5 comments about Design of the UNIX Operating System (Prentice Hall Software Series).

1. Maurice Bach's The Design of the Unix Operating System still holds the place of honor on my technical reference bookshelf. After almost 20 years, it provides a clear overview of basic Unix organization and operations and is a model for how technical books should be written. Readers who complain that the text is dated evidently did not bother to notice the 1986 copyright date. Its age, however, has not diminished its clarity of content or usefulness in understanding the Unix operating system. Bach deserves an award for excellence in technical writing.



2. It is one of the greatest books that I have ever read on UNIX. It is a comprhensive yet simple depiction of Unix Operating System. This book is a MUST READ for UNIX / UNIX LIKE Operating System Engineers. It is worth possesing a copy as it can come handy quite regularly. I give it a full go go!



3. While there may be more detail to be found in "The Magic Garden," or more up-to-date coverage in the likes of Vahalia or Schimmel, Bach's opus is, in the view of this twenty-plus-year UNIX guru, unmatched. I say this because only while reading Bach's book do I experience the sense of philsophic structural perfection, of tool-orientation, of practicality-versus-theoretic-efficiency tradeoff, that characterizes the earliest UNIX monographs (Ritchie, Kernighan, Bourne, Lycklama, Ossana; that sort of thing) that busied me as a freshman. Bach imparts to the reader a glorious--and gloriously holistic--depiction of the structure of the UNIX kernel as a unit. Algorithmic details are provided where appropriate. Exceptionally well thought-out exercises stimulate the reader to extend the textual material where meet. The material is assuredly out of date, but I dare you to critize, say, Lions as being "out of date" (whether or not it describes a 25-year-old, 9K-LOC kernel, it is a scripture of paramount importance, a cornerstone of my computer engineering [n.b.: I didn't say "computer science"] library).
   
   For those who are wont to compare Leffler and Bach--if for no other reason than that they are coevals--I heartily endorse Bach over its competitor. It's nice. It's clean. It's precise. You just couldn't ask for more. And, BTW, stay away from "The Magic Garden." I'm not sure that five hundred pages worth of out-of-context code excerpts, inundating the reader with thousands of kernel variables, accomplishes much by way of imparting conceptual understanding.
   
   (I'm reminded: a customer of mine--an older gentleman with a Ph.D. in physics--once asked me for a concise description of the workings of UNIX, something that introduced the basic concepts at a scholarly but not overweight level. I told him I had a recommendation in mind. "You're going to give me 'The Magic Garden'," John complained; "Don't bother. It stinks!" Was John ever surprised when I pointed him to the third entry in Tanenbaum's Modern Operating Systems series. It has concise thirty or forty-page entries on UNIX, MS-DOS, and a handful of others. For those who want to know--from a scientist's viewpoint--what the fundamentals of the UNIX OS and superjacent environment are, what it can do, how one navigates within it, etc., at a _conceptual_ level that trucks not with the details of Bach or Leffler, seek ye Tanenbaum II.)



4. I'm something of an OS freak (not an expert though) and I collect OS books. I've read many of the classics of the field but I think this book is the crowning achievement of OS literature. Here are the arguments to support my claim:
   
   a) It does not go into explaining general OS theory, thus all space can be dedicated to explaining the details of one operating system (Unix System V Release 2). This of course makes it unsuitable for begginers as it assumes you have a good understanding of basic concepts like race conditions, mutual exclusion, data structures, etc. If you're a begginer don't buy this book yet; get "Operating Systems - Design and Implementation" by Tanenbaum & Woodhull or "Operating System Concepts" by Silberschatz, Galvin and Baer.
   
   b) It details EVERY algorithm with C-like pseudocode and adds verbal explanations exemplifying operations running through the algorithms. This is unlike other OS books which sometimes just give general descriptions of algorithms with no examples.
   
   c) Explanations are complemented by many diagrams of data structures in various states of manipulation by the algorithms. This is possibly the most valuable feature of the book as it does wonders to help you understand what the kernel is doing; you get to 'see' how the algorithms work. This sets it apart from practically all other OS books I've read that just mention in passing "... then function 'x' manipulates data structure 'y'" and leave you to find out the implications of these manipulations. Diagrams also make the book superior to mere code listings.
   
   d) Each chapter 'uses' the algorithms explained in the previous chapter to explain higher level functionality. This is much unlike other OS books which are just unstructured and make you loose the big picture of how the various pieces fit together. Chapters also start with an introductory overall view of the current topic.
   
