5 comments about Pro PHP Security.

1. PHP applications written without a concern for security risk cross-site scripting, SQL injection, session hijacking, and a multitude of other potential problems. This book examines how to setup a secure environment including encryption, hashing, SSL and using PHP to connect to SSL servers. The authors also examine how to install and configure OpenSSH and using it with PHP applications. Of course they also deal with the usual concerns of user authentication, permissions, restrictions, validating input, preventing SQL injection, preventing cross-site scripting, preventing remote execution (including PHP code injection and embedding), security for temporary files, and preventing session hijacking. The Pro PHP Security is written specifically for PHP programmers working in the Apache, MySQL, and PHP 5 environment and is highly recommended



2. Unless you're already very well-versed in the subject matter, ( sql injection, cross-site scripting, session hijacking, remote execution, sanitizing user data/input, ssh, encryption, ssl, dangers of shared-host scenarios, bulletproofing db installations, user verification, captchas, remote procedure calls ) this material is relatively comprehensive and valuable. Well-organized, well thought out, I won't hesitate to recommend this one.



3. The book is entitled PHP security. But the actual content covers very little PHP at
   all: less than 20 percent. It tries to cover everything from UNIX permission,SSH
   and all other security issues, but really doesn't have much to do with PHP. So I
   think the title is highly misleading. For someone interested in the general
   security issues, it might be a fine book. But not for programmers want to know
   the security about PHP.



4. Like the title states this book tells you about a lot of security issues you should be aware of, but doesn't go in depth for many solutions. Especially xss which is the only reason i bought the book. For how much the book costs i figured it would include some really good php solutions. I mean the thing is in black and white, what's with the price tag that doesn't tell me anything that i can't find on the web.



5. I found Pro PHP Security a very informative book. I received this book around the same time that I began developing online financial software. This book lived up to the name and answered a lot of my questions.
   
   I found the chapter on encryption and hashing very interesting. I knew what each system of protection accomplished but not how. Next the authors proceeded to discuss Secure Sockets Layer (SSL) and how certificates are created. It was fun to be able to create my own certificate and keys, and gain a better understanding of how the whole process works.
   
   After covering server security and connection security, the authors moved onto secure programming. The first chapter covers user input validation. This is one area that many programmers, myself included, do not devote much time. If you can sanitize the data you get from the user, you have overcome one of the largest hurdles of securing your code.
   
   After that chapter, each following chapter begins with the presentation of an exploit and how it works, followed by discussions of sites affected by these exploits, and concluding with how to prevent it. SQL injection, cross-site scripting, remote execution and session hijacking are some of the exploits discussed. This section of the book gave me plenty to think about and more than enough to work on implementing.
   
   If anyone is a PHP programmer and deals with any kind of sensitive data, then this book is a must read. The authors attempt to provide all the best practices because one method may not work in a given situation, but they also let you know the disadvantages of each method. As Snyder and Southwell discuss in the first chapter, as developers we cannot eliminate risk but we can do our best to mitigate it.

4 comments about PSP(sm): A Self-Improvement Process for Software Engineers (SEI Series in Software Engineering).

1. The intent is to reduce the defect rate in software. With an emphasis on doing this when we have several million lines of source code. All the more so if the application might involve safety issues or be critical to its company's bottom line.
   
   Humphrey points out that the writing of such large code might typically follow practices used for code bodies orders of magnitude smaller. But that this leads to far too many defects. He explains that PSP offers a discipline for the individual programmer to follow. And how this can be scaled to a team of programmers.
   
   PSP stresses investing in design time and review time, relative to the actual coding time. It's big on writing down the times spent on these stages, so that you have actual quantities to see and from which to get metrics. You cannot improve what you cannot measure. The review time is considered a good investment, for finding bugs here is inherently more productive than relying on a downstream testing stage or user feedback.
   
   Perhaps the most contentious aspect is whether to do a review of your code before compiling it?! Many will not. After all, the compiler can swiftly find the syntax errors. Why waste time looking for these beforehand? Isn't this a retrograde step? The book's rejoinder is that syntax errors might be considered to be distributed like more serious logic errors. Hence, if you review before compiling, and find 80% of the syntax errors that the compiler finds, then perhaps you only also found 80% of the logic errors. Opps?
   
   A simple and ingenious self diagnostic tool. But despite the logic of this, water will flow uphill before any significant portion of programmers adopts this method. Pressing 'make' or its equivalent to do a compilation is simply too easy. The book is on far more plausible ground describing the other aspects of PSP.



