BKHISCCH.RVW   20081020

"The History of Information Security", Karl de Leeuw/Jan Bergstra,
2007, 978-0-444-51608-4
%E   Karl de Leeuw karl.de.leeuw@...
%E   Jan Bergstra
%C   256 Banbury Road, Oxford, OX2 7DH
%D   2007
%G   978-0-444-51608-4
%I   Elsevier Advanced Technology
%O   +44 865 512242 Fax: +44 865 310981 books.elsevier.com
%O  http://www.amazon.com/exec/obidos/ASIN/0444516085/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0444516085/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0444516085/robsladesin03-20
%O   Audience i Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   887 p.
%T   "The History of Information Security: A Comprehensive Handbook"

Chapter one, which stands in for an introduction to the papers in this
volume, already notes that the title is inaccurate.  The editor admits
that this work is not a history, as such, but an overview from the
perspective of different disciplines related to information security,
taking a historical approach in examining the socio-political shaping
of infosec.  The authors ask whether technology influenced public
policy and politics, and look for information security strategies (or
the lack thereof) in politics.  I found the selection of references
disquieting, noting that the editor responsible for the choice of
papers complained that there was no historical material addressing
industrial espionage, administrative practices, disruption of
communications with criminal intent, or other areas.  No mention is
made, in the references, to the works of Stamp (cf. BKINSCPP.RVW),
Winkler (cf. BKCRPESP.RVW, BKSPAMUS.RVW), or Denning (cf.
BKDENING.RVW) to name just a few.

I can agree with the emphasis on social aspects of security: security
is, and always has been, a people problem.  Information security,
however, necessarily involves technology, and the authors of most of
the papers included in this collection have concentrated so much on
history (mostly in the form of dates and political rivalries) that the
questions of influence of technology on politics, or politics on
technology, can't really be analyzed.  Additionally, enormous topical
areas relevant to information security (such as risk management,
intrusion detection, cryptographic infrastructure (PKI), physical
security, computer architecture, application development, and malware)
are notable by their absence.

Part one addresses intellectual property.  Essay subjects include
various forms of censorship and self-censorship (with no mention of
the "full disclosure" debate), the German patent system, copyright,
and the application of copyright and patent to software.

Part two looks at items related to identity management, with a highly
abstract and impractical philosophy of identity, notes on document
security, a review of identity cards, and a recent history of
biometrics.

Although entitled "Communications Security," part three is about
cryptography.  The papers on Renaissance (1400-1650) and Dutch (up to
1800) cryptography, British postal interception up until the 1700s,
the KGB crypto office, and the NSA (US National Security Agency) are
of primarily political interest.  The articles on rotor cryptography,
Colossus, and the Hagelin machines have points of curiosity, but are
still very thin on technical details.  A final essay attempts a very
terse overview of modern cryptographic concepts.

Computer security is in part four.  Early US military evaluation
standards, some of the basic formal information security models, an
academic look at application security and auditing, a rough division
of recent information technology into decade "periods," an equally
unpolished history of Internet security, and a scattered review of
computer crime make up this section.

For some reason questions of privacy and regulations governing the
export of cryptography are seen to fit together in part five.  Three
papers present US cryptographic export restrictions, a random and not
completely successful attempt to define privacy, and various US
undertakings at regulating the use of encryption.

Part five can't have been lumped together simply due to a lack of
articles, since part six is a single piece providing a limited and
incomplete overview of information warfare.

As a book this volume is disappointing.  It is not "a history," merely
a collection of papers, with little structure or linkage.  The topics
relate to security, but a work on infosec should have more technical
content and understanding.  It is certainly not comprehensive.  And,
at several kilograms in weight, it bears little resemblance to a
handbook.

That said, a number of the essays do provide interesting historical
points, anecdotes, and references.  Therefore, those with the stamina
to work through the material may be rewarded with historical nuggets,
and pointers to further sources of information.

copyright Robert M. Slade, 2008   BKHISCCH.RVW   20081020

======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Computing Science: the study of the use and sometimes
construction of digital computers.  It is a fashionable,
interesting, difficult, and perhaps useful activity.
                                               - Christopher Strachey
victoria.tc.ca/techrev/rms.htm
blogs.securiteam.com/index.php/archives/author/p1/

BKMAFIBY.RVW   20081020

"Mafiaboy", Michael Calce/Craig Silverman, 2008, 978-0-670-06748-0,
C$34.00
%A   Michael Calce
%A   Craig Silverman www.regrettheerror.com
%C   10 Alcorn Ave, Suite 300, Toronto, Ontario, M4V 3B2
%D   2008
%G   978-0-670-06748-0
%I   Penguin/Signet/Roc
%O   C$34.00 416-925-2249 Fax: 416-925-0068 service@...
%O  http://www.amazon.com/exec/obidos/ASIN/0670067482/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0670067482/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0670067482/robsladesin03-20
%O   Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   288 p.
%T   "Mafiaboy: how i cracked the internet and why it's still broke"

Yet Another L33t Wannabe Tell-All.  Yet another story of broken home
(I almost wish somebody who lives with both parents would do some
serious net vandalism so we could dispense with the stereotype **),
social misfit, problem-with-authority, play-with-things-you-don't-
understand-and-make-a-mess book.

The jacket tells us that Mafiaboy has kept silence for eight years,
and only now will we get the real story.  Well, an awful lot of this
book is on the public record already.  So much of it comes from "The
Hacker Diaries" (cf. BKHCKDRY.RVW) that Dan Verton might be starting
to think about the boundaries of fair use.  (The technical material is
similar to Verton's level of understanding: certain items from the
time are identifiable as presented, but others are questionable.)
When we get down to the inside scoop it's quite a disappointment:
apparently Mafiaboy doesn't really know that much about what went on
around him.  (An entire chapter seems to be dedicated to this point.)

The jacket claims that Calce now only uses his powers for good, and
the introduction says that he is sharing his experience in order to
help us secure the online world.  It goes on to say that this tome is
not intended to excuse Calce's actions.  Indeed, the text notes
several times that his actions were wrong, and that he was stupid,
boastful, and ignorant.  This is in between the passages where he
claims that he really was quite technically l33t (since he programmed
in C, instead of Pascal like his plebian friends), had amazing
contacts (about whom he can tell us nothing) and status (obtained by
being a nuisance to everyone he encountered), is actually a great and
very moral guy (since he could have done more damage), has been
wrongfully persecuted and slandered (since he really didn't do
anything wrong, just proved that systems which should have been secure
weren't), and has been treated shamefully by law enforcement and the
media.

In terms of helping the reader to secure Internet use, the second part
of the book warns that bad things can happen to people who use the
Internet.  The second last chapter of the work spends ten pages giving
us banal, pedestrian, and simplistic advice on things we can do to
protect ourselves.  There really isn't enough detail in it to do much
good to anyone.

If you want the story of Mafiaboy all in one place (albeit slightly
disjointed), with a few personal and self-serving comments, this is
your book.


**  Oh, yeah, sorry, Bob Morris, Jr.  Coming up on his 20th
anniversary, aren't we?  Neat timing for another blackhat book ...

copyright Robert M. Slade, 2008   BKMAFIBY.RVW   20081020


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
I fell asleep reading a dull book, and I dreamed that I was
reading on, so I awoke from sheer boredom.          - Heinrich Heine
victoria.tc.ca/techrev/rms.htm
blogs.securiteam.com/index.php/archives/author/p1/

BKINFRPR.RVW

"Introduction to Fire Protection", Robert Klinoff, 2007,
978-1-4180-0177-3, U$95.00
%A   Robert Klinoff
%C   5 Maxwell Dr., Clifton Park, NY   12065-2919
%D   2007
%G   978-1-4180-0177-3 1-4180-0177-5
%I   Delmar Cengage Learning
%O   U$95.00 800-354-9706 www.cengage.com
%O  http://www.amazon.com/exec/obidos/ASIN/1418001775/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/1418001775/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1418001775/robsladesin03-20
%O   Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   509 p.
%T   "Introduction to Fire Protection"

The preface states that this text is an introduction to fire
protection (intended for students working towards becoming
firefighters), explaining and promoting the related jobs.

Chapter one outlines the job and training requirements.  Various
career paths are noted in chapter two.  A history of fire protection,
along with some discussion of the development of fire-fighting
technology, is given in chapter three.  Chapter four examines the
chemistry and physics involved in fire, and fire-fighting, although
the explanations seem to demonstrate a rather superficial
understanding.

US-based fire-fighting support organizations, both public and private,
are listed in chapter five.  Fire department resources are catalogued
in chapter six, ranging from building facilities, through truck
fittings, to hand tools.  Fire department administration is slightly
different from that of regular businesses (given the life safety
priorities), and chapter seven's discussion of various structures is
interesting.  (The section on communications, however, is
disappointingly short.)  Support functions are noted in chapter eight,
which repeats some of the material from chapter six.  Chapter nine
points out the importance of training, but is mostly about the
recording and administration involved.

Chapter ten looks at fire prevention, through inspections, codes, and
public education.  Although entitled "Codes and Ordinances," chapter
eleven is more about liability issues.  The examination of fire
protection systems and equipment, in chapter twelve, is disjointed,
having, for example, an extensive discussion of water supply prior to
an outline of the fire suppression agents which require it.  (The
content on Halon and alarms is limited and disappointing.)  Chapter
thirteen's review of emergency incident management has some items
specific to fire protection, but overall is quite a decent (if
generic) exegesis of incident response principles, and could be almost
equally applicable to business disaster response.  Chapter fourteen
closes off with miscellaneous processes involved in emergency
operations, many concerning safety.

The title is correct: this is an introduction, and probably needs to
be backed up with more in-depth material.  That the book is a text is
evident from the list of questions added to the end of every chapter:
unfortunately these tend to be simplistic, and mere checks as to
whether the student has read sections and can parrot back the content,
rather than testing for full comprehension.

copyright Robert M. Slade, 2008   BKINFRPR.RVW


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Hain't we got all the fools in town on our side? And ain't that a
big enough majority in any town?            - Mark Twain's Huck Finn
victoria.tc.ca/techrev/rms.htm
blogs.securiteam.com/index.php/archives/author/p1/

BKSCINCS.RVW   20081123

"Securing Information and Communications Systems", Steven Furnell et
al, 2008, 978-1-59693-228-9, U$109.00
%A   Steven Furnell www.cisnr.org info@...
%A   Sokratis Katsikas
%A   Javier Lopez
%A   Ahmed Patel
%C   685 Canton St., Norwood, MA   02062
%D   2008
%G   978-1-59693-228-9 1-59693-228-7
%I   Artech House/Horizon
%O   U$109.00 617-769-9750 fax: 617-769-6334 artech@...
%O  http://www.amazon.com/exec/obidos/ASIN/1596932287/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/1596932287/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1596932287/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   362 p.
%T   "Securing Information and Communications Systems"

The preface states that the book is based on an idea which arose from
work directed towards a specific conference or course, but does not
really specify what the idea, or the subject of the course, was.
Chapter one, an introduction, notes the increasing importance of
information security, and lists topics which seem to cover most of the
field except for business continuity and physical security.