   So, what is not to like about this book? The only thing I can think of is that it deals with a 'dead' OS. Unix System V only runs in a handful of computer installations these days (if any), while its derivatives have changed too much to serve as a reference while reading the book. Still, System V binaries and source are available on the internet, legally of course. Search for The Unix Heritage Society archives. If you want to get really hardcore you can even get a PDP-11 emulator and set up Sys V in it. There are, of course, other books that delve into present day operating systems; "Solaris Internals" , for instance.
   
   Also, Unix-haters might point out this is just another book on Unix. Well, unfortunately there are no books that explain, say MS Windows, at this level of detail; blaim MS. But still, while dealing with the specifics of one single OS, you do get a general understanding of how other OS's might work.
   
   In my humble opinion this book is the 'King of the Hill' of OS literature; it has helped me finally understand things like context switching and memory mapping. An absolute feast to read, particularly if you like Unix.



5. This book is for anyone who wants to know what happens "under the hood" in a UNIX based operating system. I especially like the pseudocode given for various system calls and other important kernel functions. The exercises given at the end of chapters are thought provoking. This book is not about how to learn/work in UNIX. Some of the topics such as streams may not be relevant in some of the current implementations of UNIX (or clones of UNIX), but most of the book is still relevant.

5 comments about Unix Shell Programming (3rd Edition).

1. Okay, but not for heavy-duty UNIX-LINUX users. This book is okay as an intro to the use of the shell. Korn shell users might want to consider "Korn Shell: Programs for Your Survival at Work" by Larry L. Smith. Bash users might want to consider "Bash Shell: Programs for Your Survival at Work."



2. I wish this was the book we used last quarter since it is MUCH better. It is this quarter's UNIX / Linux textbook (Shell Scripting although it also covers the basic commands) This book is highly reccomended for the Linux beginner or for someone who wants a very good reference book.



3. This book is good, actually quite good, but for a beginner. The reason of the title and four stars is, for a beginner, I would still recomend the gold standard, age old "The UNIX Programming Environment" by Kernighan and Pike, the first five chapters (unless you know decent amount of C). If it comes to writing portable shell and also getting an introduction to Awk, the other two books are far better. No offenses to Stephen Kochan, I am a fan of his C book.. !



4. I was recently thrown into the world of Unix at work. Like most people I was a windows programmer/user and didn't even know what Unix was. After reading the reviews, I picked this up and must say its the very best book on programing I've ever read. I have books on XML, XSLT, SQL SERVER, VB, C# and more, but none of this books taught be faster than Unix Shell Programming, Third Edition. This is a must have for the beginner!
   
   Highly recommended.



5. This third edition is still based on the classic UNIX shell programming book Kochan put out in the late eighties. The benefit of this edition is that it includes POSIX standard support for constructs supported by the Bash and Korn shells. It is no longer restricted to the Bourne shell.
   There are many thoughtful insights appearing throughout the book, which makes it an excellent reference book. If using it as a text book, it is a little slow getting into the actual programming; you may find yourself bogged down in regular expressions that are covered in chapter 4.
   Overall, this is one of the better books I have seen on Shell Programming.

5 comments about Inside Com (Microsoft Programming Series).

1. This book begins by assuming the reader knows little more than basic C++. In the second chapter it introduces some simple C++ classes about which the reader will think to herself, "okay, this is simple". From there it builds: adding incremental changes to the original C++ code, gradually making it more useful, explaining each change as it goes. By the end of the book, the original example has grown up into a full fledged COM component, written completely from scratch. No wizards, no templates. At this point the reader will not only be able to recognize the elements of a COM component, but more importantly, she will understand *why* COM works the way it does. The mystery surrounding the ATL and Visual Studio wizards evaporates, and the developer can see them for what they really are: simple shortcuts.



2. This is an excellent COM starting book. The author progressively builds knowledge and uses a C++ style that does not require you to memorize by heart the function, macro or template presented in page X or in windows.h. This simple, no distractions approach facilitates focus.
   
   I praise the COM reading list posted by another reviewer ("A reader"), the only book I would add to that list is "Inside Distributed COM" as this book covers the network aspects of COM like no other.
   
   Finally: Do not understimate COM's longevity... It will be with us for a long time and is stable so your investment will payoff.



3. I have been using COM for a while, then finally decided to dig further into its design paradigm and some implementation details. This book assumes knowledge of C++ and a lot of understanding of polymorphism. If you don't understand polymorphism, then it will be very hard to understand this book - but if you do, you will really enjoy reading it.
   
   This is one of the best technical books I have ever read - not just on COM. It does NOT beat around the bush. This is one of those books that can be read cover to cover - concepts are built gradually and one layer upon the next. Of course, this means that you must pause to fully understand a chapter before proceeding to the next.
   
   This book is a perfect balance - it neither goes too much into the code, nor does it hover at a high level. I think Dale Rogerson has a knack for writing!
   