2. As an IT professional and software developer, I'm all for standards and processes. PSP - A Self-Improvement Process for Software Engineers by Watts S. Humphrey (Addison-Wesley) outlines a personal methodology for improving your development efforts. But it's definitely not applicable to all environments...
   
   Chapter List: The Personal Process Strategy; The Baseline Personal Process; Measuring Software Size; Planning; Software Estimating; The PROBE Estimating Method; Software Planning; Software Quality; Design and Code Reviews; Software Design; The PSP Design Templates; Design Verification; Process Extensions; Using The Personal Software Process; Index
   
   From an overall perspective, I think the concepts in here are good and the book is well-written. Watts has devised a methodology that a developer can apply on their own to improve their coding, estimating, and defect resolution skills. This is done by extensive measurement and recording of statistic and time taken to accomplish certain tasks. These numbers are transferred to forms that can then be statistically analyzed to see the trends and make corrections in your techniques based on personal problem areas. The advantage that this methodology offers is that you don't have to get buy-in from an entire department in order to implement it. Conversely, PSP can be extended to apply to a team development environment in order to improve everyone's ability to work and develop code as a group.
   
   Where I start to have issues is that it doesn't translate well to all environments. It's best applied to situations where you're developing programs with actual lines of code (like Java or C++) that allow you to do things like count lines of code, program sizes, or function points. It doesn't address rapid application development (RAD) environments like Lotus Notes/Domino very well, as "lines of code" is often next to nothing. Graphical design techniques that code underlying "plumbing" will make your numbers seem very small. Counting and tracking defects could be useful, but once again you'll often have to ignore stats related to defects per program size. You'll also need to be pretty comfortable with statistics to work with this methodology, as Watts gets into some pretty large formulas to generate the "score" of some of the tracking measures.
   
   This is one of those books where if I were coding 15000 line Java programs, I might be really excited. Developing in a RAD environment makes me see a lot of this as unnecessary tracking for tracking's sake. But if you're a "true software engineer" in the most traditional sense, you'll probably find things in here that you'll want to try out.



3. The book is good, every argument weel written with simple language and lesson tailored. PSP is a good set of processes to use in software development. If you wish to self study PSP it is good but you have to download a lot of material from the SEI website (exercises, workbooks and so on). Humprey write about process extensions but not so much as needed in practice. Also a more detailed description about PSP processes isn't present on the book so you haveto read about on SEI website material.



4. This book is a great tool to learn how to improve our development process. I'm very happy with my buy.

5 comments about Solaris 10: The Complete Reference (Complete Reference Series).

1. This book is NOT a true reference book for Solaris 10. Rather, it introduces Solaris 7-9 to a novice Unix user with only a few references to Solaris 10 features. And even on those few Solaris 10 items, there are not enough examples or configuration ideas. Based on the paucity of relevant information, one could not even use this book to determine if an upgrade to Solaris 10 is warranted.
   
   The purchase of this book was a complete waste of money.



2. The biggest disappointment for me was no discussion of SMF. If these reviews were here before I bought the book quite a number of months ago, I would not have gotten it. It is indeed a rehash of Solaris 9 ideas. It would have been very helpful if there was some discussion on how to control your own inet connections by modifying an XML template -- but alas there is no mention of this in the book. The one person who rated this a five has obviously not used Solaris 10 very much other than some very basic issues. Any system administrator book probably would have worked for that person.



3. I bought this book because it was the most appropriate book on Solaris 10 that I could find at the bookstore. I am a long time Solaris system administrator, but I wanted a book that specifically talked about the new features of Solaris 10.
   
   I didn't know about SMF when I bought the book, but it's a pretty important feature that replaced previous methods of system management in Solaris. I just can't believe that this book does not even mention it. I see other people have complained about the same thing.
   
   I also noticed that the book did not give a good overview of the installation. I had to go online to look up anything I didn't know about in regards to the install since the book just didn't discuss it.
   
   I gave this book a two star rating because it's an okay general Solaris reference book, but I wouldn't recommend it to anyone.



4. This book not only doesn't really cover Solaris 10 but previous ones, but also is so full of mistakes, that I am really glad I had the opportunity to check it without buying.



5. Most of the services for Solaris 10 are under control of the service management facility (smf - try 'man smf') and the svcs and svcadm command. You can't start, stop, disable, or enable most services without it.
   