Chapter two is a vague and disorganized overview of some generic
concepts of security.  Security management, in chapter three, is
limited to an attempt to apply the PDCA (the Deming/Shewart Plan-Do-
Check-Act) model to process management, but the illustration material
is unclear.  (There is also a brief mention of business continuity
planning.)  A list of the standard means of authentication is given in
chapter four.  Some of the usual models of access control are
catalogued in chapter five.  (Although "authorization" is specifically
mentioned in the chapter title, the text does not really address the
issue.  The figures purporting to explain the Bell-LaPadula and Biba
models are pretty much incomprehensible.)  Some threats and tools
related to database security are noted in chapter six.  Chapter seven
outlines some of the basic concepts of cryptography, but in a fairly
abstract fashion.  Most of the material on network security, in
chapter eight, is a listing of tools.  Some content is misleading: a
list of VPN (Virtual Private Network) protocols fails to note that
none of those included have any provisions for encryption or
authentication.  Chapter nine fills some of the gaps in seven, by
raising some factors involved in a hierarchical model of PKI (Public
Key Infrastructure).  A few aspects of tokens and smart cards are
discussed in chapter ten.  Random thoughts on privacy and privacy
supporting technologies are in eleven.  Chapter twelve looks, somewhat
disjointedly, at various types of Web filtering, but the promised
legal issues aren't really covered.  Some functions of an
investigation into a computer incident are reviewed in chapter
thirteen.  Chapter fourteen purports to propose a holistic approach to
IT and communications security, but instead is a series of abstract
and epistemological musings with little practical use.  The formal
requirements for a voting system are noted in chapter fifteen, but
there is no actual system or any analysis of such.  Chapter sixteen is
ostensibly a serverless, peer-to-peer wiki system, but at heart is
actually just a normal authentication system such as Kerberos: the
problems noted at the beginning of the article are simply moved one
stage back.

As a general introduction to or outline of security the work does not
have the scope and detail of "Computer Security: Principles and
Practice" by William Stallings and Lawrie Brown (cf. BKCMSCPP.RVW), or
any of a number of other general works.  In terms of specific,
detailed, or recent research, the "Information Security Management
Handbook" (cf. BKINSCMH.RVW) has much greater depth and range.

copyright Robert M. Slade, 2008   BKSCINCS.RVW   20081123


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
The universe is full of magical things, patiently waiting for
our wits to grow sharper.                          - Eden Phillpotts
victoria.tc.ca/techrev/rms.htm
blogs.securiteam.com/index.php/archives/author/p1/

BKBUPRLH.RVW   20081123

"The Business Privacy Law Handbook", Charles H. Kennedy, 2008,
978-1-59693-176-3, U$109.00
%A   Charles H. Kennedy ckennedy@...
%C   685 Canton St., Norwood, MA   02062
%D   2008
%G   978-1-59693-176-3 1-59693-176-0
%I   Artech House/Horizon
%O   U$109.00 617-769-9750 800-225-9977 artech@...
%O  http://www.amazon.com/exec/obidos/ASIN/1596931760/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/1596931760/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1596931760/robsladesin03-20
%O   Audience a- Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   312 p.
%T   "The Business Privacy Law Handbook"

The preface states that this is a survey of business privacy law in
the United States, and the changes that field is undergoing, intended
for business managers and those advising them.  The introduction is
rather interesting: on the one hand, it lays out a five-step process
to guide the task of ensuring compliance with privacy regulations, and
on the other, it points out how complex this undertaking is, in the
labyrinthine legal environment of the US.

Part one addresses issues of information relating to consumers and
customers.  Chapter one deals with information collected on the
Internet and through Websites.  As the US has no general national
standards in this regard, most of the discussion deals with the design
of corporate privacy policies for Websites.  There is also an
examination of the Children's Online Privacy Protection Act (COPPA).
Various US and state laws with implications for general information
security and protection are noted in chapter two, which also has a
brief section on information risk identification.  Legislation
relating to companies in the financial industry are reviewed in
chapter three.  Chapter four notes the provisions of the Electronic
Communications Privacy Act, the Stored Communications Act, and special
provisions for communications carriers.  The implications of HIPAA
(the Health Insurance Portability and Accountability Act) for the
health industry are outlined in chapter five, which also notes some
related state laws.  Although ostensibly about the European Union
privacy directives, the rather terse material in chapter six is more
about the Safe Harbor framework of the US Department of Commerce.

Part two looks at job applicants and employees.  Chapter seven is a
brief review of the hiring process, and it is interesting to note that
the common opposition (by employers) to providing detailed references
has little objective basis.  The examination of internal
investigations, as discussed in chapter eight, is limited, and repeats
content from chapter seven.  Chapter nine's deliberation on
surveillance is primarily concerned with tapping of phone and email
conversations.

Part three turns to communications with customers and consumers, with
three successive chapters on marketing types of intercourse;
telemarketing (in chapter ten), fax advertising (eleven), and spam
(twelve).  Chapter thirteen, on the monitoring of customer
communications, is a mere three paragraphs in total length, and is a
reiteration of some of the content of chapter nine.

Appendices list state privacy and data security laws.

It is unfortunate that the title does not make clear the US-centric
nature of the material, but it is reasonable for a legal text to
concentrate on one jurisdiction.  Despite occasional shortcomings in
specific areas, this text does provide a detailed, up-to-date and
quite comprehensive overview of the convoluted mess of American
privacy law.

copyright Robert M. Slade, 2008   BKBUPRLH.RVW   20081123


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Subscribe to the techbooks list at techbooks-subscribe@egroups.com
victoria.tc.ca/techrev/rms.htm
blogs.securiteam.com/index.php/archives/author/p1/

BKMATHHA.RVW   20081124

"Making Things Happen", Scott Berkun, 2008, 978-0-596-51771-7,
U$39.99/C$39.99
%A   Scott Berkun www.scottberkun.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2008
%G   978-0-596-51771-7 0-596-51771-8
%I   O'Reilly & Associates, Inc.
%O   U$39.99/C$39.99 800-998-9938 707-829-0515 fax: 707-829-0104
%O  http://www.amazon.com/exec/obidos/ASIN/0596517718/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0596517718/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596517718/robsladesin03-20
%O   Audience n- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   392 p.
%T   "Making Things Happen"

This is actually the second edition of "The Art of Project
Management," with a few additions.

The preface states that the audience for the book consists of new or
experienced managers or team leaders, programmers working on large
projects, or students of business management, product design, or
software engineering.  Chapter one is titularly a history of project
management, but contains vague and pedestrian advice with little
historical background of any substance.  There is a mention that
Microsoft's program management incorporates both technical and
marketing input, but the text does not say much about management as
such.  (Berkun does state that Microsoft's system is an example of
"matrix organization," but although this term is used a number of
times and is obviously significant to the author, the concept is not
well defined in the book.)  A list of conflicting behaviours and
characteristics of managers could possibly be useful as a reminder to
examine one's own preferences and conduct.  New to this edition are
exercises at the end of each chapter.  The examples and wording are
silly, but they still provide decent ideas for getting people thinking
about project management concepts.  It is an improvement on the
original work.

Part one outlines the planning phase and activities involved in a
project.  Chapter two takes a rather pessimistic look at schedules.
There are good points on the purpose and psychological benefits of
timetables, as well as practical advice on rough estimates and how to
make them more accurate, but the material is also bloated with
verbiage.  The look at planning, in chapter three, concentrates on
arguments and communications, but is not organized very well.  "The
vision thing" is often undefined in business, and chapter four doesn't
stray far from the vague model, but it does cover overall objectives
and offers some tips on how to write vision documents.  Chapter five,
while it is supposed to deal with how to generate ideas, focuses on
requirements, specifications, and the elicitation of those details.
Working with, and developing those ideas is the topic of chapter six,
which also minimally analyses scope creep, an ever present danger in
any project.

Part two turns to specific project management skills.  Chapter seven
examines the writing of specifications, and is mostly a warning
against the over-engineered "one-size-fits-all" templates suggested
for that purpose.  Berkun gives us the standard advice on making
decisions, in chapter eight.  The usual admonitions are also given in
chapter nine, this time about communication and relationships.  It is
rather ironic that chapter ten, in giving a list of ways to annoy
people (and conversely, how not to), states right off the top that the
best way to make people turn you off is to assume that they are
ignorant.  The text then goes on to provide generic and banal counsel
on process (mostly administrative controls).  The recommendations on
using email repeat tips given previously on communications, and miss
the fact that email really is a very specialized form and subject to
generating misunderstandings.  The tips for planning meetings are
decent, but limited.  Chapter eleven has vague guidance on what to do
when things go wrong.

Part three is entitled management, but concentrates on leadership.
Some good messages on trust are given in chapter twelve, but the
content is more verbose than necessary, and the basic tips get lost in
the stories.  Chapter thirteen is supposed to be about "making things
happen," but ends up being a grab bag of project operation topics and
tips.  Scheduling is revisited in chapter fourteen, with more low-
level detail.  Pinning down a topic for chapter fifteen is difficult,
but much of the content deals with changes to requirements, and
setting priorities for handling bugs.  Chapter sixteen finishes off
the book with a melange of politics and psychology.

It is hard to find specific instances of new additions or changes to
this work, but it definitely has improved.  The addition of the
exercises was a plus, giving the reader more to think about than just
Berkun's pronouncements.  Experienced managers might find this amusing
and potentially useful bedtime reading: there won't be anything new,
but there may have been some things you've forgotten.  Those who are
new to the management task will probably find this to be a helpful
guide: there are pieces missing, but most of the important stuff is
here, and it gives you enough to get going.

copyright Robert M. Slade, 2006, 2008   BKMATHHA.RVW   20081124


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
I don't yet have a solution, but I have a new name for the
problem.                         - Ross A. Leo, CISSPforum, 20050712
victoria.tc.ca/techrev/rms.htm
blogs.securiteam.com/index.php/archives/author/p1/

BKIPOPSO.RVW   20081128

"Intellectual Property and Open Source", Van Lindberg, 2008,
978-0-596-51796-0, U$34.99/C$34.99
%A   Van Lindberg
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2008
%G   978-0-596-51796-0 0-596-51796-3
%I   O'Reilly & Associates, Inc.
%O   U$34.99/C$34.99 800-998-9938 707-829-0515 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/0596517963/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0596517963/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596517963/robsladesin03-20
%O   Audience i Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   371 p.
%T   "Intellectual Property and Open Source"

The preface states that this book provides documentation for the legal
system, obviously intending that it be addressed to a technical
audience, explaining to them what the legal operations are (as related
to intellectual property, or IP).

Chapter one outlines the legal categories of IP (patent, copyright,
trademark, and trade secret), as well as reviewing general economic
theory, and the philosophy of knowledge as a type of material "good."
Patent documents are explained, in chapter two, in terms of file
formats.  The important concepts of invention (as claim) versus
embodiment, conception versus reduction to practice, and first to file
as opposed to first to invent are also defined.  What is, and isn't,
patentable is covered in chapter three.  The details, requirements,
and limits of copyright are in chapter four.  Chapter five points out
that trademark has value not only for the company, but also for the
customer.  The discussion of trade secret, in chapter six, notes the
factors involved in the utility of a trade secret.  This chapter also
examines some issues of open source software for the first time, since
the preceding material is fairly generic.

Chapter seven looks at contracts and licences, a number of issues of
which are important to open source.  Using an interesting (and useful)
analogy of the difference between banks and credit unions, chapter
eight notes the economic and legal basis for open source software, and
why (and where) it works.  (The licencing discussion is also extended
here.)  The factors involved in ownership of intellectual property
(whether on the part of the individual, company, or work-for-hire) are
examined in chapter nine.  Chapter ten notes terms, and provides
examples, of open source licences.  Some very interesting implications
of accepting code patches are noted in chapter eleven.  Chapter twelve
extends chapter ten's content, specific to the General Public License
(GPL).  Chapter thirteen briefly looks at the process of reverse
engineering, but is primarily concerned with the legality of the
operation.  The establishment of non-profit organizations, and
particularly in relation to the benefit for open source projects, is
outlined in chapter fourteen.

