Slashdot Mirror

prostoalex writes "No one quite knows the exact point when high-tech marketing went wrong. When instead of selling distinct products and services, the company Web sites and brochures started pitching 'the next big thing.' When even software developers don't have a slightest idea about what's being sold to them. Raj Karamchedu from Silicon Image, however, feels that certain things in high-tech marketing should be straightened out, hence this book." Read on for Moskalyuk's review of Karamchedu's It's Not About the Technology . It's not about the technology author Raj Karamchedu pages 230 publisher Springer rating 4 reviewer Alex Moskalyuk ISBN 0387233504 summary Developing the craft of thinking for a high-tech corporation

20 chapters are written from the point of view of tech marketing executive, as Karamchedu tries to answer the question of why some products gain a loyal audience and enjoy commercial success, while the others are simply additions to the dusty shelves of history. Everyone has their favorite comparison, where a technically advanced product does not gain acceptance on the market while a supposedly inferior competitor is rolling in cash. Hey, IBM built an entire theory on how it was safe to let Microsoft sell its not-so-great DOS with IBM PCs in order to push the hardware from the warehouse while the company was preparing the next revision of state-of-the-art OS/2 -- which, of course, everyone will buy on the day of release in order to replace Microsoft's software.

History occasionally teaches tech marketers some curious lessons, and the conclusion that the author comes up is summarized in the book title. The title might sound like an insult to a design engineer, but in most of the cases the success in the market is not guaranteed by superiority of technology. Karamchedu is on the mission to find out why.

The first chapters take us through a conflict inside a company. Seldom will you find a high-tech startup where marketing people do not clash with engineers. Marketers promise the features to the customers in order to adhere to the mantra of "we listen to our customers," only to see feature requests denied by the engineers, since the budgets and deadlines are fixed. Marketers then complain to the executives about lack of response from the engineering staff and their inability to deal with the new features, while engineers fight back, claiming that the product is about to miss the deadline even with existing feature set and overworked staff.

Later, Karamchedu focuses on a second problem, peculiar to high-tech marketers: after being immersed in the technology world for too long, they cannot relate to the customers. Hence grandmas in Best Buy staring at the computer described as "P4 3.0 GHz 256 DDR 40.0 GB DVD/CD-RW" when all she wants to know is whether she can check email and view photos of the grandkids. Marketers forget to empathize with the customers. They spend too much time with engineering, and like to tell customers how the new microprocessor has a much wider front-side bus, or how their new piece of software supports dual-core systems, without really telling the customer how that will improve business processes or increase efficiency.

The third part of the book takes a look at a typical semiconductor company and tries to draw the plan of attack for a starting marketing executive. At this point the book turns into a manual on high-tech marketing, which the author hopes the readers will find useful, as there are no set rules and algorithms for launching successful marketing campaigns in high-tech world.

The book is quite insightful, but one can't help but feel that it is missing something. It will probably prove to be a valuable read to anyone facing the daunting task of marketing a high-tech product, but even though I got to the last page of the book, I found the title to be too terse and dry, lacking concrete examples and not quite coherent as far as the chapter-by-chapter arrangement. The preface and the author's description of the book are available online. It's also strange that in an attempt to write a textbook on high-tech marketing, the author decided to provide no case studies whatsoever. In Search of Stupidity from Apress is a great book about high-tech marketing, since it tells the story of a failed marketing attempt and also tries to figure out the reasons, but in It's Not About the Technology, Karamchedu just tells years of his personal experience, without references to specific companies or projects, which makes the book a compilation of abstractions on high-tech marketing.

In his spare time Alex enjoys reading technology and business titles. He also keeps a collection of free books for readers on a budget." Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "The next effort to improve wireless security might involve a trip to Home Depot. Force Field Wireless sells buckets of aluminum and copped-laced paint designed to prevent the 802.11 packets from escaping the building, Information Week reports. The article also talks about the Firce Field's pitch to the government in order to improve the homeland security, but the only governments that got interested in anti-Wi-Fi paint were from the Middle East. According to the products page, they also sell the brush sets." Easier than wallpaper, or moving into an old house.

prostoalex writes "Folks at Silicon.com posted a list of tech headlines that you won't see in 2005. Read about spam volume decreasing, Sun revenues soaring, Longhorn operating system delivered on time and bug-free and other news you're unlikely to see in the papers."

prostoalex (Alex Moskalyuk) writes "After the Presidential election process and U.S. foreign policy directions, outsourcing is a topic guaranteed to stir up heated debate. Bill Blunden's Offshoring IT is not a 'how-to' guide, as one might expect from the title. It's a collection of stats, figures and opinions on outsourcing information technology to foreign providers." Read on for the rest of Moskalyuk's review; watch out too for my upcoming review of N. Sivakumar's Debugging Indian Computer Programmers: Dude, did I steal your job?. Offshoring IT author Bill Blunden pages 138 publisher Apress rating 5/10 reviewer Alex Moskalyuk ISBN 1590593960 summary The good, the bad and the ugly (but mostly the bad) on IT offshoring

Bill Blunden is the author of Cube Farm - a humorous autobiography and story of author's fruitless employment at Lawson Software. A physics major faced with the grand prospects of waiting tables after college graduation, Blunden is not a newbie in the unemployment world. Offshoring IT promises to give the reader "the good, the bad and the ugly" of IT outsourcing practices.

The book is not very long -- just five chapters -- but it's thorough, as each chapter packs data and statistics from various government and commercial reports. "Setting the stage" talks about general trends in the software industry and cost of education. "Measuring the trend" tells the reader which companies outsource, why they outsource and who's helping them with outsourcing. "The Offshoring Obstacle Course" describes existing outsourcing processes - when exactly should company start thinking about outsourcing, what type of jobs is most likely to go offshore, what's the difference between India, Ireland, Israel, Russia and Mexico. Finally, "Arguments in Favor of Offshoring" made it into the book just because the publisher requested a fair look at the other side's arguments (which shows which "side" Mr. Blunden is biased towards). "Arguments Against Offshoring" is truly the author's work with major myths and excuses about offshoring debunked.

Blunden points out that in order to compete in the global marketplace, countries like India invested in their educational system and constructed high-speed data networks, which provided the foundation for companies popping up with the capability to take over remotely as call centers, software development houses, and R&D departments. Meanwhile, the cost of going to Ivy League schools keeps going up, leaving the fresh graduates with six-digit debt -- debt which the Student Loan Corporation (division of CitiCorp) expects to be promptly paid. The cost of college education for those who choose to go this route stipulates adequate pay requirements after graduation, and in the world where IT is going offshore, the paycheck is often just not there anymore, which leaves the fresh grad owing money and needing immediate retraining or a career switch.

The book delves into specific industries and companies, looking at the outsourcing numbers and potential for jobs to be offshored. Blunden notes that while corporations made their offshoring figures public before, lately the backlash against going offshore has made PR departments suddenly avoid the topic. Blunden refutes the argument that only low-level jobs are being outsourced and points to Intel designing CPUs for wireless devices on campuses in India.

Chapter 3 focuses on reasons for outsourcing. According to Blunden, the more face-to-face interaction and management effort a job requires, the less likely it is to be outsourced. At the same time, many companies are currently exploring offshoring some of their projects, claiming that only non-essentials are going abroad. Outsourcing of small projects allows them to establish the necessary processes and test their service provider, so that when a bigger project comes along, the management can feel safer working with the same offshore provider.

Chapter 4 deals with pro-offshoring arguments. Even though the author states he only had to write this chapter to satisfy the publishers, the arguments he picks are ones that appear in the press quite often - namely, that offshoring means more efficient allocation of resources, better revenue projections, and increased shareholder value. In Chapter 5 Blunded goes on a crusade to discredit these arguments, though, saying that offshoring does not benefit average Americans, that only the top 5% of income earners benefit from increased shareholder values, and that frequently top management receives additional benefits while laying off the proles.

While the first two chapters of the book are filled with data, numbers and statistics, the last three chapters mostly read like an rant on the current state of affairs, which many of us may have gotten for free from the older members of the family at Thanksgiving. Blunden does have some valid arguments about the increased danger to national security and wealth due to offshoring, but you can't help but notice the feeling that the author feels entitled to a job provided by an American corporation, even though corporate America is bad-mouthed in the next sentence. To give Blunden credit, he mentions that sometimes reasons for offshoring include the low popularity of call-center and data-entry positions in the U.S. Americans view doing support for AOL and data entry for Cingular as grunt jobs, just temporary positions on the way to a better life, while for many Indians it is the ultimate career, and are thankful to the provider for giving them the opportunity.

Blunden also does not distinguish between different types of IT workers. The aforementioned AOL support soldier and top NASA scientist, designing microcontrollers for the next space mission would be aggregated into the same "IT worker" category. There's little detailed statistics on what sectors of IT are prone to outsourcing and which are pretty stable to be in. Sometimes the author plays little tricks with the reader to make his points across. On p. 106 he talks to an invisible IT manager: "Sure, you can hire six Indian engineers for the price of an American engineer. But if an American engineer can do the work of six Indian engineers, what's the difference?" Oops. Notice how by the time we get into the second sentence the equality in price gets substituted by equality in productivity. Just because 6 Indian salaries would equal to one American, the author assumes the productivity level is going to stay the same, making the example nonsensical, since why would you outsource if it's the same money and the same productivity?

Overall, it's an interesting book to read, although somewhat depressing, as it provides little pointers into how do the readers stay competitive in this marketplace or what needs to be done on the personal skills level to make oneself more valuable. You can definitely tell which side the author is leaning, but subjective writing makes the reading more interesting. Nevertheless, the title does leave an impression of being one giant complaint about the current state of affairs, and I don't think I will be re-reading it. Perhaps just loan it to my friends, who are in college pursuing IT-related careers.

In an attempt to stay up-to-date with his skills Alex reads and reviews many programming and technology as well as keeps the list of free ones available on the Web. You can purchase Offshoring IT from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "News.com has a lengthy 3-page article on Shawn Fanning's new venture, Snocap. After years of development the company is coming out of the stealth mode and has apparently already secured a distribution deal with Universal Music, promising to turn file-sharers into loyal paying customers overnight. Both News.com and Associated Press are skimpy on the details, but apparently Snocap will market the technology that will (a) sniff out the files shared illegally and (b) fill the peer-to-peer networks with licensed content and serve as a clearing house for the ventures who want to license digital music, but don't want to deal with gazillion of music labels." (We mentioned Snocap last in January.)

prostoalex writes "ExtremeTech published a review of Akimbo DVR, a $229 box that coupled with $10 monthly subscription fee and a broadband connection would provide access to a variety of Internet-only shows. ExtremeTech review is positive, although it does mention that downloads take long time, the content is not what one would call rich, and quality of the video differs, since the Windows Media files are coming from a variety of providers. Inside Akimbo one can find a 733 MHz Celeron, 64 MB of SDRAM, 80 GB hard drive and Windows CE. Even though the reviewers keep calling the Akimbo product a DVR, it's not perfectly clear whether a basic DVR function (recording TV content on schedule) is supported."

prostoalex writes "MobileBurn published a 'horribly un-scientific' test of three megapixel cameraphones. The contenders are the Sony Ericsson S700i, the Siemens S65, and the Motorola V710." Sadly, none of the phones seem to be able to perfectly capture a mere school bus in image form.