   This book doesn't even mention them. It still refers to /etc/init.d/ scripts (some are still there but most, such as the various nfs and automount services are not).
   
   This isn't a linux or general unix book - the book has 'SOLARIS' on the cover and should reflect Solaris.

5 comments about Advanced .NET Remoting, Second Edition.

1. I hate it when I pay good money for a poorly written book. So when I buy a book like this and it turns out so well, I am thrilled!
   
   I have been in ".NET land" since 2001 when .NET beta 2 came out. I have written ASP.NET and Winform applications. During that time I just have not had the need to use .NET remoting, until now. The first 2 or 3 chapters are a great introduction for experienced .NET developers. I like the fact that I did not have to wade through a lot of stuff for beginners. From there the topics get advanced, with plenty of good example code to highlight the topics. Even though I had never really touched .NET remoting (except SOAP Web Services), the explanations and examples work well for me. The author keeps the examples simple, and on-topic. In my opinion, this helps to highlight the topics at hand. The content is geared towards real programmers who will be using the technology.
   
   I also have really enjoyed the authors' candor concerning the weaknesses of .NET remoting. They have already highlighted a bad approach that I was considering.
   
   I am more than happy to give this book a 5 star review!



2. This book almost contain every detail of .NET Remoting.I am sure you can well understanding the .NET Remoting with the help of this book.It gives many good tips and useful cases ,also have some additional experiences of the author.However, I am sory that this book don't have any real and integrated distributed business solutions based on .NET Remoting(I think so ,at least ), although it contains many good cases. but I still strongly recommend you to buy this book, if you want to know .NET Remoting deeply.



3. This is actually a good book, however, it approaches the subject with an extremely hypothetical view. Lack of real world examples has made reading this book a real bore.
   
   The book on the other hand offers in-depth information regarding the "behind the scenes" work of .NET remoting.
   
   Final verdict: Good value for money, but do not expect any code to work.



4. I'm never one to buy books one technology, mainly because they change frequently and you can always find tutorials online. This book however, is well written, descriptive and a must for anyone working with .NET remoting. Excellent!



5. Excellent book. Exactly what I was looking for. With it you can gain a very well understanding of the subject. simple examples that you can easyly adapt to your specific needs.

5 comments about Practical Perforce.

1. Well, I'm disappointed. I'm new to Perforce and found Perforce's documentation a bit unwieldy so I thought this book would help. I was wrong. What I was *hoping* this book would do was to provide a tutorial on getting set up and started, then serve as a reference on how to do at least some of the common things that you'd frequently need to do. Unfortunately, the book doesn't help with any of that.
   
   The book isn't organized so as to be useful as a reference, and it doesn't really offer much (if any) help on how to get started. Instead the book spends most of its space on discussions on advanced topics (branching, merging, automated builds, and so forth). It also focuses mainly on the command-line interface rather than the GUI.
   
   I'm sure this book is useful for some, but it sure wasn't what I was looking for.



2. As the title suggests, this is a how-to guide for doing Software Configuration Management with Perforce, but there's more. In addition to describing how the various commands work, this book helps you understand how to structure your version control system to help your team be more effective. For example, this book describes not only how to create branches, but why, and what policy to have on the branch. The Channeling the Flow of Change chapter is a great introduction to change management concepts in general, and the "Tofu Scale" is a great metaphor for structuring codelines. In addition, the clear writing style makes somewhat tricky concepts very accessible.
   
   Buy this book if you are using Perforce as your SCM solution, or even if you are evaluating multiple solutions, and Perforce is a candidate, as this book will help you understand how to structure your environment for effective development, regardless of your tool. This is an excellent companion to Software Configuration Management Patterns: Effective Teamwork, Practical Integration for Perforce users.



3. This book was better than I expected, because it not only explains how to use Perforce, but it covers handling branches in general using the "Tofu model" of softer to firmer codelines. This makes the book worthwhile even if you're not using a different CMS system, just as a way to think about using code branches to manage product releases, new feature development, and bug fixes all at the same time.
   
   One area that was a bit weak is that the majority of the book is geared towards development of shrinkwrap-style software with discrete release points, and only a final short chapter is dedicated to the continuous release style used by web-based products, seeming like an afterthought.
   
   But overall I would highly recommend this book to anyone using Perforce in software development of any kind.



4. I found this book a better resource for learning Perforce over the online documentation. It offers a good variety of source management situations and how to use Perforce in them.



