for Linux Servers combines both theory and practice. The essential background information is given for each subject but interwoven with practical knowledge. For example, Chapter 8 describes tuning of the scheduler including a list of tunable parameters with both a description and an effect. From p. 193:

"MAX_SLEEP_AVG"

"Description: The value of this parameter is the maximum sleep average a task can accumulate for the purposes of calculating the scheduling bonus. A task with this sleep average gets the maximum bonus as indicated by PRIO_BONUS_RATIO." "Effect: If the value of this parameter is increased, tasks need to accumulate a larger sleep average to get the same priority bonus. Decreasing the value has the opposite effect."

Several performance analysis tools are covered in some detail. These can be invaluable when trying to track down performance problems with a Linux server. One of the advantages to Linux is that it doesn't need to be rebooted in order to "clean up" as other operating systems need from time to time. Using these performance analysis tools, the administrator can track down exactly what is causing a bottleneck or resource issue on the server.

The performance analysis tools are mainly discussed in chapter 4, "System Performance Monitoring." The chapter is broken down into sections based on the type of resource to be analyzed. The sections include CPU Utilization where general tips such as `cat /proc/cpuinfo` are given in addition to detailed discussion of vmstat, top, gtop, and sar (part of the sysstat package). The next section discusses Memory Utilization which looks at some of the information available through /proc before detailing ps and vmstat. I/O Utilization is the next section where iostat is discussed along with another look at sar. Finally, Network Utilization rounds out this chapter with brief discussion of commands such as arp, ifconfig, and other basic network commands before detailing netstat. Throughout this chapter examples of output are given for many commands.

The authors do a great job at not only condensing the material but, more importantly, they also bring some highly technical concepts down to the reader's level. Take for example chapter 2, "Kernel Overview" where a detailed discussion of the architecture of the Linux kernel is given.

Part III of the book is devoted to system tuning (it's aptly titled "System Tuning"). This section of the book provides detailed background information so that the administrator can make educated decisions about what to tune. For example, chapter 9 is devoted to the Linux virtual memory subsystem and includes a discussion of not only how virtual memory is handled in the kernel (including new features for the 2.6 series) but also the tunable parameters for virtual memory.

Within Part III are chapters on the aforementioned virtual memory subsystem, the scheduler, I/O subsystems, file systems, network, IPC, and code tuning. Chapter 11, "File System Tuning", opens with a discussion of the basic terms in file systems before continuing on with discussion of specific file systems including ext2, ext3, ReiserFS, JFS, and XFS.

Part IV of the book looks at characteristics of Linux server applications. Doing so helps to frame the discussion of the different attributes important to tuning the server for each of these applications. The last section of the book, beginning of page 405, is devoted to case studies.

One final highlight for the book is that most chapters include a detailed references section with pointers to relevant information for that chapter. Some chapters have more references than others. The references might be anything from a man page to a magazine article to a book and a few other resources.

The combination of both detailed background information along with practical techniques, all of which are explained clearly, makes Performance Tuning for Linux Servers a great resource for Linux administrators who want to squeeze optimal performance from their server. I believe the book has a good shelf life that will keep it on my bookshelf for quite a long time.

You can purchase Performance Tuning for Linux Servers from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nazarijo writes "Plenty of people are curious as to how to become an information security professional. It's a profession that has a bit of an establishment atmosphere to it where entry to various levels is granted in secret. And it's often hard to understand where to start. Infosec Career Hacking attempts to demystify this process and show you not only generic strategies for employment, but ones specific to the information security field." Read on for the rest of Nazario's review. Infosec Career Hacking: Sell Your Skillz, Not Your Soul author Aaron W. Bayles, Chris Hurley, Johnny Long, Ed Brindley, James C. Foster, Christopher W. Klaus pages 448 publisher Syngress rating 7/10 reviewer Jose Nazario ISBN 1597490113 summary Career guide specifically tuned to the information security professional

The first part of the book is especially useful, and I think provides most of the value that's not available elsewhere. Things that are covered may seem like basics that people should have just picked up, but it's hard to know what you're supposed to know when you change environments, let alone see it all together in one place. I find this section to be especially useful and reasonably well written.

Chapter 1 opens up with a basic orientation of the infosec landscape, including the types of companies and organizations you may want to look at working with, the types of work and positions you see typically, and what kinds of skills you'll need to consider get the interview, let alone the job. Chapter 2 is much like a hacking book in that you're encouraged to perform some scout work on your potential places of employment. Good advice, and it's nice to see it demonstrated. Chapter 3 talks about getting experience and getting your feet wet in the infosec world. Things like conferences, local groups and meetings, and even security clearances are covered. A nice overview, but a it shallow in places, too. Chapter 4 focuses on the resume and the interview, the kinds of things that normally jump to mind when you think about career hacking. A decent overview, and good things to learn.

Part 2 focuses on technical parts. These chapters, I felt, were a bit thin on value and attempted to provide too much coverage but without the depth. What I felt this part of the book was trying to do was to be a quick overview of what you should know if you want a career in information security without any of the work it takes. Because this is such a broad amount of material, and the book only spends about 180 pages on it, the coverage isn't deep. Instead, the cursory coverage is a detriment to the book's value.

Chapter 5 is where I found the most material to complain about. This chapter is titled, 'The Laws of Security', and can be used for your benefit or your downfall. In the right hands, where the nuances that come from actually encountering these challenges in the wild and discovering the reasoning behind them, you can display wisdom. In the wrong hands, where you can't successfully defend a challenge to these axioms, at best you'll appear to be someone who parrots security luminaries, and at worst you'll look like an uninformed buffoon. If you decide to accept conclusions without understanding the reasoning behind them, you're asking for it.

Chapter 6 talks about building a home lab of machines for attack. I felt this chapter devoted too much time to drooling over gear and not enough time discussing more equipment and more valuable gear. Large classes of lab resources, including enterprise applications, networking gear, and even commercial security software was left out. The disclosure debate was reasonably well handled in chapter 7, discussing the various ways that people have established this process. What's missing here is how to actually find where to send the report to and how to ensure it's been acted upon. And finally, a nice, succinct and reasonably comprehensive (if a little too short at times) classification of vulnerabilities and attacks fills chapter 8.

Part 3, 'On the Job', is for when you finally have the position and now you want to keep your job, advance your career, and improve your skills. Unfortunately, this section feels a bit undeveloped in too many places. There's a lot to cover, but the chapters here lack any significant depth to them, and it doesn't feel like they really deliver as strongly as they could.

This section opens with an approach to your career much like an intruder would take to advancing their compromise. Chapter 9 covers how to perform scouting of your new environment, how to get through meetings without messing up, landing your own projects and succeeding with basic project management. Thinking about striking out on your own? That's natural, and the next few chapters will help with that. Chapter 10 is a short list of ideas on how you can use your new knowledge and skills to benefit others, which can help you build a name for yourself and maybe even clients. Chapter 11 looks like it's trying to encourage you to become a local leader of information security knowledge, using that information specifically for incident response. In a crisis, everyone loves a hero, so why can't that be you? And finally, the book closes with a chapter on how to start looking at being an independent consultant. It's been said that you'll never succeed working for someone else, so why not work for yourself? This chapter introduces you to some of the possibilities here, along with some of the considerations. Overall, these chapters have some clear value to them, but because they try and cover so much, they feel underdeveloped and fail to really deliver a strong benefit to the reader.

One of my big concerns when I began reading this book was that it would encourage you to simply become another script kiddy type consultant, capable of downloading a few tools and use old hat techniques to deliver sub-par results. That's a crowded marketplace already, so I didn't want to see anyone encourage that. Instead, it tries to impart valuable career skills. My big complaint is that it tries to do so much that it can't possibly succeed in all of them. It does a decent job, but in some places it definitely lacks the solid landing to make it stick. Overall, though, this uncommon book is a nice twist on the old career guides, tuned for the information security market.

You can purchase Infosec Career Hacking: Sell Your Skillz, Not Your Soul from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cafeman writes "This was a really hard review to write. It's been a long time since I've read a book that was so fascinating on the first reading and yet raised so many questions on the second and third. Books on the history of gaming are relatively few -- Joystick Nation, High Score, Game Over, Masters of Doom and The Ultimate History of Video Games, the major works on the topic, all focus on the West. Finding out more about the history of gaming in Japan is harder. Suffice to say that if you're interested in game trivia, Japanese console gaming industry history, or the Eastern cultural drivers behind game design and communication, you owe it to yourself to get Power Up. Why was the book so frustrating? That's an interesting question, one that I've since put a lot of thought into. Much to the annoyance of my wife, I might add." Read on for the rest of cafeman's review. Power Up: How Japanese Video Games Gave the World an Extra Life author Chris Kohler pages 312 publisher Brady Games rating 8 reviewer Cafeman ISBN 0744004241 summary An overview of the influence Japanese video games have had on the global industry.

This book is packed with information. For a book of only around 300 pages, Chris Kohler does an amazing job of maintaining the information flow without making it too dense. Unfortunately, this is the book's biggest weakness -- he does such a good job of including so much interesting information, his principal thesis gets lost.

The premise of the book appears pretty simple. Chris Kohler believes that Japanese video games have had a greater influence on Western game design, game promotion, and culture than previously recognized. He asks and tries to answer three questions (in his words):

• What makes video games designed in Japan so phenomenally popular all over the world?
• How did the Japanese pioneer cinematic techniques in video games, raising the medium to an art form?
• How have these ideas so completely permeated the gaming world, not to mention our mainstream psyche?

To answer these questions, Chris identifies four key factors that distinguished Japanese game development -- the use of narrative, character abstraction, cinematic sequences, and control. To demonstrate the first three, he draws on specific arcade and console examples from the late '70s and early '80s to contrast Western design against Eastern. From there, he explores the relationship between (and complexities of) control and immersion by examining hardware development and the storytelling to provide context within games. He uses Nintendo's Shigeru Miyamoto's use of industrial and game design to illustrate the importance of control in the immersive game play experience.

After establishing the core concepts of narrative, character abstraction, cinematic sequences, and control, Chris turns to the use of storytelling to create fully developed characters that stimulate emotional responses within the player. To do so, he examines the development of characters and storylines within some of the most famous Japanese RPGs over time, focusing mainly on the Dragon Quest and Final Fantasy series. He also examines music as yet another control mechanism, looking specifically at the history and development of Gitaroo-Man, Parappa the Rappa, and Dance Dance Revolution (all games based on rhythm and music).

To complete the story, Chris then turns to the practical experiences of Westerners Dylan Cuthbert and Giles Goddard in developing the hardware and games for a Japanese games company. The hardware in question was the SuperFX chip, the game Star Fox, and the company Nintendo. By drawing on specific challenges and successes within the project, he highlights the Japanese focus on fun game play and control refinement.

From here, Chris branches off into a collection of tangents describing Japanese gaming culture. He spends a chapter touring Akihabara. He also describes the mentality and business behind Japanese games collectors, ranging from government regulation about when particular games can be released through how to Japan handles games and video rentals. He also examines the perennially popular topic of game translation, including (of course) reference to AYBABTU. More interestingly, he also examines the difficulties of translating language within hardware constraints. He describes a number of case studies showing how some cultural concepts couldn't be translated, how some weren't allowed to be translated, and how some were just badly translated (with unintentional hilarity, much in the same vein as Engrish).

Chris then uses Pokémon, one of the most famous / infamous games to have come out of Japan, to revisit how Japanese games have pervaded the Western psyche. He uses Pokémon as a way of tieing together his arguments into a single example, demonstrating quite powerfully the importance the four key factors had in the creation of a game that appeals to multiple cultures. And, by doing so, he illustrates the influence some Japanese games have had on the world as well as their continuing popularity.

His final chapter forms a more speculative foray into what the future holds for Japanese game design, and by proxy, for the world. He discusses ICO, Blood Omen, and Eternal Darkness, and highlights the continued movement toward fully developed, multidimensional narrative through the use of adult subject matter and emotional connection. His epilogue then ties off the book with a recap of his main points and lays out a number of (briefly described) further research directions and thoughts, such as "How much control is too much?", "Is the Japanese games industry due for a shake-out?", and "Are East-West collaborations the answer?". And, with some reflective thoughts, he ends the book.

Enough of the synopsis; Chris Kohler clearly has a passionate interest in the subject matter. There's no doubt that he's spent lots of time researching the material or that he's highly interested in it. His love of the topic clearly shines through - regardless of whether he's talking about an interview he conducted or a random piece of trivia about the industry, his prose remains engaging, light, and most importantly, clear. His background is in writing reviews, articles, and editorial pieces for publications including Nintendo Official Magazine UK and Wired, and it shows -- he's very clearly used to writing to maintain reader interest.

His knowledge of trivia is also strong -- there are some real gems in this book. For example, I often wondered why Nintendo never marketed their Famicom Disk System outside of Japan. In exploring the challenges of extending the Nintendo's hardware lifecycle, Chris points out the importance of being able to upgrade the console through technology embedded in the cartridges. Rather than having to buy a new console, memory and processor upgrades could be packaged into the cartridge itself, effectively bundling the upgrades with the game. Nintendo realized pretty quickly after releasing the Famicom Disk System that it could offer neither, and so discontinued it at approximately the same time Super Mario 3 was released. Also interesting (but possibly controversial) was that the name "Final Fantasy" came not from Square's belief that it was their final chance at success, but because the head developer, Sakaguchi, planned on quitting Square after finishing it and going back to school. It was thus his "Final Fantasy". The book is peppered with interesting insights like this, and even ignoring his analysis, make purchasing the book worthwhile.

However, not all is roses. Chris's writing, while engaging, is also unfocussed. It's taken my writing this review to clarify exactly what I felt was his chain of logic. While that may be a commentary on my own interpretative abilities, other people who have read his book seem to agree with me. It took me three readings and copious notes to work out what the connecting threads were between chapters, and in turn, between his examples and the main elements of his thesis. Bluntly, the dots are there, but he fails to connect them effectively.

Chris also fails to completely prove the questions he asks at the start of his work. He develops a strong case for Japanese innovation during the early period of video games, but he doesn't do nearly as good a job applying that argument to the present. Despite a chapter devoted to Pokémon (and its success in Western culture), he fails to build a general case on how Japanese games have influenced Western game design, development, and psyche outside of a few specific examples. These normally involve Western developers who have moved over to Japan specifically to work with Nintendo, or games from Nintendo itself.