Alex Moskalyuk writes "When reading about the computer crimes, we are usually told the victim's point of view. We learn about the thieves stealing thousands of credit card numbers and identity theft victims, who lost their credit history with the wallet they lost at the mall. But how do criminals ever get caught? Who performs the forensic search and participates in sting operations?" Read on for Alex's review of High-Tech Crimes Revealed, which addresses these questions. High-Tech Crimes Revealed author Steven Branigan pages 448 publisher Addison-Wesley rating 9 reviewer Alex Moskalyuk ISBN 0321218736 summary Cyberwar Stories from the Digital Front Steven Branigan is a cop, a system administrator, an Internet security consultant and network security researcher. Ex-employee of Bell Labs now is a founder of a company that "specializes in solving leading edge computer and network security issues."

The book is a collection of high-tech investigations performed by Branigan in cooperation with the police force and sometimes the Feds. Generally Branigan would be involved in forensic research of the evidence and be on the scene as the "computer expert" that cops would refer to when dealing with cybercrime.

Twelve chapters take us through some of the high-tech crimes that the Western world faces today. An attack on the telephone network (unauthorized access to the switches), backdoors left at the former employer, hacking into university networks and the well-publicized identity theft are all covered in the book. Branigan brings up anecdotal evidence from his own career, describes some of his cases in great detail, and provides advice for practitioners in the forensics field.

The author is a Linux/Unix/BSD guru, and he shares his methods for retrieving telltale data from the equipment that the criminals leave behind. He also talks about the generic problems that law enforcement faces when investigating a high-tech crime - how do you obtain a warrant, what's a proper way to conduct searches, how do you work with the confiscated computer so that all the data is left intact?

However, don't expect some secrets to pop-up in regards to data collection - Branigan uses commonly available Linux tools like grep for searching the suspect's hard drive for needed data. More often that not, the investigator, it turns out, depends on his experience, not the book knowledge - one has to recognize the network sniffer log when they see it, and be capable of recognizing the tools freely downloadable from security sites.

Thus it's not surprising that there are some chapters in the book dedicated purely to the author's experience in the field. He describes working with the hackers who have been arrested, discusses how rootkits are spread around, discusses the motivation behind the network attacks (it's not always money, to say the least), describes the structure of a hacking ring and their potential revenues and also talks about ways to unravel the networks. His motto? No crime is too small, and sometimes things so little as missing the rent can lead to more discoveries and tie-ins into bigger crimes.

If you're thinking about becoming a security consultant, a law enforcement officer or just a sysadmin with better than average knowledge of security, this book is an interesting read. It's not a textbook, nor it is technical by nature. It reads more like a detective story, except the stories are real, the culprits are real and so are the victims. One can read the book on two levels - as a forensics tutorial (however, don't expect extended technical tutorials and tools overview) or as an autobiography of a cop, who had to deal with high-tech crimes all his life. If you liked Art of Deception or Hacking: The Art of Exploitation , this title would be a perfect complement.

Chapter 3, If Only He Had Paid the Rent, is available online from Addison-Wesley.

Alex enjoys reading programming, technology and business tech books in his spare time. He also keeps a list of free books available on the Internet for tech readers on a budget. You can purchase High-Tech Crimes Revealed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes "When reading about the computer crimes, we are usually told the victim's point of view. We learn about the thieves stealing thousands of credit card numbers and identity theft victims, who lost their credit history with the wallet they lost at the mall. But how do criminals ever get caught? Who performs the forensic search and participates in sting operations?" Read on for Alex's review of High-Tech Crimes Revealed, which addresses these questions. High-Tech Crimes Revealed author Steven Branigan pages 448 publisher Addison-Wesley rating 9 reviewer Alex Moskalyuk ISBN 0321218736 summary Cyberwar Stories from the Digital Front Steven Branigan is a cop, a system administrator, an Internet security consultant and network security researcher. Ex-employee of Bell Labs now is a founder of a company that "specializes in solving leading edge computer and network security issues."

The book is a collection of high-tech investigations performed by Branigan in cooperation with the police force and sometimes the Feds. Generally Branigan would be involved in forensic research of the evidence and be on the scene as the "computer expert" that cops would refer to when dealing with cybercrime.

Twelve chapters take us through some of the high-tech crimes that the Western world faces today. An attack on the telephone network (unauthorized access to the switches), backdoors left at the former employer, hacking into university networks and the well-publicized identity theft are all covered in the book. Branigan brings up anecdotal evidence from his own career, describes some of his cases in great detail, and provides advice for practitioners in the forensics field.

The author is a Linux/Unix/BSD guru, and he shares his methods for retrieving telltale data from the equipment that the criminals leave behind. He also talks about the generic problems that law enforcement faces when investigating a high-tech crime - how do you obtain a warrant, what's a proper way to conduct searches, how do you work with the confiscated computer so that all the data is left intact?

However, don't expect some secrets to pop-up in regards to data collection - Branigan uses commonly available Linux tools like grep for searching the suspect's hard drive for needed data. More often that not, the investigator, it turns out, depends on his experience, not the book knowledge - one has to recognize the network sniffer log when they see it, and be capable of recognizing the tools freely downloadable from security sites.

Thus it's not surprising that there are some chapters in the book dedicated purely to the author's experience in the field. He describes working with the hackers who have been arrested, discusses how rootkits are spread around, discusses the motivation behind the network attacks (it's not always money, to say the least), describes the structure of a hacking ring and their potential revenues and also talks about ways to unravel the networks. His motto? No crime is too small, and sometimes things so little as missing the rent can lead to more discoveries and tie-ins into bigger crimes.

If you're thinking about becoming a security consultant, a law enforcement officer or just a sysadmin with better than average knowledge of security, this book is an interesting read. It's not a textbook, nor it is technical by nature. It reads more like a detective story, except the stories are real, the culprits are real and so are the victims. One can read the book on two levels - as a forensics tutorial (however, don't expect extended technical tutorials and tools overview) or as an autobiography of a cop, who had to deal with high-tech crimes all his life. If you liked Art of Deception or Hacking: The Art of Exploitation , this title would be a perfect complement.

Chapter 3, If Only He Had Paid the Rent, is available online from Addison-Wesley.

Alex enjoys reading programming, technology and business tech books in his spare time. He also keeps a list of free books available on the Internet for tech readers on a budget. You can purchase High-Tech Crimes Revealed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

prostoalex writes "Brad Fitzpatrick presented at OSCON with on overview of his little project. Interesting facts about the evolution of the Livejournal back-end architecture."

prostoalex writes "Information Week talks about those mornings, when an owner of an online business receives an e-mail message with his customer accounts and other personal information quoted, and extortionist asking for certain amount of money to be transferred to a foreign bank. Although 70% of the businesses surveyed for the article claim they never had to deal with extortion on the Internet, the article claims those small businesses who think they are not interesting for extortionists, are in for a surprise."

prostoalex writes "Konstantin Gavrilenko from British security firm Arhont, co-author of Wi-Foo: Secrets of Wireless Hacking, recentlly reviewed on Slashdot, answered some of my questions on the current state of wireless security, market conditions for security experts and future trends, such as upcoming 802.1x and 802.11i standards."

prostoalex writes "Konstantin Gavrilenko from British security firm Arhont, co-author of Wi-Foo: Secrets of Wireless Hacking, recentlly reviewed on Slashdot, answered some of my questions on the current state of wireless security, market conditions for security experts and future trends, such as upcoming 802.1x and 802.11i standards."

prostoalex writes "Associated Press runs a nationwide story on Northface University. The school, founded by a pair of venture capitalists and former technology chief found a niche with its highly intensive curriculum and corporate software development specialization. For example, a BSCS degree can be completed in a little over 2 years, and it comes with IBM's WebSphere and Microsoft's MCSD certification. Northface is also promoting its corporate partnerships, which allow current students to feel more secure about future employment. Grady Booch from IBM is quoted to be 'jazzed up' about the program, although there are many who oppose such approaches to college education."

prostoalex writes "The hottest e-commerce trend this year? APIs and opening up databases to outside developers, says Information Week. There are currently 50,000 software developers in Amazon.com Web Services program, while eBay enjoys the presence of 8,000 companies and individual developers in its API program. There are 30 million XML queries performed on eBay servers daily."

prostoalex writes "Every year Industrial Design Excellence Awards try to pick the products, whose usability, interface and design qualities are unmatched by rivals. 130 winners are announced in 12 distinct categories. Of special interest are Computer Equipment (congratulations, Samsung, Apple, Logitech and HP) and Consumer Products (Apple, Nokia and others)." (Earlier this month, we posted about Apple's selection of winners; there are quite a few others worth looking at, though.)

prostoalex writes "The head of Microsoft Windows client division claimed there will be 1 billion Windows users by 2010, while nowadays there are 600 million of them, Microsoft-Watch reports. 35% of Microsoft's enterprise customers are still running Windows 9x and they are ripe for upgrade. Currently Microsoft's desktop PC market share is at 96%, with the closest rival - MacOS from Apple Computer - being installed on 2.8% of the desktops."

prostoalex writes "The New York Times claims eBay can learn a lot from the early Sears catalogs, which promised unconditional returns (postage paid by Sears) in case there is any dissatisfaction with the product even if the product behaves exactly as described. Apparently eBay is doing something right, but with no buyer protection, no seller authentication, and no desire to participate in seller-buyer conflicts, no return policy, can the business model be sustained?"

Alex Moskalyuk writes "It was supposed to be a deal of the millennium. When it was leaked to the media from the highest ranks of America Online, the journalists wanted a second source. It was just too incredible to believe, too likely to be a prank. AOL was merging with Time Warner with the terms of the deal making it more of a buyout than an equal merger. In truly Orwellian fashion, two corporations decided to treat one another as equals, although executives of newly formed AOLTW somehow always referred to the AOL part as "innovative" and thus leading into the future, while the TW was "old media" with that implies. Read on for Alex's review of a book about how that deal came to be, as well as its aftermath. There must be a pony in here somewhere author Kara Swisher pages 320 publisher Crown Business rating 6/10 reviewer Alex Moskalyuk ISBN 1400049636 summary The AOL Time Warner debacle and the quest for the digital future

Kara Swisher's There Must be a Pony in Here Somewhere is subtitled "The AOL Time Warner debacle and the quest for the digital future." Debacle is not an over-exaggeration, as the chapters of the book unveil personal, professional, corporate and political dramas happening during the so-called merger. A reporter for The Wall Street Journal, Swisher knows many AOL executives personally, and according to her stories, frequently engaged in lively conversations conducted where else but in AOL Instant Messenger, available on PCs of top management and board members as the preferred means of communication.

The title of the book takes roots from a famous joke, attributed to Ronald Reagan, where a hopeful boy is dealing with a large pile of manure. When asked why he is so insistent about digging the pile with such enthusiasm, the boy replies that with such a pile there "must be a pony in there somewhere." If you read the press lately and followed AOLTW's stock ride, you probably know that the pony wasn't quite there.

It's amazing how many optimistic forecasts and wide smiles were presented to the press and general public on the day of the merger and long after it. The word "synergy" could qualify for the most popular noun of the year, used by AOL executives almost in every sentence.

As Swisher writes on page 18, "Most people involved in the deal seem to be suffering from a peculiar amnesia now, so it's easy to forget that kind of hype and optimism. Today, almost everyone near to this toxic merger runs screaming from it in an attempt to avoid any culpability. The denials come fast and furious: Not me. I wasn't involved. I thought it was wrong from the very beginning. And - most of all - Steve Case is a big, fat loser. This was always more familiar territory for me, since that was exactly how most of the world regarded Case throughout his career. For most of it, he had always and forever been a loser."

Well, you can tell that the author is not sucking up to AOL's ex-CEO.

