Slashdot Mirror

hanksdc writes "With the proliferation of wireless networking over the past year, it has become easier and easier for even the most budget-minded geeks to afford wireless gear for their homes, offices, and neighborhoods. Rob Flickenger's latest, Wireless Hacks expands upon his previous book on the topic, Building Wireless Community Networks , and takes its reader by the hand on a fast-paced run through a large assortment of hacks related to wireless networking." Read on for the rest of hanksdc's review. Wireless Hacks author Rob Flickenger pages 286 publisher O'Reilly rating 8 reviewer hanksdc ISBN 0596005598 summary Tips and Tricks for getting the most out of your wireless network

From the back cover we find that the book is targeted towards the intermediate to advanced wireless user, and I found that definitely to be the case. Some of the hacks use a lot of technical jargon, and assume a fair amount of background knowledge from the reader. You should probably already know how to get a wireless link up and running to really benefit from the book. But don't let that be a deterrent if you're a newbie. It's still a fun read, and provides a lot of ideas for the inquisitive and creative mind.

The book is very readable, (all the Hacks series books I have read would, like their venerable ancestor, UNIX Power Tools , make for great bathroom books). Each hack is self-contained, and can be read in just a few minutes. You can read the book straight through, or browse around, find what interests you and go from there. Most hacks have references to other hacks in the book, so reading it can be like browsing a web page sometimes. Many hacks also have references to further sources of information on the topic covered.

There are hacks here for UNIX/Linux platforms mainly, but all you Ti/Al-Powerbook zealots will find plenty to lick your lips over as well, with several of the hacks devoted to wireless networking with OS X. There are even some for the Windows users as well. Many of the hacks (since they deal with hardware) could be utilized on any platform. Well, ok, you might have a bit of a hurdle to get your Pirouette cantenna hooked up to your vintage Apple ][c, but this book makes a good breeding-ground of ideas for those so inclined.

The book is divided into several chapters, each devoted to a particular topic. Each chapter contains a number of hacks related to that topic:

• Chapter 1, "The Standards," covers the alphabet soup of current wireless protocols, with a brief introduction to each.
• Chapter 2, "Bluetooth and Mobile Data," covers Bluetooth technology (need to use your Bluetooth-enabled cell phone to act as a modem for your laptop in a pinch? If only those phones weren't so pricey...*sigh*)
• Chapter 3, "Network Monitoring," is all about finding out what's going on on the local network, including various ways to sniff traffic, broadcast network services, perform network discovery, and analyze traffic.
• Chapter 4, "Hardware Hacks," gets down to the metal, discussing topics ranging from boosting signal strength to building your own access point from micro form-factor hardware to cabling and antenna guides.
• Chapter 5, "Do-it-Yourself Antennas," describes various ways to build your own antennas all the way from Pringles cans to milled aluminum wave guides (Don't forget to use ventilation when soldering ;-).
• Chapter 6, "Long distance Links," offers tips on setting up, well, long distance wireless links.
• Chapter 7, "Wireless Security," dispels the vendor-propagated myths of WEP 'security,' and gives practical advice on how you can avoid the guy next door from sniffing your private traffic (not that you'd have anything to hide, of course...).

The book's website has a full table of contents, listing each hack, if you're interested.

Throughout the book there is a lot of information repeated from Building Wireless Community Networks, as well as a few hacks copied over from Linux Server Hacks [Slashdot review here], but all together it makes a very useful collection, and a nice addition to O'Reilly's Hacks series.

So what's my take on it? If you're doing just about anything with an 802.11x network, you'll likely find something fun or useful here. If you're brand new to wireless networking, you may want to come up to speed with something a bit more tutorial-oriented. Perhaps one drawback to the book is its recipe-style format. There's not a lot of background information offered with each hack, but rather a lot "do this, then this, and you get this." If you're not used to hacking and experimenting with things, you might find yourself a bit lost. It certainly isn't a college textbook, which can be both good and bad, depending on what you're looking for.

Overall, if you're the forward-thinking, range-extending, hardware-tinkering, soldering-iron wielding, average slashdot reader, you'll probably find it a fun read with lots of good ideas to offer.

You can purchase Wireless Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

hanksdc writes "With the proliferation of wireless networking over the past year, it has become easier and easier for even the most budget-minded geeks to afford wireless gear for their homes, offices, and neighborhoods. Rob Flickenger's latest, Wireless Hacks expands upon his previous book on the topic, Building Wireless Community Networks , and takes its reader by the hand on a fast-paced run through a large assortment of hacks related to wireless networking." Read on for the rest of hanksdc's review. Wireless Hacks author Rob Flickenger pages 286 publisher O'Reilly rating 8 reviewer hanksdc ISBN 0596005598 summary Tips and Tricks for getting the most out of your wireless network

From the back cover we find that the book is targeted towards the intermediate to advanced wireless user, and I found that definitely to be the case. Some of the hacks use a lot of technical jargon, and assume a fair amount of background knowledge from the reader. You should probably already know how to get a wireless link up and running to really benefit from the book. But don't let that be a deterrent if you're a newbie. It's still a fun read, and provides a lot of ideas for the inquisitive and creative mind.

The book is very readable, (all the Hacks series books I have read would, like their venerable ancestor, UNIX Power Tools , make for great bathroom books). Each hack is self-contained, and can be read in just a few minutes. You can read the book straight through, or browse around, find what interests you and go from there. Most hacks have references to other hacks in the book, so reading it can be like browsing a web page sometimes. Many hacks also have references to further sources of information on the topic covered.

There are hacks here for UNIX/Linux platforms mainly, but all you Ti/Al-Powerbook zealots will find plenty to lick your lips over as well, with several of the hacks devoted to wireless networking with OS X. There are even some for the Windows users as well. Many of the hacks (since they deal with hardware) could be utilized on any platform. Well, ok, you might have a bit of a hurdle to get your Pirouette cantenna hooked up to your vintage Apple ][c, but this book makes a good breeding-ground of ideas for those so inclined.

The book is divided into several chapters, each devoted to a particular topic. Each chapter contains a number of hacks related to that topic:

• Chapter 1, "The Standards," covers the alphabet soup of current wireless protocols, with a brief introduction to each.
• Chapter 2, "Bluetooth and Mobile Data," covers Bluetooth technology (need to use your Bluetooth-enabled cell phone to act as a modem for your laptop in a pinch? If only those phones weren't so pricey...*sigh*)
• Chapter 3, "Network Monitoring," is all about finding out what's going on on the local network, including various ways to sniff traffic, broadcast network services, perform network discovery, and analyze traffic.
• Chapter 4, "Hardware Hacks," gets down to the metal, discussing topics ranging from boosting signal strength to building your own access point from micro form-factor hardware to cabling and antenna guides.
• Chapter 5, "Do-it-Yourself Antennas," describes various ways to build your own antennas all the way from Pringles cans to milled aluminum wave guides (Don't forget to use ventilation when soldering ;-).
• Chapter 6, "Long distance Links," offers tips on setting up, well, long distance wireless links.
• Chapter 7, "Wireless Security," dispels the vendor-propagated myths of WEP 'security,' and gives practical advice on how you can avoid the guy next door from sniffing your private traffic (not that you'd have anything to hide, of course...).

The book's website has a full table of contents, listing each hack, if you're interested.

Throughout the book there is a lot of information repeated from Building Wireless Community Networks, as well as a few hacks copied over from Linux Server Hacks [Slashdot review here], but all together it makes a very useful collection, and a nice addition to O'Reilly's Hacks series.

So what's my take on it? If you're doing just about anything with an 802.11x network, you'll likely find something fun or useful here. If you're brand new to wireless networking, you may want to come up to speed with something a bit more tutorial-oriented. Perhaps one drawback to the book is its recipe-style format. There's not a lot of background information offered with each hack, but rather a lot "do this, then this, and you get this." If you're not used to hacking and experimenting with things, you might find yourself a bit lost. It certainly isn't a college textbook, which can be both good and bad, depending on what you're looking for.

Overall, if you're the forward-thinking, range-extending, hardware-tinkering, soldering-iron wielding, average slashdot reader, you'll probably find it a fun read with lots of good ideas to offer.

You can purchase Wireless Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

leighklotz writes "XForms and XML Events are now W3C Recommendations, which gives them the same status as HTML 4.01, XHTML 1.1. XForms is a next-generation language for designing web forms and other form-based applications, and is designed to integrate into existing XML applications such as XHTML and SVG. XML Events complements XForms and other XML applications, and provides a simple XML syntax for accessing existing DOM Level 2 events. Two new book about XForms from O'Reilly and Addison-Wesley complement more than twenty implementations, ten of which are profiled on XML.com. The text of the O'Reilly book is available under the GNU FDL, and the text of the Addison-Wesley book is included on CD for accessibility." There's more -- read on below.

"Now that XForms has reached Recommendation, Star Office support for XForms is in the works, and Mozilla contributors are gearing for a Mozilla implementation to complement the three existing fullly qualified implementations: FormsPlayer Internet Explorer Plug-In from England, Open Source Java X-Smiles from Finland, and the DENG browser written in Flash from Germany.. The mobile sector is heating up again, and XForms Basic, which omits XML Schema support, is targeted as an upward-compatible implementation set for mobile devices. Personally, I'm looking forward to bringing XForms to J2ME mobile devices such as the Danger Hiptop, in order to simplify UI development.

Also reaching Recommendation status is XML Events, which complements XForms and other XML applications, and provides a simple XML syntax for accessing existing DOM Level 2 events.

Read the Press Release and Testimonials at the World-Wide Web Consortium."

leighklotz also offers a link to XForms for HTML Authors.

doom writes "For those of you who haven't been paying attention, when the The Perl Cookbook by Tom Christiansen & Nathan Torkington came out in 1999 it immediately became one of the primary references in the perl world. It's one of the first places you should check before making a move with perl, right up there with search.cpan.org, itself. Now we've got the second edition. What's the diff? The diff is 58 new recipes and program examples (list provided below), plus two new chapters on mod_perl and XML (which provide an additional 27)." Read on for doom's complete review. The Perl Cookbook, 2nd Edition author Tom Christiansen & Nathan Torkington pages 927 publisher O' Reilly rating 9 reviewer doom ISBN 0596003137 summary How to do common tasks in perl

The new recipes cover a number of subjects. One of the prominent themes is how to use perl's new unicode support, as well as the new I/O layers feature. The coverage of web programming has definitely been fleshed out with recipes on XML-RPC, SOAP and so on, plus the new chapter on mod_perl. Also of interest of course are the additional recipes on database access with DBI.

The mod_perl chapter is a good succinct introduction, with some very cute recipes in it (though admittedly a lot of these are also covered in the excellent Mod_perl Developer's Cookbook by Young, Lindner and Kobes out from Sams). For example "Transparently Storing Information in URLs" shows how to embed information in any arbitrary position inside a URL. This quickly shows the kind of things you can do with a PerlTransHandler and a PerlFixupHandler. The chapter closes with what looks like a good introduction to "Template Toolkit", which I would probably be very excited about if I wasn't already familiar with the (also discussed) HTML::Mason.

I really enjoyed reading the XML chapter (a subject I'm less familiar with): I predict that you'll find this to be the fastest way through the XALPHABET XSOUP without drowning. For me, this was almost worth the price of the book.

Very little has been removed (hence the page count has gone from 757 to 927), and where I have been able to find a deletion, there are usually very good reasons for it. For example, the first edition takes the trouble to tell us that qr// was introduced in perl 5.005, but the new edition drops the babble about versions there, because for most of us, anything before 5.6 is now ancient history. However, I do miss this particular irrelevant parenthetic aside that's been deleted now:

Remember that the opposite of read is not write but print, although oddly enough, the opposite of sysread actually is syswrite. (split and join are opposites, but there's no speak to match listen, no resurrect for kill, and no curse for bless.)

(p.295, first edition, compare to p.323, second edition.)

In general, it's difficult to think of anything seriously wrong with the Perl Cookbook. I might suggest that in some places they fall into the trap of talking about all the ways to do it, rather than just the best ways, (e.g. recipe 7.5 "Storing Filehandles into Variables" seems a bit complicated).

And maybe there are some slight problems with order of presentation, as with the new perl 5.8 feature of "I/O Layers", which is mentioned a few times before it's finally discussed in the beginning of Chapter 8 (though really, it's amazing that there aren't more problems like this: this is supposed to be reference work, and yet it usually works well as a tutorial also).

I've got one big complaint about the 2nd edition though: they changed the numbering of existing recipes! I've been writing code with comments like

# Schwartzian transform. See Perl Cookbook, recipe 4.15

and now it turns out I should've been specifying an edition number also. Please: "Cookbook" authors, come up with a numbering scheme that remains invariant with new editions... if you can't always just append to the end of the chapter, there's nothing wrong with tacking another dotted decimal on the end. We're programmers, we can handle it.

And speaking of the "Schwartzian transform" that recipe has a very clear, self-explanatory name "Sorting a List by Computable Field", but in the first edition, there was also a footnote explaining that many people call this the Schwartzian Transform, named after Randall Schwartz, who invented the technique. With this second edition, that footnote has been quietly dropped. Guys, if you're going to carry on a feud, this is really not the way to do it. It just makes you look bad.

O'Reilly's perl.com site has a series of articles by the authors, featuring some recipes from the book:

• Cooking With Perl
• Cooking With Perl, part 2
• Cooking With Perl, part 3

Appendix: New recipes and examples (not including the two new chapters):

• Using Named Unicode Characters
• Treating Unicode Combined Characters as Single Characters
• Canonicalizing Strings with Unicode Combined Characters
• Treating a Unicode String as Octets
• Properly Capitalizing a Title or Headline
• Constant Variables
• Implementing a Sparse Array
• Creating a Hash with Immutable Keys or Values
• Matching Nested Patterns
• Writing a Subroutine That Takes Filehandles as Built-ins Do
• Storing Multiple Files in the DATA Area
• Reading an Entire Line Without Blocking
• Treating a File as an Array
• Setting the Default I/O Layers
• Reading or Writing Unicode from a Filehandle
• Converting Microsoft Text Files into Unicode
• Comparing the Contents of Two Files
• Pretending a String Is a File
• Working with Symbolic File Permissions Instead of Octal Values
• Writing a Switch Statement
• Coping with Circular Data Structures Using Weak References
• Program: Outlines
• Overriding a Built-in Function in All Packages
• Customizing Warnings
• Writing Extensions in C with Inline::C
• Cloning Constructors
• Copy Constructors
• Saving Query Results to Excel or CSV
• Escaping Quotes
• Dealing with Database Errors
• Repeating Queries Efficiently
• Building Queries Programmatically
• Finding the Number of Rows Returned by a Query
• Using Transactions
• Viewing Data One Page at a Time
• Querying a CSV File with SQL
• Using SQL Without a Database Server
• Graphing Data
• Thumbnailing Images
• Adding Text to an Image
• Program: graphbox
• Turning Signals into Fatal Errors
• Multitasking Server with Threads
• Writing a Multitasking Server with POE
• Accessing an LDAP Server
• Sending Attachments in Mail
• Extracting Attachments from Mail
• Writing an XML-RPC Server
• Writing an XML-RPC Client
• Writing a SOAP Server
• Writing a SOAP Client
• Program: rfrm
• Using Cookies
• Fetching Password-Protected Pages
• Fetching https:// Web Pages
• Resuming an HTTP GET
• Parsing HTML
• Extracting Table Data

You can purchase The Perl Cookbook, 2nd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Even Grues Get Full is the fourth and latest collection of cartoons from User Friendly. I got this collection because a friend said the third collection was brilliant 'from cover to cover.' I have to say that this collection did have some exceptionally good moments, but 'from cover to cover,' I think not." Honestpuck's review continues, below. Even Grues Get Full author J.D. "Iliad" Frzer pages 122 publisher O'Reilly rating 8 - Funny reviewer Tony Williams ISBN 0596005660 summary Chock full o' laughs. Funny, didn't split my sides or spit coffee out my nose, but funny

To start, I didn't find the inside title page even worth a smile, the only joke 'Even Grues Get Full' had already been on the front cover and I'd noticed its repetition on the back one as well.

To investigate a little further I read the 'Foreword' by Wil Wheaton. OK, it did have one good Wesley joke but mostly it seemed to be saying how much he didn't mind Iliad making fun of him in the strip.

Then we get to the strips. Yeah, some are funny. I laughed a bit. Iliad certainly knows a good tech joke when he draws one - even if he does seem to make a lot of jokes at the expense of the Windows operating system -- which seems to be a combination of shooting fish in a barrel and politically incorrect making fun of the crippled and lame. However some things are just not funny, Mr Frazer.

What about those cartoons from page 78 to 83. To start off, no self respecting Lego geek with two hundred and seventy million dollars would buy two million sets of Lego Mindstorms. I'd only (sorry, I mean 'He'd only') buy one and a half million to leave cash left over for buying a couple of hundred thousand Lego models of the Millenium Falcon -- I mean, "D'uh!" Oh, and about the cartoon on page 82: missing a 16-wheel cog to complete your project is no laughing matter you know. I don't see what's so amusing about building a missile silo out of Lego either -- I'm going to build a carry box for my cat when I can get enough blue 12 x 1 bricks.

Then there's the series about the visiting MBA. No real geek would fall in love with a woman merely because her name, 'Pearl,' was a homonym for a scripting language - get real. If her name had been 'See' or 'Jarvah,' maybe. But not funny, Iliad.

Frankly, I think this book is full of the usual 'User Friendly' rubbish. Jokes at the expense of those poor users (hey, they don't know any better), clueless management (hey, they don't know any better) and socially disadvantaged and deprived geeks (hey, we don't know any better.) Joking about the outstanding, well-informed and upright citizens that work in the sales and marketing departments of our IT firms and ISPs? Shame on you J.D. Oh, and poking fun at poor Larry Ellison just cause he isn't as rich as Bill is just downright mean.

I think Tim O'Reilly should be ashamed to publish this book. I guess the only reason he does is that Iliad hasn't poked fun at him (yet).

I wouldn't recommend this book to anyone. It's just chock full of jokes that only a Linux-loving geek could find funny. Cartoons full of references that only a Perl programming geek would understand. I didn't learn a single thing about programming in C# for .NET ot the latest protocols used in Active Directories -- a totally useless tech book, really.

Look, just go to the User Friendly web site and see some more recent examples from this deeply disturbed cartoonist, or go to the O'Reilly book page and check out a few strips from the book itself and you will agree with me.

You can purchase Even Grues Get Full from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes with the review below of John Viega and Matt Messier's Secure Programming Cookbook for C and C++, a book which he says is useful -- but only if you have the background to use it. Read on for the details, including Alex's alternative reading suggestions. Secure Programming Cookbook for C and C++ author John Viega, Matt Messier pages 790 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003943 summary Real-life recipes for using secure code even in the basic algorithms

The Target Audience of the Book In the foreword to this book Gene Spafford observes that there really are four types of programmers:

1. Those who are constantly writing buggy code, no matter what,
2. Those who can write reasonable code, given coaching and examples,
3. Those who write good code most of the time, but who don't fully realize their limitations,
4. Those who really understand the language, the machine architecture, software engineering, and the application area, and who can write textbook code on a regular basis.

There are, as Spafford claims, too many people in category 3 who think they belong to the category 4, and that's the primary target audience of the book. John Viega and Matt Messier co-wrote Secure Programming Cookbook for C and C++ not with the intent of proving the necessity of application security, as they mention in the foreword, but to illustrate its application. If you're reading this book, you are probably well aware of the security needs at your workplace or in your projects, and you would like to have a large library of sample code for various operations.

The book has yet another Web site, and since John Viega didn't mind a little slashdotting during the launching stage, so he probably won't mind another link to SecureProgramming.com.

The Book Itself The structure of the book will be familiar to anyone who has read an O'Reilly Cookbook before. The "cookbook" part of the text is nothing more than a collection of solutions to common problems. The code is generally of high quality and written by an expert in the field. What's more important is the discussion section following the code, which explains why things are done in a certain way, what alternatives exist, and what are the best practices in the field.

Viega and Messier have expanded the discussion session, basically doubling the content, by introducing separate Windows and Unix sections where applicable. The reader has a chance to peruse the code for both platforms as well as read separate discussion sections, which helps in navigating the content of the book.