   On the con side - the jokes and anectodes can sometimes get to you :)



4. This is much more than a COM book. The book spends a lot of time in the first half talking about the more general concept of interfaces, which is more of a software design topic. Then he shows how to implement those interfaces using C++ abstract classes and gives a very good discussion of inheritence, polymorphism, and virtual function tables. Everything is done in pure C++ so you can see what is going on. No wizards or macros to hide the details. The diagrams were very helpful.
   
   Even if you choose to not use the COM architecture for your software the discussion of interfaces will help you write software of much higher quality. Seeing how the interfaces are implemented and the discussion of inheritence and virtual function tables gave me a much better understanding of the C++ language.
   
   The key to understanding COM is understanding interfaces and this book does a very good job explaining them. Eventually when the author gets into the Microsoft specific COM library you can see how those chapters build on the earlier chapters. You can see how a program can evolve from a set of inflexible C++ classes, to some compile-time flexible C++ classes that use interfaces, to run-time flexible components using DLLs, and finally a full blown COM component.
   
   Near the end of the book it is not as thorough with the examples but that is because the topics presented there are too large to fit in a single chapter. The first 8 chapters are worth the price of the book.



5. This book is probably the best COM introduction book for C++ programmers. It walks you through the basics such as the IUnknown and the IDispatch interfaces, the different types of COM servers and the threading models. Everything is explained in clear writing style.

1 comments about Advanced Programming in the UNIX Environment: Paperback Edition (2nd Edition) (Addison-Wesley Professional Computing Series).

1. Three years ago, this second edition was released in hardcover. A worthy and needed updating of the first edition. Now this paperback edition is made available. The cheaper cost will benefit some readers. Its reputation as one of the standard unix texts means that many unix and linux programmers need it in their workplace. But possibly the cost of the hardcover version was a deterrent.
   
   Meanwhile, I reproduce my review of the second edition, hardcover, from 2005, below. My remarks in it still stand.
   
   ===========================
   
   Many of you who learnt unix in the 90s would have cut your teeth on the first edition of this book. This second edition should be well received. It encapsulates the changes in the unix world since 92. Most importantly, it shows the rise of linux. A rise that is still unabated.
   
   Broadly, the structure of this edition matches the first edition. Rago was brought in as co-author after Stevens died in 99, and he has deliberately kept this consistency. I was glad to see that Rago kept the exercises at the end of each chapter. Many computer books seem to dispense with this, which can be a pity for anyone who needs hands on tasks to learn from.
   
   The threading chapters are a significant change from the first edition. Not simple reading, but they do reflect powerful ways to possibly optimise your code. The biggest cost for you may be the effort you need to invest in understanding the coding issues in these chapters. Rago's code examples are deliberately short, and necessarily somewhat artificial. But they do demonstrate well the various threading issues.
   
   Of course, other chapters have had minimal alterations. How much have terminal I/O or pseudoterminals changed in 10 years? Those chapters may be old friends to you.

5 comments about The Art of UNIX Programming (Addison-Wesley Professional Computing Series).

1. I join the other reviewer who complained about the book having no code at all.
   
   What a misleading title.
   The reason i came here to read the reviews is that i saw it on sale for just $10, and after going thru the pages found that it's not much use for a professional developer's day job.



2. When I first started reading this book, I expected to hear a considerable amount of Microsoft trashing and everything else that follows from fanatical Microsoft haters. However, what I found was an easy to follow book that illustrates many aspects of Unix programming, explains why they work, and shows examples of all of them.
   
   The organization of the chapters is logical and the emphasis on the Unix philosophy helps with the flow of the book. Raymond starts out by enumerating the philosophy and writing a bit about each one. Many are universal, as "The Rule of Separation", "The Rule of Diversity" or "The Rule of Least Surprise" in user interfaces. However, many others are specific to Unix and its descendants such as "The Rule of Silence" and others. From there on, Raymond takes off to talk about how Unix is designed and implemented guided by the items of the Unix philosophy.
   
   The book also includes a nice history of Unix section, which is pretty much the history of modern computing. Reading it made me all warm and fuzzy inside; it was both entertaining and informative. A must-read.
   
   Where this book falls shortly is in some criticisms of non-Unix related topics. Object oriented programming is apparently not appreciated by Raymond. I don't agree with a lot of his claims about how object oriented programming over-complicates things. In my opinion, writing in procedural languages is messy stuff. Also, this man seems to think everything in Unix is simply perfect. Although a bit annoying at times, in many instances the result is positive becase his passion for the topic is clear.
   
   Even though there is no code, it didn't take anything away from reading. The knowledge gained from it is HUGE because of the amount of material covered, and it WILL make you a better programmer, independent of whatever OS background you are from.