Swisher's book is extremely personal. Unless you've been involved in AOL or Time Warner personally, you are probably not aware of the company's management. At the time, when executives of Yahoo, eBay and other Silicon Valley startups weren't just visionaries, they were cool, AOL's top management was rather bland and plain. They weren't the cool guys, they were just managing some dial-up ISP in Dulles, VA that somehow took over the United States with its goofy icons, goofy commercials, goofy sounds and likewise membership. The author takes you through the personalities of top managers, talks about the AOL-TW off-standish behavior towards one another, questionable deal and threatening techniques used by David Colburn and AOL's Business Affairs department.

The book is easy to read and is full of interesting details. For example, the day when the deal was announced, there was another company discussing potential merger with AOL. But since everyone was involved on Time Warner deal that was supposed to be "huge," Meg Whitman and eBay crew got almost no attention from America Online, with executives constantly leaving the room and portraying an attention span of five-year-olds. Perhaps if some executives paid more attention to eBay and discuss potential buyout, the Internet would look different nowadays.

Otherwise, the book looks like a classic business study on how failures happen and what to avoid when you are faced with the task of running world's largest media outfit. It's an easy and pleasant read, informative as well as entertaining. Don't expect technical details from it in regards to AOL's operations, load balancing and nationwide dial-up network, since Swisher's main audience is business types and readers interested in details behind the "deal of the millennium". The first chapter of the book is available online on New York Times Web site.

You can read more of Alex's reviews of business and technology titles. You can purchase There Must be a Pony in Here Somewhere from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes "It was supposed to be a deal of the millennium. When it was leaked to the media from the highest ranks of America Online, the journalists wanted a second source. It was just too incredible to believe, too likely to be a prank. AOL was merging with Time Warner with the terms of the deal making it more of a buyout than an equal merger. In truly Orwellian fashion, two corporations decided to treat one another as equals, although executives of newly formed AOLTW somehow always referred to the AOL part as "innovative" and thus leading into the future, while the TW was "old media" with that implies. Read on for Alex's review of a book about how that deal came to be, as well as its aftermath. There must be a pony in here somewhere author Kara Swisher pages 320 publisher Crown Business rating 6/10 reviewer Alex Moskalyuk ISBN 1400049636 summary The AOL Time Warner debacle and the quest for the digital future

Kara Swisher's There Must be a Pony in Here Somewhere is subtitled "The AOL Time Warner debacle and the quest for the digital future." Debacle is not an over-exaggeration, as the chapters of the book unveil personal, professional, corporate and political dramas happening during the so-called merger. A reporter for The Wall Street Journal, Swisher knows many AOL executives personally, and according to her stories, frequently engaged in lively conversations conducted where else but in AOL Instant Messenger, available on PCs of top management and board members as the preferred means of communication.

The title of the book takes roots from a famous joke, attributed to Ronald Reagan, where a hopeful boy is dealing with a large pile of manure. When asked why he is so insistent about digging the pile with such enthusiasm, the boy replies that with such a pile there "must be a pony in there somewhere." If you read the press lately and followed AOLTW's stock ride, you probably know that the pony wasn't quite there.

It's amazing how many optimistic forecasts and wide smiles were presented to the press and general public on the day of the merger and long after it. The word "synergy" could qualify for the most popular noun of the year, used by AOL executives almost in every sentence.

As Swisher writes on page 18, "Most people involved in the deal seem to be suffering from a peculiar amnesia now, so it's easy to forget that kind of hype and optimism. Today, almost everyone near to this toxic merger runs screaming from it in an attempt to avoid any culpability. The denials come fast and furious: Not me. I wasn't involved. I thought it was wrong from the very beginning. And - most of all - Steve Case is a big, fat loser. This was always more familiar territory for me, since that was exactly how most of the world regarded Case throughout his career. For most of it, he had always and forever been a loser."

Well, you can tell that the author is not sucking up to AOL's ex-CEO.

Swisher's book is extremely personal. Unless you've been involved in AOL or Time Warner personally, you are probably not aware of the company's management. At the time, when executives of Yahoo, eBay and other Silicon Valley startups weren't just visionaries, they were cool, AOL's top management was rather bland and plain. They weren't the cool guys, they were just managing some dial-up ISP in Dulles, VA that somehow took over the United States with its goofy icons, goofy commercials, goofy sounds and likewise membership. The author takes you through the personalities of top managers, talks about the AOL-TW off-standish behavior towards one another, questionable deal and threatening techniques used by David Colburn and AOL's Business Affairs department.

The book is easy to read and is full of interesting details. For example, the day when the deal was announced, there was another company discussing potential merger with AOL. But since everyone was involved on Time Warner deal that was supposed to be "huge," Meg Whitman and eBay crew got almost no attention from America Online, with executives constantly leaving the room and portraying an attention span of five-year-olds. Perhaps if some executives paid more attention to eBay and discuss potential buyout, the Internet would look different nowadays.

Otherwise, the book looks like a classic business study on how failures happen and what to avoid when you are faced with the task of running world's largest media outfit. It's an easy and pleasant read, informative as well as entertaining. Don't expect technical details from it in regards to AOL's operations, load balancing and nationwide dial-up network, since Swisher's main audience is business types and readers interested in details behind the "deal of the millennium". The first chapter of the book is available online on New York Times Web site.

You can read more of Alex's reviews of business and technology titles. You can purchase There Must be a Pony in Here Somewhere from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

prostoalex writes "USA Today notices significant rise of Linux in the high-end enterprise environment. Although it doesn't provide obligatory pretty pictures, the paper mentions the projects at Pacific Northwest National Laboratory and NASA. Also if you've missed the New York Times Google article of the day, the expose on John Doerr from Valley's venerable KPCB talks about venture fund investing $12 million in LinuxCare. NYT quote: "That's a freight train I wouldn't want to get in front of," said Mr. Doerr, explaining the importance to having a stake in a Linux-based venture. "Probably get run over.''"

prostoalex writes "Advanced Unix Programming by Marc Rochkind is published by Addison-Wesley this year in its second edition. A book that has been considered a timeless classic, a title that saw its first edition back in 1985 and its second edition almost two decades later, in 2004. Where do you even start to review?" Read on below to see read prostoalex's evaluation. Advanced Unix Programming, 2nd Ed. author Marc Rochkind pages 736 publisher Addison Wesley Professional rating 9/10 reviewer Alex Moskalyuk ISBN 0131411543 summary An introduction and guided course through the world of Linux I/O and interprocess communications, with C++ source code provided for your viewing pleasure. More than 1100 functions explained.

Advanced Unix Programming (AUP) has been updated to include information relevant to Solaris, Linux, FreeBSD, Darwin and Mac OS X. Rochkind has added more than 200 system calls, according to the preface. But who is the book for?

First off, if you look at the table of contents, you will find that AUP is largely a book on input-output in Unix operating systems. The input-output varies from Basic (Chapter 2) and Advanced (Chapter 3) File I/O to Interprocess Communications (Chapters 6, 7), Network I/O (Chapter 8) and Terminal I/O (Chapter 4). The rest of the book consists of purely informational chapters on fundamental concepts of Unix operating systems (Chapter 1), working with threads and processes (Chapter 5) and signals and timers (Chapter 9).

If you get the impression that this is an academic title, you're not mistaken - if your university has some kind of Advanced Unix/Linux or Unix Networking course, they probably use some AUP material. Note that the book is not a how-to or manual on setting up Apache, Samba, FTP, various filesystems or Jabber servers - it does have a chapter on networking but teaches Unix I/O concepts from developer's perspective only, meaning you have to know C and C++. If you prefer to look at the source code, it's on the author's Web site.

There are two types of readers for AUP: those who start off programming in Unix/Linux, and those who are quite good at it, have read the first edition and are now wondering whether the second one is worth it.

If you are just starting with programming in Unix/Linux environment, don't let the word "Advanced" scare you off. The first chapter is pretty good in getting the reader up to speed with the concepts discussed in the book. It talks about such common tasks as getting the system to tell you what it has in terms of POSIX, getting a Unix box to tell you the date and time inside a C++ application, and counting your app's execution time. In many aspects, the second half of each chapter falls under O'Reilly cookbook format, where you are given a certain task and then provided the source code and explanations of what needs to be done to accomplish the task.

The author also "falls" into the trap of using some quick solutions only to "discover" that they do not work on all the systems. For example, subchapter 3.6.1 Reading Directories first tries to access the contents of the directory via ec_neg (fd = open (".", O_RDONLY) and ec_neg (nread = read (fd, buffer, sizeof(buffer))) only to find out that under Linux the call retrieves unhelpful "*** EISDIR (21: "Is a directory") ***" message. After that we are introduced into proper, not quick and dirty ways, to access Unix directories via opendir(), closedir() and readdir().

From experience, it looks like most of the people I know who own a copy of the first edition of AUP bought it because of its section on Interprocess Communications. The author does indeed provide a great learning and reference resource when in Chapter 5 he takes the reader through Unix processes and threads, explains how fork() works. The simple pop quizzes are there as well. A way to win friends and amuse the opposite sex during watercooler talks is to offer the following example:

void forktest (void)
{
int pid;
printf ("Start of test.\n");
pid = fork();
printf ("Returned %d.\n", pid);
}

Run this example as forktest and you will get a message:

Start of test.
Returned 11111.
Returned 0.

Run this test as forktest > tmp and suddenly the message in tmp file changes:

Start of test.
Returned 22222.
Start of test.
Returned 0.

Why is "Start of test" printed twice in the second example? Warning: the book contains an early spoiler in 5.5 fork System Call

By this point, you probably wonder whether the code examples will work on your system. The author tested the code on Solaris 8, SuSE Linux 8, FreeBSD 4.6 and Darwin (Mac OS X kernel) 6.8. In the preface, he talks about using a Windows box with SSH client to upload the code to the destination systems and run them there.

The book is very convenient to read; the chapter numbering system always gives you a good feel of where you are at. As reading of the entire book is not required, and a lot of people use AUP as a reference, an index containing just functions and system calls is included in Appendix D. Don't know what tcgetpgrp() does? The index will point you to 4.3.4. All the code is printed in monospace font, so it's quite easy to differentiate from the regular text. All the function definitions are boxed with function name, description and signature provided. The signature itself contains comments on what the parameter represents. They also are not saving whitespace on function samples, using the style where each line of source code and each { gets a separate line in text. Overall, more than 1100 functions are covered.

The book is quite practical, too, so don't think of it as pure API rehash. For example, in 8.4.3 (the chapter 8 deals with Networking), you are given the source code for a text-based browser that's written in less than 50 lines of code (although it doesn't quite understand HTML and just dumps everything to standard output).

Overall, if any part of your job description or hobby list includes Unix/Linux development, especially if it's high on that list, this book is a must have. Moreover, looking at the job market defined by keyword "unix", it looks like half the positions include some kind of "Sr." or "Architect" or "Networking" attribute, for which the knowledge provided in AUP would be indispensable.

You can purchase Advanced Unix Programming, 2nd Ed. from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, carefully read the book review guidelines, then visit the submission page.

prostoalex writes "Linuxfest Northwest 2004 took place in Bellingham, WA this past Saturday, as announced on Slashdot before. Check out the ever-expanding photo album and what people are saying in their blogs. I also have an extensive and highly subjective write-up on my site, but I can only vouch for the events I've been to myself. Compare that to Linuxfest 2000 coverage to see how things have changed."

prostoalex writes "How many times, when playing Dungeons and Dragons by yourself, or reading an RFC in the bed alone on a Friday night, have you thought 'Boy, I sure wish there was an easier way to pick up women, like published API with code samples?' What would you say if such documentation was not only available, but succinctly put into 22 design patterns and given formal descriptions just like the ones in your UML book? Dating Design Patterns, with a cover suspiciously similar to Design Patterns by the Gang of Four, is the first attempt to bring verified solutions to common problems in the world of dating." Timothy's review follows prostoalex's, below. Dating Design Patterns author Solveig Haugland pages 150 publisher Solveig Haugland rating 9/10 reviewer Alex Moskalyuk ISBN 0974312002 summary Elements of reusable objective-oriented paired programming

Why design patterns are needed Many will attest that the API to the WOMEN platform is somewhat obscure, contradictory and poorly documented. However, if you talk to any randomly selected groups of men, you will discover that the problems they face (whether in Pickup or Relationship states) are fundamentally the same. If there's a common set of problems, shouldn't there be a common set of solutions? Moreover, doesn't it bother you that programming geeks, who advocate code reusability and open-sourcing have not come up with reusable successful solutions for commonly occurring problems and have not documented them?