And that, in a nutshell, sums up where Chris appears to be coming from. His experiences and anecdotes focus around Nintendo almost exclusively, even to the extent of ignoring other Japanese gaming developments which could have further supported his thesis. Discussion of Dragon Quest I, one of the first attempts at an RPG for the Nintendo Famicom System, goes on for many pages. However, Final Fantasy VII, a Japanese game that arguably made the fantasy RPG mainstream in the West, gets only a page of high-level discussion. For the uninitiated, Dragon Quest was released on the Nintendo Famicom system, while Final Fantasy VII was released on the Sony PlayStation. The Nintendo offering gets all the focus.

In short, if it doesn't have to do with Nintendo, it apparently isn't important. Game companies such as Konami, Namco, and Sega are given cursory acknowledgements. Despite an entire chapter devoted to Japanese RPGs, Phantasy Star (another enduring Japanese RPG that introduced first person navigation on the Sega Master System) never even rates a mention, despite being released a year after the original Final Fantasy. One could argue that he largely ignored it because it was released by Sega, a company founded by an American in Japan. However, given that he spends an entire chapter devoted to two Gaijin in Japan, this seems a little inconsistent.

More problematically, his argument (as opposed to his book) only works if one ignores the rest of the world. While this isn't the time or place to fully explore this, his focus on Japan (and consoles specifically) has meant ignoring key developments. For example, he goes into great detail about character development and the use of narrative elements within Japanese RPGs, but completely ignores what was happening in the West in the years preceding them. The Bard's Tale, Wizardry, and more importantly, Ultima, are all completely ignored. While he makes quite a strong case for Japanese innovation during the early years of game development through games such as Donkey Kong and Super Mario World, he completely ignores all further development and refinement taking place in the U.S. This is especially strange when one considers that he has recently written about such games as Psychonauts and appears to have a reasonable knowledge of US and PC gaming history. While his position that Japanese game design influenced global design in the late '70s is plausible, there's a great deal of evidence to suggest that by the mid '80s the opposite was true and that the U.S. was exploring new designs in gaming in their own right, including introducing some interesting party management complexities. Strangely, while this position is actually hinted at through his quotes from Japanese developers, it is ignored. This is unfortunate, as from a historical perspective, it arguably attributes too much credit to Japanese design.

The book, overall, reads as the first book publication by a person used to writing articles of under a few thousand words -- it's punchy, interesting, and full of facts, but it wanders. That could be because of his past, or it could be because of editorial input. Chris freely admits that the book stems from the dissertation he wrote as part of his Fulbright Fellowship in Japan. It's quite possible that the first draft may have been too academic, and in trying to appeal to a more general audience, his publisher encouraged him to add additional background and "fun facts" about the industry. Either way, the book lacks focus. From an interpretative perspective, its greatest strength is also its greatest weakness -- the sheer volume of interesting information distracts from the main threads of his argument. This lack of focus is painfully obvious in the second half of the book - it reads as a collection of unrelated essays.

Despite these reservations, I really enjoyed this book. While the main thesis of the book is hard to follow, it's still an interesting read with lots of trivia, history, and context. Chris clearly has a love of Japanese culture, and there's a dearth of books on this subject matter that treat it seriously. As a reader, I'm looking forward to Chris's next literary work -- based on this book, I'm already digging up his previous works, and I'll be first in line to buy his next. Facts are one thing, but passion is another, and he's definitely got both. My wife, despite not being interested in games in the slightest, has been taking his book to read on the train to work. I know it doesn't sound like much, but in my house, that's a major compliment. If I could recommend anything for the next work, it would be to get some other like-minded people with a good sense of gaming history to assist with the editing process. It would also be interesting to focus on game design and enjoyment with the intention of integrating both East and West design developments.

Every review needs a rating, no matter how illogical or unfair. If you're looking for something that provides some history around the Japanese gaming industry, gives a lot of very interesting facts, and entertains while doing so, I'd give this book an eight, possibly even a nine out of ten. As an academic work, looking at defining and developing an argument based on logic, research, and balanced discussion, I'd have to give it four out of ten. His argument is there (regardless of whether you agree with it or not), as are the supporting facts, but they're so lost in the noise as to be hidden. On a more editorial note, his thesis, while starting strong, grows progressively weaker due to a selective focus on Japan exclusively. While I recognize that this selective focus was intentional, I feel that it undermines his arguments due the breadth of his statements about the influence of Japanese design on the West. Even so, I'd highly recommend the book, and I can guarantee I'll be pre-ordering his next when it's published.

You can purchase Power Up: How Japanese Video Games Gave the World an Extra Life from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Jim Holmes writes "Microsoft's Visual Studio is an elephant of an IDE. It's got tremendous power and adaptability, but it's difficult to dig through all the less-than-helpful documentation. It's also very tough to figure out which of the many available add-on tools are worthwhile to add. Visual Studio Hacks by James Avery is a terrific reference for helping get the most out of Visual Studio." Read on for the rest of Holmes' review. Visual Studio Hacks author James Avery pages 512 publisher O'Reilly rating Outstanding reviewer Jim Holmes ISBN 0596008473 summary Get the most out of Microsoft's Visual Studio

Disclaimer: James is a friend who's helped me with starting a developers group, and I'm also working on an open source project with him. The possibility exists that I may work on a paying project with him at some time in the future; however, I haven't had any financial dealings with him so far. (Other than I still owe him a beer for coming to speak at one of our group's meetings.) For what it's worth, I spent my own money to buy this book from Amazon. End Disclaimer.

Avery's book is great both for new users of Visual Studio as well as the more experienced developer. Also, readers won't have to worry about buying a book which will be outdated when Microsoft releases its next version of Visual Studio in November. Tips and tricks are included for Visual Studio versions 2002, 2003, and 2005.

VS Hacks spreads 100 "hacks" across 13 sensibly delineated chapters. Each hack is clearly marked with its number in a blue box at the upper, outer corner of each page. Hacks are also marked with a thermometer icon representing the hack's relative complexity. One of my few complaints about the book is that the moderate and expert icons look too similar - but frankly I ignore these icons anyway, so the criticism's most likely wasted.

The introductory chapters on projects and solutions, navigation, and editor usage aren't introductory in skill level. Avery covers these topics in great depth, diving down to some useful, but less-than-obvious settings in VS's environment. Examples of this would include Hack #2: Master Assembly and Project References, where Avery shows how to add additional assemblies to the Add Reference dialog's list of .NET assemblies. This is a timesaver if you've got custom libraries you make frequent use of; adding the assemblies to the default list saves having to use the Browse button to search for the files every time you need to add them.

Some of the most uninteresting drudgework in development involves writing code for basic software elements such as business entities or data access layers. It's repetitive, it's template-like material, and it's boring. Documenting such work is every bit as tedious.

Hack #50 covers using CodeSmith to generate code via templates. Other hacks detail tying UML into the development process. Hack #81 covers using Visio for Enterprise Architects to generate code from UML diagrams. Hack #82 covers the opposite of that process: generating class diagrams via Visio's reverse engineering support. (UML's capable of much, much more than the simple drudgework of business entities or data access layers, and these hacks shouldn't be confused with anything more than a cursory introduction of how to tie UML via Visio into Visual Studio.)

One of the most useful sections is Chapter 5: "Debugging." This chapter focuses on getting the most out of Visual Studio's debugger capabilities. These hacks are critical helpers to good developers effectively use Visual Studio's debugger.

Avery covers the basics of setting up breakpoints, diving down to various options such as setting how often to break on specific break points, or setting conditional break points. He then moves on to troubleshooting breakpoints in Hack #37, and there's also great coverage on using Visual Studio to debug scripting code inside a browser session, working with SQL server, and attaching to a running process or one that's just about to crash.

I found the best content of this book in hacks focusing on making the most of tools both inside and out of Visual Studio. Hack #79 is a great section detailing how to stress test web applications using Visual Studio Enterprise Architect's Application Center Test. This hack makes it easy for readers to understand how to get detailed stress testing on a web application. Along this same line, Hack #80 shows how to make use of the Dotfuscator tool to obfuscate .NET assemblies to protect them from modest efforts at reverse engineering. (Like Java, .NET assemblies can be disassembled, revealing all your hard work and intellectual property.)

Other gems in this same arena include tools for running and debugging unit tests inside Visual Studio (#93), testing regular expressions (#100), and using tools which automatically generate documentation based on naming conventions in the source code (#69).

The mechanics of this book are great. The Table of Contents breaks down each chapter by its individual hacks, and the index is very detailed and clear. I also like how hacks are listed on the top of each page, making it quick to find something if you know the hack's number or name and don't want to fuss with the table of contents.

My sole complaint about the book (aside from the annoying thermometer icons I've already mentioned) is that it's not always clear which add on tools work with which version of Visual Studio.

The author maintains a website specifically for this book, complete with code and tool downloads. RSS feeds are also available to monitor any updates the author makes.

This book is a critical addition to the bookshelf for any developer who spends any amount of time working in Visual Studio. You'll become much more productive by using tips in the book, and you'll find tips to help you decide which add-on tools you'll want to make use of. More importantly, you'll understand how to get the most out of Visual Studio's capabilities.

You can purchase Visual Studio Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Bruce Lawson submits the review below of Stuart Langridge's Excellent guide to creating dynamic web pages; scalable and sensible., writing "Don't be put off by the title: the DHTML here bears no resemblance to the stupid Web tricks of the late 90s that allowed animated unicorns to follow your cursor or silly Powerpoint-like transitions between Web pages." Read on for the rest. DHTML Utopia: Modern web design using JavaScript and DOM author Stuart Langridge pages 300 publisher Sitepoint rating 8 reviewer Bruce Lawson ISBN 0957921896 summary Excellent guide to creating dynamic web pages; scalable and sensible.

This book is the opening salvo in the latest battle in the Web Standards war -- the battle for unobtrusive JavaScripting, or Unobtrusive DOMscripting as many call it, in order to rid it of all the negative connotations that "DHTML" and "JavaScript" bring. Combined with the non-standard XMLHttpRequest object, it's sometimes referred to as "Ajax". Terminology aside, though, what are the substantive differences between the old-skool and the "modern" of the title?

• Graceful degradation. A great example of this is Google Suggest in which the DOMscripting enhances functionality by making the page feel more responsive, but if you don't have JavaScript for some reason, the page still works.
• Separation of structure, presentation and behaviour. The DOMscript deals with the behaviour in the same way as CSS defines the presentation in the brave new Web standards world, and the three remain separate. The html has no JavaScript in it at all -- everything is handled by in separate code files.
• No browser sniffing. This aims to future-proof code by testing for features rather than sniffing for browser name and version. So, before using the TimeTravelCureCancer method, the current browser is tested to see whether it's supported. If it is, the script continues. If it isn't,the script silently fails with graceful degradation.

Theory sounds cool -- how's the damn book? I was pleasantly surprised by how quickly the book gets to work. Even before page numbering begins, the introduction has a lucid and compelling argument for using HTML 4.01 rather than XHTML as the markup language of choice.

Chapter 1 has a brief (6-page) overview of the importance of valid code and separating presentation into CSS, and a short description of the unobtrusive nature of Langridge's scripts: no script in the mark-up at all; instead, the .js files contain "event listeners." The reasons why this is desirable are promised later. Chapter 2-4: The basics Now that document.write in the html is no longer needed, you need to know the "proper" way to add text or elements to a Web document. So Langridge gives us a tour of the DOM, showing how to walk the DOM tree and create, remove and add elements to the tree. It's methodical, and by the time I was beginning to get a bit tired of theory and thinking that you'll have to prise document.write out of my cold, dead hands, we get an "Expanding form" which allows us to expand a form ad infinitum to sign up as many friends as you want to receive free beer, without ever going back to the server. (You can see such a thing in action in gmail, when you want to attach multiple documents to an email).

I started to warm to the author and his style. 33 pages into the book, and we get a real-world working example to examine (I like my theory liberally garnished with practice). I also feel a kinship with authors who fantasise about mad millionaire philanthropists giving away beer.

By chapter 3, we've really got going. Apart from one rather pedantic edict (the event is mouseover, the event handler is onmouseover and we should separate the nomenclature, even though it makes no practical difference), the focus here is on real-life browsers. And, as we all know, in Web dev books, real-life browsers means grotesque exceptions to our ideal-world rules .Strangely -- and oddly satisfyingly to this PC user -- the culprit isn't only the perennially despised IE/ Win; shiny Safari comes in for a good bit of stick!

The real-world example here is a data table that highlights the whole row and column of any cell that's being moused-over. Now, in any modern browser except for IE/ Win, the row could be given a hover pseudoclass (IE/ Win only allows :hover on anchors). But as there is (weirdly) no HTML construct for a column, this effect can only be achieved through DOMscripting. What the script does is to dynamically append a class name to every cell in the row and column at run time -- and the pre-defined CSS file determines the styling of that class.

Herein lies an advantage in Unobtrusive DOMscripting: you could just take this script and plug it into a Web site without changing any of the html (except to add a link to the script file in the head). But the script is relatively complex for a newbie to code, and for the techniques to be widely used, I suspect that the billion old-skool cut'n'paste JavaScript sites will need to be replaced with a single, canonical library of modern scripts for people to cut and paste from. For those who find CSS challenging, JavaScript is probably even more complex. . Chapters 5 - 7: blurring the division between Web UI and application UI It's a truism that the Web has set back UI development some years -- in fact, back to the old dumb-terminal paradigm of filling in a screen full of data, pressing the button to send it back to the mainframe and waiting for the next page to be sent -- or the old one returned with errors noted.

Langridge shows that we can make the experience smarter than this, going beyond the traditional JavaScript client-side validation interactivity by adding animation to allow text to fade in and out over time, styling tooltips to be sexier than the default yellow box and which can gently appear into view rather than the browser default on/ off state are examples that struck me.

When I first read these, I thought they were cheesy gimmicks -- the modern equivalent cursor-following unicorn -- until I considered more deeply and realised that many of the UI elements that we enjoy in modern desktop apps are precisely these small, cosmetic effects: abrupt transitions, lack of transparency, sharp edges to UI widgets all feel like old operating systems or clunky Web pages.