3. Learning what this book had to teach was a pivotal point in my software development career... it was the first time I came to an awareness of looking at HOW the design and development process occurred in my job, and really thinking about WHY we did certain things the way we did. My own development methods changed drastically after reading this book, and my own visible changes have had an impact on those that work with me (i.e. it got them thinking as well about how they did their development). ESR's book spent a fair amount of time in the details of some specific software, but those parts came across to me as examples backing up earlier points he had made rather being "I recommend using this software" endorsements. I've learned from ESR's writings that there's almost always an upper-level awareness to be discovered, whether he's explicitly making a point to back up something he's saying, or whether it's something implicit that steers your own thinking towards something he's said. I highly recommend this book to anyone who's been doing software development (especially in a group environment and steered/constrained by that group's processes) for at least a year, perhaps two. If you've been doing this kind of work for more than two years, and never thought deeply at WHY you design your software creations the WAY you do, it's time for you to pick up this book and see what you can glean from it.



4. Ever wonder about the relative popularity of various computer languages? Tired of the interminable discussions in newsgroups about which language is better than another? It turns out that the most distinctive feature of Raymond's book is Chapter 14. It gives a semiquantitative assessment of C, C++, Perl, Tcl, Python, Java and emacs Lisp, as of March 2003.
   
   A fascinating and provocative look at the relative rise and fall. Raymond compares this to an earlier survey in 1997. He shows that C, C++, Java and Lisp have been roughly stable. While Tcl is declining. And Python rose impressively. He suggests that the Perl usage is under long term threat from Python, as the best writers in Perl might migrate to Python.
   
   There is no coverage of C#. It did not exist in 1997 and scarcely so in 2003. Likewise for Ajax.
   
   Very few computer books offer such assessments. Useful if you are going to commit to a particular language.



5. A good book to read, but certainly not in anyway essential or required reading. The title is hideously misleading as the book should really be titled something like "Observations on what makes UNIX successful" or "UNIX culture" as it has nothing to do with UNIX programming and more with the design patterns and practices that have made UNIX successful. In fact some of the cases you are given as examples are far enough from what can generously considered to be UNIX that you really have to wonder why Raymond (the author) has brought them into the discussion.
   
   There are a couple of things that IMHO drag the book down. 1) Raymond seems to have conveniently decided that the only Unix in existence since 1995 is Linux, ignoring the contribution of the *BSD communities and the emergence of Mac OS X as a mainstream desktop UNIX. In fact classic Mac OS gets more discussion than the UNIX based OS X which is somewhat bizarre given the rich history around its development from NextStep 2) Later sections of the book drift dangerously into Open Source dogma territory as discussions of licenses take over. Again the content is worth reading, but it makes you again wonder why the book claims to be a UNIX programming title in the first place.
   
   What observations Raymond does make are very well presented and relevant, but are not presented in any great depth as he quickly moves onto other topics. Overall the book feels like a bunch of notes that Raymond has attempted to pull together under a single theme, in some cases it works, in some cases it doesn't, but the points that he makes are valid enough that he does somewhat get away with it. Worth a read, but there are other more essential books that should be read first.

5 comments about The Design and Implementation of the FreeBSD Operating System.

1. For the other side of the story, you may wish to check out the most recent "Inside Microsoft Windows" or "Microsoft Windows Internals" by Mark Russinovich.



2. A BSD Bible. I never could read the Bible. I do Believe ...
   
   650+ pages of truth and gore. I (as a sysadmin and BSD boomer) related most to the History (Ch.1) and Startup/Shutdown (final Ch.14). Memory management and other gore escapes me. GOOD JOB!



3. First of all you should be warned that this is not an introduction to get started with UNIX kernel programming. The Design of the UNIX Operating System by M.J. Bach provides a good general introduction to UNIX kernel programming. The design and implementation of the FreeBSD operating system is an excellent book to deepen knowledge of the UNIX kernel by looking how a current UNIX is implemented in practice. Even if you plan to write code for another kernel, working through the FreeBSD kernel with this book as a guide is a good excercise to become consious of the fundamental problems and solutions in kernel design. FreeBSD (or any of the other BSDs) is a good starting point, because the BSDs have relatively stable kernel subsystems and APIs due to the long cycles in BSD development.
   
   The writing style of the authors is to the point (don't expect a novel) and clear. The troff typesetting of the book gives it a consistent style and simple, but clear diagrams (though I heard that some diagrams were hand-drawn). The book doesn't just drop the reader in a kernel subsystem. The second chapter gives a detailed explanation of the various kernel subsystems, and the relation between the subsystems. The third chapter gives a summary of what is expected from a kernel from the user level. Combined these two chapters give the reader the necessary conception of the FreeBSD kernel to start looking at individual parts of the kernel in detail. Most remaining chapters are logically ordered, in that subsystems are ordered from parts with less dependencies to parts with more dependencies (e.g. memory management and I/O are covered before filesystems).
   