5. Or anyone else who has any input into their company's software control decisions. (Or pretty much anyone using Perforce, or thinking about using Perforce, etc.)
   
   Unlike some I've found the standard documentation (and online knowledge base) easy to work with and understand, but like most I've longed for more examples and theory. This book provides those and more. If you're an admin, buy an extra copy because your serious users will want to borrow it (my copy is "out there" somewhere even as I type).

5 comments about XML For Dummies.

1. If you want to kill your time without learning anything, this book is absolute right for you.



2. As a complete newbie to XML this was a good starter. As I got deeper into XML I found several mistakes/deficiencies in the book, and sometimes the author just flat out seemed to not know what he was talking about. For instance, the claim on page 86 that (#CDATA) is a valid DTD element content definition is flat out wrong. His description of Schema element declarations (pp. 114-115) teaches that using globals/refs is the only way to define complex elements, and is inappropriate for his example. He makes no mention of globals at all, leaving the reader confused. I have ceased to trust this book as a valid source of XML information.



3. These reviews are all very misleading as they refer to a previous edition of the book which is no longer available, the third edition of XML For Dummies. XML For Dummies, 4th edition, the book featured here, addresses many of the concerns raised in the reviews of the third edition.



4. I'm never disappointed with Dummies books and this one is no exception. Great read, easy to learn.



5. I usually read just to get a big picture. I thought this did the job. Dummies Books are a lot more palatable than other books on topics as dry as this.

5 comments about Core Java(TM) 2, Volume I--Fundamentals (7th Edition) (Core Series) (Core Series).

1. I have an earlier version of this book and would love to get a Kindle version for reference. But... You save $3 by getting the digital version despite the fact that there is no shipping, storage, or printing costs?
   
   WTF?
   
   At $10 a piece I'd love to fill a Kindle with dozens of coding reference books that are filling up my library, but at $30+ a piece it's just not worth it.



2. I only wish the authors would have understood that it's better to write variables and declarations first and then use them later in the code. All the code examples are funnily written with the use of the variables first only to wonder from where they come from and later to realize that they're are at the end!!!!
   
   Also author has tried to pack too much of details which can be halved.
   Herbert schildt is a better option.
   
   But still the books is readable for beginners.



3. I have an older version of this book but it covers many of the core features of the language. This is a good book if you are looking to start
   programming in Java.



4. This is my favorite Java book. Although I have a background programming in C++, I find many of the other Java books to be cryptic or assume you wish to develop for the web. This book is straightforward and easy to read. I especially found the comparisons between Java & C++ interspersed throughout the text to be helpful.



5. I read this book years ago (I guess that was the first edition). I am ordering a replacement copy today, even though I am no longer an active programmer, because it is so good. It is one of those rare textbooks that you can actually read from cover to cover, like a novel.

5 comments about Statistics: An Introduction using R.

1. This book is the best I have found for an introduction to the R statistical programming environment. It is also a very good textbook for introductory statistics. The supplemental material at his web site is excellent as well.



2. This book purports to be an introduction to statistics using R. R has exploded in popularity and today is probably the most powerful system available for doing statistics, having surpassed the older Splus and SAS. Thus you do well to learn R early on as you begin statistics; it well suits the novice and the expert. To make things even better, R is both open source and free with an excellent, supportive online community of many people. The online mailing lists are a treasure trove of valuable resources. There are now several introductory books to R, including one by Verzani, one by Dalgaard, and one by Crawley.
   
   Crawley's book is a _very_ rapid tour through a lot of statistics. There is no real way that a beginner could properly digest the material. Moreover, he often assumes far too much and then assumes far too little. For example in one early chapter he covers the basics of General Linear Models (GLMs), an intermediate to advanced concept. At the beginning of the next chapter, he is explaining basics about the slope of a line! There are a lot of similar examples that left me scratching my head.
   
   There are good pearls in the book that are quite nice, however this book should really be for those with some exposure to statistics.
   
   A better introductory book is "Using R for Introductory Statistics" by John Verzani. That book was more clear and better organized.