It's not all touchy-feely; we get auto-complete text entry, degradable calendar pop-ups, flyout menus and lessons in OOP, encapsulating code for re-usability, and avoiding Internet Explorer memory leaks. Chapters 8- 10: seamlessly working with the Server So far, so client-side. Where Unobtrusive DOMscripting really gets developers juices flowing is the ability to communicate with the server without obviously refreshing the page. Chapter 8 takes you through a variety of methods. Some, like the hacky iframe method or hideous 204 piggyback method are so gruesome that I breathed a sigh of relief loud enough to wake the cat when I finally turned the page to read "XMLHTTP". This method (which is non-standard and introduced by Microsoft) has ushered in the Next Great Web Thing: asynchronous communication with the server. Langridge walks through using the Sarissa library to make a user registration form that checks whether the user name you choose is taken, and if so, suggest some alternatives without refreshing the page.

There's a lot of unresolved accessibility problems with the Ajax method (how does a screenreader alert the listener to the fact that something new has appeared on the page? How do they navigate and hear the new stuff in context?) and while it is laudable that Langridge notes these issues exists, I'd hoped he would have suggested some solutions. He doesn't, but as he's a member of the Web Standards Project's DOMscripting task force I'm guessing it's being worked on.

The project that really kicks ass in this section is a file manager, like the one in most people's Web site control panels, where you can actually drag and drop the icons, like an operating system, and the server does the work. Langridge carefully goes through all of the steps, all of the pitfalls and all of the code needed to make this happen in any modern browser.

It doesn't take a lot of imagination to realise just how this could revolutionise the Web experience. Drag and drop products into a shopping cart. Drag the shopping cart to the checkout icon. Moving money around bank accounts in some integrated internet banking application. The possibilities are huge. Conclusion The whole technique of unobtrusive DOMscripting needs further research before it's ready for prime time -- particularly from an accessibility point of view, but then as an accessibility bore you'd expect me to say that. I think it's beyond question that there's ideas in here that radically enhance the usability of Web-based applications by making them more intuitive and more like the desktop drag-and-drop interface we know from our desktops.

This is a good-humoured, thoroughly-researched book that combines theory with practical learn-by-doing examples. To this reviewer, the code appears scalable and sensible. This book is never going to appeal to the quivering aesthete designers -- probably because it's fundamentally about code. But precisely because it proposes a complete separation of code and design, it facilitates the advancement of the Web.

You can purchase DHTML Utopia: Modern web design using JavaScript and DOM from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Scott Pinzon writes "Writing sonnets, screenplays, or an epic poem in your third language is a breeze compared to the toughest of art forms, didactic fiction. That might explain why the various chapters of Stealing the Network: How to Own an Identity range from appalling to exciting. Whether you see the glass of STN: Identity as half empty or half full depends on whether this is your cup of poison -- but on a technical level, it rocks." Read on for the rest of Pinzon's review. Stealing the Network: How to Own an Identity author Raven Alder, Jay Beale, Riley "Caezar" Eller, Brian Hatch, Chris Hurley (Roamer), Jeff Moss, Ryan Russell, Tom Parker, Timothy Mullen, Johnny Long pages 336 publisher Syngress rating 6 reviewer Scott Pinzon ISBN 1597490067 summary Fiction that teaches about network security

Slashdotters have a distinguished history of calling b.s. on fiction authors who get technical details wrong. (My recent favorite is Jeffrey Deaver's jargon-in-a-blender paragraphs in The Blue Nowhere, where a computer expert can't break a hacker's defenses because "I can't decrypt his firewall!") But what happens when the problem is reversed? Can authors with awesome technical credentials, but little literary background, teach by using story?

And these authors do have impeccable Internet security cred. Many of them are stars circling the firmament of Black Hat and Defcon; senior penetration testers; former consultants to No Such Agency; authors of popular books on security; and so on.

Thus, STN: Identity describes attacks with accuracy and depth. The light veneer of fiction gives the networking tips real-world context. (On this point, I agree with Blain Hilton, who reviewed the first STN volume for Slashdot.) Sure, you've heard of all kinds of hacker tools, but do you know exactly when an attacker would use, say, Metasploit Framework, and not Knoppix? Chris Hurley's chapter, "Saul on the Run," stands out in this regard, showing how a black hatter uses social engineering and numerous tools to get a valid birth certificate for someone else, and exactly how an attacker can intrude on a secured wireless residential network to explore private information.

Another stand-out chapter is Johnny "Google Hacker" Long's "Death by a Thousand Cuts." This rambling episode follows, in part, a forensic cop's efforts to make a disc image of an iPod found at a crime scene. The trouble is, Apple's drivers spring into action whenever the iPod senses it has connected to a computer. If the driver activity changes anything in the iPod, all evidence on it will be inadmissible in court. In unraveling this challenge, STN became so fascinating, I couldn't put it down. Which made showering awkward.

Brian Hatch's chapter, "Bl@ckTo\/\/3r," stood out to me, also, but for the opposite reason: almost all of it went over my head. I thought I had accepted Unix into my heart, but I'm not disciple enough to keep up with Hatch's treatise on X11. Where I thought Hatch was talking only to himself, I had a more senior network security expert read the chapter, and he considered it well written. YMMV.

Other chapters cover basic crypto and code-breaking; how to forge cards that will fool magnetic stripe readers; the dark side of biometric authentication; uses of a Faraday cage; making a QWERTY keyboard type Dvorak letters, and just lots and lots of good undergroundy badness. The technical lessons hold tightly to the stated theme of identity theft. Any network administrator could learn a lot about the enemy's techniques from this volume; and, because of the story-driven format, probably even remember them.

But I've been dodging my opening question: does the fiction part work? Before I answer, I should mention that I've written a lot of fiction. I've had four books of fiction and 60 short stories published, and studied under the editor who removed 500 pages from Stephen King's The Stand. I'm not saying I'm good at writing fiction; I'm just saying I respect the craft. So, can STNs authors write fiction? No. No, they cannot.

STN: Identity reads like a catalog of beginning-fiction-writer mistakes, from misspellings and homophones (from Chapter 5: "He called me a Windows administrator, and it wasn't a complement") to characters with no feelings or personality. In Chapter 8, where college students decide to 0wn Hushmail's DNS servers for a man-in-the-middle attack, they work 36 hours straight without a smart remark, a crabby comeback, or, really, any dialog except ad hoc lectures on network architecture. Fiction-wise, it's as if Nancy Drew or the Hardy Boys tried hacking. And a couple of the chapters go so far past "wordy" that they're almost the verbal equivalent of running in place. If you're in a hurry to get to the technical meat [Jedi hand wave], these are not the authors you want. With that said, I admit that some of the chapters clamber all the way up to "adequate." But remember, fiction that teaches is hard for anyone to pull off.

Maybe none of that matters. Is anyone looking for deathless prose when picking up a book subtitled "How to Own an Identity"? Nah. What matters is, the various authors lay down some seriously tricky attacks. If you are more geek than lit critic, the coolness factor is off the charts. If you like to spend your time reading and thinking about network security and hacking, this is for you. And if you still buy into the "romance" of hacker shenanigans, STN can be your little Defcon-away-from-Defcon.

So is this wildly uneven book worth the price? For fiction lovers, no. For white hat security aficionados, yes. For black hat security aficionados, buying it will be the last purchase you make on your own credit card -- so hell yes. #

Full disclosure: I am not personal friends with any of the authors, but I've interviewed a few of them, including the book's technical editor, Timothy Mullen, for my day job. I may also suffer from envy that my own attempts to fictionalize network security have been ignored by most of the world except German Tom's Hardware.

Scott Pinzon, CISSP, is Editor-in-Chief for WatchGuard's LiveSecurity Service, and writes about network security on the free RSS news feed WatchGuard Wire. You can purchase Stealing the Network: How to Own an Identity from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Craig Maloney writes "Just about everyone out there who has ever typed #!/usr/bin/perl has encountered Learning Perl (otherwise known as "The Llama Book") in one form or another. You may have learned some of the intricacies of the language from this tome, or you've seen someone recommend this book to potential Perl programmers on-line. Learning Perl is generally in the top three recommended books for new Perl programmers, next to Programming Perl ("The Camel Book"). Now in its fourth edition, Learning Perl returns with updates covering the stable 5.8 series of Perl. The changes are subtle, but the improvements make for a clearer and more readable book." Read on for the rest of Maloney's review. Learning Perl, Fourth Edition author Randal L. Schwartz, Tom Phoenix and brian d foy pages 304 publisher O'Reilly rating 9 reviewer Craig Maloney ISBN 0596101058 summary The fourth edition of the classic text for learning the Perl language.

When I was initially introduced to Perl, I was one of those who was recommended to read Learning Perl. I picked up the initial edition (with the mauve binding), and began my journey into Perl. What I found was a dense, hard-to-follow introduction to the language, with the experienced Perl programmer in mind. I realized that the tutelage of this experienced programmer/author might be useful, but I opted for other books instead. As others looked to me for book recommendations, I recommended other works for people looking to immerse themselves in Perl, and relegated Learning Perl to the section of my library where live books with a steep learning curve (similar to the learning curve experienced by many with Kernighan and Ritchie's classic The C Programming Language). Like The C Programming Language, however, a full grasp of the language is not achievable from texts where the central focus is to avoid using the lingo and customs of those who are more familiar with the language. Only by full immersion in the culture of the language can one become fully proficient in that language. What's new? Learning Perl 4th edition has been updated in several ways from the previous edition. The text has been updated to reflect Perl 5.8, although this book doesn't introduce any 5.8 specific concepts. The new edition was reorganized from the previous version. The chapter on Regular Expressions is enhanced, and file handles are introduced in the I/O Basics chapter. CPAN is introduced in Learning Perl, since it has become much more important to beginners. The chapter on flat-file databases (DBM/DBM Hashes) didn't make the cut for this edition, but a good portion of the chapter made its way into Chapter 9 (Processing Text with Regular Expressions). The book has a cleaner feel to it, and flows without the erratic feel of the previous editions. What's good Learning Perl could rightly be called A Tourist's Guide to the Perl Culture. The material is immersive, and teaches Perl using the verbal language of a Perl programmer. No attempt is made to dumb down the material. This leads to sentences in the book like the following: Alas, these aren't words as you and I are likely to think of them; they're those \w-type words made up of ordinary letters, digits, and underscores. The \b anchor matches at the start or end of a group of \w characters. The previous sentence makes perfect sense for those who have already grasped the fundamentals of regular expressions, but for those who aren't quite up to speed, the previous sentence warrants further study. This can be a blessing or a curse for some. Ultimately, it forces the reader to understand the Perl culture which can only improve the reader's understanding of Perl. Also of note are the footnotes. Almost every page in the book contains footnotes commenting (sometimes sarcastically) about the topic at hand. Sometimes the footnotes can be distracting, as your eyes will busily look for the next humorous footnote, such as this little gem: And /,{5}chameleon/ matches "comma comma comma comma comma chameleon". By George, that is nice. What's Bad The only complaint I can level at Learning Perl is that there could be more explanation for some of the concepts in the book. In the section called "More Regular Expressions," the book presents the following example:

Here's the text:

I'm talking about the cartoon with Fred and Wilma!

And here's a substitution to remove those tags. But what's wrong with it?

s#(.*)#$1#g;

The problem is that the star is greedy. What if the text had said this instead?

I thought you said Fred and Velma, not Wilma

In that case, the pattern would match from the first to the last , leaving intact the ones in the middle of the line. Oops! Instead, we want a non-greedy quantifier. The non-greedy form of star is *?, so the substitution now looks like this:

s#(.*?)#$1#g;

And it does the right thing.

Unfortunately the less astute reader may not understand what exactly happened here. One line of output with the end result would help clarify what this regular expression did.

What's in it for me? Learning Perl would rightly be regarded as one of the classic texts for Perl programmers to read through at least once in their Perl careers. The book is chock-full of useful information, and even experienced Perl coders would do well to at least leaf through the pages of this book for paradigms to help their coding. Absolute beginner programmers would likely find this text a little over their heads, but intermediate programmers will find Learning Perl a valuable resource in their road to proficiency with Perl. You can purchase Learning Perl, 4th Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

nazarijo (Jose Nazario) writes "A couple of years ago, Johnny Long made a large splash in the press with his Google Hacking. He showed the world at large how easy it is to use Google to sift through mountains of information to discover facts about your adversary they didn't know were public (and would rather were private). Now he's written a book with a few other authors and shows you the kinds of techniques and queries you can do to mine Google for all sorts of information." Read on for the rest of Nazario's review. Google Hacking for Penetration Testers author Johnny Long pages 502 publisher Syngress rating 6/10 reviewer Jose Nazario ISBN 1931836361 summary Use the data stored in Google's database to study your adversary

Google Hacking for Penetration Testers (Google Hacking for short) is Johnny Long and company's tome on the subject of using what is widely considered to be the web's only worthwhile search engine and the myriad of ways that you can get very specific information out of it. Not just for web pages, you can find Excel spreadsheets, Word documents, and all sorts of information that the owners thought was hidden. This is what makes Google hacking, as an activity, so interesting.

The Google Hacking book starts with Google search basics, which is usually way more than most people do in a given week of using Google. With nary a pause, Chapter 2 covers advanced Google search operators, such as exclusions, file types, and restrictions like "inurl:" and "phonebook:". By this point, you should be sufficiently armed to do some serious Google hacking. Together with the skills and the imagination to phrase what it is you're looking for, you can mine the web.

Chapter 3 provides a simple, fast-paced introduction to using Google to do more than find porn and stalk potential mates. You can dig around in sites to find, for example, backup scripts (which may expose database parameters, useful for SQL injections later on) and eve use Google to hide your tracks as a proxy server (note this only partially works).

The next few chapters focus on the Penetration Testers portion of the title. Chapter 4 starts with the preassessment of the target (of your pen-test), including digging around for information left by employees (ie mails that reveal employee lists), information about the company leaked in job postings (which may include technologies used), and all the kind of stuff you want to know before you start knocking around. Chapter 5 shows you how to use Google and a few other sites to map the target. After all, Google's indexed their site, why not use the data they gathered. Chapter 6 has some real meat in it, including how to find vulnerable CGI programs via Google queries (ie looking for formmail.cgi scripts).

Chapter 7, which is described as "Ten Simple Security Searches That Work", is surprisingly succinct and effective. It basically helps you map the restrictions you learned earlier into queries and data to help you penetrate a target's security without ever leaving Google. Chapters 8 and 9 help you understand how to use Google to enumerate what you can about resources and authentication credentials, and Chapter 10 describes how to pull up documents for your perusal, some of which may be real gems.