   If you are interested in UNIX programming, you should have this book on your bookshelf (as well as a CVS checkout of the FreeBSD kernel tree to read the implementation).



4. Before I encountered this book it was quite a bit of frustration in attempt to learn BSD and UNIX to the point I can really use it. For some reason there so many good books in a subject with one of two inclinations: or the book is too theoretical and very little of the real workflow provided or it is too down to earth and it is difficult to understand what is behind the sophisticated command line zingers.
   I found this book to be well balanced, well written and generally providing good, accessible way to get into BSD. I have followed advise in someone's review here and coupled this book with Linux and UNIX for a beginner training suite, 4DVDs + 2CDs includes 4 Unix Academy Certifications ed.2008. To my great surprise I have to say they really have made an outstanding training outfit!
   If you really ready for a training and do not expect that UNIX will come to you overnight it is worthy book and deserves your attention.



5. A very good book for those who want to learn advanced concepts in OS. Since it is a open source the book is very useful in understanding how they look like. The paper quality is too good, which makes u read non stop. i luv reading this book. Price worth it. A good buy.

5 comments about Programming Windows Presentation Foundation (Programming).

1. The biggest strength of this book is that it focus on using WPF programatically, not just laying out XAML. This is extremely useful if you are writing an application for 3D data visualization or a database driven application. You get to learn to create event handlers, generate meshes... all programmatically. I also believe that this book is great, not just as a learning tool, but as a reference guide. It is the most comprehensive book on the subject and a must for the aspiring WPF developer.
   
   If you just want to focus on XAML, however, I will have to recommend "Windows Presentation Foundation Unleashed" by Adam Nathan.



2. I say to ignore those reviews because they do not refer to this book. This is the second edition published August 28, 2007 with 863 pages. Those reviews are based off of the first edition published nearly two years before (September 12, 2005) and with only 447 pages.
   
   Using Amazon's 'Search inside this book' takes you to the 2005 edition also. That shows only 10 chapters while this edition has 17. Most of the negative comments from the 2 and 3 star reviewers seem to have been resolved.



3. This book is the most in depth resource into WPF i have seen. And not just that, it gets to the good stuff that you'll actually use in your code and not just filler or lists of properties that you can get from intelisense. The examples are extremely useful.
   
   The other benefit of this book is that it doesn't just tell you how to do things, but why. This is incredibly helpful in finding the best solution to your specific problem.
   
   Thanks guys! great book!
   Ralph



4. There isn't much yet on the internet about WPF, so if you want to get started using it, you really need a guide.
   
   Not only is the book a well crafted introduction to WPF, I've just discovered that the downloadable source code makes an excellent companion to the book.
   
   Questions that were not answered in another top-rated WPF book I found answered here... so whatever else you buy, get this book!



5. I bought the first edition of this book called Programming Windows Presentation Foundation (AKA Avalon) at the PDC in 2005 and read it completely on the plane home.
   
   When I heard the second edition was released I didn't think much would have changed, but this is even better than the first edition. It's twice as big and covers all major (and not so major) topics in WPF (inc. an introduction to 3D and Silverlight).
   
   I think this book will proof to be for WPF what Programming Windows, Fifth Edition is for WIN32 programming.

2 comments about PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance.

1. When I first received this book from Syngress I was very excited. I knew nothing about PCI compliance -- other than it was big ticket item and everyone processing Visa transactions was affected in some way because of it. I can honestly say that I tore through this book and didn't put it down until I reached chapter 13. I was completely wrapped up in it as it was something I knew nothing about and wanted to know more!
   
   Chapters 1 through 3 introduce you to the concepts behind PCI compliance including what it is and who needs to comply. These chapters really set the stage for what the rest of the book has to offer the reader.
   
   Chapter 4 provides a technology overview of firewalls, intrusion systems, antivirus solutions, and common system default settings. Personally I felt that Chapter 4 was filler content just to add a chapter. It may, however, serve as a good reference for those in management roles who do not have "hands-on" interaction with the architecture of their environment.
   
   Chapter 5 explains how to go about protecting your cardholder data as dictated by PCI requirements 3 & 4. This is a great chapter for anyone new to securing infrastructure to meet the requirements of a PCI audit. The authors also provide a fantastic section entitled "The Absolute Essentials" which offers suggestions on the minimum protection you can employ to protect your cardholder data.
   