3. This book does a good job of what its designed to do. I would have to agree with another reviewer that finds the topics covered in this book a little too much for a intro statistics book. My intro class certainly didn't cover variable transformation and other more complex topics. I would have to say that I don't feel 100% comfortable navigating through R now, but I have exponentially increased my understanding. I wasn't too impressed with the last few chapters. It seemed as if the coverage of material decreased as the complexity of the statistical tests became more complex. The secion on survival analysis, for example, spans only a few pages. That being said, you do get the R code right in front of you to expose you to how the code needs to be set up. This book also comes with matching chapter lessons that can be downloaded from the authors website. Unfortunately, many of the exercises are nothing more than repeats of the same material in the book. This hurts. I like learning through structured examples...And I prefer more rather than less. So if you are really motivated to learn R by working through some elementary inferential statistics (standard deviation, t-tests, and anovas) then this book can produce results. If your looking for more advanced content (information on examples installing and using packages affiliated with R) than this book doesn't won't meet all of your goals. I would recomend it to someone with little or no knowledge of R and the patience to work through the basics on your own.



4. If you have already had some experience with statistical methods and are looking for a refresher or a way to quickly pickup the basics of R, this is the place to go. It has a wonderfully conversational tone that is missing from far too many scientifically oriented books, and he brings quite a few insights into the practice of statistics that are more difficult to pickup from the heavily theoretical books.
   
   I would agree with a previous reviewer that there is a bit more space than necessary dedicated to relatively simple concepts, but such minor transgressions are easily overlooked given the overall effectiveness of the book.
   
   I would recommend this book as a refresher/introduction to R, or as a companion book to a college course on statistical methods. The author doesn't cover theory at all (on purpose), so keep in mind this is purely a practical book.
   
   I would have given the book 5 stars if it weren't for a few typos that might confuse beginners or people who have a tendency to read when you're a bit to tired to do so (for example, on the bottom of p59 he says lower bound when he meant upper, nothing you wouldn't catch with a careful re-reading).



5. It is disgusting to say that I need this book urgently and I have not received it yet.
   I'm sorry. I don't have anything to say about the book.

5 comments about Data Binding with Windows Forms 2.0: Programming Smart Client Data Applications with .NET (Microsoft .NET Development Series).

1. I have looked long and hard for a database and windows design book that was really useful. This is it. Lots of reusable code. Working designs. Well written - easy to read and understand. I have placed more tabs for easy reference in this book than any book of recent years. Buy it now!!



2. .
   Actually, I am only an expert at buying books about C# and DotNet, but an expert none-the-less.
   
   After seeing the author's data-binding demo on dnrtv, I came here and read the reviews about this book - the reviews couldn't have been more accurate! With only two years of C# programming under my belt, I have found that chapters 7 (Understanding Data-Binding Interfaces) and 9 (Implementing Custom Data-Bound Business Objects and Collections) are alone worth the price of this book.
   
   This book is extremely well written and easy to follow. Not really a "How To", but more of a "How To Understand How To" data-binding book IMHO.



3. Brian Noyes studied the grid thoroughly and has written a readable book which guide you in understanding the datagridview step by step. For me it is however pretty hard to understand the code Brian supplies in C#. In my opinion VB is better suited for learning purposes especially. Sometimes Brian uses tough coding which I can't grasp.



4. This book had exactly what I needed in it, how to create custom objects that are plugable into user interface controls (like data grids) and have all the event wiring etc. to make them look and act like the do with datasets. This includes sorting, etc. Excellent book from a great author.



5. Hanvind books like this one allow people to stay in touch with the internals. Data Binding is a concept that not everyone explains in such details.

5 comments about Blast.

1. If you want to understand the nuts and bolts of how sequence alignment works, then this is the book for you. It will be especially useful for BLAST users who want to understand how it actually works and also for developers who don't know much biology, struggle with the math, but have no problem reading a perl script.

   The book is basically divided into:
   0. A Foreword by Stephen Altschul (the co-creator of BLAST)
   1. A quick web intro to a BLAST search
   2. Sequence alignment and how the algorithms work
   3. Blast and how the Blast statistics are calculated
   4. The different types of Blast e.g. WU-Blast
   5. Approaches to Performance speedup
   6. Reference sections on BLAST parameters

   The real key is that this book neatly splits the difference between academic texts and papers which are quite often too difficult to read without sufficient background (and they are not precise about the implementation anyway) and the user-manual type texts which don't discuss the theory at all.

   One of the best chapters (in my view) is chapter three, where they explain and illustrate the workings of the Needleman-Wunsch and Smith-Waterman algorithms for global and local alignment. If you read the text, then study and run the included perl code, you WILL understand how they work, but be prepared to spend several hours trying different examples. The real advantage of this approach is that you get a deep, practical understanding of how alignment actually works, that you just can't get from reading a mathematical treatment of the subject. Once you understand this chapter, you are actually sufficiently expert to get inside alignment code and modify it for your own purposes.