Chapter 11 is another interesting chapter, where you learn how to use these same techniques on your own site to determine what kinds of exposures you have. This can include private communications, confidential memos, and even internal configuration information. What doesn't get stressed too clearly at all is that some sites don't respect "robots.txt", for example, and will archive pages indefinitely even if they weren't supposed to. As such, even if you are protected from Google you may not be entirely protected. Now is a good time to learn how to use other major search engines.

I liked where Chapter 12 is headed with automated Google searches via the API and page scraping, but I think more could have been done here to show better, more useful code. As it stands, you'll have to expend some more elbow grease to translate a lot of what you learned earlier into a useful tool for yourself (if you want to write your own). The two appendices on "Professional Security Testing" and "An Introduction to Web Application Security" seem out of place, though, and could have been bridged into the whole book much more cleanly.

Overall I'm not as thrilled with this book as I would have liked to have been for a few key reasons. First, I found the presentation of the book, specifically organization, language and screenshot displays, to be only average. The organization of the book itself seems to jump around sometimes, going from recon work to attacks and then back to basic outside recon work. This becomes a burden when you want to refer back to the book to find a useful portion or to understand the progression of an idea.

Secondly, I found the writing to be heavy with all kinds of 'Leet Hacker' types of references, which get old pretty quickly and only drown out useful information. At over 500 pages, you'd think this book was truly bursting at the seams with information, but a lot of it is redundant or hidden under excess fluff.

Finally, a number of the screenshots are full screens when they could have been only pieces of a screen or a window to achieve an improved effect. This matters because the halftone printing process leaves the images blurry, and a large window or screen is blurry at the book's printing resolution. This is something I've found in common between a bunch of Syngress books, and I hope they'll address it shortly by reviewing their screenshot design.

In conclusion, there's nothing too significantly special about Google hacking. With a bit of elbow grease, some example code for the Google API, reading Google's own docs, and some experimentation you can find yourself at the same level you'd be at with the book, and about $40 heavier, too. However, Long and co-authors have assembled a good number of Google methods together, and if you're the kind of person who prefers to get right to productive work with a book, it's probably the best book I've seen on using Google for more than simple searches.

You can purchase Google Hacking from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

pankaj_kumar writes "Apache Ant, the Java replacement for make , belongs to the rare breed of category killer software for automating Java software development tasks. It is an Apache open source project, has won numerous awards, boasts comprehensive online documentation and is used by most Java developers. So, what could a book say that is already not available online?" Read on for Kumar's review of Ant: The Definitive Guide. Ant The Definitive Guide author Steve Holzner pages 316 publisher O'Reilly rating 8 reviewer Pankaj Kumar ISBN 0596006098 summary Complete Build Management for Java with Ant

As a long time Ant user, I have written many Ant build scripts, automating my builds and speeding up the overall development cycle, mostly relying on its excellent online documentation. As a Java developer, I have admired its simple and intuitive interface and the modular design. So on getting Ant: The Definitive Guide in my hands I wasn't expecting a whole lot new to learn, and thought of using it only as a reference book.

After having the book on my desk for more than a month, though, and occasionally flipping through its pages whenever I would otherwise have consulted the online documentation, I must say that I had been missing out on some very important things: tasks like ftp and war deployment that I was simply not aware of and had never felt the need to look up, but could very well use. The other interesting thing I noticed was that my build scripts became smaller, more modular and easier to read.

Like most books in the The Definitive Guide series, Ant The Definitive Guide assumes a certain level of familiarity with underlying technologies such as Java and XML and focuses on providing complete, reference like details of Ant features and tasks. These description are generously supplemented with examples and code fragments.

But so is the the online documentation for Ant! Will someone gain additional insight in using Ant, or be able to work faster, or make better use of Ant capabilities, by consulting this book, instead of the online documentation for a particular Ant task? To find the answer, I randomly picked two topics -- filesets, an important and oft-used Ant datatype, and javac, a core Ant task -- and compared their online description with the one in the book. Here is what I found.

Besides the datatype definition, explanation of various attributes, sub-elements, and the examples, the book also covers how to specify conditional inclusion or exclusion of certain filename patterns when a property is set (or unset). Though this can be inferred from online documentation by a determined user, this particular use is far from obvious. The coverage in the book also talks about the relationship of the fileset datatype with the javac task, pointing out that the fileset attribute dir is equivalent of javac attribute srcdir, as attribute dir will be confusing in javac: is it referring to source directory or destination directory. This is the kind of insight that really helps a user.

The treatment of the javac task in the book is not much different from the one in the online documentation. Both have almost the same material, though the information in the book is better organized for new users. On the other hand, I found the online documentation to be more complete, especially with respect to the compiler specific options and behavior idiosyncrasies.

Here is a rundown on what the book covers: Chapter 1, Getting Started is a quick primer on Ant, with sufficient details for a new user to start using Ant for very simple build tasks. Chapter 2, Using Properties and Types introduces the building block tasks and datatypes, such as property, condition, fileset, path like structures, selectors and so on, used in other Ant tasks. Chapter 3, Building Java Code covers the tasks and activities around compiling Java source files (ie; javac), organizing the build steps in various targets within a single build scripts and/or across multiple scripts, generating documentation using javadoc and creating distribution jars and zip files. The rest of the chapters are devoted to tasks for specific purposes, such as launching external programs (Chapter 7, Executing External Programs), copying files and manipulating directories either on the same machine or over the network (Chapter 4, Deploying Builds), running JUnit tests (Chapter 5, Testing Builds with JUnit) and so on. There are also separate chapters covering interaction of Ant with XML and XDoclet (Chapter 9, XML and XDoclet) and with Eclipse (Chapter 11, Integrating Ant with Eclipse). The last chapter, Chapter 12, Extending Ant, talks about extending Ant by doing things like adding your own tasks, creating custom filters, writing your own build listeners and loggers etc. This chapter also has a small section on how to embed a script written in one of the supported scripting languages within an Ant script.

As you can see from this outline, the book covers almost everything that is to know about Ant and other related software.

So, what is not so good about this book? Well, I didn't find anything wrong with the topics which are actually covered by the book. Of course, there are additional things that I would have liked to see in the book: (a) A good sample Ant script which could be used as the starting point for most small to medium-sized projects; (b) A more thorough explanation of how dependencies among targets determine the execution sequence and how this fits in with explicit invocation of targets; and (c) pictures to illustrate some of the concepts such as life cycle of an Ant task, selection of files in a fileset and the dependency tree of targets.

Overall, I found the book to be comprehensive, well organized, easy to read and good value for money.

You can purchase Ant: The Definitive Guide from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Simon P. Chappell writes "There is a school of thought that if you cannot explain what you've done, then what you did was worthless. Perhaps that attitude is a little extreme, but in this highly networked world of emails, instant messages, wikis, blogs and webpages, the art of explaining oneself well is important. While there are many books that teach written skills, there have been few ostensibly aimed at technical folks. Enter Spring into Technical Writing for Engineers and Scientists by Barry J. Rosenberg, a technical writer and the author of a number of technical articles and books including the KornShell Programming Tutorial." Read on for the rest of Chappell's review. Spring into Technical Writing for Engineers and Scientists author Barry J. Rosenberg pages 318 (with an 18 page index) publisher Addison Wesley rating 9 out of 10 reviewer Simon P. Chappell ISBN 0131498630 summary Solid writing advice for technical folks.

Who's it for?

The book's full title pretty much nails the intended audience; it is absolutely for engineers and scientists. Unlike most works on literary skills, this book treats you like a geek and realizes that you don't want to write prose, but you do want to communicate through a written medium. If you read Slashdot on a regular basis, know what Linux is or the majority of your books have diagrams, figures and tables instead of pictures, then you are a candidate for this book. If you can name more than one type of verb, then you may well be better sticking with your copy of The Elements of Style.

The "Spring into ..." series of books is based around the idea of transferring concepts quickly and efficiently. Barry, editor of the series as well as the author of this book, recounts his experience of a few years ago, when he had to learn a number of new skills quickly and could not find books that would meet that need. In his own words, "I didn't have time to become an instant expert, but I did have to become instantly competent."

The Structure

The book is split into four sections, each building upon the output generated in the previous section. The first section introduces the reader to the concept of technical writing, including how it varies from the other sorts, and then covers how to plan your documentation. Section two covers the actual writing. It starts with words, moves to sentences and progresses to paragraphs, before bringing in lists, tables and graphics. Section three looks at specific types of documents that are meaningful to engineers and scientists including manuals, web sites, proposals, lab reports, PowerPoint presentations and emails. The fourth section teaches basic editing skills, core concepts of typography and a discussion of practical punctuation.

Chunky, and I don't mean soup.

The series explains its topics in one or two page units that it calls chunks. The individual chunks in a chapter build on previous chunks. Delightfully, there are plenty of good examples throughout the book and each chunk has at least one example in it.

What's to like?

I found much to like about this book, and if any of these points ring true with you, then there's a good chance that you'll like it too. The first thing to note is hopefully obvious, and that is the quality of the writing. Or at least I'd hope that it would be obvious that the writing was excellent in a book about writing! There is an upbeat and cheerful tone that, even with a few corny jokes in the footnotes, doesn't cross the line into being either saccharine or condescending.

After the quality of the writing, the thoughtful division into chunks pretty much make the book for me. The information within the chunks is excellent, well indexed and easy to locate through the table of contents. The chunks cover task-sized activities; for example, you might wonder if a semicolon would work at a certain juncture. So you turn to chapter 20, the chapter on punctuation, and then to page 286, where a straightforward explanation of the correct usage of semicolons (with five good examples) awaits you.

While there are many depths to be explored in writing, this book stays close to the surface, giving enough help and guidance without turning the reader into an expert on composition. All advice is targeted for the concept, in the context of the likely circumstances that an engineer or scientist would need it.

The book stays on target all the way through. The stated audience of the book is engineers and scientists, and that remains the focus throughout. This makes a delightful change from books that claim to cover advanced topics, but start out trying to teach you the basics; Java books seem to be especially guilty of this.

The third section of the book covers many of the types of written material that a reader may be called upon to produce and not only gives examples, but it also shares tips and lessons learned from experience for each of the document types. Examples include pacing a PowerPoint presentation and writing a book proposal.

Oddly enough, for a book written about writing, for a technical audience, by a professional technical writer who also teaches occasionally at MIT, there is nothing to complain about in the writing department. So, switching to scraping the bottom of the barrel mode: I didn't like the ragged-right text justification and a few of the jokes were very corny. That's it.

Conclusion

This book does what it sets out to do, that is to equip engineers and scientists with the skills to communicate clearly and effectively through a written medium; whether that be a website, an email or a report. I recommend this book to everyone, from organizers to doers. Organizers like to write about what should be happening, and doers, while they may tend to shy away from writing, are often asked to write about what they've done for the organizers. This book covers that full circle.

You can purchase Spring into Technical Writing for Engineers and Scientists from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Fraser Cain (Mark Mortimer) writes "Hacking sounds crass. It manifests images of short cuts, jobs poorly done and people most interested in just finishing, no matter what. In the computer industry, sometimes this perfectly portrays hackers. However, for an expert, a hack is the complete opposite. It's a beautiful, well thought resolution that uses minimal effort. Often only those in the know truly appreciate it. Robert and Barbara Thompson in their book, Astronomy Hacks compile tips and techniques for observing the night sky. Their methods seem simple, yet they include detail to show they are experts who are presenting hacks derived from years worth of knowledge." Read on for the rest of Mark's review. Astronomy Hacks - Tips & Tools for Observing the Night Sky author Robert Bruce Thompson and Barbara Fritchman Thompson pages 388 publisher O'Reilly Media Inc. rating 8 reviewer Mark Mortimer ISBN 0596100604 summary Hacking your telescope

This hack book can be taken two ways. One is as a reference to look up solutions to problems or seek a reference for a better method. Two is as a complete back grounder for the beginner and higher level amateur astronomer. Within it are 65 distinct hacks grouped into four chapters; Getting Started, Observing Hacks, Scope Hacks and Accessory Hacks. No embellishments obscure the text. There are only the hacks, each relating to astronomy the same way a Clymers manual refers to motorcycle repairs. No extenuating plots nor complex character development obstructs the wording. This book just lists lots of techniques, hints and recommendations.

The first chapter, Getting Started, has enough detail to guide the beginner or assist the intermediate practitioner. The standard encapsulation of binocular and telescope types ensues. To provide an example of the depth of detail, consider the binocular. The discussion includes; magnification, aperture, exit pupil, eye relief, field of view, interpupilary distance, prism type and lens coatings. A summary list recommends choices for various budget ranges ($75 to $5000) and gives recommendations on certain manufacturers and models.

The telescope selection hack is equally detailed, with descriptions of the three main types; reflector, refractors and catadioptric as well as criteria and recommendations. The authors are admitted fans of Dobsonian telescopes and tend to give more attention to this type both here and elsewhere in the book.

Safety, as the basis of its own hacks, or as a backdrop for many other hacks, appears throughout. Most is for personal safety, whether by staying in groups or not dropping large, heavy mirrors on toes. Perhaps the recommendations to bring a firearm for protection against four legged predators goes a bit far. The repeated references to courtesy for group viewing is just one of the many indicators of the wealth of the author's experience.

The chapter on observing hacks includes, among others, the principles of light, a comprehensive biological description of our eyes' receivers, and a method for running a Messier Marathon. This chapter revolves around the purpose or goals of amateur astronomers. Accepting that these aren't planning on detecting new stars or planets, the authors clearly convey the simple pleasures of viewing. Whether a person is taking copious notes, simple sketches or photographs, the rewards are many and admittedly differ with each person. Simple hacks to improve style or refine goals aid in refining the reward.

The scope hacks essentially look at scope maintenance, and they can get complex. There are step-by-step cleaning instructions for a 10-pound mirror, including swishing it under the faucet for minutes. The same goes for collimation, with its consideration of Strehl values and diffraction spikes. The reasoning and the simple instructions convince and empower the reader to take charge of his viewing capabilities.

The last chapter, Accessories Hacks, is chock full of the little tips to branching out in one's astronomy experience. Eyepieces and filters get a thorough treatment. Light-proofing your vehicle or using software to build custom star charts round out the suggestions.

In all, whether as a reference or as an introductory read, this book delivers. The background and justification for the hacks give sufficient information to believe in their value without overtaxing the brain. Neat hints, like keeping red pens away from night sites, help any observer from committing blunders. The table of contents and index simply and easily guide readers. While sketches, illustrations and photographs clarify many of the subtle points. There's even a note on the proper pronunciation of Greek letters.