This book is the attempt to change that and unite all design patterns in a single documentation project. You can read the conversation that led to writing DDP (caution: those of you in love with Design Patterns' concept might have a hard time reading how it was all a hoax by the Gang of Four). Hopefully you will understand the danger of letting this knowledge out (hint: geeks who talk to attractive girls, date and get laid spend less time writing code, which could jeopardize some projects) and not recommend the book to everyone you know. The table of contents is available online as well (in PDF format), and you can see that the book is subdivided into two large sections - introduction and pattern catalog.

Introduction to dating design patterns In the first part, the authors introduce the concepts of design patterns with several superfluous definitions in an attempt to outdo the academic titles types on Design Patterns in number of formal references and quoted italic text. They also provide the set of anti-patterns, which can be collected by surveying poor implementations of dating patterns. For example, the Iterator anti-pattern is described as "The nag. One of the most taxing on system resources. Also an anti-pattern when used to repeatedly ask the same woman for a date." Many developers fall into fallacy of thinking anti-pattern would do the job when a pattern does not work.

The chapter on refactoring talks about all the issues that must be taken care of before implementing any of the patterns. Each refactoring unit includes sub-sections on Motivation, Mechanics and Example. The motivation part explains how this refactoring unit can help publish an attractive public interface for FEMALE platform. The mechanics part usually includes a bulleted list of what needs to be done for the implementation. The example brings us into more practical world, where we can visualize how the refactoring units "Get a makeover", "Display yourself in a new context through third parties", "Publish a more restricted interface" and "Fake a phone call from an ex-girlfriend" can help interested geek attract female companions.

Pattern Catalog

The second part is nothing more but a collection of 22 existing dating patterns. This part of the book will be even more familiar to those who read the original Design Patterns, as the headings, bulleted lists, sidebar notes and sub-chapter titles are all there. Each pattern is presented in the following format:

1. Pattern name
2. Problem statement (the authors acknowledge that for most of developers the problems reside in attempting to implement getLaid method successfully on FEMALE platform)
3. Forces (why this pattern might lead to successful implementation)
4. Solution (overview of what's required for successful implementation)
5. Strategies (step-by-step guide with copious notes)
6. Benefits and Drawbacks (analysis of when this design pattern makes sense and when it's not appropriate)
7. Related patterns

Anyone who's ever been through UML or Design Patterns class will not have a problem with reading the pattern catalog. The pseudocode sometimes used to describe the pattern is somewhat close to Java and uses Camel notation for method calls, state and interface definitions. Luckily the book is void of any humor that design pattern writers usually try to sneak in, and is just plain formal scientific boring writing with SAT-level vocabulary that we all grew to love while reading the Gang of Four series.

The problem statements use clear language, allowing the reader to figure out whether he has the same problem (and thus should read the pattern to find out the solution) or move on to the next pattern. For example, the Jini Singles Bar pattern describes the following problem:

You're a great catch, of course, and you're looking for someone smart, funny, beautiful, who can talk about rock-climbing, Slashdot, politics and 19th century Serbo-Croatian playrights. It would also be nice if she were 24, between 5'6'' and 5'8'', of French extraction, interested in the songs of Owen Margolis, with dark long brown hair. However, you have not yet found this woman.

Conclusion The point that authors try to emphasize is that Dating Design Patterns is a collection of researched, verified, formalized and proven to work patterns. Of course, there are numerous pages of already available documentation with questionable applicability, as well as HOWTO's from open-source luminaries, but they provide neither the variety of patterns that this book has, nor the exact step-by-step implementations.

As common with design patterns, there are areas where they work perfectly and there are cases, where they are not applicable at all. The collection (full list of patterns with appropriate poster is available from the official Web site) just provides the list of accepted solutions to common problems. Perhaps reading through all 22 patterns is an onerous task and should be left to those in academic world. However, the authors assure that the benefits of successful implementation outweigh the amount of resources that need to be dedicated. Now, if you'll excuse me, that girl from Barnes and Noble with very nice public properties is getting out of the shower and her private members are even more interesting.

Tim's review: Don't buy this book. None of the ideas in it work. Absolute garbage. Haugland's "advice" will not result in flocks of appropriate-sex singles following you out of every coffee bar, bookstore or tango lesson you happen to visit. Repeat: do not buy this book.

You can search for Dating Design Patterns from bn.com, or better yet, straight from the author. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "When Orkut, LinkedIn, Friendster, Zaibatsu and Tribe.net just don't cut it, meet PeopleAggregator, an open-source, PHP-written, FOAF-based social network. There's the site and there's the source in case you decide to launch your own. I found out about PeopleAggregator reading this interview with Mark Canter on Read/Write Web today." I wish such sites would provide profile-conversion tools to encourage jumping ship from one to another.

prostoalex asks: "I was just reading an Associated Press story on the most popular Web destinations, where it's noted how the companies are vying for user's attention to become an access point to the Internet. Slashdot's readership is probably not the one to stick to the start page provided by their ISP or their browser manufacturer. What's your browsers start page? A third-party site like Google or Yahoo!? A customized page like My Yahoo! or My MSN? Personal Web site or local HTML file with your favorite bookmarks? about:blank?"

prostoalex writes "CNET News.com.com talks about less than glamorous acceptance of Microsoft's single sign-on technology, .NET Passport. Being launched as a single sign-on service for online businesses and competing heavily with open Liberty Alliance project, which so far has produced just a large amount of PDF files, .NET Passport is considered a failure (although not by Microsoft). Turns out, high licensing fees, lack of simple implementation, security leaks and server downtime, were not acceptable to most of potential clients out there."

prostoalex writes "Research firm Gartner draws attention to the fact that less than a third of people who put Java on their resume actually know their stuff. The knowledge gap between someone who can successfully write a System.out.println() and someone capable of designing and implementing a complex Java system brings to companies being back-logged with pending projects."

prostoalex writes "The Washington Post alerts Windows users about a new peer-to-peer backdoor client that is installed maliciously on broadband-connected computers around Asia and the United States. The client is then used for distributed DOS attacks and sending out large amounts of spam. Phatbot, according to government sources, is installed on hundreds of thousands machines already. Phatbot snoops for passwords on infected computers and tries to disable firewall and antivirus software, albeit it is detectable by antivirus packages." An anonymous reader submits a link to this description of the beast.

prostoalex writes "Why are networked computing environments so insecure? You've heard the story before - early computers were not designed to work in the network environment, and even most software written later was designed to work on benevolent networks. As Bruce Schneier says in the preface to Building Secure Software: How to Break Code, 'We wouldn't have to spend so much time, money and effort on network security if we didn't have such bad software security.'" Read on for prostoalex's review of Exploiting Software, which aims to balance that situation somewhat. Exploiting Software: How to Break Code author Greg Hoglund, Gary McGraw pages 512 publisher Addison Wesley Professional rating 8 reviewer Alex Moskalyuk ISBN 0201786958 summary Techniques and software used to attack applications.

What kind of secure are you after? There are many published titles on the topic of software security are numerous, but most of them follow certain patterns. Building Secure Software by Viega and McGraw was mainly concerned with proper techniques and general software engineering mindset without going into specifics. Then there was Writing Secure Code , by Howard and LeBlanc, which provided concrete examples and showed the "right way" to do secure coding. I heard the title instantly became a required reading at world's largest software corporation. It's currently in its second edition.

Secure Programming Cookbook for C/C++ by Viega and Messier, was the hands-on title for those developing C/C++ application with security in mind, as the cookbook recipes generally gave examples of good code, with each chapter providing some general background information on the topic discussed (I reviewed it on Slashdot in September last year).

Just in case you were wondering, the list above wasn't just retrieved by a quick search at Amazon. My Master's degree, completed last summer, dealt with the topic of software security, and those are the titles I've read preparing to write the theoretical part.

From the other side With the variety of books on how to write secure software, and what techniques to use to make existing software more secure, there was a niche for a book targeted specifically to those who wanted to break software. Black hat or white hat, the network security experts always had titles like Hacking Exposed to give them an idea of what was available in terms of techniques and methodologies used out there. For software security most of the articles and books generally would tell you something in the terms "do not use strcpy(), as it introduces buffer overruns".

Great, so I won't use strcpy(), did it make my application more secure? Is it more or less hack-proof? What if I am a tester and required to play with this aspect of the application to ensure the application's security before the product ships? Theoretically hanging out at proper IRC rooms and getting lifetime Phrack and 2600 subscriptions should be enough to cover you at the beginning, however, the learning curve here leaves much to be desired, let alone the fact you will probably be kicked out of the IRC rooms for asking n00b questions. Another path would be to take an expensive training course by someone with a name in the industry, but the price tag for those generally leaves out self-learners and those operating on limited budgets, which adds up to about 99% of software engineers and testers out there.

Exploiting Software to the rescue.

Exploiting Software fills the void that existed in this market. Eight chapters take you through the basics and some advanced techniques of attacking software applications with the purpose of executing arbitrary code supplied by an attacker (you).

The book mainly deals with Windows applications for x86 platforms, and some knowledge of C/C++ and Win32 API is required to go through the example applications. To automate some processes and demonstrate possible attacks the authors use Perl, so knowledge of that would help the reader, too. Some chapters, (e.g. the buffer overflow one) show disassembler output, and while you're not expected to read x86 ASM code as if it were English, knowledge of how the registers work and how the subprocedure calls are handled on this Intel architecture are required. After all, if potential attackers know it, you better familiarize yourself with some low-level code, too.

While discussing various possible attacks, the authors post different attack patterns. The patterns themselves usually appear in gray textboxes and talk about the possible exploit in general terms. After that, a series of attack examples follow, with specific descriptions on what can be done, and how. For example, the attack pattern on page 165 is titled "Leverage executable code in non-executable files." The following attack example is "Executable fonts," and it talks how the font files are generally treated by the Windows systems (they are a special form of DLLs). Thus it's possible to embed some executable code into a font library you're creating, for which the authors provide an example in Microsoft Visual Studio.

What's cool is that all the attack patterns are listed in a separate table of contents (alas, not on the Web site table of contents, which just lists the chapters and subchapters), so you can browse to the attack pattern you decide to learn about, read some general info about it and then study specific examples. The examples themselves are not in the table of contents, which I think is a mistake, as it would make searching for possible patterns much easier. After all, how are you supposed to know that "Informix database file system" (p. 189) is under "Relative path traversal" pattern? Well, unless you know specifically that the line http://[Informix database host]/ifx/?LO=../../../etc/ is the one discussed in the example, you would have to either go through the index hoping no omissions were made, or read the chapter in its entirety.

One of the best chapters of the book, Reverse Engineering and Program Understanding, which provides a good introduction into techniques used throughout the book, is available online from Addison Wesley. By having a free chapter you already have 1/8th of the book, but don't think that the low number of chapters makes this 512-page title an introductory book.