Appendices provide various samples of legal documents.

The writing is articulate, and the material reasonably comprehensive.
The organization leaves a little bit to be desired.  The book is
almost two books; one on IP and one on open source; and it's not clear
why chapters seven, ten, and twelve are distinct (and separated).
However, this is a valuable guide for anyone in the technical world
who wishes to know about legal issues of intellectual property, and
particularly for anyone in, or contemplating, an open source project.

copyright Robert M. Slade, 2008   BKIPOPSO.RVW   20081128


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Technology is dominated by two types of people: those who
understand what they do not manage, and those who manage what
they do not understand.                                 - Putt's Law
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/

BKPTLRYW.RVW   20081128

"Pragmatic Thinking and Learning", Andy Hunt, 2008, 978-1-934356-05-0,
U$34.95/C$34.95
%A   Andy Hunt andy@...
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2008
%G   978-1-934356-05-0 1-934356-05-0
%I   O'Reilly & Associates, Inc.
%O   U$34.95/C$34.95 707-829-0515 fax: 707-829-0104 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/1934356050/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/1934356050/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1934356050/robsladesin03-20
%O   Audience n Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   271 p.
%T   "Pragmatic Thinking and Learning: Refactor Your Wetware"

Paperbacks don't have endpapers, but there is an illustration before
the table of contents, which turns out to be a "back of napkin"
mindmap version of the table of contents.

Chapter one acts as an introduction to the book.  It states that the
intention of the text is to allow you to redesign your brain so that
it works better.  There are few specifics given at this point, but
there is a lot of emphasis on holistic, agile, and context.  Models of
moving from ignorance to expertise, such at the Dreyfus model of
skills acquisition and the Shu Ha Ri martial arts model, are outlined
in limited fashion in chapter two.  Unfortunately, the brevity of the
explanation leads to problems.  The material is internally
contradictory: for example Dreyfus "proficient" level people are said
to "see the big picture" whereas novices are derided for considering
everything.  Hunt notes that experts may not be capable of teaching or
outlining their field of expertise.  This is unsurprising: teaching
and task analysis are not inate, but require specialized proficiency.
In chapter three Hunt proposes his own version of the "left
brain/right brain" hypothesis.  Chapter four suggests various
exercises that may be helpful for promoting lateral or creative
thinking.  A seemingly random collection of notions about human
thought biases are listed in chapter five.  Hunt's assertion that
these prejudices generate problems appears reasonable, but some of the
items seem in odd contention with other material in the book.
(Earlier chapters rail against the overuse of the "logical" side of
the brain: here Hunt notes that one way to avoid irrational ideas is
to demand quantification.)  Most of chapter six is about life-long
learning, although it starts with a distinct section suggesting that
you set goals for yourself.  Some disjointed advice for learning by
experience is given in chapter seven.  In contrast to the emphasis,
from chapters one and three, on divergent thinking, chapter eight
stresses the importance of narrowing your focus.  Except that you have
to defocus in order to focus.  Clean off your computer desktop: cut
down to one window.  Except that you need to have some distractions
available ...  Chapter nine encourages you to change.

There are some interesting ideas in the book.  Individual items could
be useful for pushing thinking out of ingrained ruts.  However, by and
large, the author promises more than he delivers.

copyright Robert M. Slade, 2008   BKPTLRYW.RVW   20081128


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Why don't you write books people can read?    - Nora Joyce, to James
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/

BKSLDLGY.RVW   20081127

"slide:ology", Nancy Duarte, 2008, 978-0-596-52234-6, U$34.99/C$34.99
%A   Nancy Duarte www.slideology.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2008
%G   978-0-596-52234-6 0-596-52234-7
%I   O'Reilly & Associates, Inc.
%O   U$34.99/C$34.99 800-998-9938 707-829-0515 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/0596522347/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0596522347/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596522347/robsladesin03-20
%O   Audience a- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   274 p.
%T   "slide:ology"

I've seen a mindmap used for the table of contents before, but this is
the first time I've seen one used for the acknowledgements.

The introduction notes that many people use PowerPoint (which is, when
used properly, an effective tool) but don't know anything about
design.  It also promises that the book will be simple to use, with
one idea per spread (two facing pages).

Chapter one proposes the creation of a new "slide ideology," and
promotes the idea of using slides and PowerPoint, stating that you can
do it, no matter what your skill level.  Unfortunately, the book
itself weakens this argument.  The ideas are not always lucid, and
some of the graphics do not illustrate the related points.  It's
rather disheartening to note, right off the bat, that even
professionals can get it wrong.  Drawing and sketching is suggested in
chapter two: the reader is exhorted to create ideas, not slides.
Diagrams are discussed in chapter three, but, again, the figures often
fail to display (at least to me) the concepts suggested in the text.
(Which brings to mind a kind of sociological and epistemological
question: are we starting to require a sort of pictorial education; a
kind of "grapheracy;" in some modes of communication?)  Chapter four
is about displaying data, and here the figures do illustrate concepts
better than the explanations do, although a fair amount of analysis is
demanded of the reader (or viewer).  We are told to "think like a
designer," in chapter five, but wasn't part of the point of the book
to provide some help to those who weren't graphic designers?  (There
isn't much in these pages to tell you how to think like a designer.)

Well, maybe that last is not quite fair, because chapter six does give
a few points on the arranging of elements on a slide.  However, these
items are not as clear as those provided in chapter four.  This
material is extended in chapter seven with respect to colour and text.
Lots of rules are provided; there are seven spreads, or fourteen
pages, devoted to colour theory; but many of the precepts are
difficult for those not trained in the graphic arts.  Chapter eight is
very similar, but in regard to images.  Some tips about animation are
provided in chapter nine, but the "case studies" are confusing,
possibly because they do not work well in the static environment of
print.  The material on templates, in chapter ten, is not supposed to
be instructions on how to use the function in PowerPoint, but the lack
of explanation on the basic template function means the reader must be
well familiar with the feature in order to understand the advice given
in the text.

Chapter eleven gives advice on performing presentations.  The
suggestions are good, but they are contradictory.  In other words,
there are many ways to present.  It might be a good idea to try out
the various recommendations in different presentations, and see which
ones fit you.  More abstract thoughts on presenting are provided in
chapter twelve.

The organization of the book is unusual.  While the graphically
oriented may relate well to it, those of more linear thought may find
it annoying.  Sometimes a list of factors in a concept makes a
structure for a chapter, and then again, sometimes it doesn't.

I have created my share of slide presentations, and have definitely
survived far too many "death by PowerPoint" harangues.  (As Vint Cerf
said, power corrupts, PowerPoint corrupts absolutely.)  Despite the
fact that many aspects of this book were personally annoying, it
should be a valuable resource that most presenters and slide deck
developers should read.  It's not so much a tutorial book as a
collection of reminders, and the vast majority of presenters
desperately need to be reminded of a number of points.

copyright Robert M. Slade, 2008   BKSLDLGY.RVW   20081127


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
The optimist sees the glass as half full.
The pessimist sees the glass as half empty.
The engineer sees that the glass was twice as large as necessary.
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKYOUTUB.RVW   20081220

"YouTube: An Insider's Guide to Climbing the Charts", Alan
Lastufka/Michael W. Dean, 2009, 978-0-596-52114-1, U$29.99/C$29.99
%A   Alan Lastufka AlanLastufka@...
%A   Michael W. Dean www.viralvideowannabe.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-52114-1 0-596-52114-6
%I   O'Reilly & Associates, Inc.
%O   U$29.99/C$29.99 800-998-9938 fax: 707-829-0104 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/0596521146/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0596521146/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596521146/robsladesin03-20
%O   Audience n Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   281 p.
%T   "YouTube: An Insider's Guide to Climbing the Charts"

The preface is highly self-promotional on the part of the authors.
Oddly, this is done in a way that isn't offensive.  And, since the
book is essentially about self-promotion, it's fairly appropriate.
Unfortunately, information about the intent of, or audience for, the
work is limited, other than the implication that this work is not for
YouTube users, but for those creating the content.

Chapter one is a brief history and description of YouTube, and
mentions the importance of "viral" (essentially word of mouth)
marketing in finding an audience for your video creations.  Chapter
two strongly emphasizes that the story line of your video is generally
the most important aspect.  Some suggestions are provided in regard to
the basics of the story arc and directing.  An awful lot of the
material is in the form of "watch this clip and learn," which might be
more helpful if there were more specifics about what *to* learn.  Some
limited suggestions for the purchase of cameras, microphones, and
software are given in chapter three, as well as an introduction to a
few functions of the Sony Vegas Movie Studio application.  Along the
way there are some notes on functions and features of the program, but
most of the content is item specific, and so less useful than it might
have been to novice filmmakers.

Chapter four covers the process (and specific Web pages) for creating
an account on YouTube, with some annotations.  Posting videos to the
site, and related features, are dealt with in chapter five.  Chapter
six reviews copyright.  The initial content outlining the concept is
misleading at best, and retails a number of common myths.  However,
the material specific to YouTube is detailed and useful.  Rating,
comments, and private videos are explained in chapter seven.  Various
functions for working with others are noted in chapter eight.  Chapter
nine describes a few ways to artificially manipulate the YouTube
system and ratings.  (A section on "ethical hacking" appears to be
based on a misunderstanding of the term itself, and propagates a
number of the usual fables.)

Some activities for self-promotion on the wider Internet (mostly those
falling under the social networking rubric) are discussed in chapter
ten.  Various ways of making money with short videos are noted in
chapter eleven.  Random thoughts on lifestyle and the Internet appear
in chapter twelve.  Chapter thirteen is similar to ten, covering more
venues and activities.  Miscellaneous opinions about the net and life
are in chapter fourteen.  Chapter fifteen has interviews with five
major YouTubers.

The preface makes a number of negative comments about other books
written on the topic of YouTube.  Given my experience with works
covering popular Websites or applications, I can well believe that
there are a number of texts that simply print pages of screenshots.
This guide does move beyond that level to provide useful and practical
tips.  At the same time, the material is limited, and more detail
would have been helpful in a number of areas.  Better organization and
structure could also have made the work more accessible and useful to
the reader.

On balance, I would have to say that this book is a decent
introduction for those interested in getting into short video
production, and making that content available through YouTube.

copyright Robert M. Slade, 2008   BKYOUTUB.RVW   20081220


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Beware lest you lose the substance by grasping at the shadow.
                                                              - Aesop
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKASTVL1.RVW   20081127

"Advanced Software Testing, Volume 1", Rex Black, 2009,
978-1-933952-19-2, U$49.95/C$49.95
%A   Rex Black rex_black@... www.rbcs-us.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-1-933952-19-2 1-933952-19-9
%I   O'Reilly & Associates, Inc./Rocky Nook Inc.
%O   U$49.95/C$49.95 800-998-9938 805-687-8727 joan@...
%O  http://www.amazon.com/exec/obidos/ASIN/1933952199/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/1933952199/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1933952199/robsladesin03-20
%O   Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   468 p.
%T   "Advanced Software Testing, Volume 1"

The introduction states that this work covers what the career testing
practitioner should know about test analysis, design, execution, and
results evaluation, for the International Software Testing
Qualifications Board (ISTQB) Advanced Test Analyst exam, or for work.