With simple prose copiously sprinkled with personal, humorous anecdotes, the reading is a pleasure. Many references to manufacturers and equipment costs aid in selections today, though they probably won't stand the test of time. As well, there is very little on astro-photography. The authors simply say that this activity demands much practice and much equipment. Fair enough, but given the upsurge in computer literates, this area cries for more information.

Reading car repair manuals helps fix a car's problem or learn more about fixing cars in general. The same can be said for Astronomy Hacks. Each hack includes details, hints and tips to embellish a viewer's night time activities. Most of all it ably empowers you to take charge of your hobby and make the most of astronomical viewing.

You can purchase Astronomy Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Jim Holmes writes "Marc Holmes's Expert .NET Delivery Using NAnt and CruseControl.NET is an outstanding book for development teams wanting to build a reliable, automated delivery system. The book clearly lays out the case for having a standard delivery process, then dives into specific details of implementing such a process via NAnt and CruiseControl.NET. The book also covers several other tools, both open source/freeware and commercial, including NDoc, FxCop, NUnit, Red Gate's SQL Bundle, and Eric Smith's CodeSmith code generation tool. This book, like Steve Loughran's Java Development with Ant has crucial concepts and patterns which are useful to folks even outside its target .NET audience. This is because the author is so emphatic about the criticality of process and standards, something applicable to anyone developing and delivering software." Read on for the rest of Holmes' review. Expert .NET Delivery Using NAnt and CruseControl.NET author Marc Holmes pages 400 publisher Apress rating 10 reviewer Jim Holmes ISBN 1590594851 summary Automate your .NET software build and delivery process

Disclaimer: I got this book free as a giveaway for our .NET Developers Group. Some folks might think this could influence my opinion, but they'd be wrong. Also, Marc Holmes is in no way related to me. (Well, we're both humans inhabiting the Earth, descended from Adam and Eve or the same biological soup depending on your beliefs, so I suppose that's not completely true.)

Note: To avoid possible confusion due to our same last names, through the review I'm going to refer to the author as "Marc ," not "Holmes."

I got this book because I'm an independent software geek who loves having automated, repeatable processes. I don't have a QA department to double-check every drop I send to customers, nor do I have a separate process department to run checklists every time I need to gather up some statistics on testing, code complexity, etc. I need all these sorts of tasks wrapped up into stable, repeatable, automated processes so that I don't have to constantly worry whether I've forgotten something. (Worse yet, I work from home while taking care of two young children. Automated processes let me focus my meager remaining concentration on software construction while having stuffed animals tossed on my keyboard and drums bashed behind my work chair.) I've had a solid background in Ant and NAnt, but wanted real-world detail on how to generate an end-to-end process for continuous integration and delivery.

This book is part of Apress' "Expert" series which includes books on Oracle, .NET development, web services, and Network Time Protocol. (And who among us hasn't frequently needed an expert book on NTP when we're trying to remember some details of symmetric passive mode?)

Two mantras run centrally through this book: Marc's quip "Design for Delivery," and the importance of standards-based processes. It's not enough to cobble together an automated system which may get one from end-to-end. A team needs a system which gets software built, tested, reported, and packaged in a form read to drop into a customer's environment. Having the mindset of "Design for Delivery" helps focus the team on meeting the goal of getting their software out the door in best fashion. Approaching an automated build system with a thought to standardization means that the team shoots for systems applicable to many projects. Each new project's solution shouldn't require a large amount of rework to get the build/deploy system up and running. Marc is emphatic about this throughout the book, constantly refactoring build and deploy scripts to keep them as abstract as possible.

Marc approaches the task of creating an automated delivery process with the same mindset of designing software: a few use cases with expected outcomes which are used as guidelines for building up the various scripts needed to get delivery tasks done, standards for wider implementations are considered, then the scripts themselves are built in an iterative fashion.

This book isn't a fluff-filled overview of tools. Marc dives down deep into the guts of several very useful tools, showing readers how to solve tough, real-world problems. Simplistic build and deployment systems which do nothing more than run a compiler and zip the resulting output are, well, simple to build.

Theory and details of how a tool (or tools) might be used are fine, but then reality in implementation hits. Marc matter-of-factly states that his approach to a delivery system may not work for everyone. Many of the tools he demonstrates offer multiple approaches to solving problems, such as NAnt's ability to use different build files via inclusion or as separate targets. Marc almost always discusses these options and discusses the rationale for his selection.

Marc also includes some great "Further Reading" sections at the end of most chapters. He points readers to some terrific additional reading such as McConnell's Code Complete, 2nd ed., Ambler's Agile Database Techniques: Effective Strategies for the Agile Software Developer, and Newkirk's Test Driven Development in Microsoft .NET.

The book's flow is very sensible and straightforward. Marc opens with a good discussion on creating a delivery system, then moves on in chapter two to a example of one company's project which he carries through the entire book. The example project is expanded during subsequent chapters as Marc builds up the build and deployment scripts as he covers that chapter's topic. I found this particularly useful since it's a great guide to building one's own automated system. It's easier to follow one example through an evolutionary process rather than having different examples thrown out piecemeal.

The book's laid out in ten chapters plus two appendices. After the first chapter's introduction, each chapter covers one key concept in the build system. Chapter ten closes out the book with "Closing Thoughts."

Chapter 1, "A Context for Delivery," lays out Marc's ideas on why automated, standardized build systems are so critical. Marc doesn't waste time detailing examples of train wrecks due to bad delivery processes. He has a short blurb on the business benefits of automation, then gives an overview of his example company, Etomic, and its products.

Marc continues by discussing potential processes for delivery, covering potential problem issues with each option, laying out his case for standardization and automation in the delivery cycle. Readers who are looking for rescue from a chaotic build and delivery process should hopefully have an epiphany moment or two in this section. So may readers who already have some process in place.

Chapter 2, "Dissecting NAnt," gives an introduction to NAnt and discusses its basic features. The ubiquitous "Hello, World" example is used, then the chapter moves on to discuss the details of creating build files, and variations for invoking NAnt from the command line. There's some good detail on using loggers to generate and merge output from NAnt into an XML log file, important for tracking exact execution details. NAnt's all-important properties, configuration file options for controlling NAnt's execution, are also covered in good detail.

Marc finishes the chapter by creating a skeleton build file for the fictitious Etomic corporation. This skeleton is expanded upon in following chapters as Marc discusses other tools and processes.

Chapter 3, "Important NAnt Tasks," is where Marc gets into the weeds of NAnt's execution. NAnt tasks are chunks of functionality contained in NAnt's libraries. Tasks give NAnt users support for things like interfacing to CVS for source code control, calling NDoc to create documentation from XML comment files, and reading values from the Windows registry. Marc selects several groups of tasks to cover, including conditional tasks for controlling build flow (if, ifnot, fail, e.g.), file management (attrib, copy, mkdir, get), and the fundamental build tasks (asminfo, exec, mkiisdir, solution, csc).

Marc also introduces NAnt-contrib, a second library of tasks written by other NAnt community developers. These tasks, which haven't yet made it into NAnt's framework, provide critical, additional functionality such as interfacing to Visual Source Safe for configuration management.

While he details important tasks in clear fashion, Marc makes it clear that his book is not a reference for the tools he covers. He emphatically points users to the tools' sites for more current and detailed information.

Marc carries this theme throughout the book: he focuses on what's necessary to get the job done, briefly describes potential enhancements or other possibilities, then points the reader to sources for more information.

Chapter 4, "A Simple Case Study," finally gets to the "real world" implementation. Marc begins to fill in the skeleton developed in Chapter 3 with tasks for testing via NUnit, documentation via NDoc, and error handling via NAnt's 'nant.onfailure' property which points the build process to an error-handling task.

Versioning software during a build can be difficult, but Marc has a section in this chapter devoted to handling versioning. He also shows opportunities for refactoring the build file from its klunky initial form to something less brittle and more easily extended. He also leaves the build file behind to begin development of a separate deployment script. He admits his initial deployment script is overly simple and suitable only for basic Windows applications; however, he continues to enhance and expand the deployment script as the book progresses.

Chapter 5, "Process Standards ," seems misnamed to me. Marc does spend some time discussing naming conventions and source control organization at the start of the chapter; however, most of this short chapter centers on refactoring the single build file into separate chunks.

Additionally, he covers a more complex build and deployment example with a custom-written Visual Source Safe Manager component which utilizes COM interoperability and is installed as a Windows service. Both these features are some of the more complex issues one might tackle in real-world deployments, so Marc's text here is very useful.

A semi-hidden gem in this chapter is Marc's discussion of a tip for getting around the less-than-helpful structure of a Web application in Visual Studio .NET 2003. Microsoft forces developers to hack up virtual links to an IIS server's web publishing folder, then scatters Web Application files between the .NET solution's directory and the web folder. This causes great difficulty when trying to use NAnt to build and deploy web apps. Marc points readers to Fritz Onion's wiki site where a clearly explained procedure for changing VS.NET's web application behavior awaits.

Chapter 6, "Continuous Integration ," pulls CruiseControl.NET (CC.NET) into the picture. Marc starts the chapter with great discussion on the benefits of Continuous Integration (CI), then begins detailing the tools. Marc chooses CC.NET, but he also gives a short bit of coverage to two options, Draco.NET and Hippo.NET. His "Further Reading" section for this chapter also points out other options.

Marc's coverage of CC.NET is much as his coverage of NAnt: targeted, detailed discussion of the features needed only to implement his build and deployment system. He writes about the Web Dashboard and the useful cctray applications, then moves to basic configuration and setting up the server. There's brief but adequate coverage given to configuring triggers, source control integration, and publishers, plus Marc points out what changes are needed for the NAnt build scripts. Marc closes the chapter with summary screens and output from CC.NET runs, then mentions how CC.NET is easily extendable if one needs additional functionality - providing a good transition to the next chapter.

Chapter 7, "Extending NAnt" is a great tutorial on how to write your own tasks to cover jobs not in NAnt or NAnt-contrib's libraries. Marc uses 'mkdir', 'copy', 'version', and 'exec' to help readers learn the basics of writing their own tasks in NAnt. He discusses NAnt attributes, crucial to NAnt's framework, then moves to how individual tasks interact with the master build file for capturing events, reading properties, etc.

Marc's first example of extending NAnt to incorporate FxCop is educational, but has been overcome by events: FxCop support is included in NAnt-contrib version 0.85rc3. Regardless, it's very useful to see how simple it is to write one's own task in NAnt.

Chapter 8, "Database Integration" is by far the longest and intricate chapter. Right off the bat Marc lists some of the hardest problems to solve when integrating databases into a build system: lack of source control, the amount of detail one must pay attention to, and how to deal with data in the database itself.

Marc puts forth examples of shared and local database development, then moves on to build/deploy tasks involved in integrating databases. He also covers how these tasks thread into the continuous integration process. Next he covers modifying the build and deploy scripts to integrate the database tasks.

The brunt of chapter 8 revolves around wrapping Red Gate's SQL Bundle, a commercial tool package, into the processes. Marc shows how Red Gate's tools enable the process to automatically detect database schema changes, create merge or update files, and compare database instances. This chapter alone might make the book worth its price if readers are involved with any projects needing substantial database development.

Chapter 9, "Code Generation," makes use of CodeSmith, a code generation package in both freeware and commercial formats. Marc espouses code generation as a way to alleviate problems in complex build environments.

Specifically, Marc identifies three troublesome topics: separation of concern (intertwining of process and configuration information), specific system steps (unavoidable hard-wiring in of file names for NDoc's documentation, for example), and administration overhead (the work required to keep the build/deploy systems operational or portable to new projects).

Marc's use of CodeSmith demonstrates how code generation can solve these problems and wrap directly into the build process. He uses short, clear examples on how to tie CodeSmith into both NAnt and CruiseControl.NET.

Chapter 10, "Closing Thoughts," is Marc's summary. It's a walkthrough of the territory the book just covered, laying out the material in brief form. Context, motivation, mechanics, consequences (pros/cons), and results all get concise summaries. The author also lays out a very useful Best Practices list for processes, standards, NAnt, CruiseControl.NET, and other factors. He also spends a very few paragraphs on the direction Microsoft is taking with their upcoming Build Server and its potential impact on the NAnt community.

The mechanics and format of this book are terrific for the most part. The author's writing style is clear, easy-going, and humorous without being campy. The index appears to be very complete and covered the few things I needed to reference.

On the negative side, a few of the screenshots weren't framed or cropped very well, leaving me looking for a magnifying glass to try to figure out bits the author referenced in his text. However, this was the case with only a few graphics. Most were very clear and viewable.

Additionally, the versions of tools covered in this book are somewhat outdated, but the author makes that very clear in several places through the book. All his examples work for the versions referenced in the book. Additionally, a complete download of all the various build files, tools, and source code examples is available from Apress's website.

This is a terrific book for folks in the .NET arena looking to establish an automated build and delivery system. It's a very good book for folks looking to enhance an existing automated system, particularly if you're looking to solve the really difficult problem of wrapping database integration into your system.

Lastly, I'd say it's a very good book for anyone interested in automated build and delivery processes, regardless of the environment you're working in. Java developers can get great material from this book, just as I got great ideas from Loughran's Java Development with Ant.

You can purchase Expert .NET Delivery Using NAnt and CruseControl.NET from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Eater writes "W. Richard Stevens wrote Advanced Programming in the UNIX Environment, which was published in 1993 by Addison-Wesley. It quickly became the cornerstone of many bookshelves. The original edition has been revised by Stephen A. Rago to more accurately reflect the current landscape of UNIX and UNIX-like systems. APUE is targeted at the experienced C programmer with a working knowledge of UNIX. It includes chapter long examples of real-world applications, and--as with other works by W. Richard Stevens -- somehow manages to serve simultaneously as an enlightening tutorial and a valuable reference book." Read on for the rest of Eater's review of the book's recent second edition. Advanced Programming in the UNIX Environment, 2nd Ed. author W. Richard Stevens, Stephen A. Rago pages 927 publisher Addison-Wesley rating 9 reviewer Eater ISBN 0201433079 summary Essential classic for experienced C progammers working in UNIX environments

Few technical authors have had such a great impact on the geek community as Rich Stevens, and because of this, any review of his books should include a few words about the man himself.