   Chapter 6 was by far my most favorite chapter and Syngress has offered it as a free download from their website. Many of you know what I do for a living and know how important understanding logging and requirements for logging is for my day-to-day duties. This chapter focuses around PCI Requirement 10 which details how you must handle the log data collected in your PCI environment. As soon as I started reading this chapter I knew that Dr. Anton Chuvakin had written this section of the book, or at least had a heavy insight into its direction. This chapter alone makes the book worth its weight in gold.
   
   Chapter 7 details the importance of access control in your PCI environment. For obvious reasons, access to your cardholder data must be recorded and checked with a fine tooth comb. User privileges, authentication, authorization, and user education is also covered in this chapter. This chapter goes further to provide examples of ensuring your Windows, Unix/Linux, and Cisco infrastructure meet PCI requirements.
   
   Chapter 8 explains how to leverage vulnerability management solutions to meet the requirements outlined in sections 5, 6, and 11 of the PCI requirement. The authors also provide two very good case studies to help the reader put things into perspective.
   
   Chapter 9 focusses on the monitoring and testing of your environment. The authors are quick to point out that monitoring and testing must continue even after the audit in order to ensure you remain compliant.
   
   Chapter 10 details how to drive your PCI project from the business side in order to ensure you accomplish your objectives. Suggestions are provided on budgeting time and resources, keeping staff in the loop, and justifying the business case to your executive team. The authors also offer a step-by-step "checklist" for ensuring your project runs smoothly and that all of your bases are covered.
   
   Chapter 11 explains the various responsibilities within the organization for ensuring the PCI project succeeds. One of the key things to take away from this chapter is the role of the Incident Response team and its need to understand the requirements of PCI compliance.
   
   Chapter 12 is a really good "eye-opener" that prepares you for the failure of your first audit. The key thing to take away from this is chapter is to not blame the auditor the same way you shouldn't blame a referee in sports. They're simply there to do their job to the best of their ability. If you have a problem with the way they are doing their job, bring it up with their superior. Perhaps their decision will get overturned?
   
   Chapter 13 brings you into a "OK, now what?" phase. This chapter provides a detailed overview of the various requirements and breaks each requirement into "Policy Checks" and "Hands-on Assessments" sections. The policy checks discuss policies that should be reviewed to verify that they are up-to-date and the hands-on assessments sections give ideas on testing these policies. The beauty part is that the authors suggest open source solutions to help you protect your PCI compliant investment.
   
   I give this book 5 stars as it is the best PCI reference I have found on the market. Everything I found in this book will allow me to understand the compliance requirements of my existing customers, their process, and their overall goals. Hats off to the entire team of authors.



2. It has long been rumored that manufacturers of items such as razors and batteries specifically produce their products an inferior level in order to ensure repeat business. A similar paradox is occurring in the information security space where many are complaining that the PCI Data Security Standard (PCI DSS) is too complex and costly. What is most troubling is that such opinions are being written in periodicals and by people that should know better.
   
   PCI came to life when Visa, MasterCard, American Express, Diner's Club, Discover, and JCB collaborated to create a new set of standards to deal with credit card fraud. PCI requires that all merchants and service providers that handle, transmit, store or process information concerning any of these cards, or related card data, be required to be compliant with the PCI DSS. If they are not compliant, they can face monetary penalties and/or have their card processing privileges terminated by the credit card issuers.
   
   The primary purpose of PCI is to force organizations to embrace common security controls to protect credit card data and reduce fraud and theft. The following are the six primary control areas and 12 specific requirements of the PCI DSS:
   Build and maintain a secure network
   1. Install and maintain firewall configurations
   2. Do not use vendor-supplied or default passwords
   
   Protect cardholder data
   3. Protect stored data
   4. Encrypt transmissions of cardholder data across public networks
   
   Maintain a vulnerability management program
   5. Use and regularly update anti-virus software
   6. Develop and maintain secure systems and applications
   
   
   Implement Strong Access Control Measures
   7. Restrict access to need-to-know
   8. Assign unique IDs to each person with computer access
   9. Restrict physical access to cardholder data
   
   Regularly monitor and test networks
   10. Monitor and track all access to network resources and cardholder data
   11. Regularly test security systems and processes
   
   Maintain an information security policy
   12. Maintain a policy that addresses information security
   
   A quick review of these 12 items shows that PCI is a textbook example of the fundamentals of information security. With that, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is an excellent resource that provides the reader with all of the fundamental information needed to understand and implement PCI DSS.
   
   The books 13 chapters provide the reader with a comprehensive overview of all of the details and requirements of PCI. The first three chapters provide an overview of the basics about PCI and the basic requirements of the standard. The following six chapters go into detail about each of the primary control areas.
   