Chapter one is on testing basics.  However, it is rather confusing,
particularly since acronyms are used freely, and it is frequently
difficult to find a prior definition.  (There is no glossary in the
book, and most acronyms are not referenced in the index.  The author
assures me that all acronyms are, indeed, defined prior to use, but,
in reading the text, I stumbled on this quite often.)  There is also
an emphasis on very large systems.  Testing processes, in chapter two,
gives us yet another project process, with six fairly idiosyncratic
stages.  A lot of jargon is created, but the overall idea seems a bit
fuzzy.  (In this model, planning is stage one, but two stages later,
in implementation, there is a lot more planning to be done.)  Chapter
three, on test management, mostly stresses the idea that management is
irrelevant to this particular examination or certification.  The
material does, though, go into great detail on risk, noting both risk
in product quality, and risk in testing.  Test techniques, in chapter
four, are specific, covering structure- and defect-based testing,
along with static and dynamic analysis.  There are valuable concepts
here, but some are too detailed, while others don't have sufficient
content.  The text is also disorganized and quite redundant in places.

Chapter five, dealing with tests of software characteristics, appears
intended to address overall quality.  Security issues are presented
badly in the material, and usability, portability, and maintainability
are problematic.  Different types of reviews are purportedly noted in
chapter six, but the details are strictly limited to code analysis.
Chapter seven, on incident management, is mostly just about
documentation.

Chapter eight is about standards and test process improvement.  Again,
this content is for management, and neither the material nor the
objectives are intended for analysts, the audience for this book.
(There is a repeated instruction to read the ISTQB Foundation Syllabus
and Advanced Syllabus, but no instructions as to where to obtain these
items.)  Some test tools are listed in chapter nine.  Chapter ten
gives us six pages on people skills and team composition.  The book
closes off with general exam preparation advice in chapter eleven.

The book is not terribly well written or organized.  The content is
uneven in both level and tone.  For those going after this exam,
you'll probably have to rely on the syllabus, and hope that it is
better prepared than this document.  As "advanced" implies, this work
covers an exam that is subsequent to prior material, and those who
have written the first level will have a better understanding of the
structure of the exams and their requirements.  As a book by itself,
this text is not particularly helpful.

copyright Robert M. Slade, 2009   BKASTVL1.RVW   20081127


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
They know enough who know how to learn.                - Henry Adams
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKFRPRSY.RVW   20081203

"Fire Protection Systems", A. Maurice Jones Jr., 2009,
978-1-4018-6262-6
%A   A. Maurice Jones Jr.
%C   5 Maxwell Dr., Clifton Park, NY   12065-2919
%D   2009
%G   978-1-4018-6262-6 1-4018-6262-4
%I   Delmar Cengage Learning
%O   800-354-9706 www.cengage.com
%O  http://www.amazon.com/exec/obidos/ASIN/1401862624/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/1401862624/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1401862624/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   502 p.
%T   "Fire Protection Systems"

The preface states that the book is addressed to fire departments and
academies, colleges, architects, and engineers, providing an in-depth
review of fire protection systems, components, and characteristics.
There is a correlation chart referencing the Fire and Emergency
Service Higher Education (FESHE) curriculum.

Section one establishes a relationship between fire behaviour, codes,
and protection systems.  Chapter one outlines the basics of fire
behaviour, dealing with fire, combustion, the fire triangle and
tetrahedron; classes, types, and stages of fires; and extinguishers.
The model code process is reviewed in chapter two (model codes being
private guideline documents).

Section two looks at water-based fire protection systems.  Chapter
three examines water supplies, distribution systems, valves, hydrants,
and pumps.  Some of this material is repeated when chapter four talks
about standpipe and hose systems.  The discussion of effectiveness of
automatic sprinkler systems, in chapter five, is uncompelling, but
there is coverage of standards and discrete components (down to the
level of elbow joints).  Chapter six looks at specialized types of
water-based systems, such as mist and foam.

Section three notes fire alarms and detection systems.  Chapter seven
lists fire alarm system components and functions.  Types of alarms and
detection systems are catalogued in chapter eight.

Fire suppression agents (and systems) that use materials other than
water are described in section four.  Chapter nine examines wet and
dry chemical extinguishing systems.  Gaseous agent extinguishing
systems are dealt with in chapter ten, and, for once, the Halon
numbering system is explained (numbers of atoms of carbon, fluorine,
chlorine, and bromine in the molecule).  (There is a brief mention of
the Montreal Protocol.)  Portable fire extinghishers are in chapter
eleven.

Section five is a bit of a grab bag.  Chapter twelve looks at smoke
control and management systems.  Property security and emergency
response, in chapter thirteen, emphasizes exit systems and fire
department access.  Emerging technologies are minimally noted in
chapter fourteen.

The book does a decent job of describing the technologies and
standards, but there is very little comparison or discussion of
relative strengths and weaknesses of the various systems.  This is
disappointing in a work supposedly aimed at "higher education."

copyright Robert M. Slade, 2009    BKFRPRSY.RVW   20081203

======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Funny. I've never heard `Project Gutenberg' called `Yahoo' before
     - http://ars.userfriendly.org/cartoons/?id=20051004&mode=classic
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKHFSTAT.RVW   20081203

"Head First Statistics", Dawn Griffiths, 2009, 978-0-596-52758-7,
U$34.99/C$34.99
%A   Dawn Griffiths
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-52758-7 0-596-52758-6
%I   O'Reilly & Associates, Inc.
%O   U$34.99/C$34.99 800-998-9938 707-829-0515 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/0596527586/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0596527586/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596527586/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   677 p.
%S   Head First
%T   "Head First Statistics"

As with other similarly introductory books, there is a summary table
of contents followed by a second, more detailed one.  In this work,
there is also an explanatory paragraph, for each chapter, in the
itemized table.  In the introduction, the author states that the
reader of this text will learn to use statistics, for whatever purpose
they may wish, in a stimulating and easy manner.  (Most of the
introduction is a promotion for the visual, conversational, and
emotional style of the Head First series.)

Chapter one champions the idea of visualizing information.  Charts and
graphs are explained, but the examples are sometimes forced.
Determining the central tendency can be problematic, and chapter two
raises the issues of concern, but doesn't really resolve them.
(Confidence in the book is not helped by arithmetic errors: 10,000
multiplied by 1.1 does not equal 12,000.)  Range, quartiles, box
plots, standard deviation, and standard score are all means of
measuring variability, but the conversational style of the material
does not help once we get into the more advanced topics, and the
content starts to become confusing at this point.  Chapter four does
fine on calculation of the basic probabilities, but, again, the move
into set theory and dependencies strains this format.  (As a security
analyst I was particularly interested to see how Bayesian functions
were handled, but this section was far too terse to be useful.)  The
formulae for discrete probability distribution are presented fairly in
chapter five, and the inclusion of permutation is handled in six, but
when we get to geometric, binomial, and poisson distribution in seven,
the style is once again impeding the explanation.

Chapters eight and nine, using the normal distribution, are really
starting to get into calculus.  Statistical sampling, in chapter ten,
is primarily involved in issues of sample choice, rather than
mathematics.  Chapter eleven does use some of the calculations
introduced previously to predict, based on random populations.  Using
material from chapters three and four, chapter twelve examines issues
of confidence in our figures.  Testing of statistically-based claims,
as well as standard error types, is covered in chapter thirteen.
Chapter fourteen introduces the chi-squared distribution for goodness-
of-fit and independence.  Correlation and regression are dealt with in
chapter fifteen.

On the title page is a photograph of a teenaged girl with a thought
balloon reading, "Wouldn't it be dreamy if there was a statistics book
that was more fun than an overdue trip to the dentist?  But it's
probably just a fantasy ..."  Unfortunately, for this book, that wish
does seem to be relegated to the realms of the fantastic.  There are
parts of the book that are fun.  There are parts that explain
statistics.  However, they aren't the same parts ...

copyright Robert M. Slade, 2009    BKHFSTAT.RVW   20081203


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Doubtless you are the people, and wisdom will die with you!  But
I have a mind as well as you; I am not inferior to you.  Who does
not know all these things?                              - Job 12:2,3
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKNMAPNS.RVW   20090118

"Nmap Network Scanning", Gordon Lyon, 2009, 978-0-9799587-1-7, U$49.95
%A   Gordon Lyon fyodor@... http://nmap.org/book
%C   370 Altair Way #113, Sunnyvale, CA 94086
%D   2009
%G   978-0-9799587-1-7 0-9799587-1-7
%I   Nmap Security Scanner Project
%O   U$49.95
%O  http://www.amazon.com/exec/obidos/ASIN/0979958717/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0979958717/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0979958717/robsladesin03-20
%O   Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   468 p.
%T   "Nmap Network Scanning"

Nobody who is involved in network administration or security needs any
introduction to Nmap, the most widely used network mapping tool.  The
preface to this book states that it is full documentation (as could be
expected from the creator of the utility), intended for Nmap users at
all levels.  In addition to the features and functions of the program,
the work covers general tasks and applications in real world
conditions and environments.

Even if you are not familiar with Nmap, chapter one is a presentation
of the uses of the program (in a couple of fictional, and one real,
settings).  For those with limited background there are useful outside
references, guides, and tools listed, but even with these resources
not all of the cases presented are clear.  There is an interesting
discussion of the legality or advisability of port scanning, and a
brief version history of Nmap.  Chapter two covers installation and
options for various operating systems.  Host discovery, in chapter
three, uses Nmap as well as some other tools.  The examples are
outlined clearly, but not always fully explained (particularly for
non-Nmap utilities).  The text is not always transparent upon initial
reading, but some work and diligence in looking up references (often
within the book itself) will usually clarify matters.  A brief
introduction to ports starts off the material on port scanning, in
chapter four, which then lists basic Nmap options.  Chapter five
describes a number of more advanced patterns, useful for determining
additional information not immediately available or obvious in normal
traffic (or sometimes obfuscated).  Some ideas for optimising Nmap
performance are listed in chapter six.  Chapter seven explains options
related to determining what applications are running on a system,
along with two examples.  Similarly, chapter eight deals with
identification and resolution of operating systems.

Chapter nine explains the Nmap Scripting Engine (NSE) structures,
language, and options, in a usably detailed fashion.  Activities
specific to detecting and evading firewalls and IDSs (Intrusion
Detection Systems) are covered in chapter ten.  It is, therefore, only
fair play that chapter eleven deals with issues of detecting and
protecting against Nmap and other scanning tools being used to explore
or penetrate a system.

Chapter twelve describes the Zenmap user interface which can be added
as a front end to Nmap.  Output and reporting options are reviewed in
chapter thirteen.  Nmap data files, and the customization they can
provide, are explained in chapter fourteen.  Chapter fifteen is a
reference guide summary of the command line options: a printed version
of the Nmap man page.

Lyon fundamentally fulfills his objective.  This is comprehensive
documentation for the utility: in addition, it demonstrates how the
tool can be used effectively in the real world.  In some places the
author has been a little too cute in an attempt to inject humour: in
other sections the text is demanding and could have been written more
clearly.  However, the guide is solidly written, overall, and useful
for pretty much any network analyst or network security analyst.

copyright Robert M. Slade, 2009   BKNMAPNS.RVW   20090118


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Be a scribe! Your body will be sleek, your hand will be soft. You
are  one who sits grandly in your house; your servants answer
speedily; beer is poured copiously; all who see you rejoice in
good cheer.  Happy is the heart of him who writes; he is young
each day.         - Ptahhotep, Vizier to Isesi, 5th Dynasty, 2300 BC
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKNTWWRR.RVW   20090118

"Network Warrior", Gary A. Donahue, 2007, 978-0-596-10151-0,
U$44.99/C$58.99
%A   Gary A. Donahue
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2007
%G   978-0-596-10151-0 0-596-10151-1
%I   O'Reilly & Associates, Inc.
%O   U$44.99/C$58.99 800-998-9938 fax: 707-829-0104 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/0596101511/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0596101511/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596101511/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   576 p.
%T   "Network Warrior"

The preface says that this book is intended for readers who hold a
first-level networking certificate or higher, and that it deals with
real-world practicalities rather than the theory presented in courses.
He also mentions that Cisco equipment will be used in examples.
However, the author doesn't really say what the book will help you to
do.

