4 comments about The Security Development Lifecycle.

1. I have been very impressed with other offerings from the Microsoft professional series and was excited when this book was released. This is not a technical book like "Writing Secure Code" and "Code Complete" but a book aimed at managers responsible for software projects. My opinion is not based on real world experience of large software projects, but on academic projects smaller in scale than those of Microsoft.
   
   The introductory material is weak, part 1 which explores the reasoning and history behind the SLD seemed to be stretched needlessly, repeating the same information multiple times. Chapter 4 which provides the management impact of the SDL lacks focus, and does not justify the need (ROI) for the SDL.
   
   Part 2 goes though each step of the SDL in detail. Overall, this section is more polished and for the most part does a good job of covering each domain in detail. While this book is focused on managerial and operational activities, there are times where it awkwardly delves into specific technical details. Chapter 10 (Documents, Tools, Practices for customers) and chapter 15 (Response planning) are strong chapters which most everyone can lean from.
   
   Part 3 is a series of reference materials. Chapter 20 (Crypto) and 21 (Compiler Options) are good guidelines to compare your organizations own practices against.
   
   Strengths:
   + Talks about a real methodology being used at MS everyday
   + Excellent references, cites many foundation papers
   + Gives the reasoning behind many decisions in development in SDL
   + Good discussion of threat trees
   + Managerial focused chapters are well thought out and complete
   
   Weaknesses:
   - Technical information is MS focused
   - Might be acronym heavy for non-technical/security managers
   - Does not reference other secure development processes, such as IATF section 3
   - Does not reference NIST 800 series for risk analysis
   
   What I would like to see:
   *Expanded Chapter 5 (Education and Awareness), giving more information on the curriculum of security classes offered.
   
   *Better balance between the technical and managerial aspects of the SDL. This book would be stellar either with more technical information (platform independent) or by focusing the book more on managerial aspects of the SDL.
   
   *The actual SDL documents being used at MS
   
   Overall, this is a good book, I would recommend it. However I do think a second edition would help this book immensely.



2. As is well known, Microsoft software has been known in the past for producing software that had numerous problems in the security area. It finally became so obvious that the company was forced to make a major change in emphasis regarding the security holes in their products.
   
   Microsoft is, of course, a huge software development organization. To move the organization into writing more secure code it was necessary to develop plans, procedures, classes for managers and programmer and the like to implement writing more secure code. The resulting effort is called the Security Development Lifecycle (SDL).
   
   The results of implementing SDL are summarized in the Introduction to the book. Here are two newspaper headlines quoted there:
   
   Gartner Recommends Against Microsoft IIS (eWeek, 2001)
   We actually consider Microsoft to be leading the software industry now in improvements in their security development life cycle (CRN 2006)
   
   This book is aimed at the people managing and defining software projects. It does not contain very many specific code examples that would appeal to the developer. This is not to say that developers shouldn't read it, but that it is not a detailed techie document.
   
   The CD that comes with the book includes several documents that extend the concepts talked about in the book and a six part security class video conducted by the authors.
   
   One note of caution. This book is on the Microsoft approach to security. It's what they are doing. It works for them. But there are also other approaches such as that being implemented by organizations such as the US Government.



3. This book is a wonderful glimpse behind the curtain at one of the most advanced software development firms in the world. Renowned for hiring the best and the brightest, this book shows how they learned to do development in a smarter and more efficient manner. Some people may consider a SDL to be overkill, but the evidence presented is clear; if you want an efficient, effective process for meeting customer requirements, one must consider and address security. And this book is the how-to companion to the other great titles associated with Microsoft and secure coding. Whereas Writing Secure Code, Second Edition, focuses on technical detail, this book focuses on the process that enables developer to achieve the technical details.
   
   This book is the project manager's guide to how it should be done. How to set up your development processes so that better developers can contribute in an effective fashion towards making better software. For some, there are no new secrets revealed in this book, but I know of no other source with all this information together in one place. And it comes with a bonus - the material has been tested and proven at the world's largest developer group. And in this case, bigger is not easier, but much harder - decentralized bureaucracies and business unit independence aside, it works at Microsoft, and as it gets further embedded into their processes and systems, the future for this methodology looks better and better.
   
   Thank you Mike Howard and Steve Lipner for finishing the story. First we learn what to do (Writing Secure Code), now you let us know how to get it done (The Security Development Lifecycle). This may not be the perfect book, but then, I've yet to see that one. This book does advance the management side of the state-of-the-art light years forward, into the current century. This book is the textbook for the process side of software engineering in my classes, and I look forward to future editions and more details from behind the curtain.



4. I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the production of more security software.
   
   "Security Development Lifecycle" (SDL) is unique because in many ways it exposes the guts of Microsoft's product development process. I cannot recall seeing another technical company share so much of its internal procedures with the public. One of the most interesting aspects of SDL is the attention paid to security after a product is shipped. No one at Microsoft breathes a sigh of relief when boxes appear on store shelves. Instead, Microsoft explains how it conducts security response planning in ch 15 and security response execution in ch 17. (Between the two is ch 16 -- only 3/4 of a page! Why bother?)
   