   In particular, chapter 6 provides a good overview of the PCI logging requirements. This requirement can be time-consuming to put into place. The author notes that a commonly overlooked but essential requirement, namely that of accurate and synchronized time on network devices. Enterprise information network and security infrastructure devices are highly dependent on synchronized time and PCI recognizes that correct time is critical for transactions across a network.
   
   In a further discussion about synchronized time in chapter 9, the author unfortunately makes an error when he states that local hardware is considered a stratum 1 time source since it gets its time from its own CMOS. From an NTP perspective, only a device that is directly linked to a stratum-0 device is called a stratum-1. CMOS clocks are notoriously inaccurate and can't be relied upon.
   
   The title of chapter 12 is both amusing and accurate `Planning to fail your first Audit'. The irony is that so many organizations lack a CISO or formal business security program in place designed to protect corporate information assets. They don't focus on information security as a process, rather as a set of products or regulatory items to be checked-off. Yet, these same organizations are surprised when they fail an audit.
   
   The book concludes in chapter 13 with the well-known observation that security is a process, not an event. The book astutely notes that it is impossible to be PCI compliant without approaching security as a process. Trying to achieve compliance without integrating the various aspects in an integrated fashion is bound to fail.
   
   Overall, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance is a great book for one of the most sensible security standards ever. Anyone who has PCI responsibilities or wants to gain a quick understanding of the PCI DSS requirements will find the book to be quite valuable.

5 comments about UNIX Network Programming, Volume 2: Interprocess Communications (2nd Edition) (The Unix Networking Reference Series , Vol 2).

1. This book is a must own for every serious programmer on the unix platform. It provides an insight on various forms of IPC APIs available on the unix platform. It provides coverage of both System V and POSIX standards, there is no match to it as far as IPC is concerned. The Appendices in the end also provide a performance comparison between pipes, FIFOs, posix message queues, System V message queues, doors and Sun RPC. I have not seen another book provide such a wide and deep coverage of this topic. What more - it all comes from the GURU himself!



2. Since anyone considering buying a technical book always needs to know what it covers, here's the table of contents:

   Part 1. Introduction

   1. Introduction

   2. Posix IPC

   3. System V IPC

   Part 2. Message Passing

   4. Pipes and FIFOs

   5. Posix Message Queues

   6. System V Message Queues

   Part 3. Synchronization

   7. Mutexes and Condition Variables

   8. Read-Write Locks

   9. Record Locking

   10. Posix Semaphores

   11. System V Semaphores

   Part 4. Shared Memory

   12. Shared Memory Introduction

   13. Posix Shared Memory

   14. System V Shared Memory

   Part 5. Remote Procedure Calls

   15. Doors

   16. Sun RPC

   Epilogue

   Appendix A. Performance Measurements

   Appendix B. Threads Primer

   Appendix C. Miscellaneous Source Code

   Appendix D. Solutions to Selected Exercises

   Bibliography

   Index

   This is the third and least of Stevens' three books on UNIX programming (he also coauthored a multi-volume work on TCP). It is the not the least because it is necessarily the worst, but because it has the shortest and has the narrowest application domain.

   Having said it is the least, it remains a work of the highest quality in an industry that is notable for the huge quantity of bad books that it produces. The structure of this book will be familiar to readers of his prior two books: the lowest-level building block around which Stevens structures the book is the individual function call. For each call (or minor variations on a single call), he provides the C prototype, and then, in text, explains what the function does, what it's arguments are for, and then provides a small C program that demonstrates it in action (all of the sample programs can also be downloaded from the web). These function-level building blocks are arranged into related sets, each of which is a chapter in the book. Each chapter has a wrapper that explains the basic concepts behind the functions in that chapter, and some review exercises at the end. The chapters in turn build on each other, with the most basic ones at the beginning and the more difficult ones towards the end.

   In spite of the book's many positive qualities, one thing that this book brings to light, however, is that there is a thread-sized hole in Stevens' UNIX writings. "Advanced Programming in the UNIX Environment" had a great deal of information about processes, but nothing about threads. "UNIX Network Programming: Volume 1", discussed multi-threaded socket programs, but didn't go into any depth on threading. This volume, although it discusses thread synchronization, only touches on general threading issues. Thus, the works, taken as a group, go into some of the important issues and uses of threading without giving the reader a solid grounding in the subject. As threading increases in frequency, this deficiency has grown in importance.

   Another difference between this book and its predecessors is that it deals with an area where standards are much weaker than the others; thus, the chapters often have to explain different implementations for accomplishing a task rather than building a basic-to-advanced sequence. This obviously is in no way Stevens' fault, but many readers will find that half the book, which is already the thinnest of Stevens' programming books, is concerned with API's which do not exist on their platform of interest.