Part one is entitled hubs, switches and switching, which is fair
enough, since those items are at the (physical) heart of networking.
Unfortunately, in the eight following chapters we have networks
defined in terms of size, hubs and switches defined in terms of
Ethernet, auto-negotiation defined in terms of Cisco commands, VLANs
(virtual LANs) defined in terms of subsetting of ports on a single
switch, trunking defined in terms of broadcast to multiple VLANs,
EtherChannel (a Cisco product) defined in marketing terms, and
spanning tree defined in terms of reducing a packet network back to
Ethernet (with no mention of the risk analysis meaning).  Routing is
the logical basis for network, and part two, while still presenting a
great deal of Cisco-specific material, is somewhat better at providing
the general concepts.  The content is limited in many respects: only
four routing protocols are described, two of which are Cisco's.
Security, for example, is notable by its absence, except for some
discussion of availability.  Part three is completely Cisco-specific;
three chapters dealing with means of managing VLANs.  Some terms (and
Cisco functions) related to telephony and high-speed data
communications are provided in part four.

Although the title of part five is "Security and Firewalls," there
isn't much content about security, as such.  There is a fair amount of
detail on building different entries in firewall access control lists,
a brief description of a few authentication protocols, a terse look at
firewall topologies, and some PIX firewall settings.  Server load
balancing is noted in the two chapters of part six.  Two of the
chapters on quality of service (part seven) present a decent overview
of the issues: two outline Cisco configurations.

Part eight is a grab bag of miscellaneous tips, relating to network
documentation, IP (Internet Protocol) addressing schemes, network time
protocol, some general troubleshooting guidelines, and a couple of
chapters of opining.

What real-world practicalities, as opposed to the theory presented in
courses, seems to mean to Donahue is that networking and
telecommunications courses don't always see the world as Cisco does,
and occasionally dare to use terms in ways other than as defined by
Cisco.  Well, maybe that statement is unfair: there is a little bit of
material in this book that will be of use regardless of what kind of
network you run.  There is, of course, a lot of networking activity
that isn't, and can't, be included in this text.  Overall, though,
this work will be valuable if you are running a lot of Cisco gear in a
large environment, and not too useful if you aren't.

copyright Robert M. Slade, 2009   BKNTWWRR.RVW   20090118


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
          Review index: http://victoria.tc.ca/techrev/review.htm
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKFBKCBK.RVW   20090119

"Facebook Cookbook", Jay Goldman, 2009, 978-0-596-51817-2,
U$39.99/C$39.99
%A   Jay Goldman http://JayGoldman.com
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-51817-2 0-596-51817-X
%I   O'Reilly & Associates, Inc.
%O   U$39.99/C$39.99 800-998-9938 fax: 707-829-0104 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/059651817X/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/059651817X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/059651817X/robsladesin03-20
%O   Audience a Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   404 p.
%T   "Facebook Cookbook"

The preface states that this book is aimed at programmers with general
Web development experience, who are interested in building
applications for the Facebook Website (as opposed to Facebook Desktop
and Mobile utilities).  Readers should understand HTML (HyperText
Markup Language), CSS (Cascading Style Sheets), PHP programming, and
SQL (Standard Query Language) in order to get full benefit from the
material.

Chapter one lists the factors involved in producing a successful
Facebook application, which turn out to be startlingly similar to the
factors involved in producing a successful application of any type.
The common "Cookbook" style of presenting a problem, and then the
solution, is introduced in chapter two, which examines the issue of
market research.  Installation, and basic use, of the Facebook
developer application is in chapter three.

Some issues of architecture and design are addressed in chapter four.
Chapter five presents a number of concerns, but it's difficult to find
any topic common to them.  The Facebook Markup Language (FBML) is
outlined (fairly extensively) in chapter six.  A sandboxed version of
JavaScript, called (of course) Facebook JavaScript (FBJS), is
described in chapter seven.  (The addition of sandboxing to JavaScript
is rather ironic, in view of the many other security problems and
weaknesses in Facebook.)  Chapter eight deals with the Facebook Query
Language, and nine with the Facebook API (Application Programming
Interface).  Marketing your application turns out to be the same as
most other marketing, and chapter ten seems to come full circle again,
but the tools that Facebook can provide to assist with this process
are listed here.

This book collects documentation for the Facebook application
development tools into one place.  As noted in the preface, you will
need to be an experienced programmer in order to take best advantage
of them.

copyright Robert M. Slade, 2009   BKFBKCBK.RVW   20090119


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
It is by the goodness of God that in our country we have those
three unspeakably precious things: freedom of speech, freedom of
conscience, and the prudence never to practice either of them.
               - Mark Twain (1835-1910), Following the Equator (1897)
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKGGLSEC.RVW   20091020

"Googling Security", Greg Conti, 2009, 978-0-321-51866-8,
U$49.99/C$54.99
%A   Greg Conti conti@... www.GregConti.com www.rumint.org
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2009
%G   978-0-321-51866-8 0-321-51866-7
%I   Addison-Wesley Publishing Co.
%O   U$49.99/C$54.99 416-447-5101 800-822-6339 bkexpress@...
%O  http://www.amazon.com/exec/obidos/ASIN/0321518667/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0321518667/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0321518667/robsladesin03-20
%O   Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   332 p.
%T   "Googling Security: How Much Does Google Know About You?"

The title is ever so slightly misleading: the subtitle is much
clearer.  This is not about doing Web searches to find security tools
or information, but, rather, the information that Google collects from
(and relating to) Internet users in the course of providing its
services and tools.  The preface states that the intent is to raise
awareness of the privacy risks involved in using Google, its utilities
and services, and of similar systems and agencies.  Conti does not,
for the most part, present solutions: some activities admit of no
resolution.  Google is not being singled out because the author
doesn't like the company, but because it is the largest and most
pervasive search and information system, with the greatest
implications, and because the policies and decisions resulting from
discussions of these issues can be applied more generally.

Chapter one is an overview of the online world, and online activity,
and the scope and capabilities of Google.  There are extensive
endnotes supporting the stories and studies cited in the text.  The
normal information flows involved with computer operations are
outlined in chapter two, and Conti points out the potential areas of
leakage.  Although not named as such, he provides an excellent
explanation of the trusted computing base (TCB), as well as reviewing
covert channels such as TEMPEST and acoustic surveillance, and
Internet entities.  Turning more specifically to the structure of
requests from browsers, chapter three notes the information that is
captured by server logs.  The author also notes data provided by users
themselves, and that which can be obtained from statistical analysis
of a large amount of activity.

Chapter four notes the various search sites and functions, as well as
the intelligence that can be inferred about someone, simply by
examining the search requests submitted.  Communications, mostly
Gmail, is the subject of chapter five.  Chapter six examines the
mapping and related imagery functions, discussing the information
disclosed by requests for directions, as well as the occasional
invasion of privacy involved in the collection of satellite
photographs.  (Personally, while I don't use Google Earth, I use
Google Maps quite a bit.  I was interested to see that my non-standard
interaction with the system inadvertantly protected against some of
the dangers Conti points out.  I don't "express interest" by clicking
on the "Print" or "Link ..." buttons, but tend to copy the link
location URL and use that.  Of course, if Google buys up TinyURL I may
be in trouble ...  :-)  Tracing functions related to the provision of
advertising, as well as malicious enterprises associated with
commercial proclamations, are noted in chapter seven.  Webbot, spider,
or crawler operations are detailed in chapter eight.  Although Conti
did not promise a solution, chapter nine does provide recommendations
and resources to raise awareness of the issues, and assist with
protecting the reader's privacy.  Chapter ten finishes off with a look
to the future, and the forces which ensure that whether or not Google
survives, the privacy situation online is unlikely to change.

The book is certainly interesting and illuminating.  Internet users,
for the most part, may have encountered security awareness material
that speaks of the dangers of certain types of activities, but not
necessarily of how much information they disclose in the course of
normal pursuits.  While Google is used as a specific example in many
parts of this work, the internal operations of many of the services
and utilities are not examined to the internal depth they might have
been.  A more accurate title might be "Privacy While Surfing."

Which is an important enough topic to read about in any case.

copyright Robert M. Slade, 2009   BKGGLSEC.RVW   20091020

======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
When a subject becomes totally obsolete we make it a required
course.                                              - Peter Drucker
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKWBSTCB.RVW   20090123

"Web Security Testing Cookbook", Paco Hope/Ben Walther, 2009,
978-0-596-51483-9, U$39.99/C$39.99
%A   Paco Hope
%A   Ben Walther root@... http://blog.benwalther.net
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-51483-9 0-596-51483-2
%I   O'Reilly & Associates, Inc.
%O   U$39.99/C$39.99 800-998-9938 707-829-0515 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/0596514832/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0596514832/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596514832/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   285 p.
%T   "Web Security Testing Cookbook"

The preface states that the book is about how to test Web
applications, particularly with regard to security, and is intended
for developers rather than security professionals.

Chapter one, however, provides more of an introduction, starting with
the statement that security testing involves "hostile and malicious"
input.  This limits the scope of the work considerably, but it does
explain questionable assertions, such as that SSL (Secure Sockets
Layer) and cryptography hasn't much impact on testing.  The material
is restricted to deliberate attacks, and doesn't deal with issues of
error, noise, performance, or availability.  While there is some
discussion of choice of inputs, I doubt that the advice would uncover
issues such as the "1000th login" vulnerability that was seen many
years ago in Novell Netware, and more recently in SSH (Secure Shell).

Chapter two lists Web utility software related to, or providing
information for, testing, but is confined to URLs (Uniform Resource
Locator addresses) and circumscribed descriptions.  Limited examples
of using those applications for viewing transactions is given in
chapter three.  Data encoding, covered in chapter four, starts out
well with good explanations, but then devolves into another tools
list.  Chapter five looks at various ways to manipulate input.  Some
examples of using a few utilities for bulk downloading, scanning, and
input fuzzing are mentioned in chapter six.

The cURL scripting tool is discussed in chapter seven, along with its
various functions.  Similarly, LibWWWPerl is dealt with in chapter
eight.

Chapter nine notes some simple design flaws.  A number of the previous
tools are used to examine AJAX (Asynchronous JavaScript and XML)
applications, in chapter ten.  Chapter eleven repeats earlier content
in regard to session manipulation.  A variety of attacks are described
in chapter twelve.

This is not a cookbook for Web security testing, but a very basic
introduction to some tools and concepts related to testing Web
applications for vulnerability to common attacks.

copyright Robert M. Slade, 2009    BKWBSTCB.RVW   20090123


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
                       Unix for stability.
                   Macintosh for productivity.
                     Windows for Solitaire.
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKEYKACW.RVW   20090305

"Everything You Know About CSS is Wrong!", Rachel Andrew/Kevin Yank,
2008, 978-0-9804552-2-9, U$29.95/C$29.95
%A   Rachel Andrew edgeofmyseat.com
%A   Kevin Yank yesimcanadian.com
%C   48 Cambridge Street, Collingwood, Victoria, Australia   3066
%D   2008
%G   978-0-9804552-2-9 0-9804552-2-7
%I   Sitepoint Pty. Ltd.
%O   U$29.95/C$29.95 business@... sitepointpr@...
%O  http://www.amazon.com/exec/obidos/ASIN/0980455227/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0980455227/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0980455227/robsladesin03-20
%O   Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   116 p.
%T   "Everything You Know About CSS is Wrong!"