Target Audience

Looks like there are two major audiences and reading patterns for this book: those wanting to fix their systems ASAP and thus using Exploiting Software as a reference, and those using it as a text book to learn about security. I've discussed the organization of the book above, and the reference types will probably be more interested in patterns and examples. For a casual reader (although casual readers wouldn't generally pick up a title with C++, Perl, ASM and hex dumps spread around the chapters) this is a book with great educational value, from two authors who have discovered numerous security vulnerabilities themselves.

Exploiting Software is not an easy title to read. Addison-Wesley shipped me the manuscript copy a month before it hit the bookshelves in its final version, and I found myself going through about two pages an hour. The authors bring up sometimes unfamiliar Win32 APIs and occasionally use ready-made tools available on the Web, so generally I found myself visiting MSDN and Google a lot to read through available documentation and download the latest version of the tools used. The book doesn't come with a CD. Some of the stuff, like inserting a malicious BGP packet to exploit a Cisco router (p. 281) is not really testable at home, and I have some reservations about verifying the example with my employer's routers.

The book is probably apt for 2nd or 3rd year computer science students and above. Besides the variety of languages that I mentioned above, you need to be familiar with the basics of Intel architecture, and generally be fluent with terminology like "buffer," "stack," "syscall," "rootkit," etc., as this is not an "Introduction to..." title. From my experience, you probably won't read it from page 1 to page 512 understanding everything perfectly, but for anyone interested in security and those making a career in software development it looks like a bookshelf must-have.

I interviewed Gary McGraw on the current state of software security, the relevance of the topic to the issues beyond C/C++ and improper buffer usage, and future directions in security. Network World magazine also ran an interview with the McGraw in which he talks about the reception of the book at the RSA Conference, whether the economics is right to invest in building secure systems, and whether his book does more harm by providing a compendium of known exploits.

Alex has written numerous reviews of other software and security titles. You can read more of his opinions at his Web site. You can purchase Exploiting Software: How to Break Code from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "Why are networked computing environments so insecure? You've heard the story before - early computers were not designed to work in the network environment, and even most software written later was designed to work on benevolent networks. As Bruce Schneier says in the preface to Building Secure Software: How to Break Code, 'We wouldn't have to spend so much time, money and effort on network security if we didn't have such bad software security.'" Read on for prostoalex's review of Exploiting Software, which aims to balance that situation somewhat. Exploiting Software: How to Break Code author Greg Hoglund, Gary McGraw pages 512 publisher Addison Wesley Professional rating 8 reviewer Alex Moskalyuk ISBN 0201786958 summary Techniques and software used to attack applications.

What kind of secure are you after? There are many published titles on the topic of software security are numerous, but most of them follow certain patterns. Building Secure Software by Viega and McGraw was mainly concerned with proper techniques and general software engineering mindset without going into specifics. Then there was Writing Secure Code , by Howard and LeBlanc, which provided concrete examples and showed the "right way" to do secure coding. I heard the title instantly became a required reading at world's largest software corporation. It's currently in its second edition.

Secure Programming Cookbook for C/C++ by Viega and Messier, was the hands-on title for those developing C/C++ application with security in mind, as the cookbook recipes generally gave examples of good code, with each chapter providing some general background information on the topic discussed (I reviewed it on Slashdot in September last year).

Just in case you were wondering, the list above wasn't just retrieved by a quick search at Amazon. My Master's degree, completed last summer, dealt with the topic of software security, and those are the titles I've read preparing to write the theoretical part.

From the other side With the variety of books on how to write secure software, and what techniques to use to make existing software more secure, there was a niche for a book targeted specifically to those who wanted to break software. Black hat or white hat, the network security experts always had titles like Hacking Exposed to give them an idea of what was available in terms of techniques and methodologies used out there. For software security most of the articles and books generally would tell you something in the terms "do not use strcpy(), as it introduces buffer overruns".

Great, so I won't use strcpy(), did it make my application more secure? Is it more or less hack-proof? What if I am a tester and required to play with this aspect of the application to ensure the application's security before the product ships? Theoretically hanging out at proper IRC rooms and getting lifetime Phrack and 2600 subscriptions should be enough to cover you at the beginning, however, the learning curve here leaves much to be desired, let alone the fact you will probably be kicked out of the IRC rooms for asking n00b questions. Another path would be to take an expensive training course by someone with a name in the industry, but the price tag for those generally leaves out self-learners and those operating on limited budgets, which adds up to about 99% of software engineers and testers out there.

Exploiting Software to the rescue.

Exploiting Software fills the void that existed in this market. Eight chapters take you through the basics and some advanced techniques of attacking software applications with the purpose of executing arbitrary code supplied by an attacker (you).

The book mainly deals with Windows applications for x86 platforms, and some knowledge of C/C++ and Win32 API is required to go through the example applications. To automate some processes and demonstrate possible attacks the authors use Perl, so knowledge of that would help the reader, too. Some chapters, (e.g. the buffer overflow one) show disassembler output, and while you're not expected to read x86 ASM code as if it were English, knowledge of how the registers work and how the subprocedure calls are handled on this Intel architecture are required. After all, if potential attackers know it, you better familiarize yourself with some low-level code, too.

While discussing various possible attacks, the authors post different attack patterns. The patterns themselves usually appear in gray textboxes and talk about the possible exploit in general terms. After that, a series of attack examples follow, with specific descriptions on what can be done, and how. For example, the attack pattern on page 165 is titled "Leverage executable code in non-executable files." The following attack example is "Executable fonts," and it talks how the font files are generally treated by the Windows systems (they are a special form of DLLs). Thus it's possible to embed some executable code into a font library you're creating, for which the authors provide an example in Microsoft Visual Studio.

What's cool is that all the attack patterns are listed in a separate table of contents (alas, not on the Web site table of contents, which just lists the chapters and subchapters), so you can browse to the attack pattern you decide to learn about, read some general info about it and then study specific examples. The examples themselves are not in the table of contents, which I think is a mistake, as it would make searching for possible patterns much easier. After all, how are you supposed to know that "Informix database file system" (p. 189) is under "Relative path traversal" pattern? Well, unless you know specifically that the line http://[Informix database host]/ifx/?LO=../../../etc/ is the one discussed in the example, you would have to either go through the index hoping no omissions were made, or read the chapter in its entirety.

One of the best chapters of the book, Reverse Engineering and Program Understanding, which provides a good introduction into techniques used throughout the book, is available online from Addison Wesley. By having a free chapter you already have 1/8th of the book, but don't think that the low number of chapters makes this 512-page title an introductory book.

Target Audience

Looks like there are two major audiences and reading patterns for this book: those wanting to fix their systems ASAP and thus using Exploiting Software as a reference, and those using it as a text book to learn about security. I've discussed the organization of the book above, and the reference types will probably be more interested in patterns and examples. For a casual reader (although casual readers wouldn't generally pick up a title with C++, Perl, ASM and hex dumps spread around the chapters) this is a book with great educational value, from two authors who have discovered numerous security vulnerabilities themselves.

Exploiting Software is not an easy title to read. Addison-Wesley shipped me the manuscript copy a month before it hit the bookshelves in its final version, and I found myself going through about two pages an hour. The authors bring up sometimes unfamiliar Win32 APIs and occasionally use ready-made tools available on the Web, so generally I found myself visiting MSDN and Google a lot to read through available documentation and download the latest version of the tools used. The book doesn't come with a CD. Some of the stuff, like inserting a malicious BGP packet to exploit a Cisco router (p. 281) is not really testable at home, and I have some reservations about verifying the example with my employer's routers.

The book is probably apt for 2nd or 3rd year computer science students and above. Besides the variety of languages that I mentioned above, you need to be familiar with the basics of Intel architecture, and generally be fluent with terminology like "buffer," "stack," "syscall," "rootkit," etc., as this is not an "Introduction to..." title. From my experience, you probably won't read it from page 1 to page 512 understanding everything perfectly, but for anyone interested in security and those making a career in software development it looks like a bookshelf must-have.

I interviewed Gary McGraw on the current state of software security, the relevance of the topic to the issues beyond C/C++ and improper buffer usage, and future directions in security. Network World magazine also ran an interview with the McGraw in which he talks about the reception of the book at the RSA Conference, whether the economics is right to invest in building secure systems, and whether his book does more harm by providing a compendium of known exploits.

Alex has written numerous reviews of other software and security titles. You can read more of his opinions at his Web site. You can purchase Exploiting Software: How to Break Code from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "Why are networked computing environments so insecure? You've heard the story before - early computers were not designed to work in the network environment, and even most software written later was designed to work on benevolent networks. As Bruce Schneier says in the preface to Building Secure Software: How to Break Code, 'We wouldn't have to spend so much time, money and effort on network security if we didn't have such bad software security.'" Read on for prostoalex's review of Exploiting Software, which aims to balance that situation somewhat. Exploiting Software: How to Break Code author Greg Hoglund, Gary McGraw pages 512 publisher Addison Wesley Professional rating 8 reviewer Alex Moskalyuk ISBN 0201786958 summary Techniques and software used to attack applications.

What kind of secure are you after? There are many published titles on the topic of software security are numerous, but most of them follow certain patterns. Building Secure Software by Viega and McGraw was mainly concerned with proper techniques and general software engineering mindset without going into specifics. Then there was Writing Secure Code , by Howard and LeBlanc, which provided concrete examples and showed the "right way" to do secure coding. I heard the title instantly became a required reading at world's largest software corporation. It's currently in its second edition.

Secure Programming Cookbook for C/C++ by Viega and Messier, was the hands-on title for those developing C/C++ application with security in mind, as the cookbook recipes generally gave examples of good code, with each chapter providing some general background information on the topic discussed (I reviewed it on Slashdot in September last year).

Just in case you were wondering, the list above wasn't just retrieved by a quick search at Amazon. My Master's degree, completed last summer, dealt with the topic of software security, and those are the titles I've read preparing to write the theoretical part.

From the other side With the variety of books on how to write secure software, and what techniques to use to make existing software more secure, there was a niche for a book targeted specifically to those who wanted to break software. Black hat or white hat, the network security experts always had titles like Hacking Exposed to give them an idea of what was available in terms of techniques and methodologies used out there. For software security most of the articles and books generally would tell you something in the terms "do not use strcpy(), as it introduces buffer overruns".

Great, so I won't use strcpy(), did it make my application more secure? Is it more or less hack-proof? What if I am a tester and required to play with this aspect of the application to ensure the application's security before the product ships? Theoretically hanging out at proper IRC rooms and getting lifetime Phrack and 2600 subscriptions should be enough to cover you at the beginning, however, the learning curve here leaves much to be desired, let alone the fact you will probably be kicked out of the IRC rooms for asking n00b questions. Another path would be to take an expensive training course by someone with a name in the industry, but the price tag for those generally leaves out self-learners and those operating on limited budgets, which adds up to about 99% of software engineers and testers out there.

Exploiting Software to the rescue.

Exploiting Software fills the void that existed in this market. Eight chapters take you through the basics and some advanced techniques of attacking software applications with the purpose of executing arbitrary code supplied by an attacker (you).

The book mainly deals with Windows applications for x86 platforms, and some knowledge of C/C++ and Win32 API is required to go through the example applications. To automate some processes and demonstrate possible attacks the authors use Perl, so knowledge of that would help the reader, too. Some chapters, (e.g. the buffer overflow one) show disassembler output, and while you're not expected to read x86 ASM code as if it were English, knowledge of how the registers work and how the subprocedure calls are handled on this Intel architecture are required. After all, if potential attackers know it, you better familiarize yourself with some low-level code, too.

While discussing various possible attacks, the authors post different attack patterns. The patterns themselves usually appear in gray textboxes and talk about the possible exploit in general terms. After that, a series of attack examples follow, with specific descriptions on what can be done, and how. For example, the attack pattern on page 165 is titled "Leverage executable code in non-executable files." The following attack example is "Executable fonts," and it talks how the font files are generally treated by the Windows systems (they are a special form of DLLs). Thus it's possible to embed some executable code into a font library you're creating, for which the authors provide an example in Microsoft Visual Studio.