   Although I liked SDL overall (enough to justify 4 stars), I thought it suffered three major problems. First, I don't think the audience was defined properly. p xviii mentions "managers" as the primary target, along with architects and designers. Specifically, "this is not a book for developers." Yet, ch 12 ("Secure Testing Policies") is definitely for programmers. A manager probably not going to know what a "null pointer dereference" is; at the very least that is not a subject that should be discussed in a book for managers.
   
   Second, I think SDL suffers a little too much overlap with the earlier Microsoft book "Writing Secure Code, 2nd Ed." WSC2E addressed writing documentation, security testing ,and obviously secure coding in much the same language as repeated in SDL. Sometimes repetition is justified, but perhaps those subjects appeared in WSC2E for a reason and did not belong in a book for managers.
   
   Third, and most importantly, Microsoft continues its pattern of misusing terms like "threat" that started with "Threat Modeling" and WSC2E. SDL demonstrates some movement on the part of the book's authors towards more acceptable usage, however. Material previously discussed in a "Threat Modeling" chapter in WSC2E now appears in a chapter called "Risk Analysis" (ch 9) -- but within the chapter, the terms are mostly still corrupted. Many times Microsoft misuses the term risk too. For example, p 94 says "The Security Risk Assessment is used to determine the system's level of vulnerability to attack." If you're making that decision, it's a vulnerability assessment; when you incorporate threat and asset value calculations with vulnerabilities, that's true risk assessment.
   
   The authors try to deflect what I expect was criticism of their term misuse in previous books. On p 102 they say "The meaning of the word threat is much debated. In this book, a threat is defined as an attacker's objective." The problem with this definition is that it exposes the problems with their terminology. The authors make me cringe when I read phrases like "threats to the system ranked by risk" (p 103) or "spoofing threats risk ranking." On p 104, they are really talking about vulnerabilities when they write "All threats are uncovered through the analysis process." The one time they do use threat properly, it shows their definition is nonsensical: "consider the insider-threat scenario -- should your product protect against attackers who work for your company?" If you recognize that a threat is a party with the capabilities and intentions to exploit a vulnerability in an asset, then Microsoft is describing insiders appropriately -- but not as "an attacker's objective."
   
   Don't get me wrong -- there's a lot to like about SDL. I gave the book four stars, and I think it would be good to read it. I fear, though, that this is another book distributed to Microsoft developers and managers riddled with sometimes confusing or outright wrong ways to think about security. This produces lasting problems that degrade the community's ability to discuss and solve software security problems. I also question the implication that SDL is great and everything else doesn't produce verified security improvements. I can understand denigrating Linux, but is Microsoft afraid to acknowledge the security record of an OS like OpenBSD?

5 comments about Beginning Mac OS X Programming.

1. This book should be named "Beginners Broad Overview of Mac OSX Programming Topics".
   
   If you have never even heard of Bash/C/Python/Perl/OOP/Cocoa/Frameworks - this book may be of some use.
   
   
   The first few chapters on Interface Builder/Xcode have you follow along with the simplest of instructions, creating Projects, and working with .c and .h files, and then into building and running a few simple applications. These high level concepts in themselves quite easy to grasp but the descent into actual cocoa programming/c language/frameworks/OOP in succeeding chapters is quite difficult and the authors take the same tone as many other 'how-to' books do in remaining quite technical about technically abstract concepts.
   
   Here you will find the going quite rough, and the 'why' factor (eg, why are we doing this) is definitively absent. I can see why I have a .c file but why do I need a .h file ? The mind's natural intuition is to say "why *ever* make things more complicated then they need to be.... so why not combine the content of .c and .h files together ? The mind wonders "did the programming guru's who created XCode/IB/Cocoa/C/OOP just create a huge mess (cause thats what this looks like), or did they formulate something elegant ?" How did they arrive at this overtly complicated scheme ? Why does it have to be so complicated just to multiply a few numbers together in a small window (the Calculator tutorial from ADC). One doesnt know when one is just starting out. There's no answer from the authors in these first few chapters, if ever. Perhaps there was some temerity at commenting 'in the margins'. This small example of a 'hey why are we doing that now ?' mental query, natural to process of learning, is just but one of many opportunities missed. Granted, nobody said programming was easy, but imparting an understanding being the ostensible goal of how-to books, the audience is definitely looking for clues about 'why' and not just the 'how'.
   
   As a result of so many omissions, grasping the 'why' of it all is decidedly difficult. The book if it were to be improved would need to dig into this 'why' aspect much more deeply than it now does. Am I learning a big huge mess, that nobody has ever bothered to truly rethink/streamline or does this XCode/IB/Cocoa stuff combine into something truly efficient ? If its efficient, show me why, Im here to learn and want to know...
   
   The languages chapters do a reasonable job of explaining to the never-heard-of-it-before audience the concepts of Bash, C, Perl, Python, and Applescript. The book provides decent examples and discussions as to their various capabilities and pro's and con's. The book also provides many "now you do it" type functions and you will find yourself wanting to launch a Terminal session and get going right away.
   