Microsoft platform developers, though, will only be introduced to native Win32 API -- the authors chose to ignore the STL/ATL/COM/DCOM/.NET solutions on the assumption that those could be derived by someone closely familiar with the lowest-level API available from Microsoft. Even though the discussion section is quite detailed and informative for both Unix and Windows developers, the authors do not discuss the design and architecture issues behind secure programming in C and C++. That falls outside the scope of this book; besides, John Viega co-authored Building Secure Software , where a lot of attention is paid to the philosophy of secure programming as well as initial application design with security in mind.

The Contents You can view the table of contents on the O'Reilly Publishing Web site, and with the cookbook format, it's pretty much WISYWIG -- whatever the title of the subchapter is, you will be introduced to the nature of the problem, followed by C/C++ solution, followed by the discussion of the subject with occasional URLs to relevant information on the Web.

Just to sum it up, usage of encryption, message integrity checks, symmetric and public-key cryptography and secure programming get a lot of attention. With 41 recipes (Chapters 4 and 5) on symmetric encryption and 29 (Chapters 7 and 10)on PKI-related code snippets, you can get your yearly supply of Unix and MS CryptoAPI examples.

But this book is not entirely about encryption, since current security problems are rarely caused by the encryption algorithm failures. The networking and Internet-related programming issues are covered in Chapter 8 (Authentication) and Chapter 9 (Networking). In Chapter 3, those designing Web interfaces will find some useful examples of validating the input URL and checking the SQL string against injection attacks. Admittedly, such examples would serve a better purpose in Perl/PHP/ASP, however, anyone familiar with C should be able to derive their own variations of the algorithm. Chapters 1 and 2 provide a great deal of insight into operating system specifics in regards to such system security issues as environment variables, spawning child processes, revealing memory dumps, using temp files on Windows and Unix, etc.

Off-the-beaten-path chapters include information on random numbers (the chapter is available online for free) and preventing tampering with applications. The random number chapter would be interesting to both professional programmers with good math skills and beginners in the computer programming field writing their first number-guessing C++ game. Recipes on gathering entropy and access to standard Windows/Unix APIs for random number generation are of great practical use. The application tampering chapter was probably the most informative thing for me - great collection of information, rarely found in other application or network security publications. How do you protect against software piracy by using checksums? How much time should you dedicate to software protection? What is the theory behind code obfuscation? How do you hide ASCII strings in data segment? How do you detect modern debuggers? The answers to such questions are usually fragmentary and are usually considered either intellectual property of the company or belong to a 'warez' site, where the quality of sources is questionable.

Is the Book Useful? This book is a great resource for quick look-up of readily available solution (I've read it online on Safari, so I cannot vouch for the usability of the paper edition when searching for information). I've written a Master's thesis on this topic (although my actual topic was way more narrow than the scope of this book) and still found a lot of great information. If you've never seen C/C++ code or feel uncomfortable with Unix/Windows API programming, you will probably find the Cookbook overly technical. A higher-level application security text is available for those new to the subject (besides the Building Secure Software title mentioned above, there's a great title called Writing Secure Code from Microsoft), while this book gets into dirty, nitty-gritty details.

Yeah, everyone and his brother knows how to implement a symmetric encryption algorithm, but how do you actually do it without compromising the system and introducing new possible loopholes? The cookbook answers questions like that, and, as mentioned above, provides detailed overview of programming strategies for the two most popular platforms. Taking the cookbook concept further, this book teaches you how to make a basic ham-and-cheese sandwich as well as fine cuisine. Too often the code measures for basic security and preventing buffer overflows are summarized in higher-level concepts, thus allowing the developers to make errors even with the most trivial applications. If you're a professional programmer and do not get tired by looking at sometimes profuse code examples, this book would probably be a good read from the beginning to the end. If C/C++ is not your preferred area, the usefulness of this title decreases severely, however, it might serve as a good reference.

You can purchase Secure Programming Cookbook for C and C++ from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes with the review below of O'Reilly's Practical mod_perl, which he describes as "a doorstop sized volume that provides more information on using mod_perl than you ever thought you needed." Read on for the rest of his review, and to see whether you actually do need to know what's in this book. Practical mod_perl author Stas Bekman & Eric Cholet pages 858 publisher O'Reilly rating 8 - Good book, some flaws reviewer Tony Williams ISBN 0596002270 summary Good overall guide for running and developing with mod_perl

The almost 900 pages are divided into five parts and a bunch of appendices. Part I, "mod_perl Administration" covers building, configuring and installing mod_perl, followed by some Apache details and an 80-page guide to coding with mod_perl in mind. Part II, 'mod_perl Performance' deals with ways of getting the best out of Apache and mod_perl, with a little about security. Part III deals with databases, including persistent connections and data sharing. Part IV is a great guide to debugging and troubleshooting. Part V is a brief look at Apache 2 and mod_perl 2.

The appendices are useful. The first is a short section of around a dozen small 'recipes' for performing various tasks using mod_perl. I found these a good base for more complex tasks, particularly when combined with examples from elsewhere in the book. The second is a list of Perl modules that extend Apache and mod_perl with a brief description of each. The third gives some strategies for providers wanting to host Apache with mod_perl. The fourth and fifth give good overviews of the Template Toolkit and AxKit, an XML application server built on mod_perl.

The book is readable, tending towards heavy writing and certainly dense, but I didn't feel this was a problem in a book meant for a fairly advanced audience. I think you'd want to be a fairly good Perl programmer and well versed in Apache before needing this volume and shouldn't expect to be spoon fed. I thought it well written.

In a book of this size you expect to find a lot of example code, and you won't be disappointed. The book is peppered with short Perl examples and example command lines and configurations, all well explained. The one shortcoming is that there aren't many examples of full-blown applications where you can see everything discussed and have it explained all in one place. I would have appreciated some more of this, the examples tend to be on the short side.

This book sits well in the marketplace. It provides more details on running, installing and configuring mod_perl and Apache than mod_perl Developer's Cookbook (and also delves more into the reasons for doing something one particular way and much more help on debugging), though the Developer's Cookbook becomes a good companion to this volume as it provides a lot more in the way of examples. For those that want to get deep into the high end of mod_perl there is Writing Apache Modules in Perl and C, which is at core a good book on high end mod_perl programming.

O'Reilly have their usual website with Table of Contents, an example chapter, and errata. The authors have their own website with some of the same information and all the code examples from the book as both individual files and one 40k tarball.

I would recommend this book to anyone who administers and writes for mod_perl, it fills the missing pieces in mod_perl Developers Cookbook and is a good companion volume to it.

You can purchase Practical mod_perl from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

viega writes "Matt Messier and I have just launched a secure programming web site. While this site does support our new book The Secure Programming Cookbook for C and C++ , it also serves as a thorough resource for developers. It has numerous links to articles and other topical resources, new recipes that demonstrate secure programming techniques a large glossary and the obligatory web log. We accept outside submissions, and will reward the best recipe submission each month-- O'Reilly will publish it on the O'Reilly Network web site and will give the author a free book. There's already a decent amount of new content, including recipes on avoiding malloc()/new-related integer overflows, watching out for security problems in API differences and issues when truncating data. There's also an RSS feed for the web log."

honestpuck writes "As digital video cameras spawn in the hands of you, me, parents and tourists like cockroaches in my kitchen we find ourselves needing the kind of technical and aesthetic help not really seen since the advent of 'desktop publishing'. Once again a 'Missing Manual' has come to my help." Read on for honestpuck's review of David Pogue's iMovie 3 & iDVD: The Missing Manual. iMovie 3 & iDVD: The Missing Manual author David Pogue pages 456 publisher Pogue Press/O'Reilly rating 7 - Good book, some flaws reviewer Tony Williams ISBN 0596005075 summary A quality introduction to two closely tied products.

I have previously reviewed iPhoto2: The Missing Manual and said "The target audience for this book would probably be a little less technical than myself or the average Slashdot reader, however when I find myself in a field I don't understand well I don't mind a little stuff for the absolute newbie" -- and once again this is true. iMovie 3 & iDVD: The Missing Manual finds me in an area where I am technically inferior. Once again I truly appreciated this book and its style.

The book is broken up into four sections, one devoted to video cameras and shooting a movie, a large one on editing in iMovie 3, and smaller sections on exporting out of iMovie 3 and on using iDVD. At the end are two useful appendices: the first is a menu-by-menu look at iMovie 3, and the second is an iMovie 3 troubleshooting guide. The latter is often needed and always useful -- iMovie 3 still has more than one bug.

The first section gives a great deal of incredibly useful information about video cameras and how to use them, including hints on various types of shooting such as sporting events, interviews and weddings. The technical information on cameras is perfect if you have yet to buy a camera, including a guide to which features are essential and which unnecessary as you can do the same thing (only better) in iMovie 3. When it goes on to the 'how to shoot' section, you get pretty much the same advice you'll get anywhere, but since we didn't really read all of from the last book on video we read (and forgot half the bits we did read) it's nice to have it there again.

The second section does a good job of explaining the details of iMovie 3, even down to some of its shortcomings and bugs. I also appreciated the way it spent as much time on improving the quality of the finished film as it did telling me how to use the various parts of the software. It follows a logical sequence through the movie-making process, giving good details on how iMovie does the job, how to get the best result and what sort of things to avoid -- particularly useful for things like transitions and effects when less is best.

The third section, titled "Finding Your Audience," is a bit more of a problem. It really has nothing to do with finding an audience and a lot more to do with QuickTime. The section first spends ten pages telling us how to get our edited film back onto the camcorder or onto a VCR, then it spends a lot of time dealing with exporting to QuickTime, including posting movies to the web and some info on using the QuickTime player, including some "tricks" with QuickTime Player Pro.

The attention to the finished product in the second section carries through to the fourth section on iDVD, though the writing here is not quite as good. It is incredibly informative, however. I learned a great deal about putting together all sorts of iDVD projects, including ways of customizing almost every aspect of the finished product.

O'Reilly have the usual marketing stuff while Pogue Press have the handy little Missing CD section with links to all the free and shareware software mentioned in the book. Neither has a sample chapter or the table of contents, you can't even get either at Amazon.

One of the drawbacks of getting free software is that we don't get good free documentation. One of the benefits of free software is that we can choose which 'documentation' to buy. Some people might prefer the style of the 'Dummies' books, others the style of Peachpit's Visual Quickstart Guide. I've had a look at all three and like the balance of depth and explanation that Pogue has in his 'Missing Manual' series. I once again find myself recommending a 'Missing Manual' to everyone. While catering to the beginner, this book goes deep enough that all but the most long-term user of these two pieces of software will find something to learn in this volume.

You can purchase iMovie 3 & iDVD: The Missing Manual from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "In the world of Perl there was once only the 'camel book,' held in perhaps as much reverence as 'K & R' among C programmers. It certainly appealed to roughly the same audience, those who wanted a short, sharp introduction to a programming language. It was with a problem that needed solving and a copy of the camel book that I started as a Perl programmer." Read on for honestpuck's review of another book he regards at least as highly. Learning Perl Objects, References & Modules author Randal L. Schwartz with Tom Phoenix pages 205 publisher O'Reilly rating 9.9 - Cannot find a fault reviewer Tony Williams ISBN 0596004788 summary Perfect book for taking your Perl skills to the next level

Then for those that wanted a introduction to Perl and programming Randal L. Schwartz wrote Learning Perl, a book that has arguably become the definitive textbook for teaching Perl. The one weakness was that it left off before really getting to the guts of building large, complex projects in Perl. It did not cover classes, objects, breaking your code up into pieces or the more arcane aspects of variables, references. For this we had to resort to the last few chapters of the 'camel book' and I, for one, have never really been totally comfortable at this end of the language; when I'm reading someone else's code it might take a couple of reads to fully understand the process.

Now this weakness has been well and truly addressed. Schwartz, with Tom Phoenix, has written "Learning Perl Objects, References & Modules", a volume that takes the same steady approach to teaching you the more advanced topics as the earlier 'Learning Perl'. Schwartz has spent the years since writing 'Learning Perl' teaching and writing. You can tell, this is a superbly written book, not that 'Learning Perl' wasn't well written; it's just that this volume is far better.

The Guts

The book starts with a chapter on building larger programs that covers @INC, eval, do and require before discussing packages and scope. It then has several chapters on references that explains in well understandable fashion and increasing complexity all the ins and outs of references including dereferencing, nested references, references to subroutines and references to anonymous data before a final chapter on references that gives you some incredibly useful tricks such as sorting and recursively defining complex data.

The book continues with three chapters that give you a solid grounding in Perl objects. Here Schwartz has assumed that you know at least a little about object oriented programming, some may feel the need for more explanation of concepts might be required, but if you've had any experience in OOP before then the clear examples and descriptions here are probably all you want.

Modules are not as well covered, with only a single chapter, but it is hard to think of anything left out, it covers using them and building your own so well that it left me wondering what all the fuss was about, "seems obvious to me." The book concludes with chapters on building a distribution out of your module, testing it using make test (with Test::Harness), Test::Simple and Test::More before a chapter telling you how to contribute to CPAN.

Each chapter of the book concludes with a number of small exercises, designed to be done in just a few minutes, that cement the learning of the previous chapter. The answers to these are at the end of the book.

Conclusion

Once I'd finished I felt I had a much more solid grounding in Perl, certainly I was much better able to understand another programmer's code that dealt with such things as subroutine references and some complex data structures. While the subject matter of this book is almost entirely covered in 'Programming Perl' the tutorial aspects of this book made it much easier going. The style would be familiar to anyone who has read 'Learning Perl', light without being frivolous and extremely well written, Schwartz seems a master at reducing complexity to manageable bites.

This book is deceptively easy to follow, each new idea built onto earlier ones, each new language concept introduced in an easy manner. The writing is excellent, it's hard to explain why I appreciated it so much. That may be the reason, the writing isn't forced or heavy or too light or obvious. It just allows the solid material of the book to shine through. Go to the ubiquitous O'Reilly website and grab the example chapter (the site also has a few Errata, the Table of Contents and the code from the book) and give it a look.

I think this may well become a classic, I may well in ten years time talk of Schwartz's books with the same awe I now talk of Brian Kernighan's. I'll certainly eagerly await his next book and keep this one close until it comes. Oh, and Randal, how about 'Software Tools for Perl Programmers'?

You can purchase Learning Perl Objects, References & Modules from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "The Missing Manual series has been around for quite some time, but I have never felt the need to buy one until I started doing some serious work with iPhoto. iPhoto 2: The Missing Manual was a good volume to assist." Read on for the rest of honestpuck's review. iPhoto 2: The Missing Manual author David Pogue, Derrick Story, Joseph Schorr pages 336 publisher O'Reilly/Pogue Press rating 8 reviewer Tony Williams ISBN 0596005067 summary An good guide to iPhoto2 for beginner to intermediate users

One of the things I like about Apple's iApps is that they hide a great deal of complexity behind a simple interface; they do indeed make the complex simple. The drawback to this is that I often find myself ignoring the more powerful aspects of the application and never using it to its full. It was here that the Missing Manual came to my help.

The target audience for this book would probably be a little less technical than myself or the average Slashdot reader, however when I find myself in a field I don't understand well I don't mind a little stuff for the absolute newbie. This book has an entire first section that deals with photography and digital photography in particular that may be a total repeat for some, I found it a welcome reminder of how to get a good photograph along with some extremely useful hints about the new technology and choosing a camera. It covers such topics as composition and lighting for a host of different situations such as landscapes, night, portraits, children and sports.

It then goes on to a section of similar size on the basics that covers getting the photos from your camera to the Mac, organising the photos using albums and keywords and then editing your shots.

A third section covers the various ways of publishing and showing your photos such as printing, CD, and web pages, and a final section with some tricks and tips on things like managing your libraries. There are two appendices: one very useful troubleshooting guide, and a menu-by-menu look at iPhoto 2.

I particularly appreciated the thorough treatment of how to get the most out of iPhoto when printing photo books and creating web pages in the third section; it was here that I really discovered how little I knew from just 'playing' with the application. The book is peppered with useful information and tips that take you beyond the level that most of us discovered when we ran and used the program. The authors have also provided some marvelous explanations of what is going on, the "why" as well as the "what."

The book is well written with a readable, light, almost witty style that somehow deceives the reader as to the depth of the material being covered. It is only when I reflected back on how much the book taught me that I realised how well it had done the job.

O'Reilly have their usual web page for the book with a sample chapter, Table of Contents and Index. Pogue Press have a neat idea - they have a page that features all the software mentioned in the book. A neat idea that I liked a lot.

In conclusion, I would recommend this book to everyone who is serious about digital photography on their Mac. If you have used iPhoto for a long time you may think the book a waste, but I'd be surprised if even long-time users didn't get their money's worth out of this book. I much preferred the style of this volume to IDG's iPhoto 2 for Dummies , the only other real competitor for this volume was iPhoto 2 for Mac OS X: A Visual Quickstart Guide , and that is a shorter volume with less depth and less advice for photography and nothing on the camera technology, though I think Engst's writing seems a bit clearer at times.

I wouldn't buy a "Missing Manual" for every iApp or the operating system, but if you take the slogan for the series seriously, "The book that should have been in the box" (for the box is entirely devoid of books), I think they are a marvelous help for becoming a true 'power user.'

You can purchase iPhoto2: The Missing Manual from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

objectboy writes with a review of Chris Fehily's SQL: Visual QuickStart Guide, writing "This book teaches ANSI SQL-92 programming to database beginners and intermediates. The publisher, Peachpit Press, publishes mostly end-user and novice titles that usually go unnoticed by professional programmers. Its Perl and PHP books, for example, are of little practical or tutorial use to an experienced developer. In fact, I noticed this SQL book only because a junior developer was using it for a course. The book's table of contents, index, and a sample chapter are posted on Amazon.com. The book's official web site contains errata and other information." Objectboy's review continues below. SQL: Visual QuickStart Guide author Chris Fehily pages 424 publisher Peachpit Press rating 9/10 reviewer objectboy ISBN 0321118030 summary A lucid SQL tutorial and professional reference

What this book does right: The myth that it's more important for a programming book to be technically accurate than well written endures even though the opposite situation is true: A lucid explanation of a difficult concept or clever algorithm is more valuable than a bug-free implementation of same.

Consider Ken Henderson's The Guru's Guide to Transact-SQL , a book full of useful examples but so marred by the author's bloated style and disrespect for the language that I cringe every time I'm forced to read the text rather than simply lift a code snippet. Henderson even goes so far as to include an introductory section, titled "On Formality," about how he is going to split infinitives (even though their syntax is a burden for the brain to parse) and how he is going to use "data" in the singular sense (even though doing so can cause confusion) and how he considers "record," "row", and "tuple" to be interchangeable terms (even though they're not) and on and on. Readers would be aghast to find such self-exculpatory nonsense in the pages of Donald Knuth or Patrick Henry Winston. As for SQL: Visual QuickStart Guide, the author, a statistical programmer, presents each topic with a mathematician's sense of restraint and order. I've found few typos, no technical errors, and consistent use of technical terms.

Almost every aspect of SELECT, INSERT, UPDATE, DELETE, CREATE, ALTER, and DROP is covered. What distinguishes this book is that every ANSI SQL statement -- and there are hundreds of examples -- was tested on six separate DBMSes: Microsoft Access 2002, Microsoft SQL Server 2000, MySQL 4.0, PostgreSQL 7.1, Oracle 8i, and Oracle 9i (8i and 9i differ considerably in SQL-92 compliance). The examples in each section increase in depth and complexity, so you can stop reading once you've learned what you need to know. When an ANSI SQL statement doesn't work as-is on a particular DBMS, the author shows you how to fix it or offers workarounds (which is particularly useful for MySQL, whose adherence to the SQL standard is poor). These DBMS-specific fixes are given as separate "DBMS Tips" apart from the main body of text, so they don't interfere with the conceptual flow. This organization is especially useful for consultants who have difficulty keeping track of how each implementation deviates from the ANSI standard, and is superior to the alphabetical, segregated approach of O'Reilly's SQL in a Nutshell.