Stevens' work typically tops any "recommended reading" list when it comes to TCP/IP networking or UNIX programming. Stevens passed away on September 1st, 1999. In addition to APUE, he authored UNIX Network Programming (Volume 1: APIs and Volume 2: IPC) and TCP/IP Illustrated (Volume 1: Protocols, Volume 2: Implementation, and Volume 3: TCP/T, HTTP, NNTP, Unix Domain Protocols.) Stevens was posthumously awarded the USENIX Lifetime Achievement Award for his extraordinarily lucid teaching and generous spirit within the community, which was accepted on his behalf by his surviving wife and children. (Slashdot coverage of his unfortunate death is available.)

Stephen A. Rago, who has taken on the daunting task of revising Stevens' APUE, worked at Bell Laboratories as a UNIX SVR4 developer. His first contact with Rich Stevens was an e-mail regarding a typographical error in Stevens' first book, UNIX Network Programming. Stevens later acted as a technical reviewer for Rago's UNIX System V Network Programming. Rago reciprocated as a technical reviewer for the first edition of APUE, and has done a fine job of revising that same text for the new second edition.

After more than a decade of changes in UNIX and UNIX-like operating systems, the original edition of APUE holds up well. Rago's revision reflects the following:

• System V variants are being replaced by Linux, Solaris being the last of these with any reasonable market share.
• 4.4BSD was the last UNIX release officially maintained by Berkeley's CSRG, with subsequent derivatives being maintained by volunteers.
• The popularity of Linux and inexpensive x86 hardware has introduced a notable shift in development.
• Apple Computer has abandoned its previous operating system for one based on Mach and FreeBSD.
• The original book was based on the 1990 version of the POSIX.1 standard. The new edition has incorporated changes from the 2001 version.
• Chapters on threads and thread control have been added.
• Some material has been omitted to reflect changes in common hardware. For example, the "Modem Dialer" example from the first edition has been removed, and "Communicating with a PostScript Printer" (which focused on serial and parallel communication) has been replaced with "Communicating with a Network Printer".

The following platforms were used in Rago's edition:

• FreeBSD 5.2.1 on Intel Pentium
• Linux 2.4.22 (Mandrake 9.2) on Intel Pentium
• Solaris 9 on 64-bit UltraSPARC IIi
• Darwin 7.4.0 (Mac OS X, version 10.3) on PowerPC

A comparison of the tables of contents between the first and second editions indicates only minor organizational changes. When delving into the text, it's apparent that Rago has done a painstaking job of reworking the text to reflect the changes over the past 13 years.

Notably, Rago has included a few new helpful tables in the chapter on UNIX standardization. These tables compare the differences among the four platforms he used in writing this edition, making this text rather valuable for those trying to support multiple offerings.

An entirely new part of this edition is two chapters dealing with POSIX threads. Rago presents this material first with an introductory chapter on threads, POSIX.1 primitives available for creating and destroying threads, and a discussion of the fundamental issues when dealing with synchronization between threads. The follow-up chapter is on thread control, dealing with the specifics of synchronization, reentrancy, and thread interaction with process-oriented system calls.

Stevens believed that the best way to learn code was to read code, and his books reflect that philosophy well. The original edition contained a chapter titled "Communicating with a PostScript Printer" that included a complete program to communicate over a RS-232 serial connection to an attached printer. Most PostScript printers today are accessed via a network interface, and Rago has managed to rewrite the material reflecting this while still maintaining the original intent of the chapter. The first edition's chapter on modem communication has been omitted from the new edition, but is still available via the book's website.

This book is no superficial rewrite of the first edition. From cover to cover, it's apparent that Rago has carefully interpreted the original text and rewritten it to accurately reflect the changes of the past 13 years; he has also managed to preserve to original lucid and efficient presentation style of Stevens' classic.

The book's official website is available here, including all source-code examples and errata.

You can purchase Advanced Programming in the UNIX Environment, 2nd Ed. from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Running a table-top roleplaying game is, to put it mildly, a challenge. A prospective Game Master (or Dungeon Master) has to utilize interpersonal communications, mathematics, creative writing, acting, and endless stores of patience in order to successfully draw a group of players into a gaming experience. With that in mind, most wise DMs use every tool they can lay their hands on to make the job easier. Wizards of the Coast's sequel to the Dungeon Master's Guide may just be the toolkit you've been looking for. Read on for my impressions of WotC's Dungeon Master's Guide II. Dungeon Master's Guide II author Jesse Decker, David Noonan, Chris Thomasson, James Jacobs, Robin D. Laws pages 288 publisher Wizards of the Coast rating 8 reviewer Zonk ISBN 0786936878 summary A worthy successor to the D&D core book with advice for the starting DM. Like all gaming communities, the table-top community is filled to the brim with nit-picking critics. WotC has gotten a lot of flack for churning out books that are filled with prestige classes, feats, and spells ... and not much else. While I think they're doing much better of late on that front, if you've found this to be your experience this book will convince you there is more than just numbers to the west coast wizards.

DMG II is a deeper mirror of the first Dungeon Master's Guide. Each chapter in the first book is reflected in the sequel, providing more explanation and a deeper look at the subject matter showcased in the original. In addition to mechanics, which was the primary focus of the first Guide, the DMG II examines the process of running a Dungeons and Dragons game by breaking it into discrete elements.

The first few chapters of the second Guide are entirely devoted to the experience of the game from the Dungeon Master's side of the screen. Like another good book on the subject, Robin's Laws of Good Gamemastering , DMG II goes into the psychology of the rules arbiter by laying out what will likely be required from you in your role as DM. The Guide also goes inside the heads of players to offer up to the reader possible motivations for a player coming to the gaming table.

From the broad scope of running a game, the book focuses in on the campaign and adventure specific levels. An examination of campaigns covers a large amount of terrain, starting with game styles and character creation suggestions, and ending up in a discussion of the medieval-renaissance flavor of the default Dungeons and Dragons setting. Adventures as discrete entities get something of a short shrift in the book, with heavy discussion of iconic adventure settings taking up most of that chapter. If you've ever wanted to run a battle in the sky, this tome has what you need. The adventure chapter does have a few worthwhile tips on incorporating material from outside sources into your own campaigns, making a Dungeon Magazine subscription more tempting than it might otherwise be.

Beyond the basics, the mission of the second DMG seems to be to allow DMs with a limited amount of time maximum flexibility. Where the original title had pre-generated NPC statistics to utilize, the second book has chapters on making NPCs more interesting, ways to integrate your players more fully into the campaign world, and an entire mapped out and catalogued city for you to insert into your game. The character chapter includes a system for allowing players to run their own businesses. It abstracts out a good number of factors, keeping the focus of the game on fun and adventure while allowing players to put down roots and make some money. While more realistic campaigns may not find it worthwhile, the average dungeon-crawl will benefit from a small business run using these rules. Similarly impressive is the canned city, Saltmarsh. Saltmarsh is a good-sized town, with plots aplenty and several interesting adventure opportunities spread throughout the different districts. Like the campaign chapter, the city of Saltmarsh gives a window into the standard setting that a first time DM might not otherwise have available.

For a veteran Dungeon Master, there are a few gems that stand out as making this book worthwhile. The sections on Saltmarsh, the business system, and the various tips on tweaking your gameworld (including suggestions for creating prestige classes) would all be handy to have at your fingertips. Newer Dungeon Masters should not miss the opportunity to take a look at this book. The chapters on pacing, performance, and campaign preparation are very well written and will provide some much needed advice for someone just cutting their teeth. Players need not apply. The information a Player would get from this book is simply not worth the money to pick up, unless you're planning on getting into the DM gig.

Wizards of the Coast has created a worthy successor to the original Dungeon Master's Guide. Providing a deeper examination of the original tome's content and a reflection on the performance art that is DMing, to new DMs the DMG II is definitely worth the price-tag.

You can purchase Dungeon Master's Guide II from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "With an increasing number of people disenchanted with the flaws, bugs and security holes in the world's most popular web browser (still) switching to the current open source champion, Firefox, it would seem timely to release a volume titled Don't Click on the Blue E. The number of books on Firefox is increasing by leaps and bounds - so far I've read three, fortunately all have their place. Don't Click on the Blue E is O'Reilly's latest entry into the market. It is targeted at the absolute beginner. I found it to have the usual O'Reilly quality: well-written, well-edited and well-designed." Read on for the rest of Williams' review. Don't Click on the Blue E author Scott Granneman pages 254 publisher O'Reilly rating 7 reviewer Tony Williams ISBN 0596009399 summary Good guide to Firefox for beginners with some minor flaws

That said, it is not without flaws. I hate most of the first chapter and see it as a waste of space. 35 pages mainly of history (some of the Net, and some of browsers) is almost self-indulgent. Certainly almost all buyers would not miss the information if it was reduced to two or three pages in the introduction or first chapter. There is some useful reasoning to justify the shift from Internet Explorer to Firefox at the end, but the rest needs a good going over with the red pencil.

I also found that for a book titled Don't Click on the Blue E, there was not enough information of the "in IE you did it this way, and in Firefox you do it this way" type. The book is a good entry-level guide to Firefox but I would have hoped for more guidance for people switching from IE to Firefox.

I'm getting a little ahead of myself. First, it has to be said that O'Reilly have done away with their usual cover and given us a bright orange cover with a graphic of a fox about to bite a familiar icon composed of a blue 'e.' I like it, this is definitely an O'Reilly book targeted outside their usual technically savvy market and deserves a different cover style.

The book feels light, despite the 250 pages, and is split into only five chapters and two appendices. As you can imagine, each chapter is a huge chunk of information, but the light writing style combined with a look that is heavy on illustrations and sidebars make it an easy read. Once again, this is a departure from O'Reilly's usual style but well suited to the likely reader. I also thought that they had used a lower grade paper than usual, probably to keep the retail cost down. As this is not a reference book to be kept for years, I didn't see this as a flaw.

I've already mentioned the first chapter; the second is devoted to installing and configuring Firefox. This is full of useful information and good illustrations to explain how to set up the browser in detail. The third chapter is how to use and manage it, covering topics such as the toolbars, the search box and adding engines, the menus, tabbed browsing and pop up blocking. The fourth deals with the add ons - plugins, themes and extensions. The final chapter is a bit of a grab bag. Titled "Advanced Firefox," it covers such topics as Live Bookmarks and searching in pages. Each chapter has a well-researched and useful "Where to Learn More" section pointing to web sites with tools and information.

This is probably not a book for the average Slashdot reader. You may like to buy a copy so you can lend it to Uncle Bob or Aunt Susan after you spend another wasted afternoon cleaning the viruses and spyware out of their PC, but I doubt you'll want a copy for yourself. Taken as a whole this is a well-written, thorough book for the absolute beginner with one or two minor flaws. Despite the book's flaws I still find myself recommending it. If you would like a better look yourself, O'Reilly have their usual page of contents and two excerpts from the book.

I would recommend this book over Firefox and Thunderbird Garage for more serious readers. Garage has an occasional quirky tone that might annoy some -- for others it might be a benefit to learning. It also has a little more detail in some areas. Of course if you want a book that covers both applications, then Garage is the only book I've found. Don't Click on the Blue e is a good volume for a beginner who doesn't need the coverage of both Firefox and Thunderbird of the "Garage" book and would like a little more detail.

You can purchase Don't Click on the Blue e from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

stern writes "In the not-so-distant past, engineers, scientists and mathematicians routinely consulted tables of numbers for the answers to questions that they could not solve analytically. Sin(.4)? No problem: look it up in the Sine table. These tables were prepared by teams of people called computers (no, really -- that's where the term comes from) who typically had only rudimentary math skills. The computers were overseen by more knowledgeable mathematicians, who designed the algorithms and supervised their work." Read below for Stern's review of David Alan Grier's book When Computers Were Human. When Computers Were Human author David Alan Grier pages 424 (with index and table of names) publisher Princeton University Press rating worth reading reviewer Stern ISBN 0691091579 summary A history of the first "computers", semi-literates who did math by hand

The most important of these teams was the Mathematical Tables Project, organized by the Work Projects Administration in the United States during the Great Depression. WPA rules required the hiring of people with virtually no skills, so much of the definitive work of the Mathematical Tables Project was computed by people who had mastered only addition. They were not authorized to subtract, let alone delve into the mysteries of multiplication or division. The algorithmic steps assigned to them sometimes produced negative numbers, and it goes almost without saying that these computers had no idea what these were or how to handle them. Gertrude Blanch, the mathematician who oversaw their work, had devised a scheme whereby positive numbers would be written in black, negative numbers in red. On the wall in front of her human computers hung a poster that encapsulates much of the era of human computing. It read:

Black plus black is black
Red plus red is red
Black plus red or red plus black, hand the sheets to team 2

Grier has written a history of human computing. It begins in the 1760s and continues through the two hundred years until digital computers ended the industry.

From the start, computers were dedicated to projects in astronomy, cartography, and navigation. Grier describes the nature of these problems and why they required numerical solutions. He touches on the alternating competition and cooperation between teams of computers in different countries, and the different organizational models they employed. Perhaps the most memorable fact from the early years of human computing is that the very first team of French computers, assembled by Gaspard Clair Francois Marie Riche de Prony in the early 1790s, was composed entirely of wig-makers left unemployed by the French Revolution. They created trigonometric tables required by France's experiments with the decimalization of trigonometry (an abandoned effort to do for angle measure what the metric system was doing for the measurement of mass, length, and so forth).

Their work, though of little ultimate relevance to the modern world, illustrates aspects of human computing that would not change. Major computing efforts were always sponsored by governments. A small number of planners oversaw work by people who themselves knew little math. And the bulk of the work was done by people who were marginalized, perhaps otherwise unemployable, and who would do the repetitive calculations. This work conferred no prestige, and many were skeptical even of the conclusions drawn from it. If an equation could not be properly solved, how could one take confidence from any numerical approximation? Even Henry David Thoreau worked a dig at human computers into the manuscript for Walden, dismissing the mathematics that might allow an astronomer "to discover new satellites of Neptune but not detect the motes in his eyes, or to what vagabond he is a satellite himself."

Women emerged as the most important computers. Demand for computing spiked in wartime, when young men were off fighting and therefore unavailable, and the economics of hiring women was compelling even in peacetime. They would work for half of what similarly skilled men would. By World War II, in the United States, computing power was measured not in megahertz or teraflops, but in kilogirls.

By the 20th century, the work of human computers was augmented by mechanical or even electrical calculators that automated certain steps of their work, but these were expensive and prone to breakdown, and did not significantly change the nature of the work.