   To sum up, while this review clearly shows the reservations I have about this book compared to its predecessors, it must still be stressed that Stevens' is a technical author of the highest level. If you do have a need to understand any of the subjects in this book, you won't find a better teacher from which to learn it, and that is why I am still giving the book five stars.




3. The real power of UNIX or any application for that matter is in interprocess communication. I found early on that to accomplish any large project would require the cooperation of interprocess communication. Now I find that simple administration skills also require knowledge of this interprocess communication.
   
   My first foray into the field was to use semaphores to flag processes to run at the proper time. Later I needed to use pipes for a front-end in communication to SNA. Again I found IPC's could help inform and control processes that were in canned packages and not accessible any other way. The list of useful tools can go on and on. I also had to find the NT equivalent as it became popular.
   
   UNIX is still out there in many forms and if one is to survive in the field an understanding of interprocess communications is imperative.
   
   The Abbreviated Table of Contents:
   Part 1. Introduction
   1. Introduction
   2. POSIX IPC
   3. System V IPC
   Part 2. Message Passing
   4. Pipes and FIFOs
   5. Posix Message Queues
   6. System V Message Queues
   Part 3. Synchronization
   7. Mutexes and Condition Variables
   8. Read-Write Locks
   9. Record Locking
   10. POSIX Semaphores
   11. System V Semaphores
   Part 4. Shared Memory
   12. Shared Memory Introduction
   13. POSIX Shared Memory
   14. System V Shared Memory
   Part 5. Remote Procedure Calls
   15. Doors
   16. Sun RPC
   Epilogue
   Appendix A. Performance Measurements
   Appendix B. Threads Primer
   Appendix C. Miscellaneous Source Code
   Appendix D. Solutions to Selected Exercises
   Bibliography
   Index
   
   One final note is that with systems dispersed globally Remote Procedures Calls are taking precedence in Interprocess communications.



4. I cannot fathom a guess as to how many times the books in this series have saved my in project work over the years. The only drawback with this series is that some publisher should endeavor to keep them up to date. Serious Unix system programmers must have copies of the complete series.



5. Programming UNIX or Linux networks is a piece of cake with these books. You need the set, Vol 1 & 2.
   
   As a professional programmer of 20 years I use the book as a refernce for all my new programs. I have used the books to break into the world of VoIP and audio CODEC network programming.

4 comments about Java Messaging (Programming Series).

1. As we look at how much we use the web, it is sometimes hard to remember just how new this concept of worldwide packet switching really is. Java was started as a new language before a lot of the new concepts like XML and SOAP were conceived. But as a new language it has been able to move into using these new concepts faster than nearly any other language.
   
   What I especially liked about this book was the first chapter. So often computer books start with programming. This one starts with a description of what we're trying to do here. He gives several examples of the types of communications that he is going to cover in the book. I had a particular application in mind when I got the book, but in reading the first chapter I began to see several other ways that messaging would help our system.
   
   After the first chapter, I've go to say that it's a pretty regular computer software book. It tells you how to do the things that you want to do. It is quite clear on all the different software protocols, packages, and philosophies. Basically it is all that a Java programmer needs to implement messaging in Java.
   
   The CD included with the book gives you all the sample code from the book, as well as the complete messaging toolkit and several open source tools.



2. Eric Bruno's JAVA MESSAGING explores different ways of messaging using Java software, from JavaBean events and JMS to SOAP. Web programmers receive all the basics to using these features, tips on how and why to use each feature and when to choose something else, how to combine features, and more. The basics of Java communication processes are revealed in chapters which form 'classes' to link related information in a logical progression. An excellent, basic foundation for Java users.



3. Excellent introduction to messaging, including healthy portions on JMS and web services.
   
   The writing style is clear, consistent, and to the point. Probably what I liked most was this no-nonsense writing style. If it's on a page, it's important to understand. The author doesn't waste your time with irrelevant discussions or out of scope topics.
   
   Editing and code presentation are top notch, making it easy to follow, and build upon from one example to the next. The author also shares some gotchas and considerations that I wouldn't have expected to see in an introductory discussion which were particularly valuable.
   
   Another great feature is one of the drawbacks of the book. The framework presented in the book is elegant, but in many of the examples, there is too much cognitive overhead involved in grokking the level of abstraction in the framework, and this takes away from actually learning the concepts. I would have liked to see more non-framework code for the introduction, which is then tied together with the framework.



4. Although the book uses a specific JMS engine for the examples the details and the concepts were all right on and covered everything I needed for JMS. It literally saved my bacon, especially the peer to peer stuff over topics. Whew!
   
   Super job.
   
   Sam