This book was shoehorned into the publisher's Visual QuickStart format, which, as I implied earlier, doesn't work well for procedural languages, but does work for a declarative language like SQL. A two-column layout separates examples from explanatory text. Red type highlights the relevant portions of code and results. The book is extensively cross-referenced and has an 18-page index. This layout also makes the book a good quick reference for experienced programmers. Almost all the examples use a single, sample database (so there's no need to memorize multiple schemas). The code listings and sample database are available for download.

The derivative nature of programming books makes it difficult to determine whether the author truly has mastered the material. Writing a book is a difficult task (perhaps even harder than programming) but, at the risk of exaggerating my point, I suspect that any determined, organized, and competent programmer could write any O'Reilly Nutshell book by paraphrasing existing materials. But if an author establishes his credentials early, the reader gains a sense of trust that remains throughout the entire book. In the introduction to this book, the author avoids an error that almost every other SQL-book author commits: that SQL stands for structured query language. According to ANSI (the only legitimate arbiter here), it stands for S-Q-L and nothing more. Fehily even offers an amusing explanation of why structured query language is the worst possible description of SQL. Throughout the book, the author also scatters bits of practical advice (job candidates are wise to say my-es-kyu-el, not my-sequel), beginner-friendly insights ("Although SELECT is powerful, it's not dangerous: You can't use it add, change, or delete data or database objects."), and advanced topics (optimization, concurrency control, logical data independence). It is these asides and respect for basic research, rather than swaths of expository text, that lend authority.

This book describes the effects of nulls in almost every aspect of SQL, including the interpretation of null-contaminated query results. You can no more be a competent SQL programmer without understanding nulls than you can be a competent LISP programmer without understanding recursion. Particularly useful are the discussion of three-value logic (true/false/unknown) and an algebraic derivation of how a null can cause a subquery to return an empty result unexpectedly (which has bitten me more than once).

As a wizened developer weary of hand-holding users and junior programmers through routine queries, I've found it mollifying to give away copies of this book (it's cheap) to reduce my interrupt stack.

What's Missing: Some missing items that I would have found useful:

• A glossary
• A quick syntax reference
• A chapter about statistics
• A chapter about advanced SQL "tricks"
• DB2 coverage
• Coverage of security commands (GRANT/REVOKE)
• An expanded query-optimization discussion
• Improved normalization examples
• A little more mathematical rigor in the set-theory discussion

You can purchase SQL: Visual QuickStart Guide from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

gui noir writes "The first annual Accelerating Change Conference will go from September 12-14 at Stanford University. It will be 'the first conference in the world to focus on the multidisciplinary implications of accelerating change and the consequences of a technological singularity'. The all-star cast of speakers includes Ray Kurzweil, Tim O'Reilly, John Koza, Eric Drexler, and more than fifteen others (full list here). Attendance starts at $100. The closest the academic world has come to these subjects in recent memory was Douglas Hofstadter's standing-room-only Spiritual Robots Symposium back in 2001."

honestpuck writes " I am a big fan of the written word on dead trees, but sometimes I like to have the written word where I can easily search it, or cut and paste from it. That's why I like PHP.net and why I decided to get a copy of O'Reilly's Web Programming CD Bookshelf. And I am pleased with it, though not ecstatic." Read on to see what honestpuck liked about this collection, and what drawbacks it may have for you. The Web Programming CD Bookshelf author [Various] pages 540 paper, 1189 HTML publisher O'Reilly rating 7 reviewer Tony Williams ISBN 0596005105 summary A good resource for PHP developers, overpriced for others

The Good The Web Programming CD Bookshelf (WPCB) consists of a CD and a paper copy of Webmaster in a Nutshell, 3rd Edition. The CD contains an HTML version of that, as well as Dynamic HTML: The Definitive Reference, 2nd Edition, Programming PHP, PHP Cookbook, JavaScript: The Definitive Guide, 4th Edition and Web Database Applications with PHP & MySQL. There is an excellent combined index of the six volumes and a nice Java search engine, QuestAgent Pro version 4.0.9. from JObjects. According to the documentation for the engine on the CD, "It has problems running with Mozilla 0.9 and 1.0 and Netscape 7 on Mac OS 9, and occasionally on Linux"; I had no problems running it on Mac OS X in Mozilla 1.3, Safari or Internet Explorer apart from a small visual problem with another tab in Mozilla (separate windows was fine, only another tab in the same window caused a problem).

All the contents pages and indices of the volumes are of course hyperlinked. Once you are on the pages of a 'book' the top of each page has a link to the contents page, next page, previous page and the search form. The bottom of each page has next and previous buttons (with the relevant page titles), a link to the books contents page and index and below them all a row of links to the Bookshelf home and each of the books. Taken together this makes moving through the books and finding the information you want easy, for the most part.

Once you start using the collection there are some great benefits. The ability to just cut and paste the example code right out of the text you are reading cannot be underestimated.

The books themselves are the quality you expect from O'Reilly - well-written, well-edited and containing the information you need on a given subject. The one you get on paper, Webmaster in a Nutshell is a good overview of HTML, CSS, XML, JavaScript, CGI and Perl, PHP and Apache that I find a good desktop reference. The others provide a good depth and perspective on their respective subjects.

The Bad

Obviously a great deal of the work of converting the books to HTML must be done by automated software, and sometimes you wish a little more had hand-work had been done. For example, Dynamic HTML: The Definitive Reference has an alphabetical list of all HTML and XHTML tags and their attributes -- as one page of 23,000 lines of HTML. The only way into this mammoth list is via the book index, there is no quick list of tags with links on a separate page or other fast way.

My other complaint about that content is that the selection of books is PHP heavy. If you are involved in using PHP to build websites this volume would be a great help; others may feel they would have been better served by a collection that dropped at least one of the PHP books in favour of, perhaps, The Perl Cookbook. Webmaster in a Nutshell is not as useful in this collection as you might think, some of what it contains is covered by other volumes in the set. That's not to say that it isn't an excellent book and a good choice as the one that comes in paper with the CD, just that once again I'm not sure it really needed to be in the collection.

That brings me to my final complaint, cost. Sure, 6 books for $130 U.S. seems like a bargain, but unless you are interested in all 6 books (which means principally developing for the web in PHP) it starts to be less of a bargain. If you think of it as more expensive than a six-month subscription to O'Reilly's online book service, Safari (which allows you ten books, changeable when you want) then this is less than a bargain.

Conclusion

If you are developing for PHP then this might be a good resource at a fair price; you'll find it almost indispensable and (unlike Safari) you can use it when you're offline. If you develop in some other environment, it is an overpriced way of getting a few books as electronic text. If you develop for the web in Perl, then have a serious look at The Perl CD Bookshelf instead, or perhaps consider a Safari subscription.

You can purchase The Web Programming CD Bookshelf from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Jeff Carroll writes "Developers building Java applications for wireless handheld devices have been looking forward for some time now to the release of devices supporting version 2.0 of the Connected Limited Device Configuration (CLDC), and version 1.1 of the Mobile Information Device Profile (MIDP). These new releases contain support for features demanded by developers that didn't make the original releases. In support of CLDC 2.0 and MIDP 1.1, Roger Riggs and his team of authors from Sun, Nokia, and Motorola have released Programming Wireless Devices with the Java 2 Platform, Micro Edition, Second Edition (since I don't have a copy of the first edition, I can only evaluate the new edition on its own merits)." (Read on for his review.) Update: 07/23 16:31 GMT by T : Whoops -- that's CLDC 1.1 and MIDP 2.0, not the other way around. Programming Wireless Devices with the Java 2 Platform, Micro Edition, 2ed. author Roger Riggs, Antero Taivalsaari, Jim Van Peursem, Jyri Huopaniemi, Mark Patel, Aleksi Uotila pages 464 publisher Addison-Wesley Professional rating 7 reviewer Jeff Carroll ISBN 0321197984 summary In-depth introduction to and reference on CLDC 2.0 and MIDP 1.1.

As is characteristic of the titles I've seen from Sun's Java series, this book goes into great detail about architectural decisions, standards process, and philosophy underlying the new release. The first six chapters are given over to this discussion. This material is mostly great for experienced developers seeking a deeper understanding, occasionally so abstract as to be silly (as in the case of the Java washing machine and its downloadable stain-removing code), but likely to be of only secondary interest to new J2ME developers focused on coming up to speed.

What this book does best is comprehensive exposition of the J2ME APIs. There are chapters dedicated to the APIs for forms, graphics, games, sound, persistence, and networking, with code samples offered in most cases, and a Java Almanac-style reference to all J2ME-specific classes and interfaces is provided as an appendix. Features that are new to the J2ME second edition are clearly identified.

The remainder of the book constitutes a detailed discussion of the new technologies for event-driven launch, application security, and over-the-air deployment, perhaps the most potentially confusing of which is event-driven application launch. While the book explains the new technology well, it doesn't address how it will be introduced by network operators, or how it might interact with or replace similar existing proprietary technologies such as Sprint's MUGlets.

Another subject that is not dealt with here that will soon be relevant to developers for any particular J2ME-supporting network is that of optional packages (OPs) - features to be supported at the option of particular device vendors and/or network service providers. It is fairly clear that, going forward, the wireless network infrastructure and its supported features will be an integral part of the J2ME platform that will have to be taken into account by developers, and books which fail to discuss popular and commonly adopted OPs will be of limited usefulness (you'd think that Sun would know that after all that rhetoric about the network being the computer). In general, a book of this sort would benefit from the participation of network operators, as it does from that of device manufacturers Nokia and Motorola.

All the code samples and background on architecture notwithstanding, this book is clearly targeted at experienced Java programmers, not handheld device programmers working in other technologies. If you don't already know Java, this book will not teach you. There is also nothing said here about selection, configuration, or use of development tools; readers who are not already adept at the use of J2ME development tools, including the Wireless Tool Kit (WTK), should not expect to acquire that knowledge from this book. (People who need help in this area may want to consider Jonathan Knudsen's Wireless Java or Kim Topley's J2ME in a Nutshell.)

Keeping the aforementioned caveats in mind, this is an excellent introduction to and reference on the new release of J2ME.

You can purchase Programming Wireless Devices with the Java 2 Platform, Micro Edition, 2ed. from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Earlier this year I decided to learn Java. I'd spent some time using JavaScript without really getting my hands too dirty but I'd pushed it way to far and realized I needed a bigger hammer. Grabbing a copy of Learning Java, 2nd Edition from O'Reilly I started learning. First problem, I have to admit I've stayed away from object-oriented programming; after all, I've been writing software for nigh on twenty years without it - why make life hard? Sure, I understood the concepts and I'd done a little but never in a language so strongly committed to OO as Java." Read on for honestpuck's review of Head First Java, which he compares in style and content to Learning Java. Head First Java author Bert Bates, Kathy sierra pages 650 publisher O'Reilly rating 8 reviewer Tony Williams ISBN 0596004656 summary Good, offbeat Java tutorial with new approach to learning computer topics

The Good

Of course, you can't learn Java without a good understanding of object-oriented languages. I made fairly heavy going with 'Learning Java' until I decided to dive in head first. Head First Java, that is -- a new book from O'Reilly that has a totally different attitude to teaching than I've seen before in computer books. It also looks like this might be the start of a series from O'Reilly, the website an introduction seem to assume that there will be more 'Head First' titles and I hope so. The style is humorous, full of graphics, cartoons, puzzles, quizzes and crosswords. It reminds me of the textbooks that used to try and teach me geometry and algebra in high school or my daughter's elementary books on Roman and Greek history I purchased for her at the British Museum. The style didn't work to teach me much algebra and geometry, but I wasn't anywhere near as motivated. This time, it worked. In a couple of weeks I worked through the book and finally have Java skills where I can branch off and start coding the projects I had in mind (though something more advanced will be required soon.)

In the introduction the authors examine learning and explain why they designed the book as they did. To quote from one section: "Some of the Head First learning principles. Make it visual. Put the words within or near the graphics. Use a conversational and personalized style. Get the learner to think more deeply. Get -- and keep -- the reader's attention. Touch their emotions." They argue that our brain is tuned to novelty, and that their style provides the novelty to keep your brain turned on. They also provide ten tips for good learning. That's one thing that seems to set this book apart from most other computer books, they say they think of their reader as a learner and indeed that's the way you are treated by the book. You can start to get a feel for their ideas by visiting headfirst.oreilly.com, a site devoted to the series. You can also grab a couple of example chapters from the books web page, which also has the usual marketing info, table of contents and errata.

The Bad

When compared to Learning Java the coverage is not as good. Head First really only covers the basics, up to and including creating a GUI with SWING and then touches a number of others; Learning Java goes on to explore, with a fair depth, network programming, web programming, servlets, applets, Java Beans, XML and other topics that are only touched on briefly in Head First. If the style of learning does not suit you then this will be an incredibly irritating and useless book, I'd give it a try first, though. If it isn't for you then the style of Learning Java might be better.

Conclusion

When you get down to it, though, the only way to really decide on the worth of a tutorial is to decide how well it teaches. Head First Java excels at teaching. OK, I thought it was silly, I had a hard time making myself do the exercises, fill out the crosswords and solve the puzzles. Then I realized that I was thoroughly learning the topics as I went through the book. Learning Java was doing the same job, but the dry traditional method wasn't doing as well. Both books are well written, designed and constructed -- the style of Headfirst Java just made learning, well, easier.

It would seem to me that the 'Head First' approach is going to work wonderfully for the more 'beginner' topics, books for introducing you to a new style of programming, a new language or a radically different operating system or application. So if you're looking for a book to introduce you to Java then I can recommend Head First Java. Now if I could only find a book as good to introduce me to Common Lisp.

You can purchase Head First Java from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Earlier this year I decided to learn Java. I'd spent some time using JavaScript without really getting my hands too dirty but I'd pushed it way to far and realized I needed a bigger hammer. Grabbing a copy of Learning Java, 2nd Edition from O'Reilly I started learning. First problem, I have to admit I've stayed away from object-oriented programming; after all, I've been writing software for nigh on twenty years without it - why make life hard? Sure, I understood the concepts and I'd done a little but never in a language so strongly committed to OO as Java." Read on for honestpuck's review of Head First Java, which he compares in style and content to Learning Java. Head First Java author Bert Bates, Kathy sierra pages 650 publisher O'Reilly rating 8 reviewer Tony Williams ISBN 0596004656 summary Good, offbeat Java tutorial with new approach to learning computer topics

The Good

Of course, you can't learn Java without a good understanding of object-oriented languages. I made fairly heavy going with 'Learning Java' until I decided to dive in head first. Head First Java, that is -- a new book from O'Reilly that has a totally different attitude to teaching than I've seen before in computer books. It also looks like this might be the start of a series from O'Reilly, the website an introduction seem to assume that there will be more 'Head First' titles and I hope so. The style is humorous, full of graphics, cartoons, puzzles, quizzes and crosswords. It reminds me of the textbooks that used to try and teach me geometry and algebra in high school or my daughter's elementary books on Roman and Greek history I purchased for her at the British Museum. The style didn't work to teach me much algebra and geometry, but I wasn't anywhere near as motivated. This time, it worked. In a couple of weeks I worked through the book and finally have Java skills where I can branch off and start coding the projects I had in mind (though something more advanced will be required soon.)

In the introduction the authors examine learning and explain why they designed the book as they did. To quote from one section: "Some of the Head First learning principles. Make it visual. Put the words within or near the graphics. Use a conversational and personalized style. Get the learner to think more deeply. Get -- and keep -- the reader's attention. Touch their emotions." They argue that our brain is tuned to novelty, and that their style provides the novelty to keep your brain turned on. They also provide ten tips for good learning. That's one thing that seems to set this book apart from most other computer books, they say they think of their reader as a learner and indeed that's the way you are treated by the book. You can start to get a feel for their ideas by visiting headfirst.oreilly.com, a site devoted to the series. You can also grab a couple of example chapters from the books web page, which also has the usual marketing info, table of contents and errata.

The Bad

When compared to Learning Java the coverage is not as good. Head First really only covers the basics, up to and including creating a GUI with SWING and then touches a number of others; Learning Java goes on to explore, with a fair depth, network programming, web programming, servlets, applets, Java Beans, XML and other topics that are only touched on briefly in Head First. If the style of learning does not suit you then this will be an incredibly irritating and useless book, I'd give it a try first, though. If it isn't for you then the style of Learning Java might be better.

Conclusion

When you get down to it, though, the only way to really decide on the worth of a tutorial is to decide how well it teaches. Head First Java excels at teaching. OK, I thought it was silly, I had a hard time making myself do the exercises, fill out the crosswords and solve the puzzles. Then I realized that I was thoroughly learning the topics as I went through the book. Learning Java was doing the same job, but the dry traditional method wasn't doing as well. Both books are well written, designed and constructed -- the style of Headfirst Java just made learning, well, easier.

It would seem to me that the 'Head First' approach is going to work wonderfully for the more 'beginner' topics, books for introducing you to a new style of programming, a new language or a radically different operating system or application. So if you're looking for a book to introduce you to Java then I can recommend Head First Java. Now if I could only find a book as good to introduce me to Common Lisp.

You can purchase Head First Java from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Iorek writes "International Data Group/Sverige has a great interview with Tim O'Reilly, CEO of O'Reilly & Associates Inc. From predictions of eBay's purchase of Oracle to discussions of the failings of open source licenses, O'Reilly's certainly not reserved. I couldn't help but be reminded of the rise of this site and slashcode."

ProfKyne writes "I was excited to read this book when I first noticed it listed as "coming soon" in the Java section of O'Reilly's site back in May. I downloaded and read the sample chapter and waited expectantly for the book to be released. I was hoping that this book would be perfect for me, as nearly all of the Java programming I have done has dealt in some way with database access, though I do not consider myself to be an expert on the subject. The book didn't disappoint; Java Database Best Practices is an excellent high-level guide to writing database-driven applications from Java." Read on for the rest of ProfKyne's review. Java Database Best Practices author George Reese pages 267 publisher O'Reilly Associates rating Excellent for Java programmers moving to J2EE reviewer Erik Price ISBN 0596005229 summary A high-level introduction to writing database-driven apps in Java

What it's about: The book is divided into three sections of several chapters each:

1. Data Architecture - an introduction to database-driven application concepts
2. Persistence Fundamentals - descriptions of the various persistence frameworks for Java application development
3. Tutorials

I should note that the book follows a strange order: the most logical progression for the apparent target audience of this book (developers just getting into J2EE) would be to read Part 1 first, then Part 3, and then Part 2, as the "Persistence Fundamentals" section draws heavily on content introduced in the later "Tutorials" section.

The first section (Data Architecture) introduces some of the concepts that will be covered in greater depth later on in the book, but also contains an excellent chapter, "Relational Data Architecture," on database schema design and normalization. By the way, this is the sample chapter that can be downloaded from O'Reilly's site. In fact, this chapter set itself apart from the rest of the book in that it goes into a great deal of detail on its subject (although obviously an aspiring DBA should probably read whole books dedicated to the topic of relational database concepts). Most of the rest of the chapters in the book is somewhat more lightweight than "Relational Data Architecture." This section also contains a chapter that introduces some of the things to be aware of when managing transactions, including implementation tips on using transactions in JDBC programming such as optimistic locking and the various transaction types (dirty reads, etc).

The Persistence Models section focuses on different persistence frameworks, there is a chapter for each of the following: Persistence Fundamentals, EJB Container-Managed Persistence (covers 1.x and 2.0 models), EJB Bean-Managed Persistence, JDO, and "Alternative Persistence." The fundamentals chapter is where some of the best of the "best practices" of the book are found, and introduces such patterns as the Data Access Object pattern and the Memento pattern in the context of a simple guest book JSP application. The EJB chapters do assume that the reader has a basic understanding of how EJB works, and provides suggestions and guidance on ways to implement EJBs in real J2EE applications. (Don't worry, if you don't know about EJBs, the J2EE Tutorial chapter later in the book provides this.) The JDO section is one of the shortest in the book; I think that it's just such a new technology (in terms of available implementations) that most of the "best practices" are yet to be discovered. "Alternative Persistence" means Hibernate and Castor.