What's cool is that all the attack patterns are listed in a separate table of contents (alas, not on the Web site table of contents, which just lists the chapters and subchapters), so you can browse to the attack pattern you decide to learn about, read some general info about it and then study specific examples. The examples themselves are not in the table of contents, which I think is a mistake, as it would make searching for possible patterns much easier. After all, how are you supposed to know that "Informix database file system" (p. 189) is under "Relative path traversal" pattern? Well, unless you know specifically that the line http://[Informix database host]/ifx/?LO=../../../etc/ is the one discussed in the example, you would have to either go through the index hoping no omissions were made, or read the chapter in its entirety.

One of the best chapters of the book, Reverse Engineering and Program Understanding, which provides a good introduction into techniques used throughout the book, is available online from Addison Wesley. By having a free chapter you already have 1/8th of the book, but don't think that the low number of chapters makes this 512-page title an introductory book.

Target Audience

Looks like there are two major audiences and reading patterns for this book: those wanting to fix their systems ASAP and thus using Exploiting Software as a reference, and those using it as a text book to learn about security. I've discussed the organization of the book above, and the reference types will probably be more interested in patterns and examples. For a casual reader (although casual readers wouldn't generally pick up a title with C++, Perl, ASM and hex dumps spread around the chapters) this is a book with great educational value, from two authors who have discovered numerous security vulnerabilities themselves.

Exploiting Software is not an easy title to read. Addison-Wesley shipped me the manuscript copy a month before it hit the bookshelves in its final version, and I found myself going through about two pages an hour. The authors bring up sometimes unfamiliar Win32 APIs and occasionally use ready-made tools available on the Web, so generally I found myself visiting MSDN and Google a lot to read through available documentation and download the latest version of the tools used. The book doesn't come with a CD. Some of the stuff, like inserting a malicious BGP packet to exploit a Cisco router (p. 281) is not really testable at home, and I have some reservations about verifying the example with my employer's routers.

The book is probably apt for 2nd or 3rd year computer science students and above. Besides the variety of languages that I mentioned above, you need to be familiar with the basics of Intel architecture, and generally be fluent with terminology like "buffer," "stack," "syscall," "rootkit," etc., as this is not an "Introduction to..." title. From my experience, you probably won't read it from page 1 to page 512 understanding everything perfectly, but for anyone interested in security and those making a career in software development it looks like a bookshelf must-have.

I interviewed Gary McGraw on the current state of software security, the relevance of the topic to the issues beyond C/C++ and improper buffer usage, and future directions in security. Network World magazine also ran an interview with the McGraw in which he talks about the reception of the book at the RSA Conference, whether the economics is right to invest in building secure systems, and whether his book does more harm by providing a compendium of known exploits.

Alex has written numerous reviews of other software and security titles. You can read more of his opinions at his Web site. You can purchase Exploiting Software: How to Break Code from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "While Real Networks claims its market share and low profit numbers are the result of Microsoft's anti-competitive behavior, there are some alternative views. News.com has an article on Real's reality, which reveals many interesting practices that Real resorted to. "Although RealNetworks had already licensed Microsoft's formats for use in its media player, it didn't have Windows Media licenses for its server technology. Undeterred, the company found a way to essentially replicate the Windows Media code, trumpeting its new software as the Internet's first "universal" streaming system", says News.com." Read on for more.

"There's also an interesting conversation going on at Jogin.com, which started with this post from the author, basically a rant, describing how inconvenient and even hostile Real Player is. It would be like any other rant, except an employee of Real Networks replied with some insights into the company's wrongdoings and somewhat explained Real's undeterred hostility towards those who downloaded the free version of its player. Furthermore, a consultant, who used to work at Real Networks, replied, sharing some questionable practices Real engaged in, such as hiding a variety of "add-ons" at the bottom of the page, hoping that the user would not scroll down to un-check the selections, and then charging his credit card for add-ons when he signed up for paid version on Real One."

khalua writes "Netcraft has a story that 10 years ago today, the first widely recognized spam was sent by... oh the irony...a law firm. Hate to see what a beast it grows into when it's 20." Reader prostoalex writes "Ever wonder why spam is so prevalent and who buys all those revolutionary products sold at unbelievable prices? Direct Marketing Association estimates $11.7 billion was spent on goods and services pitched via unsolicited e-mail. The average buy was $155, which exceeds the average of $114 that opt-in e-mail generated. It's worth noting that US e-commerce sales in general generated $50 billion total last year, however, the data was presented by a different researcher."

prostoalex writes "Martin Taylor, general manager for platform strategies at Microsoft, was interviewed by CRN magazine on Linux, open source development, and Microsoft's official stand on it."

prostoalex writes "The new issue of Fast Company magazine looks at the so-called New Economy in retrospect. There were some myths about the Internet that were not true, or could be considered true only partially in the brief history of the Internet boom, there were people who got burned and those who nicely cashed out and then there were those who had to start a new life because of the Internet."

prostoalex writes "We've read about the worst jobs out there, the most overpaid ones, the worst job postings and the outsourcing tendencies. Can an article on employment in scientific and engineering fields can have a positive outlook? February issue of IEEE Spectrum talks about the dream ('coolest, baddest, hippest, grooviest') jobs, where people have fun and enjoy what they're doing. IEEE publication covered the dream jobs for Electrical Engineering majors only. The linked article is actually a story about 9 different people with 9 different jobs, each leading to a separate article."

prostoalex writes "Jim Turley from Embedded Systems Programming magazine answers the question of where microprocessors come from. While the public generally knows about the silicon and microprocessor vendors, few can describe the process of turning the beach sand into the latest and greatest several-hundred-dollars-worth CPU."

prostoalex writes "Westword.com published an article on Scott Richter, the owner of what is supposedly the nation's fastest-growing online marketing company, which mostly specialized in sending out those unsolicited electronic mail messages. Richter is the guy currently being sued by New York Attorney General and Microsoft Corporation for sending out nearly 9000 e-mails only to Hotmail accounts."

Alex Moskalyuk writes "Before Sun monopolized the notion of 'write once, run everywhere,' those who enjoy programming in C++ had the choice of using Qt libraries that provide cross-platform GUI support. C++ GUI Programming with Qt3 is written by the employees of TrollTech, the company that created and currently distributes the Qt environment." Read on for the rest of Alex's review. C++ GUI Programming with Qt 3 author Jasmin Blanchette, Mark Summerfield pages 464 publisher Prentice Hall PTR rating 9 reviewer Alex Moskalyuk ISBN 0131240722 summary Practical introduction into GUI programming with Qt

The first question that came to mind when I got this book - is there any need for it? Qt's Documentation is detailed and extensive with how-to's and an API reference available online for free. I have done GUI development in .NET (with C#) and Tk (with Perl) environments, and even though I've never tried Qt, the site with tutorials looked like a sufficiently good resource to start.

However, after getting through the first few chapters, religiously trying out the code, my opinions on whether a separate book is needed have changed. Jasmin Blanchette and Mark Summerfield's book can take a sufficiently clueless newbie with some C++ knowledge and guide him through the intricacies of GUI building, providing practical advice and some bits of experience on the way. You learn about the practicality of this book by turning to page 3 (with page 1 being the title) and seeing a code example as the second paragraph of the first chapter. Writing a basic GUI application in C++/Qt is attractively easy, to win you over and make you read the rest of the chapter, as well as finish the basic introduction by creating a windowed application with SpinBox and Slider widgets.

The table of contents is available on the publisher's Web site and looks fairly simple. Each chapter takes about 20-30 pages, with screenshots and code examples provided as part of the text. Reading the first 5 chapters, which comprise the "Basic Qt" section and take up 110 pages, should be enough for any C++ developer to build a sufficiently complex GUI application if all that's required is some graphical interface slapped on top of the functionality that's already there.

The rest of the book -- "Intermediate Qt" chapters -- take the reader into the common problems of GUI development, providing some insight into more advanced topics as well. Supporting networking, working with graphics and images, internationalization of the software application, interacting with help, reading XML through SAX and DOM APIs, accessing databases and doing inter-process communication are all covered here. The authors tended to avoid inserting huge amounts of reference material into the book, and, for example, in the XML chapter when working with Unicode you will be told to go online and download the numeric values of the Unicode characters instead of dedicating valuable book pages to it.

The language of the book is simple to follow; there are plenty of code examples (with discussion following each), and when the authors make certain choices, they also explain why. The diagrams and screenshots are clear (although not in color), and the code examples can be easily separated from the text. This is the first official TrollTech guide to Qt 3.2 programming, and the authors promise that the techniques will work with Qt 4.

Perhaps part of the positive impression that this book left is the fact that programming in Qt is easy and straightforward. At the early stages of my education, I started learning GUI programming with MFC, which left an indelible image of complexity and will probably increase psychiatrist bills in the future (to be fair to Microsoft, Windows Forms with .NET is a huge step forward). The book and the Qt library made some complex things sound quite simple and enjoyable to program. As Matthias Ettrich notes in the foreword to this book, the most important point in reasoning why Qt is so popular is "because programmers like it."

The book comes with a CD that contains non-commercial version of Qt 3.2 for Windows/Mac/Linux, Borland C++ 5.5 (Non-Commercial) and trial version of Borland C++ 6.0 compilers, SQLite database engine and book source code. The non-commercial version of Qt 3.2 for Windows can be installed for Borland C++ 5.5, Borland C++ 6.0, Microsoft Visual C++ 6 and Microsoft Visual C++.NET environments. The examples are quite conveniently located in folders with chapter numbers, followed by subfolders with example names.

Whether you're looking for general introduction to GUI development with C++ or trying to learn Qt, having worked with other libraries and toolkits before, this book is a good source of practical information and reference. The book is part of Perens' Open Source Series.

Alex Moskalyuk enjoys reading and reviewing books on programming and tech industry in general. You can read his other reviews on his personal site. You can purchase C++ GUI Programming with Qt 3from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "Polymer memory is hardly anything new, and we already had HP and Princeton announcing their prototype. In a Forbes magazine article IBM promises polymer memory that's five times cheaper than current flash memory, and expects the first devices with polymer data storage systems to be delivered possibly by 2005. IBM's Zurich Lab published this article last year with description of Millipede."

Alex Moskalyuk writes "Remember those 'how-to' and 'home improvement' books that you enjoyed reading as a little kid? In the first half of the last century there was a variety of books, with names like 'Boy Mechanic' or '1,000 Projects for a Boy,' which would give a teenager a variety of projects to work on productively. Building bird houses, creatively reusing helmets from World War I, and later different projects that had to do with radio and transistors - in the pre-television age all that guaranteed some creative time for geeks (whether kids or adults) and allowed them pick up skills, necessary perhaps in real life." Alex reviews below a book that fills a similar niche for the present day, outlining all 13 projects in Linux Toys: 13 Cool Projects for Home, Office and Entertainment. Whether you'd consider all of the projects toys is up to you. Linux Toys: 13 Cool Projects for Home, Office and Entertainment author Chris Negus. Chuck Wolber pages 360 publisher John Wiley & Sons rating 9/10 reviewer Alex Moskalyuk ISBN 0764525085 summary Variety of Linux-based projects for home, business or just for fun

Things changed in 21st century, so what's a geek to do? As for the household products, you can probably always get stuff cheaper at Wal-Mart than build it yourself. Radio-related projects just don't seem that much fun anymore, since there's little sense of discovery.

Linux Toys is just the book that fills that void.