The preface states that the book is intended for Web developers who
wish to learn about CSS3 (Cascading Style Sheets version 3), learn the
latest capabilities in CSS, or learn about how compatible modern
browsers are with regard to CSS3 rendering.

Chapter one notes the history of the browser wars of the last decade,
with particular reference to the relative ability of each browser to
display CSS properly.  The old, problematic, messy and kludgy way to
do page layout is contrasted, in chapter two, with the new, sleek,
CSS3 way.  (The observant reader may note that the old way is not
explained particularly clearly, which may put it at a disadvantage.)
Various new CSS elements are described in chapter three.  Chapter four
examines a few options for dealing with older browsers that do not
support CSS.  Some of the new display options which may be added to
CSS3 are outlined in chapter five.

This book does not appear suitable for those wishing to learn CSS3.
It does point out new capabilites, and provides a list of browsers
which will display CSS3, but doesn't inform the reader as to how
compatible the browsers are.  Therefore, the stated objectives are
only partially fulfilled.

copyright Robert M. Slade, 2009    BKEYKACW.RVW   20090305


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Whenever you find yourself on the side of the majority, it's time
to pause and reflect.                                   - Mark Twain
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKZRDYTH.RVW   20090120

"Zero Day Threat", Byron Acohido/Jon Swartz, 2008, 978-1-4027-5695-5,
U$19.95/C$21.95
%A   Byron Acohido
%A   Jon Swartz
%C   1 Atlantic Ave, #105, Toronto, ON, Canada   M6K 3E7
%D   2008
%G   978-1-4027-5695-5 1-4027-5695-X
%I   Sterling Publishing Co., Inc.
%O   U$19.95/C$21.95 800-805-5489 specialsales@...
%O  http://www.amazon.com/exec/obidos/ASIN/140275695X/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/140275695X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/140275695X/robsladesin03-20
%O   Audience n Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   297 p.
%T   "Zero Day Threat"

The title here is definitely misleading: the authors have just taken a
sensational term and stuck it on a book about "the shocking truth of
how banks and credit bureaus help cyber crooks steal your money and
identity."  Now, as a malware researcher, I'm delighted to see them
state, right off the top, the rather bitter truth that security is in
such a sorry state because the general populace demands convenience
over security, and major companies are willing to give it to them.
I'm not quite as happy to find that Acohido and Swartz don't fully
understand what a zero day threat actually is.  I'm willing to suspend
judgment for a while based on their very useful division of each
chapter into exploiters (traditional blackhats and opportunists),
enablers (those who build weak infrastructures), and expediters (those
who, in various ways, make the problem worse).  It's good to see that
the authors aren't just retailing the common "oooh, teenage hackers!"
stories, and realize that the situation is complex, and involves the
interacting behaviours of many different parties.

The synergy of this approach is not demonstrated in chapter one.  Of
the three parts of the chapter, the first talks about some drug
addicts involved in dumpster diving for credit card and bank account
information, the second briefly notes the speed and volume of credit
card transactions, and the third examines a few of the malware
instances around the year 2000.  It is not clear what these have to do
with each other.  Subsequent chapters follow up on these stories.  The
tales start to interweave at about chapter five, but few connections
are made between the items in the content, and those that do exist
seem to be almost random.  A final chapter in the book, eighteen, is
entitled "What Must Be Done."  Unfortunately, it is overly broad, and
not very specific, reducing to an assertion that we need better
financial activity oversight and review, better Internet
infrastructure, and better security in operating systems and other
software.  Appendix A, on personal security, contains a fairly
pedestrian collection of advice on credit card, financial, computer,
and Internet security.  All of the recommendations would help increase
the safety of most people: sadly they do not exhaust the possible
avenues of attack, and many of the suggestions are not completely
within the capability of the average user.  (For example, yes, it is a
good idea to use strong passwords that are long, and contain a mix of
characters, and to change those passwords on a regular basis.  The
trick is to teach people ways of creating passwords such that the user
can remember them, and attackers can't.  As a second instance, it is
dangerous to click on any banner ad or popup window: what proportion
of those who use the Internet regularly can identify those entities
when they appear?)

Acohido and Swartz demonstrate, as David Rice did in "Geekonomics"
(cf. BKGKNMCS.RVW), that financial entities have little incentive
either to take serious steps to reduce electronic fraud, or to protect
consumers (or merchants) from losses due to fraudulent transactions.

The authors have done an excellent job of research in the narrative,
at least as far as events in the public record are concerned.  There
is also evidence of commendable exclusive investigation to confirm or
enhance specific areas.  Unfortunately, the technical material has
little depth, and is somewhat suspect when dealing with specialized
areas.

Overall, the stories of the blackhat community are entertaining, the
tales from the financial world emphasize dangers that should be
stressed, and the narratives from the malware environment provide a
history (more social than technical) of major recent infestations.
The work contains a wealth of stories that could be used to promote
security awareness, but doesn't otherwise provide a significant source
of security assistance.

copyright Robert M. Slade, 2009    BKZRDYTH.RVW   20090120


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
         Microsoft is not the ANSWER.  Microsoft is the QUESTION,
                         and the ANSWER is NO!
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKBEARCH.RVW   20090228

"Beautiful Architecture", Diomidis Spinellis/Georgios Gousios, 2009,
978-0-596-51798-4, U$44.99/C$44.99
%E   Diomidis Spinellis
%E   Georgios Gousios
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-51798-4 0-596-51798-X
%I   O'Reilly & Associates, Inc.
%O   U$44.99/C$44.99 800-998-9938 707-829-0515 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/059651798X/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/059651798X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/059651798X/robsladesin03-20
%O   Audience s- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   404 p.
%T   "Beautiful Architecture"

It is difficult to define what architecture is.  Many times
architecture is defined in terms of what it is not.  Architects do not
build buildings: they derive the plans from which buildings are made.
As design is not the structure, but the organization which drives the
structure, so architecture is not design, but is a layer of
abstraction above, and informing, design.  As I read the foreword of
this book, which presented a number of "universal principles" of
architecture, the maxims sounded high and fine, and yet my reaction to
each was, "Yes, but ..."

The preface states that for this work, the editors followed a model
used in a prior work about programming code: contacting people who had
been involved in well-known or highly innovative projects, and asking
them to write essays.

Part one is about architecture, starting with chapter one, which asks
"What Is Architecture?"  Unfortunately, while the authors of the piece
collect a number of definitions, they are less successful in getting
those delineations to work together, beyond noting that architecture
is a set of decisions that are used in the process of design, and that
proper architecture has an important bearing on the final outcome.
(It's a case of "I know good architecture when I see it.")  Chapter
two compares two systems and says one with a bad architecture is worse
than one with a good architecture.

Part two is about Enterprise application architecture.  Chapter three
examines scaling for growth in the context of online role-playing game
systems.  A system for image storage and retrieval for retail
offerings of portraits is described in chapter four.  The concept of
the intranet is revisited in chapter five, noting how Web technology
can be used for information systems within a company.  This piece is
more about the technology than architecture.  Similarly, chapter six
looks at the Facebook application system.

Part three moves to system architecture.  Some interesting ideas about
virtualization architecture are implemented in the Xen system, which
is the topic of chapter seven.  Some aspects of fault tolerance are
addressed in chapter eight's review of the Tandem Guardian system.
Chapter nine describes JPC, a software emulation of the hardware of
the x86 computer within Java.  Virtualization and emulation are both
involved in the Jikes RVM that, as chapter ten shows, has Java
emulating itself.

End-user application architectures are considered in part four.  Emacs
is an astoundingly extended text editor: it has been used as a
development environment, among other things.  However, chapter eleven
shows that it is based on a fundamentally simple architecture,
ensuring that it remains consistent as it grows.  The K Desktop
Environment (KDE) and a couple of extensions are examined in chapter
twelve.

Part five looks at languages and architecture.  A comparison between
functional and object-oriented programming is made in chapter
thirteen.  Chapter fourteen closes off with some more thoughts on
object-oriented programming, and then some thoughts on beautiful
buildings with problems.

There are some interesting ideas presented in some of the essays in
this book.  It is, however, difficult to say how far it extends the
field of software architecture.

copyright Robert M. Slade, 2009    BKBEARCH.RVW   20090228


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
                    ASCII to ASCII, DOS to DOS.
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKSHRPPM.RVW   20090303

"SharePoint for Project Management", Dux Raymond Sy, 2009,
978-0-596-52014-4, U$44.99/C$44.99
%A   Dux Raymond Sy dux@...
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-52014-4 0-596-52014-X
%I   O'Reilly & Associates, Inc.
%O   U$44.99/C$44.99 800-998-9938 707-829-0515 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/059652014X/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/059652014X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/059652014X/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   232 p.
%T   "SharePoint for Project Management"

The preface emphasizes that the use of SharePoint could save project
teams up to 2.5% of their working time.  The text is addressed to
project managers, project team leaders, program managers who want to
make sure project managers use SharePoint, information technology
directors who are being pressured to provide SharePoint, and
SharePoint consultants (presumably those who don't know much about
SharePoint).

Chapter one is a general promotion for using SharePoint as a tool to
help with collaborative work.  Few details are provided, and the
examples are poorly explained.  While it starts with discussion of
project structure, chapter two, supposedly about setting up a project
management information system, fails to demonstrate an evaluation of
uses or advantages of the system.  Most of the material consists of
screenshots of SharePoint data entry pages.  More screenshots, in
chapter three, show you how to add some canned forms.  Chapter four
displays user and group administration pages.  Version control and
discussion groups are described in chapter five.  Chapter six reprints
project tracking screens.  Project reporting, in chapter seven, again
shows a bunch of pictures, but very few options.  (What if you want to
use a PERT chart rather than a Gantt chart?)  Chapter eight notes that
you can store files from Microsoft Word, Excel, and Project
applications in SharePoint: there is, of course, no attempt to use
anything else.  Backing up your material by making it a "template" is
recounted in chapter nine.

I'm probably biased.  I've recently been forced to use SharePoint for
a certain project, and the whole experience has been incredibly
painful and frustrating, and has caused enormous delays and problems.

On the other hand, I would be incredibly grateful for a book that did
actually tell you how to solve some of the problems and annoyances
that SharePoint has caused.

One of my students just noticed that me carrying the book into the
classroom, and asked me if it was any good.  Bearing in mind that I am
going to give it away to someone in the class in a few minutes, you
can take your own interpretation of what I told him: it does tell you
how to use some functions in SharePoint.  It doesn't tell you anything
about project management.  It doesn't give you technical information
about SharePoint in any depth at all.  If you are required to set up
something on SharePoint and don't know anything about the program,
this work will get you started.  Period.

copyright Robert M. Slade, 2009    BKSHRPPM.RVW   20090303


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
        Patriotism is the Rohypnol of the American Public
                            - John Bender, http://bantha.cjb.net/john
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKDGPHMM.RVW   20090308

"David Pogue's Digital Photography: The Missing Manual", David Pogue,
2009, 978-0-596-15403-5, U$24.99/C$24.99
%A   David Pogue
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2009
%G   978-0-596-15403-5 0-596-15403-8
%I   O'Reilly & Associates, Inc.
%O   U$24.99/C$24.99 800-998-9938 fax: 707-829-0104 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/0596154038/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0596154038/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0596154038/robsladesin03-20
%O   Audience n+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   294 p.
%T   "David Pogue's Digital Photography: The Missing Manual"

The introduction states that this book provides information and advice
on buying a digital camera and taking digital photographs, as well as
organizing, processing and using photos.