The Tutorials section is definitely not for advanced Java programmers, as it contains beginner-level introductions to the J2EE platform, the SQL language, the JDBC architecture, and the JDO API. If you really don't know anything about JNDI or servlets or EJB, then the J2EE chapter is written for you -- it's not a "how-to" tutorial, but rather a description of the basic concepts. The JDO tutorial is like the J2EE tutorial, introducing the basic concepts such as "the extent" and the filter language used to query for JDO-persisted objects, but I think partly because it's such a new technology, there's not a lot of detail here. You'll still have to read more about J2EE EJB, or JDO, if you decide to use them in a production application. On the other hand, you will learn how to make effective use of SQL queries and the JDBC API (which lets you execute SQL queries from your Java code) from their respective tutorials.

While this is a good start, you will eventually want something more in-depth than this if you are actually implementing a J2EE application (such as a book dedicated to servlet/JSP programming or Enterprise JavaBean development). But I really wish that I had read Java Database Best Practices before tackling these subjects, as it would have helped ease the transition

What's to like As strange as it may sound, one of the things I liked most about the book is that it is relatively thin. In other words, the author gets right to the point and doesn't waste excessive space replicating information that can be found elsewhere. For instance, when describing how to implement a database-independent sequencing component, he incorporates enough code to support what he's saying, but doesn't include page after page of complete code listing, intact with multi-line Javadocs and plenty of whitespace -- just the meat. You can download all of the code from O'Reilly's site in a zip archive (and yes, it does include the Javadocs and whitespace that are wisely omitted from the book). Ironically, the book costs no less than other offerings from O'Reilly that are twice as thick.

Also, the "best practices" in the book are very good and, at least in my case, I was not familiar with some of them, so it was very worthwhile reading. As an example, I myself have recently run into the problem of different sequencing systems on different databases (such as MySQL's AUTO_INCREMENT column type vs PostgreSQL's sequence types). I've worked around it by modifying the application's database calls, but that isn't really a good strategy. Implementing a sequencer at the application level (one of the "best practices") is a much better idea if you're not clustering your application servers and other applications will not be performing INSERTs into the database. On the other hand, if clustering is an issue, then it's probably a better idea to use EJBs, and if other applications will be writing to the data store, then database portability will be difficult in the first place (even with the help of Perl's DBI or PHP's PEAR DB abstraction). Some of the other excellent best practices introduced are the DAO pattern and database schema normalization coverage.

What's to consider The most important thing to know when considering this book is that it really struck me as being appropriate for novice J2EE developers and/or those who are new to database programming in general. First of all, I think it's safe to assume that most people who will be doing anything with databases in Java will be using at least some element of the J2EE platform, and this book makes that same assumption. Java's tremendous success right now is in server-side application development. This means there won't be as much useful information in this book for the folks who are writing, say, an AWT interface tightly coupled to a MS-Access database through ODBC calls. Second of all, the patterns and practices described in this book should be familiar to most people who are already architecting J2EE applications, and are covered in greater depth in other books on enterprise application development.

Having now covered the main consideration, I do have to pick a couple of nits. Firstly, this book does suffer from a few of the editing problems that plague nearly all computer books (yes even the O'Reilly books) in their first printing. It's kind of embarrassing, but even in the sample chapter I found a somewhat bizarre mistake near the end, where a class diagram is drawn up using ERD notation instead of UML. Fortunately, there aren't too many technical errors like this. Another bone to pick was the author's choice to use a hideous scriptlet-heavy JSP instead of a servlet forwarding to a JSP in the small Guest Book application in "Persistence Fundamentals." I know that this is Java Database Best Practices, not Java Model View Controller Best Practices, but scriptlets are both difficult to read and quite frankly scorned as J2EE moves toward JSTL and JSP 2.0. It's a little too bad that View and Controller are mixed up in this example, because the author does an excellent job of explaining how to implement the Model using the Data Access Object pattern.

Finally, I have a feeling this book was named "Java Database Best Practices" for marketing reasons, perhaps to go with O'Reilly's other offering, "Java Enterprise Best Practices". While this is an excellent book about Java database programming, and there are indeed dozens of "Best Practice" tips strewn throughout the book, I think a better name for this book would have been "Java Database Fundamentals."

The summary I didn't want to simplify and rehash the book's "best practices" contents in this review, but rather provide prospective readers with an idea of what to expect from this book. Personally, I got a lot out of the book, but if you've already implemented bean-managed persistence in your EJBs using JDO, then you've probably already gotten past the point where this book is going to be a big help. In your case, it might be worth having around the office if you can get the company to pay for it. However, for those who have learned the Java language and want to get more involved in server-side application development, you're going to want to make sure you're familiar with all of these concepts and this book is the perfect way to get started with that. Where to find more info I'm not going to replicate the table of contents or any of the content in the book, because all of that information as well as the excellent sample chapter are available from O'Reilly's site. I purchased the book from SoftPro Books in Massachusetts (US), a bookstore for computer geeks. This is a good place to peruse the book if you're still riding the fence.

You can purchase the Java Database Best Practices from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

prostoalex writes "O'Reilly Publishing presented Perl 6 Essentials, the first book to be dedicated to Perl 6, at the beginning of this month. Looking at the table of contents, it hardly looks like a valid replacement for Llama or Camel books. Chapter 1 is available online. The whole book is available to Safari subscribers." I'm sure we'll review it sooner or later.

prostoalex writes "O'Reilly Publishing presented Perl 6 Essentials, the first book to be dedicated to Perl 6, at the beginning of this month. Looking at the table of contents, it hardly looks like a valid replacement for Llama or Camel books. Chapter 1 is available online. The whole book is available to Safari subscribers." I'm sure we'll review it sooner or later.

prostoalex writes "O'Reilly Publishing presented Perl 6 Essentials, the first book to be dedicated to Perl 6, at the beginning of this month. Looking at the table of contents, it hardly looks like a valid replacement for Llama or Camel books. Chapter 1 is available online. The whole book is available to Safari subscribers." I'm sure we'll review it sooner or later.

prostoalex writes "O'Reilly Publishing presented Perl 6 Essentials, the first book to be dedicated to Perl 6, at the beginning of this month. Looking at the table of contents, it hardly looks like a valid replacement for Llama or Camel books. Chapter 1 is available online. The whole book is available to Safari subscribers." I'm sure we'll review it sooner or later.

emmastory writes "Mac OS X Unleashed is not a pocket guide. It's more of a massive tome than anything else - at over 1500 pages, it's probably the heaviest technical book I own. (And that's including Deitel & Deitel's C: How to Program.) Since Mac OS X Unleashed describes itself as 'a complete guide and reference for Mac OS users,' my biggest question when approaching the book was whether this is in fact the case. It seems like if you're going to shell out for an OS X book of this size and price, then it should ideally be the only OS X book you'll have to buy." Mac OS X Unleashed (2nd Edition) author John Ray, William C. Ray pages 1560 publisher Sams rating 7/10 reviewer Emma Story ISBN 0672324652 summary A massive book that aims to be a complete OS X reference

What I Liked
There's no shortage of good things about Unleashed, but the best is probably that the authors assume, for the most part,that you already know how to use your computer. Although there are many good books out there for those new to Macs, this is not one of them and does not try to be. That means that if you've already achieved a basic working knowledge of Mac OS, there's still well over a thousand pages of information intended especially for you. A line from another review of Unleashed (posted anonymously on Amazon) that rang particularly true after reading the book: "If you're looking for a book that says 'this is called a mouse' and tells you where to find iTunes in order to click on it, or drops the bombshell that command-p will print in many applications, you don't need this volume, but if you want to get your hands dirty, it's an excellent resource."

However, I can understand that many people do want the basics in an OS X book. In fact, another Amazon reviewer makes this very point: "Coverage of the iApps is far less than it should be, and there isn't enough information for a novice user like myself. I thought the author spent far too much time on the UNIX and Terminal side of Jaguar and not enough on the real-world tips that I've found in other books." Still, I personally don't really see that as a problem. There are plenty of real-world tips as long as your real world involves a shell, and if there's one thing I've never needed a book for, it's the iApps. In fact, I've always found it irritating that other OS X books spend so much time on them. But that's me, and I'm not everyone.

There were several sections of the book that surprised me, including the chapter on web programming. It makes sense, though - the book is intended to "unleash" OS X, after all, and OS X does come with an Apache installation (even if System Preferences calls it Personal Web Sharing). Given that every OS X box has a webserver, it makes sense that many OS X users would want to know more about related topics. In fact, the chapters that focus on system and network administration comprise a pretty thorough introduction to the BSD side of OS X, and were fairly impressive. These were my favorite sections of the book, probably because they're topics rarely dealt with - or at least rarely dealt with well - in Mac books.

What I Didn't Like
The book suffers from some minor issues typical of most massive technical volumes - it's informative, but also dry, dense, and not terribly readable. Also, while I appreciate the depth and scope of the book, it is a little unwieldy. This isn't something you'll be reading in bed or on the subway. It's not a cheap book, either - its list price is $50. These problems are neither hugely important nor terribly surprising, but they're also not inevitable - reference texts can be thorough without being dull, it's just that this one happens to be both.

Probably the only other real complaint I have with the book is that at times it seems as though it can't decide who its audience is. As I mentioned above, one of the things I liked about Unleashed was that most of the book seems firmly aimed at the intermediate to experienced user. And yet if that's the case, then the chapters that cover things like Desktop Accessories (Calculator, Clock, Key Caps) seem out of place. It doesn't seem like the introductory material offered in the book would really be enough to serve as a tutorial for an absolute beginner (as evidenced by complaints like the one I quoted earlier), but at the same time it's difficult to figure out who else would need it. However, I'm not suggesting they skimped on advanced topics to squeeze in inappropriate Clock coverage - if there's one thing this book has, it's plenty of everything.

The Bottom line
I believe that Unleashed does live up to its title, and does a good job in the process. It's not an introduction to OS X - it's about getting more out of your system after you've already learned the basics. It doesn't (usually) try to be a beginner's book, but a quick-learning novice would probably do fine with it, and any moderately experienced Mac user will probably find that it serves his or her purposes effectively and efficiently. If given the choice (and funding), I'd probably still go with a couple different books, but I think Unleashed has in fact reached its goal of being a complete guide to OS X. You could do just fine with only this book, and at $50 it may be cheaper than buying a couple smaller books separately.

And Furthermore
Other reviews and sources of information on the book:

• Review at macosxhints (from whence another Mac book, incidentally)
• Review at osnews.com
• Review at mymac.com
• Epinions page for the book, which as it turns out isn't all that useful
• Amazon's page for the book, including many customer reviews

You can purchase the Mac OS X Unleashed from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Many years ago I learnt my AppleScript skills from a book by a gentleman by the name of Danny Goodman and I was happy to find him tackling the subject of dynamic HTML in "Dynamic HTML: The Definitive Reference". Indeed this is the second edition and seems supremely up to date." Read on for the rest of honestpuck's review. Dynamic HTML: The Definitive Reference (2nd Ed.) author Danny Goodman pages 1343 publisher O'Reilly rating 9 reviewer Tony Williams ISBN 0596003161 summary Truly definitive reference for a huge topic

Goodman has tackled a complex subject. With changing standards and even quicker changing browser compatibility it can be a nightmare trying to get a dynamic web site working across disparate browsers and operating systems. A guide that tells you exact syntax and exact compatibility can be invaluable, but is only as good as the research behind it, an area where I cannot fault Goodman.

This volume covers XHTML, CSS and DOM with a large smidgeon of JavaScript. It's not an easy book to get into and consume in large chunks as it does little hand holding but as I was prepared to knuckle down and work at the topics (with much help from various web sites such as CSS Zen Garden) I found it perfect for me. Goodman has recently released JavaScript & DHTML Cookbook which I have found to be a marvelous volume to assist the process of understanding these technologies, though I am still looking for a good, up to date tutorial on CSS (recommendations welcome).

The target audience would be best summed up as those who have done a fair amount of HTML hand coding and some work in dynamic HTML. The book also adds that you should have "the basics of client-side scripting in JavaScript" and I would agree, when I first acquired this book my JavaScript skills were exceptionally primitive (mainly at the 'plug in example' stage) and found the latter sections of this book heavy going and not much help; now that I am a better JavaScript programmer I find these parts much easier to understand and use.

The book is divided into four parts, 'Applying Dynamic HTML,' 'Dynamic HTML Reference,' 'Cross References,' and 'Appendixes'. I found the first part particularly helpful when converting my old site across to a more dynamic CSS-based site as it helps with various strategies for making sure your content works across browsers and various methods for making sure that visitors with older browsers and search engines can still retrieve valid pages. Goodman's approach of increasing complexity through this part also suited a movement from a straight HTML site to one using XHTML and CSS. This is also where Goodman's writing can shine: it's an excellent guide to all the technologies and acronym soup. The appendices are marvelous, from 'A,' a list of colour names with their RGB value, through a list of character entities to a 50-page list of all HTML tags, their attributes and if they are supported in the two HTML 4 and three XHTML 1 standards.

The reference parts are well structured with extensive notes on browser support and which particular standard (DOM 1, DOM 2, CSS 1, CSS 2, or none) the tag or attribute comes from. For example, in the DOM section the reference gives you the object name, which versions of Navigator and Explorer support it, the DOM version (if any), a short explanation, then an object reference example, list of properties, methods and event handlers. For each of the properties it gives an example, the type and if it is read-only or read/write. For methods it gives the return value and parameters. This sort of attention to fine detail is taken throughout the book. You end up with a book 1343 pages long and a 51 page index. Goodman mentions in his preface that the book now encompasses 'more than 15,000 unique instances of properties, methods and event handlers,' a figure I'd believe.

O'Reilly have their usual page for this book that includes a sample chapter in PDF, the Index, Table of Contents and an Errata page. There are few Errata and only one in the code examples. Speaking of examples, you can download the complete set of code examples from the book.

There is also a page at O'Reilly for the author, Danny Goodman with links to some excellent articles and book excerpts on dynamic HTML and JavaScript.

I found this a hard book to review, as are most references. The questions I asked were: one, Does the book cover all the material?; two, Is it correct?; three, Is it easy to find the entry you want? and four, Are the entries laid out in an easy to understand manner? In these criteria this volume rates well, with the added bonus of some good material in the first section for understanding the nuances of dynamic HTML in a multiple browser, multiple operating system world.

If you are doing a lot of work in dynamic HTML then this book is probably an essential. While I don't consult it every time I start working on HTML when I run into trouble it is the first place I turn to make sure my syntax and browser compatibility are straight. This book ain't cheap, and it ain't small but I'd recommend it for your desk if you're working with web sites.

You can purchase the Dynamic HTML: The Definitive Reference (2nd Ed.) from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "Many years ago I learnt my AppleScript skills from a book by a gentleman by the name of Danny Goodman and I was happy to find him tackling the subject of dynamic HTML in "Dynamic HTML: The Definitive Reference". Indeed this is the second edition and seems supremely up to date." Read on for the rest of honestpuck's review. Dynamic HTML: The Definitive Reference (2nd Ed.) author Danny Goodman pages 1343 publisher O'Reilly rating 9 reviewer Tony Williams ISBN 0596003161 summary Truly definitive reference for a huge topic

Goodman has tackled a complex subject. With changing standards and even quicker changing browser compatibility it can be a nightmare trying to get a dynamic web site working across disparate browsers and operating systems. A guide that tells you exact syntax and exact compatibility can be invaluable, but is only as good as the research behind it, an area where I cannot fault Goodman.

This volume covers XHTML, CSS and DOM with a large smidgeon of JavaScript. It's not an easy book to get into and consume in large chunks as it does little hand holding but as I was prepared to knuckle down and work at the topics (with much help from various web sites such as CSS Zen Garden) I found it perfect for me. Goodman has recently released JavaScript & DHTML Cookbook which I have found to be a marvelous volume to assist the process of understanding these technologies, though I am still looking for a good, up to date tutorial on CSS (recommendations welcome).

The target audience would be best summed up as those who have done a fair amount of HTML hand coding and some work in dynamic HTML. The book also adds that you should have "the basics of client-side scripting in JavaScript" and I would agree, when I first acquired this book my JavaScript skills were exceptionally primitive (mainly at the 'plug in example' stage) and found the latter sections of this book heavy going and not much help; now that I am a better JavaScript programmer I find these parts much easier to understand and use.

The book is divided into four parts, 'Applying Dynamic HTML,' 'Dynamic HTML Reference,' 'Cross References,' and 'Appendixes'. I found the first part particularly helpful when converting my old site across to a more dynamic CSS-based site as it helps with various strategies for making sure your content works across browsers and various methods for making sure that visitors with older browsers and search engines can still retrieve valid pages. Goodman's approach of increasing complexity through this part also suited a movement from a straight HTML site to one using XHTML and CSS. This is also where Goodman's writing can shine: it's an excellent guide to all the technologies and acronym soup. The appendices are marvelous, from 'A,' a list of colour names with their RGB value, through a list of character entities to a 50-page list of all HTML tags, their attributes and if they are supported in the two HTML 4 and three XHTML 1 standards.

The reference parts are well structured with extensive notes on browser support and which particular standard (DOM 1, DOM 2, CSS 1, CSS 2, or none) the tag or attribute comes from. For example, in the DOM section the reference gives you the object name, which versions of Navigator and Explorer support it, the DOM version (if any), a short explanation, then an object reference example, list of properties, methods and event handlers. For each of the properties it gives an example, the type and if it is read-only or read/write. For methods it gives the return value and parameters. This sort of attention to fine detail is taken throughout the book. You end up with a book 1343 pages long and a 51 page index. Goodman mentions in his preface that the book now encompasses 'more than 15,000 unique instances of properties, methods and event handlers,' a figure I'd believe.

O'Reilly have their usual page for this book that includes a sample chapter in PDF, the Index, Table of Contents and an Errata page. There are few Errata and only one in the code examples. Speaking of examples, you can download the complete set of code examples from the book.

There is also a page at O'Reilly for the author, Danny Goodman with links to some excellent articles and book excerpts on dynamic HTML and JavaScript.

I found this a hard book to review, as are most references. The questions I asked were: one, Does the book cover all the material?; two, Is it correct?; three, Is it easy to find the entry you want? and four, Are the entries laid out in an easy to understand manner? In these criteria this volume rates well, with the added bonus of some good material in the first section for understanding the nuances of dynamic HTML in a multiple browser, multiple operating system world.

If you are doing a lot of work in dynamic HTML then this book is probably an essential. While I don't consult it every time I start working on HTML when I run into trouble it is the first place I turn to make sure my syntax and browser compatibility are straight. This book ain't cheap, and it ain't small but I'd recommend it for your desk if you're working with web sites.

You can purchase the Dynamic HTML: The Definitive Reference (2nd Ed.) from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

emmastory writes "Mac OS X Hints is a brand-spanking new O'Reilly book containing over five hundred 'power tips' and tricks for (amazingly enough) Mac OS X. The tips are culled from the website of the same name, written and maintained by Rob Griffiths. The book is edited by David Pogue, of Missing Manual and Pogue Press fame. It's 461 pages, list price is $24.95, and the O'Reilly catalog page (containing samples from the book) is right here." Read on for emmastory's review. Mac OS X Hints author Rob Griffiths pages 461 publisher O'Reilly/Pogue Press rating 8 reviewer Emma Story ISBN 0596004516 summary The perfect sequel to the Missing Manual, this book contains 500 tips for OS X

Addressing the Obvious

The most immediate question I had when I heard that O'Reilly would be publishing a book containing hints from macosxhints.com was, of course, Why I should get the book when the hints are already on the site for free? Both the author and the publisher also thought of this, understandably enough. Here's how Rob Griffiths answered the question in a post on the site, when the book was first announced: "The book isn't just a 'cut and paste' job from the site-to-print form. Every hint was rewritten and retested from scratch, and hundreds of screenshots were added to help clarify and explain the hints. In addition, many of the scripts and programs posted here are included (the author of each program was contacted for approval to include their original work in the book -- thanks to each of you for agreeing!)."

The response included in the O'Reilly press release for the book is along the same lines: "'The 500-plus hints in this book are based on tips published in the Mac OS X Hints web site,' explains Griffiths. 'But it's not just a rehash of what's there. Every hint has been rewritten, expanded, organized, indexed, tested for compatibility with the latest version of Mac OS X 10.2, and in many cases, illustrated, making the book an even better resource than the web site."