Grier devotes special attention to the Mathematical Tables Project run by the WPA, later taken over by the National Bureau of Standards, and to the mathematician Gertrude Blanch who ran that team. She is fascinating, a woman who arrived in the United States at the age of 11, who had worked to support her family and not been able to get her Ph.D until she was 39 years old. It was then 1936, the middle of the Great Depression, and the job prospects for female, Jewish mathematicians were bleak. Through luck and hard work she found her way to the Mathematical Tables Project, where she assumed a role that combined mathematician, schoolteacher, and coach. Her fanatical attention to error-checking resulted in tables good enough to win the support of those who were skeptical of work by a government relief organization. She also led by example, and solved certain problems personally when she thought that would be easier than breaking down the algorithms for her computers. Grier says that Blanch in this way personally did work that backed Hans Bethe's Nobel prize-winning model of solar evolution, though it is unclear if Bethe ever knew that the math had been done by one mathematician, rather than her computers. After the war, Blanch was hampered by FBI suspicions that she was secretly a communist. Their evidence for this was nearly nonexistent, and in what must have been a remarkable showdown, this diminutive fifty-year-old mathematician demanded, and won, a hearing to clear her name. She worked productively in numerical mathematics and algorithms for the rest of her life, but remained forever suspicious of digital computers and never adopted them herself.

Grier does excellent research, tracking down surviving computers and sorting through family letters to tell the stories of an entire industry that is being forgotten. He even finds evidence for the working environment for the women computers at Harvard Observatory in the late 1870s in the lyrics to a satire of Gilbert & Sullivan's HMS Pinafore, written by a junior astronomer there at the time.

The book is beautifully printed and has a comprehensive index. Kudos to the Princeton University Press for taking such pride in their work.

When Computers Were Human is weak in several areas. First, Grier glosses over technical aspects of human computing. What were the algorithms that these people used? How was error-checking implemented? He never tells us. Clearly, Grier's goal was to write a work of history, not math, but the people likely to read it are people who care about the math, or about computers, and he omits material that such readers would expect. Second, this is a bureaucratic story. The best human computing was done by large teams sponsored by government in wartime, and the story of these teams revolves around the politicians or bureaucrats who arranged for their funding, and the various acronym-labeled groups that gave them work or provided their employees. At times, it reads as much like a history of agricultural policies as a text about the prehistory of computers.

Grier's story follows his sources: he devotes space to the groups where he has the most material, even if others may have been larger or done more important work. Finally, his discussion of digital computers, where they play a role in the story, is cursory, and may not give credit to those who deserve it.

Is it worth reading? Yes. Consider the reviews of the final tables published by the Bureau of Standards at Amazon.com: In comments as recent as 2004, people who are still using these 50-year-old volumes comment in several languages on which chapters of the books are most useful, where to beware of errors or outdated methods, and on the special emotional role that these volumes play for those who use them, or who needed them in the past. "I probably would never have gotten my Ph.D without this book, and it is a stupendous classic." "Nearly every time you need a mathematical relation or information you will find it on this book." "If you work with mathematical research or numerical computing, you must have this book," and so forth. This praise, and Grier's book, are fine testaments to the world's first computers.

You can purchase When Computers Were Human from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Michael J. Ross writes "When it comes to creating a dynamic Web site with data store capabilities, the site developer can choose from many technologies, including PHP and MySQL. The combination of the two is rapidly emerging as a favorite, partly because they work well together, and partly because they are both available under open-source licenses. As a result, technical book publishers are cranking out a growing number of high-priced tomes that try to cover all of the details of either technology, or both. But for the developer just getting started in either one, there is a new title that could prove more accessible: Vikram Vaswani's How to Do Everything with PHP and MySQL, published by McGraw-Hill/Osborne." Read on for the rest of Ross's review. How to Do Everything with PHP and MySQL author Vikram Vaswani pages 381 publisher McGraw-Hill/Osborne rating 7 reviewer Michael J. Ross ISBN 0072257954 summary A tutorial on PHP and MySQL, geared to the new developer.

The publisher has a page on their Web site devoted to the book; for some reason, it lists the book as containing 400 pages, but my copy has 381. The page also has links to a table of contents and a sample chapter, namely the first one. For those readers with very slow Internet access or unstable Adobe Acrobat plug-ins installed, be aware that the sample chapter -- and even the table of contents -- are offered only as PDFs, but the two links give no warning.

Most technical publishers, for every one of their books, wisely have links to the errata and sample code, right there on each book's Web page. This is the best approach, because when readers are having difficulty getting a book's examples to work correctly, they want to be able to quickly find and download the most up-to-date sample code, as well as check the errata page for any bugs in the printed code. Unfortunately, McGraw-Hill/Osborne has their links to those two types of information in an easily-overlooked part of a menubar, using small black text on a blue background. The links are near the upper left-hand corner, and outside the content section of the Web page, where the typical reader would be seeking fruitlessly for them.

The companion Web site for the book is hosted by Vaswani's software consulting firm, Melonfire. The site has the book's table of contents (in HTML), a link to chapter 1 in PDF, a profile of the author, three full-length case studies, a feedback form, and an extensive collection of links to PHP and MySQL reference material, discussion lists, articles, and tutorials. At the end of the Introduction in the book, the author invites the reader to use that companion site for connecting with other PHP users, and sharing their thoughts on PHP and MySQL development. The site itself has no such forum, so the author probably meant the discussion lists.

The companion site also has a link to download a Zip file containing all of the sample applications from the book -- from chapters 7, 12, and 16 -- comprising nine PHP scripts, an SQL file, and a data file. The code snippets themselves do not appear to be included in the download. This shouldn't pose a difficulty for the typical reader, since few of the code snippets are long. Besides, typing them in on one's computer can help to reinforce the language syntax that one is learning, as well as decent code formatting (valuable for newbies).

The book is organized into four parts.The first of these presents the basics of PHP and MySQL, including the history and features of both technologies, as well as how to install them on Unix and Windows systems, verify the integrity of the installations, and make some critical security and configuration changes, such as changing passwords. Parts II and III cover the basics of PHP and MySQL, respectively. The fourth and final part describes how to use the two together. To that end, every chapter contains snippets of code to illustrate the ideas being described. In addition, each section is wrapped up and illustrated with a sample application. For PHP, the author shows how to build a session-based shopping cart. For MySQL, he presents a simple order-tracking system. For using PHP and MySQL together, he shows a news-publishing system.

Despite its title, the book clearly does not tell the reader how to do everything with PHP and MySQL. As the author notes in the Introduction, the book is not designed to be a complete reference for either technology, but instead intended as a tutorial for Web developers who are interested in learning how to do server-side scripting in combination with a database management system. Vaswani states that he does not assume prior knowledge of programming or database fundamentals, and that these basic concepts will be taught by example, using tutorials and realistic examples. I suspect a reader not familiar with HTML, however, could be easily baffled by the book. On the other hand, most if not all developers reading a book on PHP or MySQL are likely to already know HTML well enough to understand the output of PHP-enhanced Web pages.

One strength that this book has over many similar ones is that the author explains up front how to install PHP and MySQL, rather than relegating these topics to an appendix, or skipping them entirely. This is critical, because many programmers will find that the most challenging aspects of getting started with PHP and MySQL, are simply getting them installed and working, along with a Web server, such as Apache -- and not coding the applications themselves.

Another welcome aspect of the book is the author's enthusiasm for the technologies -- although characterizing MySQL as "quite friendly" (page 150) is a stretch. Furthermore, his explanations are clear and concise. In addition, Vaswani makes no pretense that his book has all the answers; he frequently refers the reader to URLs in the online manuals of the products, for more details. In addition, he does a nice job of illustrating the advantages of normalized database tables, and later explaining how to format query output -- an important topic omitted in many similar books.

Yet, like all books, this one is not perfect. There are a number of errors or pitfalls in the book that could confuse the reader. They range from incomplete explanations of what a user will see when running particular commands, to the sort of errata one finds in all technical books. I found over two dozen in total (there may be more). In the interests of keeping this Slashdot version of the book review close to the recommended length, I won't list all of the problems here, but will instead refer the reader to a longer version of this book review, if they are interested in those details.

Aside from its many minor flaws, I recommend this title to any programmer who wants to learn the basics of PHP and MySQL. Even though the publisher could improve their production quality, choice of binding, and Web page, the author has done a good job of clearly presenting the major points. Future editions could incorporate fixes to the errors noted in the longer version of this review, as well as better explain to the neophyte how to test/debug the code snippets. Nonetheless, the intended reader would be well served by this particular book.

Michael J. Ross is a freelance writer, computer consultant, and the editor of PristinePlanet.com's free newsletter. You can purchase How to Do Everything with PHP and MySQL from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

danny writes "Do you run a mail server using Postfix? If so, then you should check out the latest addition to my book reviews, a look at Hildebrandt and Koetter's Book of Postfix." Read on for the review. The Book of Postfix author Ralf Hildebrandt + Patrick Koetter pages 464 publisher No Starch Press rating 9 reviewer Danny Yee ISBN 1593270011 summary understanding and implementing Postfix mail systems

When The Book of Postfix arrived, I jumped straight to the chapter "Understanding SMTP Authentication", since that was something I wanted to get working. This explains the problem -- how to allow travelling users with unknown IP addresses to send mail through a mail server without opening it up to spammers -- and clearly lays out the options: SMTP-after-POP or -IMAP, SMTP authentication, certificate-based relaying using TLS, or some kind of VPN. "If you want something simple, independent, and secure, SMTP AUTH is probably for you."

The remainder of the chapter explains how to set up a backend for SMTP authentication -- a choice between saslauthd and other options -- and the following chapter then explains how to configure Postfix to use it. This approach is typical of The Book of Postfix, which tackles many topics with paired chapters, the first covering background, theory and any ancillary systems and the second covering the actual Postifx configuration. It also emphasises progressive implementation accompanied by testing, which is most reassuring when modifying production servers.

Other chapters in Part III, "Advanced Configurations", cover running Postfix chrooted, using TLS (two chapters), mail gateways and multiple domains. There's also a chapter that works through building a complete mail system for an organisation. Part IV covers tuning and the appendices cover installing Postfix (for Debian or Redhat Linux, or from source) and troubleshooting.

Moving backwards, the hundred and twenty pages in part II cover content controls. Some basic postmaster background is followed by pairs of chapters on each of message transfer restrictions, built-in content filters, and external content filters. I've been working through these, improving my anti-spam controls, and they're proving really helpful; my next step will be implementing amavisd-new.

Part I explains how to set up a host to run Postfix, with ancillary services such as DNS, NTP and syslog, then how to set up a simple single domain configuration, either on a permanently connected machine or on a dialup machine. It then gives a brief description of Postfix's basic anatomy. Part I is concise -- just fifty pages -- but it offers everything most people will need for a basic setup.

There's no cruft in The Book of Postfix: it's a fairly chunky book, but none of it is padding. Excerpts from configuration files include just the right amount of context and the diagrams (and a very few screenshots) are integrated with the text and tightly focused. Given the scope, it's probably overkill for basic Postfix users, though the first fifty pages would make an excellent "getting started" guide for them.

There are some omissions. There's no general explanation of how the master.cf file works, for example, or of rewriting -- neither "masquerading" nor "canonical" appear in the index or glossary. The "Anatomy of Postfix" chapter could definitely have been more comprehensive.

How does The Book of Postfix compare with the O'Reilly book Postfix: the Definitive Guide ? The Book of Postfix is nearly twice the length and provides much more detailed step-by-step explanations and more on ancillary systems -- it explains how to set up backends for SMTP authentication, for example, rather than just telling you that you need one.

I highly recommend The Book of Postfix to anyone using Postfix and wanting to do more than the basics with it.

Danny Yee has written over 800 other book reviews. You can purchase The Book of Postfix from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Jim Holmes writes "I'm new to the .NET environment and have been looking for solid books in the same class as McConnell's Code Complete, 2nd ed., or Kernhigan and Pike's The Practice of Programming. Those books, to me, are must-haves on any serious developer's bookshelf, but while they're terrific books, they're general in nature. Bill Wagner's book Effective C# is a great companion to those books because it's specific to C# and hits hard the implementation details of working in that language. (Disclaimers: 1) I got this book for free from Addison-Wesley as a regular giveaway for our .NET Developers Group. 2) I attempted to get SRT Solutions, the author's consulting company, involved in a software development project several years ago. The project tanked due to customer constraints and other business issues not related in any way to Wagner or his company. End Disclaimers.)" Read on for the rest of Holmes's review. Effective C#: 50 Specific Ways to Improve Your C# author Bill Wagner pages 336 publisher Addison Wesley rating 9 reviewer Jim Holmes ISBN 0321245660 summary Must-have addition to any serious C# developer's bookshelf

If you're interested in, or currently working with, .NET and are tempted to skip past this book as Just Another C# Reference Book, think again. Wagner's book is a great resource because it covers concepts which run across the entire .NET Framework regardless of which language you're working with. While this book focuses on C#, VB.NET developers can benefit from some of the text within as well.

I also think this book speaks to a wide range of readers. Seasoned developers will blow through this content, fine-tuning their coding methods or starting new ones. Wagner specifically points out how practices experienced C++ developers may use aren't good practices in C#, such as avoiding function call overhead by writing longer C# methods with more convoluted loops. More on that later.

New developers also can greatly benefit from this book by using it to properly form development habits early in their careers. Examples of this might include following Wagner's recommendations for safe casting, strong use of interfaces, and knowledgeable resource management.

Wagner's writing style is clear and concise. He occasionally comes across as brusque, or as writing only to experienced developers ("I wouldn't write code like this and neither would you."), but those instances are few and far between. The rest of the book's voice is terrific. More important is the weight of Wagner's knowledge and experience.

One real drawback is a large number of typographical errors, sometimes several per chapter. Some sentences are missing content, and there are a large number of run-together words. These errors don't take away from the material, but it's an annoyance all the same. I would have expected better proofreaders at AW.

The book is well organized into six chapters, each hitting a specific area in C#. Within each chapter, Wagner covers six to ten items, each item focusing on one specific "minitopic," as Wagner calls them. Each item includes code snippets to demonstrate recommended approaches. Few of Wagner's snippets will function as standalone programs, but this is an advantage, as I see it. The book focuses on tight, specific examples, rather than weighing itself down with pages of extraneous fluff.