Part one deals with the camera itself.  Chapter one delineates the
characteristics, advantages, and limitations of the major types of
digital cameras (classed primarily in terms of size).  Brief
descriptions and assessments of the importance of various features are
in chapter two.

Part two examines the shot.  Chapter three provides counsel on
composition, and the mechanics of getting a picture.  A number of
significant setting are noted in chapter four.  Technologies and
techniques for preventing pictures being blurred by movement are
assessed in chapter five.  Chapter six instructs the reader on tips
for setting up common and popular shots.  Characteristics and
accessories for SLR (single lens reflex) cameras are reported in
chapter seven.

Part three notes the management and enhancement of digital photographs
on the computer.  Basic file management, and the Picasa and iPhoto
programs, is outlined in chapter eight.  More on storing and searching
is in chapter nine.  Chapter ten looks at simple photo editing.

Part four deals with the use of photographs.  Chapter eleven deals
with printing.  Chapter twelve talks about email.

This is a basic and fairly straightforward introduction to digital
photography.  Although it does not delve deeply into specialty areas,
it provides a comprehensive background for the beginner.

copyright Robert M. Slade, 2009    BKDGPHMM.RVW   20090308


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
       The optimist sees the Klein bottle as half full;
       the pessimist sees the Klein bottle as half empty;
       the topologist wants to know why you are wasting that stuff
       trying to put it *into* a Klein bottle.                  - rms
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKCDBRKR.RVW   20090420

"Codebreaker", Stephen Pincock, 2006, 978-0-8027-1547-0, U$19.95
%A   Stephen Pincock
%C   104 Fifth Ave, New York, NY   10011
%D   2006
%G   978-0-8027-1547-0 0-8027-1547-8
%I   Walker and Company
%O   U$19.95 www.walkerbooks.com
%O  http://www.amazon.com/exec/obidos/ASIN/0802715478/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0802715478/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0802715478/robsladesin03-20
%O   Audience n- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   176 p.
%T   "Codebreaker"

The introduction does not clearly identify the intent or audience of
the book.  The fact that readers are encouraged to delve into
cryptographic puzzles would seem to indicate that the codes used are
relatively simple.

The second paragraph of the first chapter contains errors in the early
use of cryptographic forms of Egyptian hieroglyphics, which doesn't
bode well for accuracy.  There is decent coverage of fundamental
cryptographic concepts (mostly in regard to substitution algorithms),
but this is hidden (you should pardon the expression) in lots of
miscellaneous history, and some misinformation as well.  Chapter two
covers some minor polyalphabetic ciphers, along with more history and
a fair bit of wild speculation.  Since a number of the chronicled
tales come from the period of 1400-1800 AD, it seems a bit odd that
chapter three starts out by telling us that, as of roughly 1850,
cryptography had been neglected for 450 years.  We are given an
algorithm for decrypting certain forms of polyalphabetic ciphers (and
some examples of digraphic encryption and other complex forms), but no
additional theory.

Chapter four provides acceptable reviews of the structures of Enigma,
Lorenz, and Purple, but with limited technical detail and no
abstraction.  The UK Government Communications Headquarters (GCHQ)
gets credit for asymmetric encryption, along with Diffie and Hellman,
but Ralph Merkle gets left out in the cold.  So do the details of, and
ideas behind, asymmetric encryption: instead we get lists of fictional
ciphers, mostly of the plain substitution variety.  In chapter six,
Pincock deals with quantum cryptography as well as the theorized
decryption of the RSA algorithm using quantum computers.  These are
radically different ideas, but that doesn't bother the author: he
flips back and forth between them with gay abandon, throwing in some
chaos theory for good measure.

I was asked to review this book to see if it would be useful in
helping candidates learn enough about cryptology to get through that
domain on the CISSP (Certified Information Systems Security
Professional) exam.  Well, it isn't.  The book is interesting, and
contains a lot of historical trivia.  It doesn't contain enough on the
basic concepts of cryptography.  It does go into practical
cryptanalysis in more depth than is to be found in the normal run of
texts on simple cryptography, but it doesn't get far enough into the
concepts for commercial or professional decision making.  Asymmetric
encryption is mentioned, but not the uses thereof, nor the extensive
infrastructure necessary for full utilization.

It's fun, but it isn't useful.

copyright Robert M. Slade, 2009    BKCDBRKR.RVW   20090420


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
          Rob Slade's fashion statement:
                          `Hey, I got dressed, didn't I?'       - GJS
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKAGNRLG.RVW   20090306

"Against Religion", Tamas Pataki, 2007, 1-921215-18-6, U$14.95/C$16.95
%A   Tamas Pataki
%C   PO Box 523,Carlton North, Victoria, Australia 3054
%D   2007
%G   1-921215-18-6
%I   Scribe Publications Pty Ltd
%O   U$14.95/C$16.95 info@...
%O  http://www.amazon.com/exec/obidos/ASIN/1921215186/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/1921215186/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1921215186/robsladesin03-20
%O   Audience n- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   136 p.
%T   "Against Religion"

The introduction says that religion, particularly theism, is evil.
There is little structure or thread to this argument, as presented,
and Pataki seems to think that admitting the work is a polemic, with
points chosen arbitrarily and incompletely, justifies saying pretty
much anything.  The writing is full of esoteric references but is
neither compelling nor structured.

In chapter one, Pataki says he will not argue, and does not care,
whether a god exists, but also says that most people who believe in
such a being are mostly stupid and irrational.  Religion is growing,
Pataki notes in chapter three, and then lists characteristics of
fundamentalism.  A psychological assessment is used, in chapter three,
to indicate that monotheism is wish fulfillment.  It is important to
note that chapter four is based on psychoanalytic thought.  The very
specialized terminology of this field is used, and it is assumed that
the reader understands it.  Therefore, the reader without a specific
academic or psychiatric background may fail to understand Pataki's
attempt to explain that religion can be seen as an automatic process
in the development of the growing mind, and not a conscious choice at
all.  (What the theory fails to explain is why some people are *not*
religious.)  Similar analysis is presented, in chapter five, to
support reports that religious people are violent and warlike, and
feel justified in attacking others because of a god's direction in the
matter.  Chapter six uses the same psychoanalytic basis to argue that
religious people are sexually confused (although it is hard to argue
that non-religious people are not so confused).  The thesis that
religious people are irrational is asserted in chapter seven.  It is
interesting that Pataki at one point rails that the "religiose do not
have beliefs--they *know*."  There really is no argument as such in
this chapter.  Pataki does not believe religious people cannot think
rationally--he just knows it.

It is extremely difficult to understand what Pataki intends the book
to convey.  As he states early on, he advances no reasoning to support
disbelief in God.  He proposes that religious people are foolish and
possibly do unpleasant things, but does not demonstrate that non-
religious people are wiser or kinder.  He does a fair job of
establishing that many, if not most, religious people believe for
reasons that are intellectually suspect, but huge numbers of the
populace conclude the truest things for the weirdest analyses, and the
author does, reluctantly, admit that some religiose may believe from
valid reasons.  Pataki singularly does not illustrate that belief in a
god creates irrationality or cruelty.  Nor can we determine whether
religious belief is any definitive indicator of untenable thought
processes.

Sorry, but I'm definitely against this book.

copyright Robert M. Slade, 2009    BKAGNRLG.RVW   20090306


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
We want to be creative and different, but we're squeamish about
`standing out', and we also want to fit in and belong--so let's
join a sub-culture and all be eccentric in the same way,
together.                         - Kate Fox, `Watching the English'
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKHLTSTT.RVW   20090419

"Halting State", Charles Stross, 2007, 978-0-441-01498-9,
U$25.95/C$30.00
%A   Charles Stross www.antipope.org/charlie/index.html
%C   10 Alcorn Ave, Suite 300, Toronto, Ontario, M4V 3B2
%D   2007
%G   978-0-441-01498-9 0-441-01498-4
%I   Penguin/Signet/Roc
%O   U$25.95/C$30.00 416-925-2249 Fax: 416-925-0068 service@...
%O  http://www.amazon.com/exec/obidos/ASIN/0441014984/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0441014984/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0441014984/robsladesin03-20
%O   Audience n+ Tech 2 Writing 3 (see revfaq.htm for explanation)
%P   351 p.
%T   "Halting State"

If you like William Gibson's writing, then you will probably like this
book.  Charles Stross isn't quite up to that level yet, but, with a
little more work, he could be.

Stross does seem to know his technology.  Which makes the few errors
all the more annoying, when they pop up.  He seems to understand (as
very few computer or security industry trade journalists do) the
difference between quantum cryptography and decryption of RSA keys by
quantum computer: he still manages to link them together in a
confusing fashion in the story.  (And, no, even with a quantum
computer you probably don't have a universal decryptor.)  Also, top
level domain country codes are two letters, not three.

However, Stross does understand societal dependence on computers, the
activities and misunderstandings of various communities, and that
disaster is more likely to arise due to ignorance than direct attack.
The work is very realistic, in those terms, and worth reading as a
warning of a substantial threat in that regard.

copyright Robert M. Slade, 2009    BKHLTSTT.RVW   20090419


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
              Si hoc legere scis nimium eruditionis habes
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

BKACTSTR.RVW   20090520

"Actionable Strategies", Stephen S. Bonham, 2008, 978-1-59693-119-0,
U$59.00/C$70.95
%A   Stephen S. Bonham
%C   685 Canton St., Norwood, MA   02062
%D   2008
%G   978-1-59693-119-0 1-59693-119-1
%I   Artech House/Horizon
%O   U$59.00/C$70.95 617-769-9750 artech@...
%O  http://www.amazon.com/exec/obidos/ASIN/1596931191/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/1596931191/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1596931191/robsladesin03-20
%O   Audience i Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   261 p.
%T   "Actionable Strategies"

The preface asserts that management or control approaches are
generally pursued from the separate viewpoints of performance (metrics
of various types), process (a beloved but ill-defined piece of
business jargon, roughly meaning "how we do things"), project
portfolio (the range, scope, and particularly diversity of projects or
products, poorly explained by Bonham), or risk management (which
requires whole books to even define).  (These four items are
abbreviated, by the author, as PePPR.)  As the author points out,
there is a good deal of overlap of information required in these four
areas, and an integrated approach might produce benefits.  This is
said with a great deal of verbiage, and a wealth of buzzphrases.

Chapter one starts by quoting Raynor's "Strategy Paradox" that
companies can't adapt because the environment is simply changing too
rapidly for anyone even to keep up with it: businesses must prepare
for change, but can't prepare for everything that might happen.
Bonham then goes on to say that businesses need to be adaptive and
prepared, and gives other equally contradictory advice.  PePPR is
again surrounded by a storm of utterances, with little that is useful.
Although chapter two is entitled "Maturity," and the Capability
Maturity Model is briefly mentioned, the Deloitte Business Maturity
Model is presented in two completely disjoint ways, and is forced into
alignment with two separate lifecycle or project models, leading to a
complete shambles which does not explain anything about business
maturity at all.  Towards the end an "execution" maturity model of
astounding complexity is attempted.  A generic overview of some
planning models is given in chapter three.  A survey of various models
and ideas on performance management is provided in chapter four, with
process management dealt with in five.  Project portfolio management,
in chapter six, does note the need to balance return on investment,
strategic alignment, organizational support, architectural alignment,
asset leverage, and resource availability.  The way to do this,
apparently, is to have good project management.  Some finance-oriented
(capital risk) risk management frameworks and general concepts are
discussed in chapter seven.  Bonham throws a lot of words at the idea
of integrated execution in chapter eight, but without providing much
useful guidance.