So the question then becomes: is this really the case? Are the differences between the hints as posted on the site and as printed in the book really significant enough to merit shelling out $24.95?

The short answer is that, in my opinion, the book is worth its price. The long answer is (predictably) a little more complicated. There are, of course, people who are more than willing to do the extra digging on the web to get the relevant content for free -- they'd rather do without the little perks (increased readability, revision, testing, screenshots) than spend potential beer money for a glossy O'Reilly book. And that's fine -- I'm more than sympathetic with this position, being frequently hard up for beer money, myself. But of course there are also people for whom the convenience is just as important as the cost, and who consider the price of the book well worth it in terms of the time saved. If you fall into the former category, don't bother buying the book -- but then, you weren't going to buy it anyway, were you? As for the latter group, rest assured that your investment will not, in this case, be wasted.

What I Liked

I've read several other books on Mac OS X. The one I believe everyone should start with is still David Pogue's Mac OS X: The Missing Manual . If you've already read this book (and enjoyed it) or didn't read it but are confident you've already got the equivalent experience, then Mac OS X Hints is a good next step.

Griffiths assumes you're comfortable using OS X for basic tasks: he doesn't tell you how to log in, or what the Dock is. If you're fuzzy on those kind of basics, you're not quite ready for this book (but you're positively crying out for a copy of the Missing Manual). Additionally, he pushes some not-entirely-obvious processes to the introduction, so you don't have to read the same instructions over and over in the meat of the book itself. After all, once you've been told the first time how to view the contents of a package, you're probably all set in that regard. This is one of the aspects of Mac OS X Hints that I found most appealing, actually - Griffiths just explains in the beginning that he's assuming certain things, and then doesn't bother dumbing anything else down.

I've been a fan of macosxhints.com since I first installed OS X, but it seems like Griffiths's style has really improved for the book -- this may be a function of Pogue's role as editor, as the writing in Hints displays the same familiar, comfortable tone while not skimping on depth or details. Like other books Pogue has been involved in, this one is highly readable but not oversimplified.

It seems like the revision process the hints went through during their transition from site to print has been pretty successful, as well -- despite being familiar with the site, there was a great deal of material in the book that I had never seen, even after reading other OS X books. Additionally, the testing involved in the book's creation removes a great deal of the frustration inherent in the site. As much as I like the site, there have been several hints that have mysteriously declined to function on my own system for whatever reason -- but everything I've tried from the book worked without a hitch.

I also enjoyed the fact that this book, like Mac OS X Hacks , is made for sampling. Each article is short and to the point, and while related hints are grouped by chapter, no single tip depends on the reader having already performed one of the others (unless otherwise specified). You don't have to read the book cover to cover -- you can flip around at will without getting lost.

Incidentally, another plus is that 15% of all Griffiths's profits from this book are being donated to the Doernbecher Children's Hospital. That in itself isn't a reason to buy the book, but it's good to know.

What I Didn't Like

If I can be nitpicky for a moment, I was bothered by the frequency of purely typographical errors. Little things like "than" being used instead of "then," or the bottom edge of a line in a sidebar getting cut off. It didn't keep me from enjoying the book, and I'm sure it's the sort of thing that will get corrected in future printings, but this sort of error occurred often enough that I noticed it, anyway.

Another little thing: I wish URLS had been included whenever a third-party shareware program was mentioned. Of course I know I can Google for DragThing and find it immediately -- but if I'm paying for a book, it seems to me that I shouldn't have to.

There is also the fact that this book is undeniably a book, and that limits it in certain respects (at least when compared to the site). The index is comprehensive and useful, but it's just not as useful as the ability to search the entire text of the book. It's also inevitably dated to a certain degree -- new hints posted to the site, even if they're infinitely more fabulous than ones already present in the book, just won't show up in print for a long time to come. Similarly, if a new version of the OS breaks one of the hints, you'll be able to find out somewhere on the web, but it won't be immediately obvious when you're just reading the book. Of course, these are problems shared by all print technical books, and not just Hints.

One final note: there's a lot of overlap between this book and Mac OS X Hacks, although each book has a significant amount of unique content. If you own one, you probably don't need to get the other, but it's difficult to say which I'd buy if I had to choose. Hacks contains only 100 articles, but they're more in-depth and the tasks they cover are often trickier or less obvious. Hints contains over 500 tidbits, but they're much shorter and often deal with things like key commands that allow you to increase your efficiency, and things of that ilk.

The Bottom Line

If you're the sort for whom time is at a higher premium than money -- maybe you're the kind of person who would buy a boxed *nix distribution instead of downloading it -- then I'd say go ahead and get this book. It's well worth its price as long as you understand that what you're paying for is ease of use and reliability, as well as content. If, on the other hand, you're living on Top Ramen for the foreseeable future, you're probably better off sticking with the site. If you do buy it, I think you'll find it will make a happy addition to your bookshelf -- stick it next to the Missing Manual and dip into it whenever you're sitting through an install or reboot.

You can purchase the Mac OS X Hints from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

emmastory writes "Mac OS X Hints is a brand-spanking new O'Reilly book containing over five hundred 'power tips' and tricks for (amazingly enough) Mac OS X. The tips are culled from the website of the same name, written and maintained by Rob Griffiths. The book is edited by David Pogue, of Missing Manual and Pogue Press fame. It's 461 pages, list price is $24.95, and the O'Reilly catalog page (containing samples from the book) is right here." Read on for emmastory's review. Mac OS X Hints author Rob Griffiths pages 461 publisher O'Reilly/Pogue Press rating 8 reviewer Emma Story ISBN 0596004516 summary The perfect sequel to the Missing Manual, this book contains 500 tips for OS X

Addressing the Obvious

The most immediate question I had when I heard that O'Reilly would be publishing a book containing hints from macosxhints.com was, of course, Why I should get the book when the hints are already on the site for free? Both the author and the publisher also thought of this, understandably enough. Here's how Rob Griffiths answered the question in a post on the site, when the book was first announced: "The book isn't just a 'cut and paste' job from the site-to-print form. Every hint was rewritten and retested from scratch, and hundreds of screenshots were added to help clarify and explain the hints. In addition, many of the scripts and programs posted here are included (the author of each program was contacted for approval to include their original work in the book -- thanks to each of you for agreeing!)."

The response included in the O'Reilly press release for the book is along the same lines: "'The 500-plus hints in this book are based on tips published in the Mac OS X Hints web site,' explains Griffiths. 'But it's not just a rehash of what's there. Every hint has been rewritten, expanded, organized, indexed, tested for compatibility with the latest version of Mac OS X 10.2, and in many cases, illustrated, making the book an even better resource than the web site."

So the question then becomes: is this really the case? Are the differences between the hints as posted on the site and as printed in the book really significant enough to merit shelling out $24.95?

The short answer is that, in my opinion, the book is worth its price. The long answer is (predictably) a little more complicated. There are, of course, people who are more than willing to do the extra digging on the web to get the relevant content for free -- they'd rather do without the little perks (increased readability, revision, testing, screenshots) than spend potential beer money for a glossy O'Reilly book. And that's fine -- I'm more than sympathetic with this position, being frequently hard up for beer money, myself. But of course there are also people for whom the convenience is just as important as the cost, and who consider the price of the book well worth it in terms of the time saved. If you fall into the former category, don't bother buying the book -- but then, you weren't going to buy it anyway, were you? As for the latter group, rest assured that your investment will not, in this case, be wasted.

What I Liked

I've read several other books on Mac OS X. The one I believe everyone should start with is still David Pogue's Mac OS X: The Missing Manual . If you've already read this book (and enjoyed it) or didn't read it but are confident you've already got the equivalent experience, then Mac OS X Hints is a good next step.

Griffiths assumes you're comfortable using OS X for basic tasks: he doesn't tell you how to log in, or what the Dock is. If you're fuzzy on those kind of basics, you're not quite ready for this book (but you're positively crying out for a copy of the Missing Manual). Additionally, he pushes some not-entirely-obvious processes to the introduction, so you don't have to read the same instructions over and over in the meat of the book itself. After all, once you've been told the first time how to view the contents of a package, you're probably all set in that regard. This is one of the aspects of Mac OS X Hints that I found most appealing, actually - Griffiths just explains in the beginning that he's assuming certain things, and then doesn't bother dumbing anything else down.

I've been a fan of macosxhints.com since I first installed OS X, but it seems like Griffiths's style has really improved for the book -- this may be a function of Pogue's role as editor, as the writing in Hints displays the same familiar, comfortable tone while not skimping on depth or details. Like other books Pogue has been involved in, this one is highly readable but not oversimplified.

It seems like the revision process the hints went through during their transition from site to print has been pretty successful, as well -- despite being familiar with the site, there was a great deal of material in the book that I had never seen, even after reading other OS X books. Additionally, the testing involved in the book's creation removes a great deal of the frustration inherent in the site. As much as I like the site, there have been several hints that have mysteriously declined to function on my own system for whatever reason -- but everything I've tried from the book worked without a hitch.

I also enjoyed the fact that this book, like Mac OS X Hacks , is made for sampling. Each article is short and to the point, and while related hints are grouped by chapter, no single tip depends on the reader having already performed one of the others (unless otherwise specified). You don't have to read the book cover to cover -- you can flip around at will without getting lost.

Incidentally, another plus is that 15% of all Griffiths's profits from this book are being donated to the Doernbecher Children's Hospital. That in itself isn't a reason to buy the book, but it's good to know.

What I Didn't Like

If I can be nitpicky for a moment, I was bothered by the frequency of purely typographical errors. Little things like "than" being used instead of "then," or the bottom edge of a line in a sidebar getting cut off. It didn't keep me from enjoying the book, and I'm sure it's the sort of thing that will get corrected in future printings, but this sort of error occurred often enough that I noticed it, anyway.

Another little thing: I wish URLS had been included whenever a third-party shareware program was mentioned. Of course I know I can Google for DragThing and find it immediately -- but if I'm paying for a book, it seems to me that I shouldn't have to.

There is also the fact that this book is undeniably a book, and that limits it in certain respects (at least when compared to the site). The index is comprehensive and useful, but it's just not as useful as the ability to search the entire text of the book. It's also inevitably dated to a certain degree -- new hints posted to the site, even if they're infinitely more fabulous than ones already present in the book, just won't show up in print for a long time to come. Similarly, if a new version of the OS breaks one of the hints, you'll be able to find out somewhere on the web, but it won't be immediately obvious when you're just reading the book. Of course, these are problems shared by all print technical books, and not just Hints.

One final note: there's a lot of overlap between this book and Mac OS X Hacks, although each book has a significant amount of unique content. If you own one, you probably don't need to get the other, but it's difficult to say which I'd buy if I had to choose. Hacks contains only 100 articles, but they're more in-depth and the tasks they cover are often trickier or less obvious. Hints contains over 500 tidbits, but they're much shorter and often deal with things like key commands that allow you to increase your efficiency, and things of that ilk.

The Bottom Line

If you're the sort for whom time is at a higher premium than money -- maybe you're the kind of person who would buy a boxed *nix distribution instead of downloading it -- then I'd say go ahead and get this book. It's well worth its price as long as you understand that what you're paying for is ease of use and reliability, as well as content. If, on the other hand, you're living on Top Ramen for the foreseeable future, you're probably better off sticking with the site. If you do buy it, I think you'll find it will make a happy addition to your bookshelf -- stick it next to the Missing Manual and dip into it whenever you're sitting through an install or reboot.

You can purchase the Mac OS X Hints from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

emmastory writes "Mac OS X Hints is a brand-spanking new O'Reilly book containing over five hundred 'power tips' and tricks for (amazingly enough) Mac OS X. The tips are culled from the website of the same name, written and maintained by Rob Griffiths. The book is edited by David Pogue, of Missing Manual and Pogue Press fame. It's 461 pages, list price is $24.95, and the O'Reilly catalog page (containing samples from the book) is right here." Read on for emmastory's review. Mac OS X Hints author Rob Griffiths pages 461 publisher O'Reilly/Pogue Press rating 8 reviewer Emma Story ISBN 0596004516 summary The perfect sequel to the Missing Manual, this book contains 500 tips for OS X

Addressing the Obvious

The most immediate question I had when I heard that O'Reilly would be publishing a book containing hints from macosxhints.com was, of course, Why I should get the book when the hints are already on the site for free? Both the author and the publisher also thought of this, understandably enough. Here's how Rob Griffiths answered the question in a post on the site, when the book was first announced: "The book isn't just a 'cut and paste' job from the site-to-print form. Every hint was rewritten and retested from scratch, and hundreds of screenshots were added to help clarify and explain the hints. In addition, many of the scripts and programs posted here are included (the author of each program was contacted for approval to include their original work in the book -- thanks to each of you for agreeing!)."

The response included in the O'Reilly press release for the book is along the same lines: "'The 500-plus hints in this book are based on tips published in the Mac OS X Hints web site,' explains Griffiths. 'But it's not just a rehash of what's there. Every hint has been rewritten, expanded, organized, indexed, tested for compatibility with the latest version of Mac OS X 10.2, and in many cases, illustrated, making the book an even better resource than the web site."

So the question then becomes: is this really the case? Are the differences between the hints as posted on the site and as printed in the book really significant enough to merit shelling out $24.95?

The short answer is that, in my opinion, the book is worth its price. The long answer is (predictably) a little more complicated. There are, of course, people who are more than willing to do the extra digging on the web to get the relevant content for free -- they'd rather do without the little perks (increased readability, revision, testing, screenshots) than spend potential beer money for a glossy O'Reilly book. And that's fine -- I'm more than sympathetic with this position, being frequently hard up for beer money, myself. But of course there are also people for whom the convenience is just as important as the cost, and who consider the price of the book well worth it in terms of the time saved. If you fall into the former category, don't bother buying the book -- but then, you weren't going to buy it anyway, were you? As for the latter group, rest assured that your investment will not, in this case, be wasted.

What I Liked

I've read several other books on Mac OS X. The one I believe everyone should start with is still David Pogue's Mac OS X: The Missing Manual . If you've already read this book (and enjoyed it) or didn't read it but are confident you've already got the equivalent experience, then Mac OS X Hints is a good next step.

Griffiths assumes you're comfortable using OS X for basic tasks: he doesn't tell you how to log in, or what the Dock is. If you're fuzzy on those kind of basics, you're not quite ready for this book (but you're positively crying out for a copy of the Missing Manual). Additionally, he pushes some not-entirely-obvious processes to the introduction, so you don't have to read the same instructions over and over in the meat of the book itself. After all, once you've been told the first time how to view the contents of a package, you're probably all set in that regard. This is one of the aspects of Mac OS X Hints that I found most appealing, actually - Griffiths just explains in the beginning that he's assuming certain things, and then doesn't bother dumbing anything else down.

I've been a fan of macosxhints.com since I first installed OS X, but it seems like Griffiths's style has really improved for the book -- this may be a function of Pogue's role as editor, as the writing in Hints displays the same familiar, comfortable tone while not skimping on depth or details. Like other books Pogue has been involved in, this one is highly readable but not oversimplified.

It seems like the revision process the hints went through during their transition from site to print has been pretty successful, as well -- despite being familiar with the site, there was a great deal of material in the book that I had never seen, even after reading other OS X books. Additionally, the testing involved in the book's creation removes a great deal of the frustration inherent in the site. As much as I like the site, there have been several hints that have mysteriously declined to function on my own system for whatever reason -- but everything I've tried from the book worked without a hitch.

I also enjoyed the fact that this book, like Mac OS X Hacks , is made for sampling. Each article is short and to the point, and while related hints are grouped by chapter, no single tip depends on the reader having already performed one of the others (unless otherwise specified). You don't have to read the book cover to cover -- you can flip around at will without getting lost.

Incidentally, another plus is that 15% of all Griffiths's profits from this book are being donated to the Doernbecher Children's Hospital. That in itself isn't a reason to buy the book, but it's good to know.

What I Didn't Like

If I can be nitpicky for a moment, I was bothered by the frequency of purely typographical errors. Little things like "than" being used instead of "then," or the bottom edge of a line in a sidebar getting cut off. It didn't keep me from enjoying the book, and I'm sure it's the sort of thing that will get corrected in future printings, but this sort of error occurred often enough that I noticed it, anyway.

Another little thing: I wish URLS had been included whenever a third-party shareware program was mentioned. Of course I know I can Google for DragThing and find it immediately -- but if I'm paying for a book, it seems to me that I shouldn't have to.

There is also the fact that this book is undeniably a book, and that limits it in certain respects (at least when compared to the site). The index is comprehensive and useful, but it's just not as useful as the ability to search the entire text of the book. It's also inevitably dated to a certain degree -- new hints posted to the site, even if they're infinitely more fabulous than ones already present in the book, just won't show up in print for a long time to come. Similarly, if a new version of the OS breaks one of the hints, you'll be able to find out somewhere on the web, but it won't be immediately obvious when you're just reading the book. Of course, these are problems shared by all print technical books, and not just Hints.

One final note: there's a lot of overlap between this book and Mac OS X Hacks, although each book has a significant amount of unique content. If you own one, you probably don't need to get the other, but it's difficult to say which I'd buy if I had to choose. Hacks contains only 100 articles, but they're more in-depth and the tasks they cover are often trickier or less obvious. Hints contains over 500 tidbits, but they're much shorter and often deal with things like key commands that allow you to increase your efficiency, and things of that ilk.

The Bottom Line

If you're the sort for whom time is at a higher premium than money -- maybe you're the kind of person who would buy a boxed *nix distribution instead of downloading it -- then I'd say go ahead and get this book. It's well worth its price as long as you understand that what you're paying for is ease of use and reliability, as well as content. If, on the other hand, you're living on Top Ramen for the foreseeable future, you're probably better off sticking with the site. If you do buy it, I think you'll find it will make a happy addition to your bookshelf -- stick it next to the Missing Manual and dip into it whenever you're sitting through an install or reboot.

You can purchase the Mac OS X Hints from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

CEHT writes "Like Tony Williams said in his review on PHP and MySQL Web Development: "PHP and MySQL are probably the most pervasive add-ons to Apache web servers across the web". And I agree with him. PHP is a very powerful scripting language, so developers (not just web developers) can do almost anything with it." Read on to see how well CEHT thinks O'Reilly's PHP Cookbook helps you do that almost everything. PHP Cookbook author David Sklar and Adam Trachtenberg pages 608 publisher O'Reilly rating 9 reviewer Edmond Lau ISBN 1565926811 summary Solutions and examples for PHP programmers.

The approach that the authors use in PHP Cookbook is great. Like most computer books, the authors usually include a summary (in sentence forms) to illustrate what the readers will expect in each chapter. Skalar and Trachtenberg take this even further by including some preliminary (code) examples to explain the general ideas behind each chapters. The examples in the book are self-contained. In most cases, I've found examples to exactly fit my needs -- this makes it one of the better reference books.

Each chapter in the book is divided into multiple sections of Problem / Solution / Discussion with a FAQ style. In each case, a simple description of a problem is followed by a PHP script as the solution. But the meat is actually in the discussions: in-depth details are included here, where the authors also include references, extended ideas, and scripts to inform the readers how much more they can do about the issue.

For example, I was going to add a simple script to my website to parse RSS/RDF files from certain news websites (CNN, Slashdot, ...), and use it as my Mozilla homepage. (Who wouldn't?) This script seems to be simple, but I may make a mistake here and there. As reference, I opened up the book to the section "Parsing XML with SAX." Then I realized the authors already had the script to parse RSS/RDF files in the discussion. Bravo!

For myself, the most useful chapters I found are: Web Basics, Forms, Database Access, and XML. There are also good examples in topics such as security, internationalization, and file processing/management. However, this book does not cover the basics of PHP. If you are a good programmer, you should be able to get away with this using the PHP Manual. A good book to learn PHP is Programming PHP, also by O'Reilly.

Although this book covers a wide range of topics, it does not cover topics like generating PDFs. I would also like to see the authors add one (maybe two) case studies in later editions. That would give the reader a more concrete example of how to combine tricks presented by this book. Other than that, at the price of $39.95 (or $61.95 CAD), this book is a great buy!