Often Wagner's recommended approach is contrasted against bad practices, or practices which might be optimal in other languages but work poorly in C#. An example of this would be Chapter 4's Item 31: "Prefer Small, Simple Functions," where Wagner shows how smaller functions are generally more efficient than larger functions with complex loops. This probably confounds experienced C++ developers, but it's a prime example of how valuable this book is. Wagner shows that .NET's Just-In-Time compiler pays less cost when calling functions than it does trying to wade through convoluted loop logic. His recommendation? Write "the clearest code you can create. Let the JIT compiler do the rest."

Chapter 1, "C# Language Elements", hits hard the topics "you must remember every day when you write C# code." This chapter discusses issues central to C#'s syntax, implementation and optimization. Wagner talks about basic Object Oriented concepts such as hiding class data members behind Properties (.NET's common access methods/fields via gets and sets), and why it's important to implement a ToString() method. Basic software engineering topics are also covered, like why it's important to differentiate between value and reference data types -- and the pitfalls of failing to do so. This chapter also thrashes out coverage on deep C# concepts like why developers should use foreach loops and why the GetHashCode() method will "practically always get you in trouble."

Chapter 2, ".NET Resource Management", has a lot of text on general patterns for constructing optimal code. Wagner's in-depth knowledge of the .NET Framework's underpinnings really shows through here. There's a very clear discussion of the performance ramifications of boxing (wrapping value type data into an object for method parameters) and unboxing. Minimizing extra garbage (unnecessary objects) and easing resource clean up via standard dispose patterns are also covered. This chapter's critical to ensuring you understand what's going on with resources in your .NET application.

Chapter 3, "Expressing Designs with C#", looks at object-oriented design in C#. While the discussion's specific to C#, there's a lot of great, practical information which applies to any object oriented development. Wagner gives some great examples with backup discussion regarding preferring the use of interfaces over inheritance and why it's a cleaner solution. (Java programmers who've read Alan Holub's "Why extends is Evil" in JavaWorld would enjoy this section.) There's also great treatment of using delegates for callbacks, and events for outgoing interfaces. Wagner also points out more pitfalls in a reference data type language: returning references to internal class objects via a read-only property (getter for Java folks).

Chapter 4, "Creating Binary Components", shows what critical topics you have to consider when creating even a moderately complex system for deployment. Wagner exposes some terrific details on how smaller is better when developing .NET assemblies for deployment. He also discusses why it's best to limit a class's exposure through public scope since this ends up advertising too much of your class's internals to potential users of that class. Wagner ties this back to interface discussions in earlier portions of the book, and makes a good case in this section for bad scope's impact on deployment.

Chapter 5, "Working with the Framework", delves into the .NET Framework Class Library. The FCL is a huge library and Wagner's insistent that too many developers are writing custom code for functionality which already exists in the FCL. This section helps to avoid having "developers reinvent the wheel." There are very useful discussions on using .NET runtime diagnostics, .NET's validation capabilities, and standard configuration mechanisms. Wagner also shows why .NET's reflection capability (one component dynamically discovering another component's capabilities at runtime) can be overused - but he also shows how to best use it in the appropriate cases.

Chapter 6, "Miscellaneous", is the catch-all section. Security and exceptions are covered here, as is the pain of working with COM interoperability - and why you should avoid it if at all possible. Just as importantly, Wagner points to several tools which should be in any C# developer's belt. He also identifies terrific resources available online.

What makes this book so useful is that Wagner constantly talks about the reasons behind why specific choices in C# should be made. For example, in Item 3, "Prefer the as and is Operator to Casts" Wagner moves through the rationale of why a developer should (when possible) avoid casting in C# and use the as and is operators instead. Casting can lead to headaches with data loss when casting a long data type to an integer one, or more headaches with the extra lines of code to ensure the cast was to a proper type. Sure, casts are sometimes necessary, and it's another value point for this book that Wagner gives clear examples of when his techniques don't apply -- and he also shows recommended alternatives for those cases.

It's just this kind of discussion from an experienced developer that makes this book so valuable. Good developers need to understand the ramifications of choices they make designing and implementing a system. Wagner's book is outstanding for exactly this kind of detailed, clear exposition.

An additional bonus: Wagner has a blog dedicated to discussion of items from his book. Erata are also listed there. See Bill Wagner's Effective C# blog.

The bottom line: this book really is a critical addition to a serious C# or .NET developer's bookshelf. It deserves a place right alongside books from McConnell, Macguire, Kernighan and Pike.

You can purchase Effective C#: 50 Specific Ways to Improve Your C# from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Spencerian writes "Roz Kaveney's From Alien to the Matrix is definitely a love-to-hate book for me, and probably for most fanboys who've forgotten more than the author knows about the meanings, philosophy, and humor found in many popular SF films of the last 35 years. If you love to argue and curse when you read something that's so way off base in interpretation or appears to lack any research in even the basic meanings that most Americans found in a SF film, then this is your book. But if you hate arguing with your non-fannish significant other on why you really liked a particular movie, save your money by not buying this book. Oh, and dump your boy/girlfriend, too." Read on for the rest of Spencerian's review. From Alien to The Matrix: Reading Science Fiction Film author Roz Kaveney pages 208 publisher I.B.Tauris rating 4 reviewer Kevin H. Spencer ISBN 1850438056 summary For kooky, way-off-base interpretations of several Sci-Fi films, this is your book.

The book seemed interesting enough from the cover, given a pleasant upsurge in the number of meaning and philosophy books on many SF films. I was expecting another take on my current joy, The Matrix universe, as well as some tidbits from other movies to get me delving for the hidden jokes and thoughts of a classic or two, like the Alien movies. Despite the title, the book is not all inclusive on film SF and does not discuss with any significance any of the latest Marvel superhero movies, and definitely skips discussion on the the Lord of the Rings trilogy--a tragic omission in light of its popular and Oscar-winning performance that brought SF/Fantasy to Hollywood legitimacy. Specifically, the writer discusses and contrasts elements from a handful of interesting SF movies of the last quarter-century, including

* The Matrix trilogy, including elements from "The Animatrix" and the "Enter the Matrix" game
* The Alien movie saga
* Galaxy Quest
* Dark City
* The Star Wars saga
* The Terminator saga
* Strange Days
* Small Soldiers

Small Soldiers? That was science-fiction? That was worthy of discussion in a book on SF film meanings? Surely there were other films of the last 25 years related to the chapter's subject on robots and AI that were more germane, such as "Bicentennial Man," "I, Robot," "Star Trek: Nemesis," and even the writer's home favorite of Marvin from "The Hitchhiker's Guide to the Galaxy" (not the 2005 release, but the 1980's TV depiction from the BBC, since this book was apparently printed in the early months of this year).

This book was written by someone that doesn't appear to read or watch much in the way of SF beyond what they see at the movies. Realizing that the writer was British, I tried (and failed) to give her allowance for her non-American point-of-view on the topic, hoping for some enlightenment over my decadent Cowboy Way of watching SF here in America. There are many areas in the book where her interpretation simply is misinformed. The writer apparently had chosen to write her book as a self-interpretation of the movies in question, failing almost completely to read other interpretations or discussions from the movie's directors or screenwriters.

The book as a whole, particularly with its monotonous small text and a complete lack of the simplest illustrations or even eye-catching chapter header graphics, feels like a dry collegiate dissertation written by someone who could give a damn about the subject matter and just needs a passing grade.

One example of the author's lack of research or understanding was confirmed by my own mother, a woman of 64 years that enjoys the Matrix movies as much as her son but has developed her understanding of the movies on her own, without my coaching. In one example in the book, the writer says that Neo, in "The Matrix," was told by the Oracle that he was not the One. In fact, the Oracle said no such thing--it was Neo who told himself that he was not the One. The Oracle, after toying with Neo to a degree by examining his hands and face, said, "...but you already know what I am going to say, don't you?" with Neo completing his own assumption, "I'm not the One." The Oracle implied that Neo was indeed in possession of the ability, but that his mind was not ready--a point confirmed by Neo's self-doubt (Neo's pod-name, "Thomas" is a Gnostic Christianity reference to that apostle's doubt of the resurrection of Christ). My mom, of all people, got this, but it was lost completely by the writer.

Other points in the book are just outright wrong and filled with error. Quoting a description about the climatic moments near the end of "The Matrix Revolutions": "Neo sets off to interview the Machines--along the way he is blinded and Trinity killed by a human who has been absorbed by Smith." In fact, Trinity was attacked, but not killed by Bane/Smith -- she would die moments after their hovercraft crash lands near the center of the Machine City.

Bad fact checking is a hallmark of this book. One glaring example was in finding the name of actress Nichelle Nichols of "Star Trek" badly warped to 'Michelle Nichols' in a discussion of the movie "Galaxy Quest." A sentence discussing the kiss between Persephone and Niobe in the cut-scenes of the game "Enter the Matrix" wrongly named Jada Pinkett-Smith's character as "Phoebe." Oh, no. What would Ross and Chandler say?

That's not to say the the whole book is totally tainted. At worse, this book is no less informed than your non-fannish significant other, a person that most of us will still take some time to listen to for wisdom or enjoyment, even if their views seem stupid initially. One quote I will leave to your enjoyment or disdain regarding a take on Darth Sidious from the Star Wars trilogy: "Palpatine is not just a machine politician, but a Dark Lord in the manner of Tolkien, and his corruption of Anakin Skywalker to the point where he becomes Darth Vader parallels the seduction of the human kings who became the Nazgul."

Her discussion on the Alien movies, particularly "Aliens," showed some insight, indicating the writer was more familiar with this material, or just more attentive. I'd guess she was most comfortable with the Alien saga--more than one-third of the book was devoted completely to the Alien movies. The book's title would be more appropriate as From Alien to Alien and More about Alien: And Some Meaningless Discussion About Some Lesser Science Fiction.

The writer name-drops Philip C. Dick, William Gibson, and Heinlein in an attempt to sound knowledgeable. "Big whoop," you might say,"as fanboys to various interests, we ALL do that kind of thing." But like the most decrepit and ill-informed of us non-mundanes, the writer seems to do this more to impress and less to inform, compare or contrast. The names just stick out like they're supposed to have meaning just because they are in the book.

Maybe this is a British thing. Maybe I'm wrong or not as enlightened while scanning this book (which is, unfortunately, the best I could do while trying to read it before I began stammering uncontrollably to myself moments later about some bad interpretation). Maybe I need a book on interpreting this book. I'd like to keep my mind open to the possibility (however unlikely) that this was really not such a bad book for most of us. Buy the book if you like Alien saga interpretations or if you like to invoke apoplexy in yourself or others. Otherwise, look for my copy of this book at your local discount used book store--and don't mind the drink stains and coffee cup rings. The book also doubles as an excellent coaster.

You can purchase From Alien to The Matrix: Reading Science Fiction Film from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "It might seem a little strange to associate Cisco Press with a book for newcomers to home networking but Cisco are now the proud owners of Linksys and have a large place in this market. Therefore a book like this may not seem so out of place." Read on for the rest of honestpuck's review. Home Networking Simplified author Jim Doherty, Neil Anderson pages 416 publisher Cisco Press rating 7 reviewer Tony Williams ISBN 1587201364 summary Good book for an absolute beginner

When reviewing this book, the first argument you might have with the authors is exactly where to start. The authors have decided to start earlier than I feel necessary, with hooking your computer up with a dial-up ISP, something most ISPs already provide with more specific detail than can be given in this volume. There are strong arguments for having it all in one place, though, and I have to allow for that in this review.

That said, there are some simplifications and throwaway lines toward the book's beginning that I did feel were unnecessary. A good example is the discussion of bits, bytes, megabytes and gigabytes. Having defined a kilobyte as 1024 bytes, the authors then define a megabyte as 1000 kilobytes. They also claim not to understand why it is 1024 rather than 1000. Either our authors are lying, attempting a poor joke, or they are betraying an unforgivable ignorance of the binary number system. In any case it is a poor choice of throwaway line.

Once over that, there is a lot to like about this book. While it is entirely Windows-centered, so middle of the road it might well be the white line, and reliant on such routine applications as Outlook Express for its examples, it is incredibly detailed on not just what to do but why you do it.

It also has a huge number of screenshots, mainly showing the various dialog boxes and the options you need to set. Given the overabundance of dialogs in most Windows wizards, the screenshot barrage is probably overkill for many readers. Taken together with the highly approachable language and writing style, though, this makes for a book that is perfect for the absolute beginner to networking.

The drawback of the routine, middle-of-the-road approach is that the average person will quickly outgrow this book. Once you decide to use Firefox instead of Explorer and Eudora instead of Outlook, or perhaps integrate a Linux box or Mac into your home network, then this book is much less helpful.

Within its own limits though, it does cover all the bases in home networking, from connecting via dial-up or through broadband connections to building a wireless home network with shared files and printers. The authors do it in a slow, methodical manner with lots of screen shots and a great deal of explanation.

Part I covers the basics; terminology and connecting to the net. Part II covers a simple home network and file and printer sharing before finishing with broadband connections. Part III takes the network wireless. Part IV covers network security, before the final part covers more esoteric network issues such as IP telephony, media nets and gaming.

The book features frequent interjections from the computer help guys at Geek Squad. While most of these are simplistic, they often contain good advice for the uninitiated. This is a pretty good idea; it allows for some external expertise and works well quite a lot of the time, though some of the interjections came across as a little trite.

If you go to the book page at Cisco Press (which isn't, by the way, at the URL the authors give in the Introduction of the book) you can see a table of contents and an example chapter. The authors have also provided four appendices online; one devoted to binary and hexadecimal numbers, one on MAC address locking for wireless, a shameless plug for the Linksys product line, and a final one devoted to some fairly useless prognostication called "Future Stuff." All in all, I'm not sure they are a totally worthwhile addition to the book; the second on MAC address locking could have been easily added to the book if the editing had been a little tighter.

This is an almost perfect book on home networking for the person who has a Windows computer or two (and nothing else) and knows nothing. It pains me to admit that I have a number of friends who fall into this category and I would have no hesitation in lending them a copy of this book. Given the cost, I'm not sure I'd recommend this book to everyone, but I do feel that it is the perfect volume for the local library; borrowing it for two weeks while setting up the home net would be the ideal solution for people like my mate Tim, who (while a pediatric specialist) has trouble hooking up a router, or the neighbours downstairs who can't properly secure a wireless network.

I give this book a nine out of ten for its target audience, the absolute newcomer, but take off two points for the error in the URL given in the introduction and the middle-of-the-road outlook.

You can purchase Home Networking Simplified from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.