There are a great many business references in this work, and a good
deal of erudition.  Unfortunately, the content and writing does not
provide useful guidance to those having to make difficult business
decisions in tumultuous times.  Those who have used and worked with
these approaches, and who have worked with the range of them, will
best know whether they can be integrated and the combined process used
to advantage.  Those people will not need this book.

copyright Robert M. Slade, 2009    BKACTSTR.RVW   20090520


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
That's the problem with science.  You've got a bunch of
empiricists trying to describe things of unimaginable wonder.
                                                      -Bill Watterson
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored

BKCDBRKS.RVW   20090703

"The Codebreakers", David Kahn, 1996, 0-684-83130-9, U$75.00
%A   David Kahn
%C   5 Maxwell Dr., Clifton Park, NY   12065-2919
%D   1967, 1993, 1996
%G   0-684-83130-9
%I   Charles Scribner's Sons/MacMillan/Delmar Cengage Learning
%O   U$75.00 800-354-9706 www.cengage.com
%O  http://www.amazon.com/exec/obidos/ASIN/0684831309/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/0684831309/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0684831309/robsladesin03-20
%O   Audience n+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P   1200 p.
%T   "The Codebreakers"

It seems that no work on cryptography is complete without some
reference to Kahn's great historical reference.  For a long time I'd
been meaning to find a copy and get it into the series.  Its pages are
filled with fascinating stories, and some great historical
scholarship.

But almost nothing that you'd be asked on the CISSP (Certified
Information Systems Security Professional) exam.

The thing is, Kahn's work was originally written before the invention
of DES (the Data Encryption Standard) or any of the other now commonly
used symmetric block ciphers.  (Although Feistel must have been
working on the predecessor to Lucifer at the time the first edition of
the book was published.)  Whether you credit Diffie and Hellman,
Merkle, or GCHQ, asymmetric encryption wasn't even a gleam on the
horizon.  So all of modern cryptography came after Kahn produced his
primary version.

Some of the historical material is relevant, to be sure.  The fact
that implementation details always trip you up is demonstrated time
and again.  The truisms of Kerckhoffs' Law, Marcel Givierge's advice
to "[e]ncode well or do not encode at all.  In transmitting cleartext,
you give only a piece of information to the enemy, and you know what
it is; in encoding badly, you permit him to read all your
"correspondence and that of your friends," and even Charles Babbage's
assertion that "[o]ne of the most singular characteristics of the art
of deciphering is the strong conviction possessed by every person,
even moderately acquainted with it, that he is able to construct a
cipher which nobody else can decipher.  I have also observed that the
cleverer the person, the more intimate is his conviction" are all
supported time and time again.  The importance of key changes, the
concept of perfect forward secrecy, and many more important
cryptological factors are all illustrated here.

At great length.  This is definitely a bedtime book.  It's got a lot
of material, and it demands diligent attention from the reader.  Look
away for a second, and you'll find that we have jumped from the third
to the seventeenth century, and turned from transposition ciphers to
nomenclators.

Well, no, it isn't that bad.  Kahn is a good writer, and his text will
keep you engaged, but you do have to pay attention.  The historical
stories are complex and intertwined, and you will have to make
frequent reference to the index to re-read the specifics of particular
writers or ciphers.  Up until the twentieth century, however, the
content progresses in a fairly straightforward manner.  (By the time
of the world wars we start to suffer from an embarrassment of riches,
and the timeline rewinds many times through different countries and
agencies.)

When we get past the second world war, the material does start to show
its age.  Kahn admits, in the preface to the second edition, that he
only added one (very brief) chapter to bring things up to date (mostly
concerned with the Ultra project revelations that came to light in the
1970s), and didn't bother to check and update the previous material.
So it's a bit funny to find mentions, in his chapter on "current"
cryptography in the fifties and sixties, descriptions of the Soviet
Union as if it still existed.  You have to keep remembering that the
crypto "devices" aren't digital, and the "networks" are Telex.

There are some additional chapters covering commercial and criminal
codes, ciphers that people have imposed upon mysterious material (like
something out of "The Da Vinci Code"), decipherment of dead (and
interstellar) languages, and random aspects of cryptanalysis.  These
read like magazine articles that have been thrown into the work at the
last minute, and are outside the historical structure of the bulk of
the book.  There are still interesting tidbits, but Kahn also feels
freer to opine in this section.

Although Kahn states that he wanted to produce a complete history of
cryptology (combining both cryptography and cryptanalysis) it is
obvious that his heart is in cryptanalysis.  Thus is it rather strange
that the weakest areas of the text involve his explanations of
cryptanalytic techniques.  As Kahn is an amateur cryptanalyst himself,
this is possibly due to an overfamiliarity with the subject.  The
explanations frequently seem to assume a more extensive background on
the part of the reader.

This is a work of solid historical scholarship.  It will be
fascinating for anyone with the remotest interest in cryptology.  For
anyone seriously working in the field it makes great reading material
and is a salient reminder of some important points that often get lost
in the technology.

Just don't plan to use it to craft your public key infrastructure.

copyright Robert M. Slade, 2009    BKCDBRKS.RVW   20090703


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
Did you ever notice that everyone in favour of abortion has
     already been born?                         - Benny Hill
http://victoria.tc.ca/techrev/rms.htm
http://blog.isc2.org/isc2_blog/slade/index.html http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored

BKGOAPHA.RVW   20090723

"Google Apps Hacks", Philipp Lenssen, 2008, 978-0-596-51588-1,
U$29.99/C$29.99
%A   Philipp Lenssen Philipp.Lenssen@...
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2008
%G   0-596-51588-X 978-0-596-51588-1
%I   O'Reilly & Associates, Inc.
%O   U$29.99/C$29.99 707-829-0515 fax: 707-829-0104 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/059651588X/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/059651588X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/059651588X/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   361 p.
%T   "Google Apps Hacks"

Currently, I'm supposed to be helping out an organization that wants
to use Google Apps in order to make documents and resources available
to its members.  I can't figure it out.  I could really use a book
that would explain how to use the system.

This doesn't appear to be it.  The work does say that collaboration
and sharing can happen, it just doesn't tell you how, specifically, to
do it.  The authors do detail how to do some clever little tricks, but
the tricks don't appear (to me, as a novice) to be very useful.  The
"hacks" also appear to involve installing an awful lot of outside
software, and since this is a security group, and I'm a professional
paranoid, I'm not sure how much time I'd want to spend testing all
this stuff and making sure that it is safe.

That's chapter one.  It's supposed to be an introduction, but it
demands a fairly high level of familiarity with Google Apps if you are
going to make much sense of it.  The same is true with chapter two,
which addresses Google Docs (word processor).  There are hacks on how
to get fancy, but no help on how to get started.  Chapters three and
four, on Google Spreadsheets and Presentations, are similar.

The content on Gmail, in chapter five, is an odd mix of generic email
advice, notes for customizing Gmail, and other systems to use instead
of Gmail.  Chapter six deals with iGoogle (a way to create a Web page
for yourself).  The calendar, discussed in chapter seven, is fairly
basic.  RSS (Really Simple Syndication or Resource description
framework Site Summary), and Google's Reader, is outlined in chapter
eight.  Chapter nine notes some random functions of Picasa (for
pictures) and YouTube (for videos), whereas ten mentions various
Blogger features, and eleven talks about Google Maps, Earth, and
SketchUp 3D.  Some ideas on how to promote your Website, and track
traffic with Google Analytics, are dealt with in chapter twelve.

This book is definitely not an introduction.  However, even for those
familiar with Google products, the content is not organized in a way
that makes operations and tasks easy to find and use.  In addition,
since the work seems to require at least an intermediate knowledge of
how the applications work, one would assume that the "hacks" would be
detailed, but that is not always so.  In many cases it is pointed out
that you can do something, and then the specifics of "how" are left to
the reader to find out.  Certainly there are ideas which may be of
interest or use to Google Apps users in this text, but the value of
the manual, as a whole, is questionable.  Novices need the details.
Google Apps wizards presumably know all of this.

copyright Robert M. Slade, 2009    BKGOAPHA.RVW   20090723


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
After attacking the sacred majesty of kings, I shall scarcely
excite surprise by adding my firm persuasion that every
profession, in which great subordination of rank constitutes its
power, is highly injurious to morality.
Mary Wollstoncraft (1759-1797), A Vindication of the Rights of Woman
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored http://twitter.com/rslade

BKMOSXUG.RVW   20090725

"Mac OS X for Unix Geeks", Brian Jepson/Ernest E. Rothman/Rich Rosen,
2008, 978-0-596-52062-5, U$34.99/C$34.99
%A   Brian Jepson bjepson@...
%A   Ernest E. Rothman ernie.rothman@...
%A   Rich Rosen http://www.neurozen.com/website/
%C   103 Morris Street, Suite A, Sebastopol, CA   95472
%D   2008
%G   978-0-596-52062-5 0-596-52062-X
%I   O'Reilly & Associates, Inc.
%O   U$34.99/C$34.99 800-998-9938 fax: 707-829-0104 nuts@...
%O  http://www.amazon.com/exec/obidos/ASIN/059652062X/robsladesinterne
   http://www.amazon.co.uk/exec/obidos/ASIN/059652062X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/059652062X/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   406 p.
%T   "Mac OS X for Unix Geeks"

The preface states that this book is intended for people who are using
the Mac, and OS X, because of its foundation in the UNIX environment.

Part one is a basic introduction to the system.  Chapter one, entitled
"Inside the Terminal," tells how to access the command prompt (using
the "Terminal" terminal emulation application), with some alternative
settings you can use.  Search functions are covered in chapter two,
which is a bit odd, since files, filesystems, standard directory
features, and alternative filesystems aren't dealt with until chapter
three.  The boot process, options and preferences for customization,
and program invocation are explained in chapter four.  Chapter five
outlines account creation and services.  Installation of printers,
plus print management function, is in chapter six.  The X windowing
system and virtual network computing (VNC) is in seven.  Chapter eight
lists a few outside applications, and nine mentions some of the other
operating systems and emulators you can run.

Part two is for programmers (and open source devotees).  Chapter ten
provides a fairly simplistic overview of the concepts of compilation
and enumerates a lot of utilities, while chapter eleven discusses
libraries, headers, and frameworks.

Part three covers packages, which are basically applications with more
complicated installation.  Fink is one development system, reviewed in
chapter twelve, and MacPorts is another, outlined in thirteen.  The
creation of installation packages is discussed in chapter fourteen.

Part four deals primarily with other system functions.  A listing of
server software and tools is in chapter fifteen.  Chapter sixteen
notes a number of standard UNIX system management utilities, plus
tables of system variables.  Some oddities of Mac versions of the
Perl, Python, Ruby, and Java programming languages and libraries are
explained in chapter seventeen.

This book will get you a basic start into the UNIX side of the Mac if
you are new to the OS X operating system.  It will also provide
certain explanations of the UNIX world if you are used to working with
a Mac.  In either case, you will probably need to start lining up
additional resources fairly soon after your introduction to the other
system.  (The work will be slightly more useful if you are a
programmer as opposed to user.)

copyright Robert M. Slade, 2009    BKMOSXUG.RVW   20090725


======================  (quote inserted randomly by Pegasus Mailer)
rslade@...     slade@...     rslade@...
It is a chilling thought, and until the authorities come up with
a plan of action, I am urging everybody to take the sensible
precaution of developing a nervous facial tic.          - Dave Barry
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored http://twitter.com/rslade