Topics

1. Strings
2. Numbers
3. Dates and Times
4. Arrays
5. Variables
6. Functions
7. Classes and Objects
8. Web Basics - available online as example chapter
9. Forms
10. Database Access
11. Web Automation
12. XML
13. Regular Expressions
14. Encryption and Security
15. Graphics
16. Internationalization and Localization
17. Internet Services
18. Files
19. Directories
20. Client-Side PHP
21. PEAR

You can purchase the PHP Cookbook from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

CEHT writes "Like Tony Williams said in his review on PHP and MySQL Web Development: "PHP and MySQL are probably the most pervasive add-ons to Apache web servers across the web". And I agree with him. PHP is a very powerful scripting language, so developers (not just web developers) can do almost anything with it." Read on to see how well CEHT thinks O'Reilly's PHP Cookbook helps you do that almost everything. PHP Cookbook author David Sklar and Adam Trachtenberg pages 608 publisher O'Reilly rating 9 reviewer Edmond Lau ISBN 1565926811 summary Solutions and examples for PHP programmers.

The approach that the authors use in PHP Cookbook is great. Like most computer books, the authors usually include a summary (in sentence forms) to illustrate what the readers will expect in each chapter. Skalar and Trachtenberg take this even further by including some preliminary (code) examples to explain the general ideas behind each chapters. The examples in the book are self-contained. In most cases, I've found examples to exactly fit my needs -- this makes it one of the better reference books.

Each chapter in the book is divided into multiple sections of Problem / Solution / Discussion with a FAQ style. In each case, a simple description of a problem is followed by a PHP script as the solution. But the meat is actually in the discussions: in-depth details are included here, where the authors also include references, extended ideas, and scripts to inform the readers how much more they can do about the issue.

For example, I was going to add a simple script to my website to parse RSS/RDF files from certain news websites (CNN, Slashdot, ...), and use it as my Mozilla homepage. (Who wouldn't?) This script seems to be simple, but I may make a mistake here and there. As reference, I opened up the book to the section "Parsing XML with SAX." Then I realized the authors already had the script to parse RSS/RDF files in the discussion. Bravo!

For myself, the most useful chapters I found are: Web Basics, Forms, Database Access, and XML. There are also good examples in topics such as security, internationalization, and file processing/management. However, this book does not cover the basics of PHP. If you are a good programmer, you should be able to get away with this using the PHP Manual. A good book to learn PHP is Programming PHP, also by O'Reilly.

Although this book covers a wide range of topics, it does not cover topics like generating PDFs. I would also like to see the authors add one (maybe two) case studies in later editions. That would give the reader a more concrete example of how to combine tricks presented by this book. Other than that, at the price of $39.95 (or $61.95 CAD), this book is a great buy!

Topics

1. Strings
2. Numbers
3. Dates and Times
4. Arrays
5. Variables
6. Functions
7. Classes and Objects
8. Web Basics - available online as example chapter
9. Forms
10. Database Access
11. Web Automation
12. XML
13. Regular Expressions
14. Encryption and Security
15. Graphics
16. Internationalization and Localization
17. Internet Services
18. Files
19. Directories
20. Client-Side PHP
21. PEAR

You can purchase the PHP Cookbook from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

You asked nmap creator Fyodor many excellent questions, and his answers (below) are just as excellent. You'll want to set aside significant time to read and digest this interview, because Fyodor didn't just toss off a few words, but put some real time and energy into his answers.

1) Interesting stories involving nmap?
by Neologic

Nmap has obviously become a huge success in the *nix world. I would wager that practically all sysadmins and security folk use nmap. With this sort of use by such creative and lazy people, there must have been some interesting stories involving nmap, perhaps unusual uses of it, or funny anecdotes. Are there any you would like to share?

Fyodor

The coolest use ever was undoubtedly when Trinity used it to try and save the human race :). But the use I find most gratifying are the Chinese students and residents who have written me about how they use Nmap to locate open proxies. These proxies allow for surfing the uncensored Internet, including the news, educational, pornographic, religious, open source software, government, political, search engine, and human rights sites that are blocked by the Great Firewall of China.

Many of the best features in Nmap came from the user community in ideas if not implementation. For example, the protocol scan (-sO) determines what IP protocols (TCP, UDP, GRE, etc.) a host is listening for. I had not thought of this, but the idea and patch came out of the blue one day in an email from Gerhard Rieger. On another day, a guy named Saurik sent a patch called Nmap+V that allows Nmap to do basic service/version fingerprinting against open ports. It has attracted a cult following, and I plan to add similar functionality to Nmap this year. The initial Windows port by eEye arrived similarly. Despite all these great suggestions, certain other user-contributed ideas are not on the agenda.

Then there are a small handful of users who detect problems nobody else would ever notice, like 4 byte/host memory leaks. They send me error messages with notes saying the bug happens "about once per 700,000 IPs". I have no idea what these guys are up to, but some have been sending me this kind of mail for years. They can't be spammers, as they are intelligent and also use more sophisticated scan techniques than you would need to just find SMTP servers.

2) Recent increases in anal-retentiveness...?
by Zeriel

There's been a marked increase in system administrators thinking that anything even remotely resembling a network scan is eeeeevil (case in point, last year I almost got kicked out of college for scanning port 80 on my dorm subnet looking for interesting websites to read)...

What do you think can be done to make scanning IP addresses/ports have less of a negative stigma? This is in the same sort of category as legit vs. illegit uses of anything else (P2P, whatever)--what's the rationale for punishing something that could maybe lead to criminal activity, and how can we make network scanning tools have practical uses again?

Fyodor

That is an excellent question, and one that concerns me as well. But first, I think your final statement is too extreme. I would guess 90% of network scanning is non-controversial. You will rarely be badgered for scanning your own machine or the networks you administer. The controversy comes when scanning other networks. There are a lot of (good and bad) reasons for doing this sort of network exploration. Perhaps you are scanning the other systems in your {dorm, department, cable LAN, conference LAN} to look for publicly shared files (FTP, SMB, WWW, etc.). Or perhaps your just trying to find the IP of a certain printer. Maybe you scanned your favorite web site to see if they are offering any other services, or because you are curious what OS they run. Perhaps you are just trying to test connectivity, or maybe you wanted to do a quick security sanity-check before handing off your credit card details to that ecommerce company. You might be conducting Internet research, or be bored on a rainy afternoon. Or are you conducting reconnaissance in preparation for a breakin attempt?

The remote administrators rarely know your true intentions, and do sometimes get suspicious. The best approach is to get permission first. I've seen a few people with non-administrative roles land in hot water after deciding to "prove" network insecurity by launching an intrusive scan of the entire company or campus. Admins tend to be more cooperative when asked in advance than when woken up at 3AM by an IDS alarm claiming they are under massive attack.

You compared Nmap to P2P tools in having a "negative stigma". In both cases, one effective way to fight the stigma is to limit your own use to "legitimate" purposes. Use BitTorrent to download RedHat ISOs, but not Matrix Reloaded. Use Nmap to secure and monitor your computers, but not to attack other networks. And if you decide to attack other networks anyway, please be courteous and set the evil bit.

Now I'll admit that I don't always obtain explicit permission before scanning other networks. I don't believe (but IANAL) that a simple port/OS scan of a remote system is or should be illegal. Any machine connected to the Internet will be scanned so often that most admins ignore such "white noise" anyhow. But scan other networks often enough, and someone will eventually complain. So my advice would be:

1. Don't do anything controversial from your work or school connections. Even though your intentions may be good, you have too much to lose if someone in power (boss, dean) decides you are a malicious cracker. Do you really want to explain your actions to someone who may not even understand the terms "port scanner" or "packet"? Spend $10 bucks a month for a dialup or shell account. You didn't really violate this rule, as scanning your dorm subnet for just port 80 should not even be remotely controversial!
2. Target your scan as tightly as possible. If you are only looking for web servers, specify -p80 rather than scanning all 65,535 TCP ports on each machine. If you are only trying to find available hosts, do an Nmap ping scan. Don't scan a /16 when a /24 will suffice. The random scan mode now takes an argument specifying the number of hosts, rather than running forever. So consider -iR 1000 rather than -iR 10000 if the former is sufficient. Use the default timing (or even "-T Polite") rather than "-T Insane".
3. Nmap offers many options for stealthy scans, including source-IP spoofing, decoy scanning, and the more recent Idle Scan technique. But remember there is always a trade-off. You will be harder to detect if you launch scans from an open WAP far from your house, with 17 decoys, while doing followup probes through a chain of 9 open proxies. But if anyone (such as Tsutomu Shimomura) does track you down, they will be mighty suspicious of your intentions.

I occasionally consider adding some sort of "notification packet" prior to a scan that would give hosts the chance to respond and opt-out. This would be like the /robots.txt directives currently used to control polite Web robots. Perhaps the format could even include a text string that IDS systems could log, like: nmap -sS -p- -O -m "Direct questions about this scan to ops at x3512" 192.168.0.0/16 nmap -sS -p- -O -m "mY n4m3 iZ Zer0 |<00L and I'll 0wn j0o%#@" targetcompany.com/24 Of course Nmap would have an option to omit the notification or to send it and ignore any negative responses. Some scanners, such as ISS Internet Scanner already send out NetBIOS popup messages to scanned hosts by default, and other scanners use syslog. I won't be adding any features like this to Nmap unless I see substantial demand and the obvious issues are worked out.

3) OS fingerprinting
by neoThoth

What are the latest advances in fingerprinting networked devices that seem most promising to you? I have started reading papers on HTTP fingerprinting and such and wonder how these will figure into the NMAP architecture. What are the most elusive OS's that aren't on the NMAP OS fingerprint database?

Fyodor

There are a number of OS detection techniques I hope to add this year. One is to guess (or calculate) the initial TTL of response packets, since this varies by OS. Some operating systems also "reflect" your own chosen TTL under various circumstances. Then there are some newer TCP options, such as selective ack that I might test for. Explicit Congestion Notification (RFC 2481/3168) also shows promise. I'll probably add all of these at once later this year, after discussions with the Nmap-dev list. If you wish to participate, you can join that list by sending a blank email to nmap-dev-subscribe@insecure.org. There is also a low volume, moderated list for announcements about Nmap, Insecure.org, and related projects. You can join the 15,000 current members by mailing nmap-hackers-subscribe@insecure.org [archives].

While adding new fingerprinting techniques is fun and exciting, improving the signature database often ads more value. The DB now contains more than 850 signatures, from the Acorn RISC OS and Aironet wireless LAN bridge to the ZoomAir wireless gateway and Zyxel Prestige routers. We're talking gaming consoles, phones, PBX systems, PDAs, webcams, networked power switches, you name it! New fingerprints are submitted daily.

Application level fingerprinting (including HTTP) is coming. I usually regret stating dates, but I hope to develop this functionality within the next 3 months.

4) Stepping into a network security career
by Anonymous Coward

I'll be graduating this month with a shiny new BS in Computer Science. I've done plenty of Unix sysadmin work throughout college and even deployed some high-interaction honeynets. I'm very interested in network security and systems programming. Do you have any advice for people in my situation who want to head into a career in network security?

Fyodor

Congratulations on your graduation! Unfortunately (for newcomers), the security field is one that often expects substantial experience and references. This is partly because these jobs require extraordinary trust, and also because of an aversion to mistakes. Everyone makes mistakes, but they can be extraordinarily costly in security and neophytes tend to make more of them. But don't lose hope! Talented security minds are still in very high demand, just be aware that you will have to work even harder to prove yourself.

Here are my suggestions for anyone starting out in network security, whether for fun or profit:

Step 1: Learn everything you can

1. You may wish to start with reading a general overview of security, such as Practical Unix and Internet Security 3rd Edition.
2. Reading alone won't teach you much. Hands-on experience is critical, so I would set up at least a basic test network. At the very minimum you should have a Unix box or two and a Windows machine (because these are very common in the real world). You can use very cheap machines, or even emulate a large network with virtualization software such as VMWare.
3. Next you should learn more about how attacks are performed. Take a look at the excellent and free Open Source Security Testing Methodology Manual (OSSTMM). This document aims to provide a comprehensive framework for security testing. But it mostly lists tasks to perform, without specifying how to do so. You will gain a lot from this manual if you research the tasks you don't know how to complete, and if you actually try performing the tasks on your test network. If this manual is too curt or hard to follow, you could try a more verbose book on vulnerability assessment, such as Hacking Exposed 4th Edition.
4. Now that you understand many of the general security ideas, it is time to get current. This is one area that has actually become easier in the last decade. The thinking used to be that vulnerability information should only be distributed to well-known and trusted administrators and security researchers through private digests such as Zardoz. This was a disaster for many reasons, and the full disclosure movement was born. In the last couple of years things have started to shift toward more limited ("responsible") disclosure and there is also a disturbing pay-money-for-early-disclosure trend. But information is still much more available than it used to be. Most of the news is carried on mailing lists, and I archive the ones I consider the best at Lists.Insecure.Org. You must subscribe to Bugtraq, and I would also highly recommend pen-test, vuln-dev, and security-basics. Read at least the last 6-12 months of archives. Choose other lists that correspond to your interests. SecurityFocus also offers a security-jobs list which is an excellent resource for finding jobs or just understanding what employers desire.

   There are two major reasons for reading Bugtraq. One is that you must react quickly to new vulnerabilities by patching your servers, notifying your clients, etc. You can get this by simply scanning the subject lines or advisory summaries for bugs that directly apply to you. But then you will miss out on another crucial purpose of Bugtraq. Actually understanding a vulnerability helps you defend against it, exploit it, and identify/prevent similar bugs in the future. When you are lucky, the advisory itself will provide full details on the bug. Check out this excellent recent advisory by Core Security Technologies. Note how they describe exactly how the Snort TCP Stream Reassembly vulnerability works in detail and even include a proof-of-concept demonstration. Unfortunately, not all advisories are so forthcoming. For bugs in Open Source software, you can understand the problem by reading the diff. The next step is to actually write and test an exploit. I would recommend writing at least one for each general class of bug (buffer overflow, format string, SQL injection, etc.) or whenever a bug is particularly interesting.

   Be sure to read the latest issues of Phrack and the research papers posted to the mailing lists. Send your comments and questions to the authors and you may start interesting discussions. Read well-regarded books on the security topics that interest you most.

   I can't emphasize enough that you should intersperse hands-on work with all of this reading. Install unpatched RedHat 8 (or whatever) and run Nmap and Nessus against it. Then compromise it remotely, maybe via the latest Samba hole. Start out with a prewritten exploit from Bugtraq, which isn't quite as easy as it sounds. You may have to modify the 'sploit to compile, brute force the proper offset, etc. Then break in again using a different technique, and your own exploit. Install Ethereal and/or tcpdump and ensure you understand the traffic on your network during both your exploitation and normal network activity. Install Snort on an Internet-facing machine and watch the attacks and probes you'll experience. Wander around your neighborhood with Kismet, Netstumbler, or Wellenreiter on your Laptop or PDA to look for open WAPs. Install DSniff and execute an active MITM attack on an SSH or SSL connection between two of your computers. Take a look at my Top 75 Tools List and ensure you understand what each does and when it would be useful. Try out as many as you can.

5. Take a vacation, or at least a weekend camping! You deserve it! The steps above would probably take at least 3-12 months full-time, depending on your motivation level and the depth and breadth of your research.

Step 2: Now apply your newfound knowledge

Now you have learned enough to be dangerous. At this point, you would have little trouble obtaining most certifications, after studying the specifics of each topic. If your main goal is to find a job quickly, perhaps adding these extra feathers to your cap might be worthwhile. But I think your best bet is to prove your knowledge by joining and contributing to the security community. While this does indeed help others, it isn't an entirely selfless act. It improves your skills, leads to important contacts, and demonstrates your knowledge and ability in a constructive way. The latter is important if securing a career is one of your goals. These steps should also be fun! If not, perhaps you should keep looking at other fields. Here are some ideas:

Start participating with insightful comment and answers on the mailing lists. This is very easy and serves as a great learning experience, way to meet people, and garners some name recognition. If a security manager with a stack of 60 resumes recognizes your name, that is a huge win!

When a new worm or a big new vulnerability comes out, everyone wants to know the details. If you stay up all night disassembling the worm/patch and write the first comprehensive analysis, many folks will find that valuable. And you will learn a lot. Let your first priority be quality - if someone beats you to it, just compare your results with theirs to see if you (or they) missed (or misinterpreted) anything. You can also post your own exploits, although that is more of a political hot potato.

Attending security conferences is a great way to learn, party with fellow hackers, and network (in every sense of the word). Much better is to speak at these conferences. This field changes rapidly so there are always new topics and technologies to discuss. You don't have to be a well-known expert with a long history - just learn your topic well and put in the effort for a quality presentation. You could present at Defcon, at one of the more commercial events, or at a smaller regional con like ToorCon, CodeCon, Hivercon, etc. Among other advantages (often free admission/travel/hotel), this is a great way to meet people with similar interests. I spoke at the latest CanSecWest and have submitted a proposal for the next Defcon.

Now that you've seen and understand a wide variety of software vulnerabilities from your Bugtraq research, start finding your own. You can start by downloading any PHP app from Sourceforge. Most of those are hopelessly vulnerable to Cross-Site-Scripting, SQL injection, and/or remote code execution by "remote include" directives. Many (if not most) Windows shareware daemons are also vulnerable to simple buffer overflows and format-string bugs. Notify the authors and then write an advisory. After a few of these "easy targets", try breaking some more widely deployed programs.

Write a security tool! I could list some suggestions, but by this point you will have many of your own ideas as to what is needed. Scratch an itch.

I hope this helps. If you want more suggestions, Ask Slashdot. From that story, I found this post particularly insightful, especially the emphasis on "people skills". I don't claim to have any, but understand the value :).

5) Have you ever been tempted to use your gifts...
by Tim_F

...in a negative manner?

Have you ever hacked into someone else's computer? Have you ever considered it? What would cause you to think of doing this? Would your tools (nmap, etc.) be enough to allow you to do this?

And if you haven't, why is that the case?

Fyodor

I never do script-kiddie style "hack any random vulnerable box on the Internet" cracking. But sometimes I will launch targeted attacks at specific companies. I'll usually start with just a web browser and various search engines to learn everything I can about my target. I need to understand what the company does, who it partners with, and whether it has any corporate siblings, subsidiaries, or parents. Beyond that, posts by individual employees can be a gold mine. Besides providing names and titles for social engineering and brute force password attacks, the IPs in the mail/news routing headers can be very valuable. One of the reasons I run my own mailing list archive is to maintain access to the raw mail folders which contain the routing info and X-no-archive posts that web archives strip out. Another advantage to locating employees is that you can send them trojan executable attachments, which can be a very effective way into the network.

Next I'll gather known IP network information on the companies via DNS, whois, regional registries like ARIN, routing info, Netcraft, etc. Then comes the scanning (I tend to use Nmap), application-probing, vulnerability discovery, and exploitation stages.

Of course, I only do this when the company is paying me to do so. Performing these pen-tests offers several advantages over blackhat activity:

1. You don't go to jail (If you've worded your contract carefully.)
2. Instead of having to keep your übertechniques secret to avoid prosecution, you get to demonstrate them to management.
3. They actually pay you for this! And you are helping to protect them and the privacy of their customers.

Now some people might ask how you gain these skills without practicing on other networks first. Cheap hardware and the evolution of free UNIX operating systems have made this much easier than in the past. See the previous answer for some suggestions. And remember that you can always work together with friends, or participate in hacking contests like Defcon's Capture the Flag.

6) You'll have seen a lot of breakins.
by Hulver

During your time running Honeypots, you'll have seen a lot of compromised systems. Is there any incident that's really stuck in your mind because of the audacity of the attempt, or the stupidity of the person attempting the breakin.

Fyodor

On the humorous front, one attacker was was running a public webcam during his exploits, so we were able to watch him crack into our boxes in real time :). I will resist the urge to link a screenshot. His rough location was determined when we noticed Mrs. Doubtfire playing on his TV and correlated that with public schedule listings. He was working with a Pakistani group, but was actually on the US East Coast.