   Ian Korf does continually emphasize that the algorithms may look clever, but they are, in the end, robotic in that they will quite happily align complete rubbish if you are not careful about controlling the algorithm and thinking carefully about the results you get.

   There are a couple of mistakes in the diagrams (chap 3), that are addressed in the errata, but the perl code is correct.

   Finally, because this book is about BLAST, it doesn't mention other methods of sequence alignment such as Hidden-Markov Models or methods of multiple sequence alignment. Perhaps they'll do a book on those as well one day..




2. BLAST is a well-known tool for bioinformatics (biological sciences+computer sciences). In this book contains a concepts of central dogma of molecular biology, sequence aligment, sequece similarity, practical BLAST programs (divide into 5 programs), and how to install and use BLAST tool. Moreover, it also offers enough tips to improve my BLAST searches usage. I think this book's content is well-writing and well-organizing for comparative sequeces alignment tasks. I use this book to begin in bioinformatics and it can help me to learn about this. But this book does not contain all of things that I want to known on bioinformatics or computational biology.



3. This is the place to start for anyone using NCBI BLAST. It's a thorough description of the various BLAST programs for nucleotides, amino acids, and codons.
   
   The book offers a biology refresher early on, but this is aimed mainly at people with serious interest in BLAST - people who normally won't need that. Next, it discusses traditional dynamic programming alsorithms for local and global alignment. Then, in just a few pages, it summarizes the mathematical meanings and derivations of the various BLAST scores (raw scores, P-values, ane E-values). The discussion just skims the theory, but will help the reader make sense of the programs' output.
   
   Those 75 pages set the background; the next 250 contain the real meat of the book. They cover the various BLAST programs, options, and outputs. More than that, these sections discuss setting up experiments based on BLAST, and how to deal with the problems you're likely to encounter. This could be a bit more explicit about how PSI_BLAST works (and why it sometimes doesn't), but coverage is generally strong.
   
   A few things are weak, like emphasis on the fact that experiments aren't strictly repeatable. For example, if you exactly replicate today's test next week, even if all of the other input is identical, you might still get different (and worse) E values, since they depend on the size of the database. PSSMs get little if any discussion. Also, details about internals are weak - but this is a user's book, not an implementor's, so that's a matter of scope rather than sufficiency.
   
   Most of the book's points are illustrated with actual output or with Perl code - the lingua franca of bioinformatics, for some reason. If you're serious about using BLAST and about understanding what it's really telling you, this is the book to own.
   
   //wiredweird



4. From a users-perspective this book serves its purpose well - it explains what it is that BLAST is doing "under-the-hood" so that one may better customize Blast's search behavior. All I know is that I really learned a lot of basic fundamental core concepts here that I previously just took for granted.
   
   The book discusses the biology, statistics, algorithms, and computer science issues involved in explaining blast. I liked this approach because it does not head super far into any one core area but rather sticks to a strong fundamental overview of each topic. The other strong aspect of this book is that the author thoroughly compares NCBI and WU Blast throughout, characterizing instances where one may choose one over the other and/or how to tweak the parameters for both in those situations.
   
   I orginally bought the book b/c I wanted an overview on PAM and BLOSUM matrices and to understand how Blast Statistics work. It really served as an informative contextual tutorial that has definitely raised my overall understanding on not only Blast, but to better grasp the very interdisciplinary nature concerning sequence alignment for in-silico biological research.



5. The O'Reilly BLAST book by Korf, Yandell and Bedell is written by people that know their subject. For anyone who wants to know what they are doing when running a BLAST search rather than simply treating it like a black box, this book is essential.
   
   It is not perfect, however. Several phrases in the parameter section near the back of the book are not explained. MegaBLAST is correctly described as being quite different from blastn, but that difference is not made clear other than the use of query packing. The -E and -G options are not made clear in the megaBLAST section, and one must turn to the blastall pages to better understand what they do.
   
   A second edition would be most welcome, as many improvements, changes and additions have taken place in the last few years. Discontiguous MegaBLAST, for example, was not released when this book was written.
   
   When the book first appeared, one of my students complained that so much of the book was taken up by the parameters section. Ironically, this is the part that I have turned to the most in the time that I have had the book.
   
   I have a shelf full of bioinformatics books in front of me right now, and I have used this book more than any of them.