What's covered Chris Negus (author of the Red Hat Linux Bible) and Chuck Wolber (from Tacoma LUG) came up with 13 different projects that one can do at home. All of them require a PC running Linux (the authors use and recommend Red Hat Linux 9, since that's the environment where the projects have been tested) and a variety of hardware (including none besides the PC), depending on which project you decide to go with. What are the projects? The entire listing is at the book's Web site, but here's a list of all thirteen with short descriptions of what's accomplished in the end (not necessarily in the same order as the chapters):

1. Digital Picture Frame: excellent endeavor if you have an old useless laptop with nice LCD screen lying around. The book has detailed step-by-step guide with pictures on how to turn an old laptop into a fancy picture frame playing a slideshow of digital images stored on the hard drive locally or uploaded from network (in case the old laptop has a network card and you decide to keep it when assembling the picture frame). By the way, these things do cost a lot commercially, while P200 and lower laptops are virtually free.
2. Arcade Game Player: how to turn an old computer with a good monitor into the arcade game player running XMame. Your house guests can then use joystick to play Donkey Kong, Pac-Man, Asteroids at your next Blast from the Past party.
3. Digital Answering Machine: using the Red Hat Linux box as an answering machine that listens for incoming telephone calls (via vgetty), converts the voice messages into digitally compressed sound files and notifies the receiver about new voice message via e-mail.
4. Home Music System: have an old PC with fairly large hard drive and some good home entertainment speakers? This project allows the reader to build a jukebox used to play Ogg Vorbis files. The authors use ltJukebox and freedb for music management and information retrieval. The ltJukebox software (which comes with the book's CD) automatically rips the music CDs into .ogg files, though digitizing your collection (if you haven't done it yet) might take a while. After that, however, a standalone computer nicely tucked somewhere in the room behind the speaker system can provide for hours of music. And if you plug it into the network, you'll have the ability to change settings and playlists via telnet.
5. Home Video Archive: ever wanted to digitize your VHS collection? This chapter uses ffmpeg and nvrec for capturing and xawtv for adjusting television input. The authors then use Hauppauge WinTV Go and WinTV Theater TV capture card and then record the videos off the TV input into an AVI file. The resulting file is then burned to a CD/DVD (still using Linux tools) as well as into the VCD format that's recognized by most DVD players.
6. Personal Video Recorder: ever dreamed of cutting TiVo's market share with your own devices? Well, perhaps, maybe within just one market -- your house. The authors use the same nvrec utility to record the TV input, XmlTV and WebVCPlus for downloading the data on television shows and using Web interface to choose the ones you would like to record. Unlike TiVo though, this home-built digital PVR can only play the recorded shows on a Linux PC in AVI format, but if you followed the previous project, you can burn the resulting file into VCD format.
7. Providing dial-up access: this basic project is perhaps familiar to all those who bear the title Network Administrator or used to work for an ISP, but for beginners in the field (and especially for beginners with Linux) it provides a detailed step-by-step plan on how to setup your own dial-up server and become a small ISP. A computer permanently connected to the Internet with a static IP is required for this project.
8. Web hosting business: assuming that a computer with static IP address from the previous project and a domain name are available, this project takes the reader through the details of becoming a Linux hoster. This project is especially interesting, since it's applicable to those who have pretty good knowledge of the OS. Numerous online how-to's and manuals take you through separate processes, like adding user accounts, configuring Apache, setting up disk quotas, but few are "turnkey" solutions, where after closing up the book on the last page you can start the hosting business right away.
9. Home network with a Linux box: rather detailed description of properly configuring iptables, NAT, as well as DHCP and Samba servers to run the home network with a Red Hat Linux 9 box as a server with the firewall and various Linux/Windows clients connecting to it.
10. Video streaming server: set up a camcorder, Web cam or security camera to broadcast the video to the Internet. The authors use a camcorder and ffserver software to stream the video.
11. Temperature Monitor: here a temperature sensor kit from DigiTemp needs to be purchased and connected to the telephone cable, which, in turn, will connect to the parallel port. Apparently the ordering page is down as of writing this review, but DigiTemp developer uses Dallas Semiconductors temperature sensors. Then the software provided with the book (ltweather) allows you to look at the current temperature, log it consistently and display it on a Web page if needed.
12. Linux and some games on a single floppy: re-using that 3.5'' drive for something practical is the purpose of this project. Although the result - single-floppy with some essential Linux and character-based games on it, can be hardly practical in the modern world, perhaps it's worth playing with just to see how little you need to get the whole OS going from scratch.
13. Controlling RC cars from Linux: if you have a large collection of RC cars (and according to the spam messages I am getting, they're the hottest trend this Christmas), there's a variety of things you can do when suddenly instead of using the remote control you engage a Linux PC. Unattended races, testing your AI algorithms for entering DARPA autonomous vehicle challenge, writing some complex artificial life, where species of all sorts can see how well they can survive in a crowded world. The authors use a LynX-PORT board, a fairly expensive, but according to the authors, quite useful I/O board that could be re-used for all sorts of projects.

The Book With 274 pages of useful information (excluding the cover pages), the book creates a very favorable impression. The writing is clear and succinct; each chapter follows the same structure with an overview of the project first, the list of things needed for the project second, a step-by-step guide third, some additional information for those willing to go further fourth, and summary of the project fifth. Each step that requires interaction with a Linux box has the exact command-line instructions spelled out, no matter how basic. (On page 44, for example, the authors provide the mount /mnt/cdrom command, even though knowledge of this step is expected of a Linux user at the command line). Where interaction with the GUI is required, a screenshot is provided. The Troubleshooting section explains what might go wrong with a Red Hat Linux 9 box and how to react to it.

Furthermore, there is no dependence on previous chapters, making each project independent. You will not be told to "start up the video capturing as you have learned in the previous chapter" or refer to "previously described procedures". Theoretically, you could rip out the pages for a single project and give them to someone with no previous knowledge of the project and expect them to complete it.

Pictures are indispensable. Granted, they wouldn't be very useful for the Linux on a Floppy project, but for something like a digital picture frame, where you're required to disassemble an old laptop and play with the parts, it's essential. The pictures are all black-and-white, and by "pictures" I mean real photographs, not diagrams explaining how things should be done in theory.

The authors' sense of humor permeates the book, which makes it an enjoyable read. For example, on page 255, when completing the Linux RC toy car project, the photo of the race has a caption about every Linux car crossing the "Finnish" line. (Tip: Linus didn't always live in California). The layout of the book also makes it convenient to read and follow. A bar across the top of the page always tells you which project you're on. When enumerating the things required for the project, the authors use bulleted lists with clear explanations.

Another thing worth mentioning is the book's integration with the Web. The book's Web forums allow you to post questions and impressions from each specific project. The authors are also accepting submissions for new Linux Toys from the readers. The Web site in this sense is remarkable, as with too many technical books the so called "companion Web site" is not truly a companion, but a marketing pitch followed by a bookstore link.

Overall, I think Chris Negus and Chuck Wolber have done a very nice job. If I had more time, I would explore more of the projects personally (so far I am started on rebuilding my home network, but I do want to try out the digital picture frame, being a proud owner of Compaq LTE P100 laptop). The book would be a good read for anyone looking for some cool hobby projects, and perhaps would be a good gift for technically inclined kids, who are interested in technology.

Speaking from a different perspective, Linux Toys is the book needed by the open source community. While the usual arguments of being able to look at the OS's source code and concepts of Free software only vaguely interest most individuals, a book like this would spark interest in Linux OS as providing the opportunities to create a variety of cool toys and have fun doing it.

Read more of Alex's reviews of technical and tech business books. You can purchase Linux Toys: 13 Cool Projects for Home, Office and Entertainment from bn.com. Slashdot welcomes readers' book reviews -- to submit a review for consideration, read the book review guidelines, then visit the submission page.

prostoalex writes "Reviewing Richard Stevens' Unix Network Programming is akin to reviewing the New Testament for a Christian audience, or The Elements of Style for English majors. Everyone who is somehow involved in network programming on Unix/Linux systems generally refers to the tome as ultimate learning resource and the best reference out there." Read on for the rest of Alex's review. Unix Network Programming, Vol. 1: The Sockets Networking API, Third Edition author W. Richard Stevens, Bill Fenner, Andrew M. Rudoff pages 1024 publisher Addison-Wesley rating 9 reviewer Alex Moskalyuk ISBN 0131411551 summary Ultimate reference guide for network programming, protocol implementation, server-client applications on Unix

Those just starting in the field will eventually come across so many "Stevens book" references that it will eventually end up in their library. In a nutshell: Unix Network Programming is a must for anyone involved in writing network-enabled clients or server applications, requiring a variety of protocols.

The first edition of the book came out in 1990, and quickly became the college textbook and professional reference for anyone trying to get experience in the field. This is the third edition of first volume of Unix Network Programming, titled The Sockets Networking API. Volume 2 deals with Interprocess Communications and so far exists only in the 2nd edition. W. Richard Stevens didn't live to see the 3rd edition published, and the new book has Bill Fenner and Andrew M. Rudoff listed as co-authors.

The table of contents for Unix Network Programming provides a very good overview of what's packed into 31 chapters and 5 appendices that provide 950 pages of information on network programming (Addison Wesley states it's 1024 pages, but page 947 is the start of the bibliography, followed by an index which was designed by W. Richard Stevens himself for better usability). The book starts with the basics, with an introduction to network protocols and OSI model in chapters 1 and 2. The authors move on to socket programming (supporting TCP, UDP, and SCTP protocols), providing a working example of a TCP client-server application (Chapter 5) as well as SCTP client-server (Chapter 10). DNS service is covered in Chapter 10, with some additions dealing with IPv6 implementations.

The largest part of the book -- Advanced Sockets -- covers a wide range of technologies and generally it's not expected that you cover this part chapter by chapter. Chapter 12 would be of special use for anyone dealing with IPv4 and IPv6 implementations simultaneously. The authors provide an example of an IPv4 client working with an IPv6 server and vice versa. Then it proceeds to daemon processes, I/O operations on Unix, threads, raw sockets, advanced techniques for programming UDP and SCTP sockets, broadcasting and multicasting technologies, finishing off with the chapter on streams.

To avoid recapping the table of contents, it's worth mentioning that if you're an experienced network developer and have read previous editions of Stevens' book, you will find that that the book has been updated with IPv6 APIs and example code (including interoperation with IPv4 in aforementioned Chapter 12), information on the POSIX Single Unix Spec v3, a chapter on key management for IPsec (19), and three new chapters (9,10,23) on SCTP.

But wait a minute, what about the second edition, didn't it have 34 chapters, while this third one has only 31? Description of the XTI (X/Open Transport Interface) is gone, and that used to fill chapters 28,29,30,31 and 32 of the previous edition. The authors note that XTI API "has fallen out of common use and even the most recent POSIX specification does not bother to cover it." T/TCP (TCP for Transactions) is dropped as well, so if your applications still rely on either XTI or T/TCP, perhaps donating the 2nd edition to the local church library can wait.

The information above would be of interest to the professionals in the field, but what about the beginners? Can a reader expect to become proficient with developing network applications by absorbing Stevens' book? Unix Network Programming indeed makes a very good effort to be as inviting and simple as possible to the first-time reader, even while it is trying to be informative for those who've read the chapters several times. The authors generally start with the description of the solved problem, then specify the ways to solve the problem in English -- only after that do they introduce an example solution in C. The code is quite clean and universal to be re-used on Unix boxes with C++, Perl, etc. Where a proper OS function call is necessary, it's used with an explanation of what it does, and where the functionality asks for a new function, the authors introduce their own.