In the "disturbing audacity" front, this year we found that a group of crackers had broken into an ecommerce site and actually programmed an automated billing-sytem-to-IRC gateway. They could obtain or validate credit card numbers by simply querying the channel bot! Expect a more detailed writeup soon.

7) What makes a honey net enticing?
by cornice

It seems that many of the honey nets that the average hobbyist would run are built to attract a lesser cracker. What I mean is that ports are left open that normally would not be left open. Services are running that normally should not, etc. I think that a really smart fish would see this as nothing but a cheap lure and refuse the bait. Do you think it's possible to fool the really smart fish? Is is possible to bait with something enticing enough without tipping off the big fish? Does publication of your work make this task more difficult?

Fyodor

Excellent question, and I had many of the same concerns upon joining the project. Then I remembered that most of the attacks and real-world compromises are committed by these marginally skilled script kiddies. So there is still a lot of value in understanding their tools, tactics, and motives. Despite this apparent limitation, I have been surprised by some of the sophisticated things we have found. For example, the first known "in the wild" attack using the Solaris dtspcd vulnerability was caught by one of our honeynets and resulted in this CERT advisory. Then one of our Honeynet Alliance members had their Win2K honeypot compromised and joined into a botnet with 18,000 machines! Attackers on such a grand scale won't even know all of the companies they have compromised, much less whether any of the systems are honeynets.

I do believe baiting the "smart fish" might be possible, but I have never done this. Is not legally entrapment, as we aren't any sort of police force, but I am not very comfortable with the idea. If someone attacks my box that is just unobtrusively sitting on the network, I believe the attacker should have no expectation of privacy for his activities on the system. Things become more complex if I try to lure the attacker.

8) IPv6
by caluml

Do you think that with the very large address space of IPv6 that random scanning for a certain port will die off? (I notice nmap doesn't support random IPv6 address scanning - maybe you've already come to the same conclusion?) Simply put, the chances of finding a machine if it's not advertised anywhere will be very much reduced. Will this make people lazy and complacent, trusting on the large numbers involved to protect them?

Fyodor

Finding a machine by by pinging a completely random 128-bit address will probably never be effective. Fortunately, we won't have to! Nmap does not even do that for 32-bit IPv4 addresses - it is smart enough to skip huge blocks of address space that are unallocated or used for private (RFC1918, localhost) addresses. We will also see patterns emerge for IPv6. For example, they may often be allocated sequentially so that finding one leads to many others. I am waiting until adoption rises and we start seeing these patterns emerge before I can implement them appropriately in Nmap. Certain new DNS features may also prove useful for locating IPv6 machines and networks.

9) standalones and small home nets
by zogger

it seems like most of the emphasis is on enterprise networks, but that still leaves millions and millions of home machines and small home networks just stuck. What do you see as some of the trends and solutions for those people? Their data and system integrity is just as important to them as any corporations is, and usually not having the appropriate skill set, is even harder to implement.

Fyodor

I am afraid the focus by security companies on enterprise networks will continue, as that is where the money is. The good news is that securing small home networks is far easier. But that doesn't make it simple, nor mean that many people will bother. I would categorize the risks into 3 categories:

Traditional network server vulnerabilities: Your average home user doesn't need to run any network daemons or have any TCP/UDP ports open to the Internet. Most of the time they only have 1 IP, used either by a standalone PC or a NAT device (e.g. "broadband router") in front of their small network. This is a good configuration, as it limits what attackers can reach directly. But you need to be sure that the IP doesn't have any unnecessary ports open. You can verify this by running 'netstat' on the Windows or UNIX machine using the IP. I would also recommend confirming using a port scanner such as Nmap. Here are example commands:

nmap -p- -sS -T4 -v -O [your IP]
nmap -p- -sU -v [ your IP ]

The TCP and UDP scans could be combined into one execution, but are listed separately since the TCP scan may go much faster. Remote UDP scans are also less reliable against some heavily filtered hosts. You may have to rely on the netstat info or configuration details in this case.

Any open ports found should be evaluated with extreme prejudice. Unless clearly necessary, close Windows file sharing, external NAT device admin ports, and everything else found.

Don't forget the wireless backdoor! Blocking the Internet link from your private machines is insufficient if anyone can hop on your open WLAN and attack your machines. WEP isn't perfect, but the 104-bit (so-called 128-bit) version should at least keep people from accidentally connecting to your network or sniffing your data. Be sure to set a good password and upgrade to recent firmware for your WAP and other network devices.

Subscribe to the security advisory lists for all the operating systems (and devices, if available) you run. Major vendors such as RedHat, Debian, FreeBSD, Mandrake, and Microsoft all offer these. Most even offer automatic updates if you desire that.

Client vulnerabilities: Once you close the services you don't need (ideally all of them), client vulnerabilities must be addressed. Keeping your web browser and mail reader up-to-date is particularly crucial. Also harden them as much as possible. For example, IE is full of holes but at least has a good interface for site-by-site security policies (Tools -> Internet Options -> Security). Go through and neuter the "Internet zone" settings by disabling ActiveX and Java. In the rare case that sites need this, find an alternative site or add them to the trusted zone. If your are really serious about security, neuter "trusted sites" and "local intranet" privileges as well. Many recent IE vulnerabilities trick the browser into using the wrong zones. Consider using a different browser. Also configure your mailer to disregard HTML and JavaScript.

Remember to pay careful attention to security warnings, whether they come from IE, Mozilla, your ssh client, or anything else. Don't just click OK. And don't shoot yourself in the foot when configuring your apps. It is hard to entirely blame the vendor when users tell P2P apps or Windows filesharing to share their whole drive without any password. Failing to change default passwords or enable basic restrictions on X Window or FTP servers is only slightly more forgivable. All of these errors happen frequently! The apps/devices should be secure by default, but you have the ultimate responsibility for protecting your data.

Malware: This is what I consider the biggest problem on desktops: people running applications they can't trust. Email borne viruses, worms and trojans are an obvious example. Be very careful what you click on. Unfortunately, it is very difficult to know what to trust. Mail is trivial to forge, and even the "proper" installers for many P2P applications infest your computer with loads of invasive spyware. Even Intuit TurboTax was caught writing to customers' boot information track.

What can you do? My honest suggestion is to run peer-reviewed open source applications on a free OS such as Linux or FreeBSD. You still have to be careful, but these problems are far less prevalent on UNIX platforms, which also have better tools and procedures to deal with them.

What if dumping Windows is not an option? Run NT/2K/XP instead of Win9X/ME, and try to run everything you can as an unprivileged (non-administrator) user. Be extraordinarily careful about what you install and run, and make frequent backups. You might also want to look into a personal firewall such as Zone Alarm (limited free version.

10) What is your favourite tool?
by Noryungi

I have just read your top 75 security tools list. Thank you for posting all this information, which I am going to study very carefully.

One question though: in all these tools, which one is your personal favourite? (This excludes Nmap, of course).

Fyodor

I have far too many favorites among this great group to choose just one! But here are a few developers and tools that are particularly worthy of mention:

One of the people I most admire in the security field is Solar Designer. He is a guru in networking, security, and low level kernel/assembly/architecture details. He has also created many tools that security professionals use daily. Yet he never exhibits the arrogance, elitism, and egotism that sadly characterizes so many "stars" of the security community.

Among SD's tools is John the Ripper, my longtime favorite local password hash cracker. It has been around forever, but was written with a flexible and powerful interface while keeping extensibility in mind. So it is still as useful in these days of shadowed password files and MD5/Blowfish hashes as it was back in the days of crypt() and unprotected /etc/passwd. Lately SD has been working on the Owl secure GNU/Linux distribution, which can be installed on disk for hardened systems like firewalls, or booted and run from CD as an easy way to run security tools such as John and Nmap.

Another of those "brilliant yet still nice" security developers is Dug Song. Even after the seminal "Insertion, Evasion, and Denial of Service" paper by Ptacek and Newsham, many IDS vendors continued to ignore the problem. When Doug released Fragrouter (now fragroute), which implements some of these attacks, vendors finally took notice! He has also written the excellent libdnet library, but my favorite of his tools is DSniff, a suite of tools for advanced network sniffing and "monkey-in-the-middle" attacks. It even handles ARP poisoning and other techniques for sniffing hosts on a switched LAN.

While I'm on this topic, let me also give "mad props" to the Hping2 packet prober, Kismet wireless stumbler, Ethereal packet decoder, Netcat, recent THC releases, Snort IDS, the Nessus vulnerability scanner, and all the other great Open Source tools out there!

I would also like to thank Slashdot for granting me this interview and to everyone who asked such excellent questions. I only wish I had time to answer more of them. Then again, I have probably rambled on enough. Now it is your turn to ramble in the comments :).

Cheers,
Fyodor

Michael Palmer writes "OK, how well you know HTTP? Here's a pop quiz: QUESTION: Did you know that the Keep-Alive header was valid in HTTP 1.0, but has been deprecated in HTTP 1.1? A) What does "deprecated" mean? B) What is the "Keep-Alive header?" C) That's too bad - I kind of thought Keep-Alive was handy! D) Get with the program... HTTP 1.1 came out in 1999. The Internet boom is over already! Persistent connections are the default in HTTP 1.1 anyway." Answer (not necessarily your answer) and the rest of Palmer's review follows. HTTP: The Definitive Guide author David Gourley, Brian Totty pages 656 pages publisher O'Reilly & Associates; 1st edition (September 2002) rating excellent overview, plus detail in core areas reviewer Michael Palmer ISBN 1565925092 summary An overview of HTTP and related topics

OK, so I answered "C". I am going to make bold the claim that HTTP: The Definitive Guide, the long-awaited O'Reilly book on HTTP is ambitious enough in breadth and depth that if you answered "B," "C," or "D," you will find this book useful and informative. This is primarily due to clear organization of the book, as well as its friendly (even chummy) writing style.

Even if you are a technically-inclined sort from the Marketing department, and answered "A," you could get a good technical overview of the plumbing of the Web by skimming through this book; plus, having any O'Reilly book on the shelf in your cubicle would score you some street cred with the guys sitting over in Development -- this could be the one you've actually read. :-)

Breadth Unless you answered "D," HTTP is more complicated than you think. This is especially true if, as the authors of a good technical book should do (and these authors do), one spends some time touching on matters one level down (to TCP/IP, and other areas, in this case), and one level up (to HTML, generally, in this case). Because the authors are particularly concerned with HTTP performance, details of the interactions between HTTP and adjacent levels can be important.

The book is divided into five main sections: 1) an overview of HTTP, URLs, and connection management; 2) HTTP Architecture, including Web servers, proxies, caches, gateways, tunnels, robots; 3) Identification, Authorization, and Security; 4) Entities, Encodings, and Internationalization; 5) Content Publishing and Distribution, including hosting, publishing, load balancing, logging. So, even if you classify yourself as a "D," or even if you are hacking on an extensible open-source router software platform (in that case, you are an "F"), you will find yourself pulling this book from the shelf from time to time to check on something in one of these areas. The modular organization of the book is good.

The full Table of Contents is available on line.

Depth One (unfortunate?) thing about the Web is that its "architecture" (if you can even call it that) evolved and grew piece by piece. The design goals people had in mind back in 1993, or even in 1999, have been blown away by what has happened on the ground. Inter-company politics have also been a big factor -- never helpful for promoting standardization, or sound design. (Perhaps another problem has been the lack of an O'Reilly book on HTTP to tie everything together!) Hence, not only do you have a confusing mass of obsolete and/or overlapping specifications documents, you also have major differences between how different browsers, servers, and proxies adhere to these specifications in practice. This is one place the book shines: sprinkled throughout the pages are little tidbits about compatibility or performance pitfalls, gleaned from much practical experience. (The authors were some of the architects of Inktomi's Traffic Server "enterprise class" Web cache. Think "proxy caching for all of AOL's Web traffic.") As one example: "Technically, any Connection header fields (including Connection: Keep-Alive) received from an HTTP/1.0 device should be ignored, because they may have been forwarded mistakenly by an older proxy server. In practice, some clients and servers bend this rule, although they run the risk of hanging on older proxies." I can just imagine the series of bug reports leading to the inclusion of that piece of advice in the book. There are many other such warnings and bits of advice, generally aimed at HTTP application developers, often with an eye to performance tuning.

Here again, appropriate depth of discussion for a variety of readers is handled by clear organization of the book. The basic background material is laid out, and as the authors dive deeper into detail they may make a suggestion like, "If you are [not] writing high-performance HTTP software... feel free to skip ahead." Then, at the end of every chapter, there is a section labelled, "For More Information," which is a collection of relevant references and links, for those who want to dig into the source documents themselves.

Cautions This book review is addressed to the Slashdot crowd, a very technically savvy audience, so it's appropriate to mention what this book is not. It's not a detailed technical reference on all the topics mentioned in the table of contents (above); it would be tough to fit all that material into the book's 650-plus pages. However, the book is a good overview of HTTP and many related topics. The book does dip down into the grungy detail in many areas, but this won't be your only reference if you are a Web application developer.

Conclusion Overall, this is one of the more accessible O'Reilly books I own. In addition, while experts will certainly seek out greater depth in their particular area of expertise, few people are expert in the whole range of topics related to HTTP that this book covers. In addition, the book provides many tips drawn from practical experience, and references to more detailed material. HTTP, if not the heart and soul of the Web (perhaps that is Web content itself), could perhaps be called the Web's circulatory system. If you have a professional interest in Web content distribution, or Web application development, I believe this book deserves a spot on your shelf.

You can purchase HTTP: The Definitive Guidefrom bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

suzipaw writes "Geekcorps founder Ethan Zuckerman, late of Tripod, gets some well-deserved media attention for his good works via an interview on oreilly.com. What he and other volunteers are doing on behalf of developing nations is pretty darn cool. And humbling--makes this first-worlder grateful for a regular power supply."

suzipaw writes "Geekcorps founder Ethan Zuckerman, late of Tripod, gets some well-deserved media attention for his good works via an interview on oreilly.com. What he and other volunteers are doing on behalf of developing nations is pretty darn cool. And humbling--makes this first-worlder grateful for a regular power supply."

honestpuck writes "'Mac OS X Hacks' is a good grab bag of tips and techniques for getting the most from your Mac. While the tips are not as universally appealing (even among Mac owners) as those in 'Google Hacks' most people will find some value in the selection; experienced users may find it a little thin." Read on for the rest of honestpuck's review. OS X Hacks author Rael Dornfest & Kevin Hemenway pages 380 publisher O'Reilly rating 7 - Good reviewer Tony Williams ISBN 0596004605 summary Good grab bag of tips and techniques for getting the most from your Mac

The book is split into 9 chapters; 'Files', 'Startup", 'Multimedia and the iApps', 'The User Interface', 'Unix and the Terminal', 'Networking', 'Email', 'The Web' and 'Databases'.

For my money the last chapter is a complete waste of space since it only covers installing MySQL and PostgresSQL, and if you can't figure out how to install them from the documentation then you aren't smart enough to use them. A number of the other tips would come close to that level, I feel their only use may be to encourage people who would otherwise stay away to make some use of the terminal and similar tools.

Over a dozen people have contributed 'hacks' to the book, among them some major geeks such as James Duncan Davidson (Tomcat author) and Jon Udell (well respected O'Reilly blogger.) This accounts for the wide number of areas covered by the hacks.

When I first started reviewing the book I would have complained about a large number of the tips being too application specific, too general or too low in skill level. Since then I've had a friend who wanted to edit a movie and we both found the chapter on iApps useful, one with a brand new Bluetooth phone who liked the couple of tips on Bluetooth and another who found the cross platform Windows-Mac stuff useful. so I have to say that while some of the tips might seem useless now you may come to appreciate them later.

Overall the book is well written, well laid out and well cross-referenced and covers a wide range of information. My one major beef is still that there are too many 'tips' that are well covered by other material. Since you shouldn't really get this book until you are at least Mac proficient and probably own a basic Mac book or two then perhaps a tenth of the hundred tips will be covered in most Mac books and perhaps another five to ten you will have discovered on your own.

While O'Reilly doesn't offer a sample chapter of this book online they do have a page at Hacks that lists all the hacks and allows you to read eight of them. There is also a page in the catalog with the Table of Contents, Index and Errata.

Reading over my notes I feel split between raving about how good the book is - well written with a bunch of useful tips and tricks for any Mac user - and complaining about the useless nature of some of the tips. After taking another look at 'Google Hacks' and my review I realised where the conflict lies -- in my level of experience on the Mac. If you already feel comfortable with getting your hands dirty on your Mac then this book may well not satisfy you. If, on the other hand, you still have some trepidation about hacking at your OS X Macintosh then you'll probably love this book.

You can purchase OS X Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

honestpuck writes "'Mac OS X Hacks' is a good grab bag of tips and techniques for getting the most from your Mac. While the tips are not as universally appealing (even among Mac owners) as those in 'Google Hacks' most people will find some value in the selection; experienced users may find it a little thin." Read on for the rest of honestpuck's review. OS X Hacks author Rael Dornfest & Kevin Hemenway pages 380 publisher O'Reilly rating 7 - Good reviewer Tony Williams ISBN 0596004605 summary Good grab bag of tips and techniques for getting the most from your Mac

The book is split into 9 chapters; 'Files', 'Startup", 'Multimedia and the iApps', 'The User Interface', 'Unix and the Terminal', 'Networking', 'Email', 'The Web' and 'Databases'.

For my money the last chapter is a complete waste of space since it only covers installing MySQL and PostgresSQL, and if you can't figure out how to install them from the documentation then you aren't smart enough to use them. A number of the other tips would come close to that level, I feel their only use may be to encourage people who would otherwise stay away to make some use of the terminal and similar tools.

Over a dozen people have contributed 'hacks' to the book, among them some major geeks such as James Duncan Davidson (Tomcat author) and Jon Udell (well respected O'Reilly blogger.) This accounts for the wide number of areas covered by the hacks.

When I first started reviewing the book I would have complained about a large number of the tips being too application specific, too general or too low in skill level. Since then I've had a friend who wanted to edit a movie and we both found the chapter on iApps useful, one with a brand new Bluetooth phone who liked the couple of tips on Bluetooth and another who found the cross platform Windows-Mac stuff useful. so I have to say that while some of the tips might seem useless now you may come to appreciate them later.

Overall the book is well written, well laid out and well cross-referenced and covers a wide range of information. My one major beef is still that there are too many 'tips' that are well covered by other material. Since you shouldn't really get this book until you are at least Mac proficient and probably own a basic Mac book or two then perhaps a tenth of the hundred tips will be covered in most Mac books and perhaps another five to ten you will have discovered on your own.

While O'Reilly doesn't offer a sample chapter of this book online they do have a page at Hacks that lists all the hacks and allows you to read eight of them. There is also a page in the catalog with the Table of Contents, Index and Errata.

Reading over my notes I feel split between raving about how good the book is - well written with a bunch of useful tips and tricks for any Mac user - and complaining about the useless nature of some of the tips. After taking another look at 'Google Hacks' and my review I realised where the conflict lies -- in my level of experience on the Mac. If you already feel comfortable with getting your hands dirty on your Mac then this book may well not satisfy you. If, on the other hand, you still have some trepidation about hacking at your OS X Macintosh then you'll probably love this book.

You can purchase OS X Hacks from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cascadefx writes "O'Reilly's Hacks page has a really great article about a wireless access point that was on display at the recent Emerging Technology Conference. The folks at NoCat.net rigged up a Siemens Speedstream series access point with a low power ultraviolet light to create a wireless lightbulb. Just screw it in place and combine powerline ethernet with a wireless network... and a light, to create a wireless lightbulb. Ubiquitous networking, here we come."

belial writes "The FreeNetworks Conference is in less than a month (June 6-8). If you want to find out what's happening in the Community Wireless Network world, this is the place to be. Keynotes include Tim O'Reilly, Cory Doctorow from BoingBoing, and a whole gaggle of wireless geeks from the FreeNetworks community. Find out about the latest happenings from BAWUG, Consume, NoCat, NYCWireless,SeattleWireless, WirelessLeiden, and more!"

Sam King writes "I found the following link on the lisnews.com site: O'Reilly Adopts 1790 Copyright Durations. A small but encouraging step taken by a publisher." We should provide direct links to O'Reilly's announcement and the Founder's Copyright website.

JadeSky writes "Having played around with wireless networking at home a little bit, and then being faced with implementing a wireless network at the office for the purposes of in-house customer training in a cosmetically clean room (wires are ugly), I had been thinking for some time about the best way to implement a secure wireless networking solution. Amusingly enough, shortly after the idea of a wireless network at the office came up, I managed to win 802.11 Security in a raffle at the Kernel Panic Linux Users' Group monthly meeting. The book was thoughtfully donated (with a few others) by O'Reilly on the condition that the recipients contribute reviews. Since I've found the book genuinely helpful, I thought I'd let others know, and hence, my first Slashdot book review. Hooray!" This book emphasizes a multi-layer approach to wireless security; read on for more of JadeSky's review. 802.11 Security author Bruce Potter and Bob Fleck pages 192 publisher O'Reilly rating very good reviewer Gregory Ruiz-Ade (JadeSky) ISBN 0596002904 summary Securing wireless networks

With the amazing proliferation of wireless networks these days, there seems to be constant churning about how best to secure them, while at the very same time, barely anybody is actually doing anything about it. Potter and Fleck have offered up this little book, 802.11 Security, as a no-nonsense guide to understanding the problem of wireless networking security (or, as the case may be, the complete lack thereof) as well as demonstrating how to implement viable solutions.

Straight from the horse's mouth, "This book is aimed at network engineers, security engineers, systems administrators or general hobbyists interested in deploying secure 802.11b-based systems." The greatest attention is given to Linux and FreeBSD systems, though OpenBSD, Mac OS X and Windows are covered as client systems, too. The authors split the book into four parts: "802.11 Security Basics (Part I)," "Station Security (Part II)," "Access Point Security (Part III)," and "Gateway Security (Part IV)."

Part I, "Security Basics," gives a very good introduction to the concepts of wireless communications. Chapter 1 explains how radio transmissions work (and how antenna shapes affect them), and why radio transmissions are inherently insecure (i.e., anyone with an antenna in range can listen in). 802.11 is explained, as well as WEP, and WEP's problems. Chapter 2 describes in detail the risks involved with wireless networking, and gives examples of types of attacks which can be performed against wireless networks.

Part II, "Station Security," outlines in great detail what you need to do to make sure your wireless network clients are as secure as possible. We're given two goals for client station security: prevent any access to the client systems, and make sure that the clients speak secure protocols for any network services they access. To the paranoid, both these goals are rather obvious, but they're important enough that the authors spent time explaining them. They follow with a couple paragraphs on logging and security updates on the client systems, and the rest of Part II (Chapters 4 through 8) give specific information on how to best secure client systems of various OSes.

Part III (Chapter 9, really), "Setting Up an Access Point," delves into the intricacies of setting up and securing a wireless access point, from generic advice on how to configure access point appliances to more specific instructions on configuring host-based access points running Linux, FreeBSD and OpenBSD. Comparatively little time is spent on host-based access points in the book, probably because most people generally don't do things things way since access point appliances are so cheap and simple to configure/install.

The remainder of the book is spent on Part IV, "Gateway Security" (Chapters 10 through 15), which describes the infrastructure end of how most wireless networks will likely end up being integrated to wired networks. Basic suggestions for structuring the combined networks are given, and follow what I'd consider to be really good advice: wireless networks should be on their own interface of the gateway (or firewall), physically separated from both internal networks and the Internet. The authors strongly recommend against simply attaching the access points to the internal network, as that introduces too many security risks (an example involving ARP poisoning is given to illustrate why and how). The next three chapters detail the configuration of Linux, FreeBSD and OpenBSD as a secure gateway.

Chapter 14, "Authentication and Encryption", introduces the idea of using strong authentication and encryption mechanisms outside of WEP, using NoCat (which will run on Linux, FreeBSD and OpenBSD) and WiCap (for OpenBSD only) for authentication and IPSec for strong encryption. The idea the authors present here is that for the most secure setup, in addition to enabling strong WEP (as detailed in the rest of the book), your wireless network is set up to not allow clients access to anything until they are authenticated. Then, and only then, the gateway will allow wireless clients to access other network segments (i.e., the internal LAN, and/or the Internet), but only if all the communications over the wireless segment are done through secure tunnels. Sadly, the authors neglected to mention OpenBSD's, Windows 2000's or XP's ability to do IPSec, and their treatment of IPSec for FreeBSD and Linux certainly isn't very detailed, though pointers are given to the appropriate web sites for more information. 802.1x authentication (physical port authentication) is also explained in some detail, though it is of little use, since very little equipment deployed today has support for it. It is an interesting concept, though.

Closing out the book, Chapter 15 is appropriately titled "Putting It All Together." Here we get a final overview of all the pieces as well as how they fit together, and how certain aspects of the system as a whole affects both the administrators and the users of the system.

Overall, I'd have to say that this is exactly the type of "security in depth" book I've been needing to help me figure out how best to implement wireless networking at the office with minimal risk to the rest of the network. The authors write in a very approachable style and do a very good job of giving the necessary background before launching into any detailed discussions. I would highly recommend this book to anyone considering installing wireless networking without wanting to simultaneously install a simple back door to their network. Honestly, I haven't found much to complain about.

I'm of the opinion that, after reading this book, and using it as a guide to setting up a secure wireless network, I'll be able to sleep at night. Even though people can still war drive (or even war fly) and find your access points, even if they managed to crack the WEP keys and associate to the AP, the network will still be secure because of the multiple layers that have been put in place.

You can purchase 802.11 Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

santos_douglas writes "Extreme Tech has this article in which Tim O'Reilly, the man behind every geeks favorite tech manuals, points toward four major leading indicators that will predict the next likely 'killer app' to emerge from the hacker community. They are: (1) Amazon.com web services (2) BARWN (3) Hardware hackers and (4) online gaming communities."

Alex Moskalyuk writes "Ben Hammersley's Content Syndication with RSS is a step-by-step guide to implementing RSS. This standard is gaining popularity among the Web community, and some of your favorite sites might syndicate their content as RSS feeds. The new O'Reilly publication focuses on many aspects of this standard, and is of primary interest to developers, Web site designers, data architects and anyone interested in distributing their data around the Web." So if you have a steady stream of information for your customers, family, or fans, read on for the rest of Alex's review. Content Syndication With RSS author Ben Hammersley pages 222 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003838 summary Introduction and guide for RSS implementations

The first three chapters are primarily discussing the multiplicity of RSS standards. While with some other technologies it might seem a bit excessive, remember that RSS is a forked project with the forks at this moment bearing little resemblance to one another. The abbreviations even have different abbreviations - RSS means Really Simple Syndication if you are using RSS 0.91 or RSS 0.92, that was developed by Dave Winer. RSS means RDF Site Summary if the version you're using RSS 1.0. The development credits in this case go to RSS DEV team. To confuse you even more, the RSS 2.0 standard is deciphered as... correct, Really Simple Syndication again.

Hence chapter 4 discusses Winer's implementation (simplistic and user-friendly), while chapter 6 focuses on RSS 1.0 (RDF-compliant and data-architect-friendly), and chapter 8 talks about RSS 2.0 (improved RSS 0.9x). Chapter 4 is available online as a PDF file. Section 4.4 is recommended for those interested in promoting their RSS feeds as it provides pretty good reference to meta data.

Chapter 9 is perhaps of special interest to Web developers and administrators out there. It presents several code samples to properly parse RSS and present the result in readable HTML. The examples include (a) parsing with XML::Simple in Perl, (b) parsing with Perl regular expressions, (c) parsing with XML::Simple and sending the headlines to cell phones via WWW::SMS, (d) parsing via XSLT transformation. Python, PHP and ASP folks might feel left out due to the abundance of Perl examples, but if you got so far in the book, you can probably apply the regular expressions example or search for appropriate support for RSS format in your preferred language.

Going beyond the standard itself, RSS directories, aggregators and readers are discussed. Author makes a distinction between the last two by classifying Meerkat-like services into aggregators and desktop or Web applications designed to present the information to the user into readers. The chapter also provides information about Syndic8, its API, and describes the feed registration process. OReilly's Meerkat is also discussed in chapter, together with reference table for its API (you can make Meerkat generate HTML or RSS news headlines on certain topic or using certain keywords by providing a right query to its Web interface).

The book is quite a smooth read for a text describing the details of data specification. The chapters are informative and the book is not overloaded with useless information just to increase the page count. The tips are quite useful for someone, who is knew to the field and answers some questions not covered by standards (e.g., how often should you request an RSS feed, what to do if you're being screen-scraped, etc.)

I like the way the author divided the chapters into RSS 0.9x/2.0 and RSS 1.0 and kept two worlds apart. Most of the time you probably won't be interested in developing a feed to support both standards, but would like to focus just on one. The examples in Perl are perfect with me, although for someone new to Perl or programming in general those examples with abundant regular expressions might look a bit convoluted. Kudos to the author for not expanding on the topic, like many do, and providing an example of a script for RSS manipulation in every possible language out there.

What's missing? I wish more pages were dedicated to desktop RSS readers. FeedReader, HotSheet, Syndirella, Beaver and SharpReader are excellent end user applications currently gaining some popularity among those who'd prefer to browse the favorite headlines at a glance, instead of going to a dozen of sites every morning. To be fair, there's a huge list of readers in Appendix, and some applications mentioned above only came around in the last few months, which was probably after the book hit the press. Some sites also didn't make it into the book. I like DailyRotation and FreshNews that borrow from Meerkat's versatility and provide their own feed portal.

Overall, the book is a pretty good developer's guide to RSS standard. Accompanied with helpful illustrations and numerous tips it's an excellent resource for those unfamiliar with RSS and a helpful reference for those who have been doing Web syndication for a while.

You can purchase Content Syndication With RSS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Alex Moskalyuk writes "Ben Hammersley's Content Syndication with RSS is a step-by-step guide to implementing RSS. This standard is gaining popularity among the Web community, and some of your favorite sites might syndicate their content as RSS feeds. The new O'Reilly publication focuses on many aspects of this standard, and is of primary interest to developers, Web site designers, data architects and anyone interested in distributing their data around the Web." So if you have a steady stream of information for your customers, family, or fans, read on for the rest of Alex's review. Content Syndication With RSS author Ben Hammersley pages 222 publisher O'Reilly rating 8/10 reviewer Alex Moskalyuk ISBN 0596003838 summary Introduction and guide for RSS implementations

The first three chapters are primarily discussing the multiplicity of RSS standards. While with some other technologies it might seem a bit excessive, remember that RSS is a forked project with the forks at this moment bearing little resemblance to one another. The abbreviations even have different abbreviations - RSS means Really Simple Syndication if you are using RSS 0.91 or RSS 0.92, that was developed by Dave Winer. RSS means RDF Site Summary if the version you're using RSS 1.0. The development credits in this case go to RSS DEV team. To confuse you even more, the RSS 2.0 standard is deciphered as... correct, Really Simple Syndication again.

Hence chapter 4 discusses Winer's implementation (simplistic and user-friendly), while chapter 6 focuses on RSS 1.0 (RDF-compliant and data-architect-friendly), and chapter 8 talks about RSS 2.0 (improved RSS 0.9x). Chapter 4 is available online as a PDF file. Section 4.4 is recommended for those interested in promoting their RSS feeds as it provides pretty good reference to meta data.

Chapter 9 is perhaps of special interest to Web developers and administrators out there. It presents several code samples to properly parse RSS and present the result in readable HTML. The examples include (a) parsing with XML::Simple in Perl, (b) parsing with Perl regular expressions, (c) parsing with XML::Simple and sending the headlines to cell phones via WWW::SMS, (d) parsing via XSLT transformation. Python, PHP and ASP folks might feel left out due to the abundance of Perl examples, but if you got so far in the book, you can probably apply the regular expressions example or search for appropriate support for RSS format in your preferred language.

Going beyond the standard itself, RSS directories, aggregators and readers are discussed. Author makes a distinction between the last two by classifying Meerkat-like services into aggregators and desktop or Web applications designed to present the information to the user into readers. The chapter also provides information about Syndic8, its API, and describes the feed registration process. OReilly's Meerkat is also discussed in chapter, together with reference table for its API (you can make Meerkat generate HTML or RSS news headlines on certain topic or using certain keywords by providing a right query to its Web interface).

The book is quite a smooth read for a text describing the details of data specification. The chapters are informative and the book is not overloaded with useless information just to increase the page count. The tips are quite useful for someone, who is knew to the field and answers some questions not covered by standards (e.g., how often should you request an RSS feed, what to do if you're being screen-scraped, etc.)

I like the way the author divided the chapters into RSS 0.9x/2.0 and RSS 1.0 and kept two worlds apart. Most of the time you probably won't be interested in developing a feed to support both standards, but would like to focus just on one. The examples in Perl are perfect with me, although for someone new to Perl or programming in general those examples with abundant regular expressions might look a bit convoluted. Kudos to the author for not expanding on the topic, like many do, and providing an example of a script for RSS manipulation in every possible language out there.

What's missing? I wish more pages were dedicated to desktop RSS readers. FeedReader, HotSheet, Syndirella, Beaver and SharpReader are excellent end user applications currently gaining some popularity among those who'd prefer to browse the favorite headlines at a glance, instead of going to a dozen of sites every morning. To be fair, there's a huge list of readers in Appendix, and some applications mentioned above only came around in the last few months, which was probably after the book hit the press. Some sites also didn't make it into the book. I like DailyRotation and FreshNews that borrow from Meerkat's versatility and provide their own feed portal.

Overall, the book is a pretty good developer's guide to RSS standard. Accompanied with helpful illustrations and numerous tips it's an excellent resource for those unfamiliar with RSS and a helpful reference for those who have been doing Web syndication for a while.

You can purchase Content Syndication With RSS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ursus Maximus contributes this review of Python in a Nutshell, writing "Perhaps the best book about Python ever written, this is the perfect capstone to anyone's library of Pythonic books, and also the perfect introduction to Python for anyone well versed in other programming languages. For newbies to programming, this would still be a good second book after a good introductory book on Python, such as Learning Python by Mark Lutz." Read on for the rest of his review. Python in a Nutshell author Alex Martelli pages 636 pages publisher O'Reilly rating Excellent, superb, 5 stars reviewer Ron Stephens ISBN 0596001886 summary Complete reference book for the Python programming language

Written by my favorite author and Pythonista, Alex Martelli, this book manages to fill three roles in extremely pleasing fashion. First and foremost to me, it is a great read, straight through. Mr. Martelli's prose is always sparkling and always keeps the reader interested. No matter how many Python books you have read, you will learn some nuances from this book, and it is about the best review of the whole Pythonic subject matter that I can imagine. While there is absolutely no fluff whatsoever in these 636 pages, it still makes for rather easy reading because the explanations are so clearly thought out and explored as to lead one gently to understanding, without in any way being verbose. It is obvious that Alex Martelli took his time and put in sufficient thought, effort, and intellectual elbow-grease to make this work a classic for all time.

Secondly, this book is the ultimate Pythonic reference book, the best fit to this role I have yet seen. You will keep this book in the most cherished spot on your book shelf, or else right at your side on your computer desk, because you can almost instantly find any topic on which you need to brush up, in the midst of a programming project.

Third, Python in a Nutshell is the most up-to-date book on Python (as of April 2003) and includes the best and most complete expositions yet on the new features introduced in Python 2.2 and 2.3. These topics are not only covered in depth, they are integrated into the text in their proper positions and relationships to the language as a whole. They are explained better here than I have seen anywhere else, so much so as to make them not only understandable to me (a duffer), but indeed so that they appear seamlessly Pythonic, as if they had been a part of the language since version 1.0. Topics explored in depth include new style classes, static methods, class methods, nested scopes, iterators, generators, and new style division. List comprehensions are made not only comprehensible but indeed intuitive.

The book is surprisingly complete. It covers the core language as well as the most popular libraries and extension modules. It is difficult to choose any one portion of the book to highlight for extra praise, as all topics are treated so well. It is a complete book, the new definitive book about Python.

Everything about this book speaks of quality. In addition to the top notch writing and editing, O'Reilly really did the right thing and published this book printed on the highest quality paper, paper so thin that the 636 pages are encompassed in a book much thinner than one would expect for such a size, but strong enough to resist wear and tear. The text is most pleasing to the eye. Holding the book, and turning its pages, gives one a feeling of satisfaction.

Any job worth doing is worth doing well. Alex Martelli and O'Reilly have done justice to a topic dear to our hearts, the Python programming language. Perhaps, in years to come, the passage of time may make this book to be no longer the most up-to-date reference on the newest features added to Python. But time can not erase the quality craftsmanship and the shear joy of reading such a well thought out masterpiece of Pythonic literature.

You can purchase Python in a Nutshell from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. Ron Stephens would also like you to check out Python City, with "27+ reviews of books about Python. 67+ links to online tutorials about Python and related subjects Daily newsfeed of Pythonic web articles, new sourceforge projects, etc."

Ursus Maximus contributes this review of Python in a Nutshell, writing "Perhaps the best book about Python ever written, this is the perfect capstone to anyone's library of Pythonic books, and also the perfect introduction to Python for anyone well versed in other programming languages. For newbies to programming, this would still be a good second book after a good introductory book on Python, such as Learning Python by Mark Lutz." Read on for the rest of his review. Python in a Nutshell author Alex Martelli pages 636 pages publisher O'Reilly rating Excellent, superb, 5 stars reviewer Ron Stephens ISBN 0596001886 summary Complete reference book for the Python programming language

Written by my favorite author and Pythonista, Alex Martelli, this book manages to fill three roles in extremely pleasing fashion. First and foremost to me, it is a great read, straight through. Mr. Martelli's prose is always sparkling and always keeps the reader interested. No matter how many Python books you have read, you will learn some nuances from this book, and it is about the best review of the whole Pythonic subject matter that I can imagine. While there is absolutely no fluff whatsoever in these 636 pages, it still makes for rather easy reading because the explanations are so clearly thought out and explored as to lead one gently to understanding, without in any way being verbose. It is obvious that Alex Martelli took his time and put in sufficient thought, effort, and intellectual elbow-grease to make this work a classic for all time.

Secondly, this book is the ultimate Pythonic reference book, the best fit to this role I have yet seen. You will keep this book in the most cherished spot on your book shelf, or else right at your side on your computer desk, because you can almost instantly find any topic on which you need to brush up, in the midst of a programming project.

Third, Python in a Nutshell is the most up-to-date book on Python (as of April 2003) and includes the best and most complete expositions yet on the new features introduced in Python 2.2 and 2.3. These topics are not only covered in depth, they are integrated into the text in their proper positions and relationships to the language as a whole. They are explained better here than I have seen anywhere else, so much so as to make them not only understandable to me (a duffer), but indeed so that they appear seamlessly Pythonic, as if they had been a part of the language since version 1.0. Topics explored in depth include new style classes, static methods, class methods, nested scopes, iterators, generators, and new style division. List comprehensions are made not only comprehensible but indeed intuitive.

The book is surprisingly complete. It covers the core language as well as the most popular libraries and extension modules. It is difficult to choose any one portion of the book to highlight for extra praise, as all topics are treated so well. It is a complete book, the new definitive book about Python.

Everything about this book speaks of quality. In addition to the top notch writing and editing, O'Reilly really did the right thing and published this book printed on the highest quality paper, paper so thin that the 636 pages are encompassed in a book much thinner than one would expect for such a size, but strong enough to resist wear and tear. The text is most pleasing to the eye. Holding the book, and turning its pages, gives one a feeling of satisfaction.

Any job worth doing is worth doing well. Alex Martelli and O'Reilly have done justice to a topic dear to our hearts, the Python programming language. Perhaps, in years to come, the passage of time may make this book to be no longer the most up-to-date reference on the newest features added to Python. But time can not erase the quality craftsmanship and the shear joy of reading such a well thought out masterpiece of Pythonic literature.

You can purchase Python in a Nutshell from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. Ron Stephens would also like you to check out Python City, with "27+ reviews of books about Python. 67+ links to online tutorials about Python and related subjects Daily newsfeed of Pythonic web articles, new sourceforge projects, etc."