Don't let the word Unix in the title fool you into thinking that you will need a separate book for Win32 platform (or Linux, for that matter). Apparently, there are differences in OS-specific function calls, but as far as protocols and implementation of specific functionality, the book would provide useful examples for Microsoft developers as well. What about Apple Mac OS X? On page xxi the authors claim the code has been tested on Mac OS X on PowerPC, HP-UX 11i on PA-RISC, AIX 5.1 on PowerPC, FreeBSD 4.8 on x86, Linux 2.4.7 on x86, FreeBSD 5.1 on SPARC and Solaris 9 on SPARC.

If you're reading the book for the first time, but have been through a network class before, you might skip Chapters 1 and 2, where the basics of network interaction (port numbers, OSI model, Internet protocol suite, netstat command, TCP connections, etc.) are covered. It makes sense to peruse the starting chapters if you are not familiar with SCTP.

Since many colleges in the United States and around the world use this title for their network programming classes, a handful of exercises follows each chapter. The questions are not programming projects, just quick self-test opportunities, e.g. Chapter 18 (Routing Sockets) is followed by the question: "What would you expect the sdl_len field of a datalink socket address structure to contain for a device named eth10 whose link-layer address is a 64-bit IEEE EUI-64 address?"

Some of the things from Stevens' book (like the desire to write a wrapper function for everything) might drive you crazy, although if you accept the author's style and follow the textbook by typing up and trying the source code, you will end up with a rather nice API library for all occasions by the time you get through the first two parts. It would also certainly be nice if the book, despite the title, included at least an appendix on Windows-specific implementations for those developing clients for the Microsoft platform.

Unix Network Programming is indispensable if any part of your professional or academic career involves writing client-server applications or programs requiring network communications. A good knowledge of C and familiarity with Unix internals is required, while the book is gentle enough to provide good guidance for the beginner in the network programming field. As W. Richard Stevens' mentioned in one of the interviews, "When I hit something that I don't understand, I take a detour and learn something new. This often makes my books late by a few months, but I think accuracy and completeness are essential."

You can purchase Unix Network Programming, Vol. 1: The Sockets Networking API, Third Edition from bn.com. Slashdot welcomes readers' book reviews -- to submit a review for consideration, read the book review guidelines, then visit the submission page.

prostoalex writes "Yahoo!, the owner of one of the largest e-mail systems in the world, is said to be developing a cryptographic product that will be offered freely to mail servers. 'Domain Keys,' according to the Reuters article, would require the message sender to authenticate in order for message to come across a trusted e-mail network. The idea has been around for ages, however, it required someone from the big league like Yahoo! to step in." While Yahoo! isn't the first name that comes to mind when I think of trusted email, it's still a step in the right direction.

prostoalex writes "The New York Times on the Web explores the topic of incorrect bills and numerous surcharges with names like 'assessment', 'handling', 'restocking', etc. David Pogue quotes Business Week magazine, where it says that such small charges $100 million annually for hotels, $2 billion for banks and $11 billion for credit-card companies. Users of landline phones, cell phones, checking accounts and credit cards are starting to suspect that such huge revenue might imply the mistakes are made on purpose. Is it just another conspiracy theory, or are we becoming victims to the stealth inflation?"

prostoalex writes "Fortune Magazine runs a pretty long story on Google, but instead of the usual exultation over PageRank algorithm and Larry-and-Sergey biographies, we get a different message - is Google growing up, and is trouble brewing at Google? Here's Fortune's description of the pre-IPO days: 'Google has grown arrogant, making some of its executives as frustrating to deal with in negotiations as AOL's cowboy salesmen during the bubble. It has grown so fast that employees and business partners are often confused about who does what. A rise of stock- and option-stoked greed is creating rifts within the company. Employees carp that Google is morphing in strange and nerve-racking ways.'"

prostoalex writes "ExtremeTech reviews current mega-notebooks, which are powerful enough to become a desktop replacement. Among the laptops reviewed there's one with 64-bit AMD Mobile Athlon 64 3200+ (2.0GHz clock rate) - the Voodoo Envy m:855."

Alex Moskalyuk writes "There are dozens of titles on 'corporate excellence.' Management types like them. They teach the best practices from known companies and let you know how ABC Inc. or XYZ Corp. became such a glorious business as it is. In Search of Excellence (ISBN: 0446385077) is one of them, deserving the title of 'management bible' from its publishers. Apart from the minor detail that some of the data in the book was faked. At times like these, where do you turn for a good management advice?" Read on for Alex's review of an alternative text, Merrill R. Chapman's In Search of Stupidity. In Search of Stupidity: Over 20 Years of High-Tech Marketing Disasters author Merrill R. Chapman pages 256 publisher APress rating 10 reviewer Alex Moskalyuk ISBN 1590591046 summary Over 20 Years of High-Tech Marketing Disasters

Rick Chapman, on the back of the dustcover, features an impressive resume of MicroPro, Ashton-Tate, IBM, Inso, Microsoft, Novell, DataEase, Stromberg, Sun Microsystems, Teradata and Ziff-Davis. For those who just recently caught up to speed with the computer industry, some names might sound unfamiliar. Indeed, a great many tech companies were driven into the ground either by poor management practice or poor product planning.

About the book

The author explores the stories of Digital Research, MicroPro, Ashton-Tate, Borland, Motorola, Novell, Netscape and a slew of ASPs (Application Service Companies), as well as dot-coms, to derive lessons on mismanagement. Chapman also talks about current behemoths, IBM, Intel and Microsoft, telling stories of numerous product failures and the ways the companies have managed to deal with each blow. Apple Computer is also mentioned, but don't forward a copy of the title to your local friendly Mac zealot -- contemplating Apple's current market share and influence on the market (with some speculations on what could have been done), Chapman calls Apple the world's largest irrelevant company.

Want to learn secret skills of ruining a perfectly good product line? How about being a great company for thousands of developers and then pissing off almost 100 percent of them? Want to get a clear roadway on publishing two parallel software products that compete with one another, while even the sales people are unable to clarify the differences? In Search of Stupidity takes the reader on the joyous ride, following closely the growth and downfall of technological giants.

Developers! Developers! Developers!

Famous Joel Spolsky provided a preface for Chapman's title, where he provided some interesting statistics about world's largest consumer software companies as well as thoughts on the issue of who runs the company better -- programmers or business majors? "When Pepsi-pusher John Sculley was developing the Apple Newton, he didn't know something that every computer science major in the country knows: handwriting recognition is not possible. This was at the same time that Bill Gates was hauling programmers into meetings begging them to create a single rich text edit control that could be reused in all their products," writes Spolsky, implying that people who run software or hardware companies better have some knowledge about their business.

Chapman's critique of that preface runs throughout the book -- the famous setback that can be expected from the developer's community is the notion that the code should be re-written for the new version, as the old one simply is too buggy and it's easier to start anew.

What's good about the book

In the introduction chapter Chapman provides a great overview of what to expect in the book. His style is lively, full of analogies and old tales. The book is marked by a good sense of humor, without actually going into jokes (except for occasional re-telling of Intel Pentium FPU-related humor). All the companies who were not big enough to deserve a separate chapter but still stupid enough to be in the book are mentioned in introduction. Street Technologies, who in an advertising brochure bravely claimed the owner of its software could "eliminate half of the work force," and whose literature probably never made it through the mail room. Syncronys, who sold the SoftRAM product, which promised to "double your computer memory," except for the fact it didn't actually do it. Project Iridium from Motorola, which burned through $5 billion before figuring out that market for thousand-dollar phones and hundred-dollar service charges was a bit limited.

The table of contents can be found on the book Web site, and from the subchapter names like "The Great Pentium Bunny Roast" one can deduct that the book is full of good humor mixed with sarcasm. Sometimes Chapman is merciless when mentioning some of his stories' subjects. Here's his introduction to a chapter on Netscape vs. Microsoft battle:

If you like the horror movies, you know the cast usually sports a character you've come to think of as The Idiot Who Deserves to Die. He's the knucklehead who runs screaming into the path of Godzilla just as the giant reptile is heading out to spend a relaxing afternoon destroying Tokyo, and gets squashed like a bug. The dimwit who sticks his noggin out of the deserted cabin in the woods and yells out "Mad slasher? What mad slasher?" just before the mad slasher decapitates him. The space-bound fumble-fingers who always manages to drop his blaster right when the Tentacle of Doom is zeroing it on him for lunch. If Marc Andreessen, co-founder of one-time wonder company Netscape, ever gives up high tech for a career in horror movies, he'll play that character.

The author does provide a pretty good collection of facts on just what Netscape has done wrong, and how Microsoft's onslaught could have been avoided, so the quoted paragraph is not just an attempt to personally insult Andreessen. Here's a story of Ashton-Tate and its leader Ed Esber, who eventually ruined the company:

Esber did fancy himself something of a business guru, and one of his favorite quotes was "A computer will not make a good manager out of a bad manager. It makes a good manager faster and a bad manager worse faster." He had something there. It had taken George Tate about 5 years to build Ashton-Tate to software giant status; it would take Ed Esber only 2.5 years to put the company on the road to ruin. And Esber had a PC on his desk the entire time.

Debunking the myths

Besides providing a lot of good stories from the history, Chapman also tries to dispell some myths about the industry. Most of the myths somehow involve Microsoft, which is hardly surprising, provided Chapman dedicated more attention to software companies than hardware companies. He describes the attitude towards the company in the early stages of the industry development, points out why ISVs flocked towards DOS/Windows instead of more stable OS/2, and denies the common belief that Bill Gates' project owes most of its success to the deal with IBM to put DOS on the PC.

Chapman also analyzes the mistakes made, and shows how Apple Computer could've been the 99% market share vendor right now, but a few stupid mistakes in the company's past allowed for better short-term gains while leading the company into oblivion. In the last chapter, the demise of dot-coms and application service providers is told in a sort of haphazard way, without going into details of any specific company. Chapman keeps his sense of humor and is not so full of sarcasm and "I told you so" attitude as Philip Kaplan's F'd Companies .

Overall

The book is an enjoyable read, and with roughly 250 pages of interesting and fact-packed text makes an informative one, too. Even if you have been in the industry long enough to know better about the mistakes Chapman names, the book is worth reading just to re-fresh the past memories and learn some juicy details about the companies' internals (Chapman personally worked in MicroPro's WordStar team and at Ashton-Tate, among others). For others, it's a great learn to take a look at serious and less-serious screw-ups by major technological companies.

Each chapter is preceded by a caricature. The chapter on MicroPro shows WordStar and WordStar 2000 pointing a gun to one another's head with an apparent attempt to pull the trigger. The chapter on OS/2 (titled The Idiot Piper) shows that very idiot piper playing apparently a tune of OS/2, while the products designed for the operating system are heading off the cliff. Chapter on Intel's Pentium flop features bunny suits dancing around the barbecue fire with equations like "9/3 = 2.999" on their aprons.

In Search of Stupidity is an excellent source of information, analysis and good laughs. It's one of the few industry titles that will give you a large supply of stories to re-tell to other developers over a beer. Chapman's book is also an excellent case study collection of anti-management rules that one should avoid when running a high tech company.

You can purchase In Search of Stupidity from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes: "New TPC-H world record for performance and scalability of database software on Linux platform has been set. The winner - Oracle 10g running on a four-node Lenovo Cluster Server DeepComp 6800, each with four Intel Itanium 2 1.3 GHz processors. Oracle also emphasizes that it's 3.5 times more performance than similar IBM DB2 benchmark. TPC-H benchmarks are available at TPC Web site."

prostoalex writes "Korean Ministry of Information and Communication is planning to wire the entire country with high-speed 50-100 Mbps network. A total of $80.4 billion will be spent on the project that's expected to be completed in 2010."