   The book does not necessarily bode well for the programming novice at "rung 2 or 3" who already has some knowledge of broad topics and wants to actually learn the how-to of programming- which would quite naturally be Cocoa, since Cocoa is the basis for all modern Mac programs that run with any GUI at final output. Unfortunately, I could only weakly recommend OReilly's "Learning Cocoa", itself quite technical and also very much missing the 'guide voice' or 'why factor'.
   
   Because I feel the 'why factor' and the 'voice of the guide' were so notably absent from this tome, Im only giving it 2 of 5 stars, there's lots of room for improvement imho. I also despise when authors provide aliases to explanations found on the internet...and this tome is also guilty of this phenomena. Hey, I paid for your book, *I expect a decent explanation* not a link to a website where I could read with little understanding until my eyeballs fall out.



2. I am new to MacOSX development and this is just hands down a great book to get started with. it lays down a great foundation for getting started. If you have done development or hand not it is a great way to get the ball rolling. Can't wait for the next edition.



3. I am a total programming newbie. I'm also fairly new to the Apple world, having bought my first Macintosh in April. I've really been excited about Macs, OSX, and all the stuff they offer.
   
   I mainly work in graphics programs such as Poser & DAZ|Studio. Over the years, I've created countless tutorials to help Graphics Newbies. I'm known for extensive use of screenshots, and good writing skills.
   
   I've been disappointed because there are no Macintosh versions of some very important Poser-related utilities. I thought it would be nice to learn programming, and make my own utilities.
   
   I browsed through the Amazon book collection, and this book seemed promising. Unfortunately I was wrong. Unfortunately, it appears no one proofread this book. I got as far as Chapter 3 before I gave up.
   
   There are numerous problems with the Calculator project. The code you enter doesn't match the code listed later in the exercise. You're supposed to fix errors on code you never entered.
   
   The book was a problem from the start. The XCode installation information was incorrect. This problem cost me a couple hours of downtime. I eventually found the solution myself...
   
   In the book, we have some exercises that get you started, and then you're left hanging while the authors go on and on about related stuff. Should you save the project? Should you abandon it?
   
   In my own opinion, this book doesn't have enough screenshots. I'm left wondering exactly what item to click, or what my code should look like, etc.
   
   It's natural for a newbies to feel lost. It's the book author's responsibility to help the reader through this confusion and teach him something.
   
   Unfortunately, the errors in the Calculator exercise are too great an obstacle to overcome.
   
   The book will be placed on a shelf for now. Maybe one day I'll revisit it to see if the remaining chapters are better.



4. I have been unfortunate enough to pick this book up as a starting point for Mac programming. Very heavy on sample code that's either not explained at all for a few chapters or just glossed over after you're made to type, compile and run it. Explanations are in the line-by-line format with no explanation of the larger context of what you're actually doing.
   
   The book jumps around between new and legacy frameworks and environments as if a beginner needs to be confronted with more choices.
   
   Oh and 200 of the 620 odd pages of content is about scripting, which again is split into UNIX scripting, Python/Ruby and AppleScripting...
   
   I almost gave up on getting to grips with Mac programming until i thankfully threw this book in the bin and started again with something that's better structured.



5. Been a great book for learning Mac programming so far. Very hands on with examples aplenty.

2 comments about HTML: Comprehensive Concepts and Techniques, Fourth Edition (Shelly Cashman Series).

1. I haven't got too far, it gives pleasant assignments and lab-projects to learn HTML. I am more interested in CSS and such, but haven't got too far into the book to see if this is covered. I bought this as a textbook for a class in HTML I am taking.



2. This book covers it all. I just wish, as I am a novice to web design, that there were more real life examples to explain the elements. It was very technical and sometimes I got lost in the jargon.

4 comments about Microsoft Office Visio 2003 Inside Out.

1. This book is what used to be called a "manual" that came "free" after you spent a few hundred dollars on software. If you are looking for a manual, this is a good choice, but if you want to learn how to use the program with this, please don't. The examples it showed were not consistent within the chapter, so you could not follow along by trying to try out the concepts after reading easily.
   I'll keep the book as a reference, but I'm a bit upset about spending money for it. I'll try the "Step by Step" book, but those are generally not very in-depth.



2. Very good general reference. Met my expectations and meets my needs.



3. good detail, nice glossary and defs. Easy to use and the quality of info is great.



4. I am always satified with the Inside Out Series, this book is very helpful for every level.

5 comments about Beginning ASP.NET 2.0 E-Commerce in C# 2005: From Novice to Professional.

1. It is cover a lot of great part of asp.net 2.0. It is easy to understand and implement. Some code is very profession and hard to understand. Most of them cover SQL,ASP,WEB service,security issue.I will say it is the cool part of ASP.net. You can see author spend a lot of time to collect the beauty of asp.net. You will like it no matter how many time you read the book.



2. This book covers it's topic E-Commerce very well. It also takes advantage of the new features found in ASP.Net 2.0 including some of the new ADO features. If you are getting ready to setup an E-Commerce site I highly recommend this book. I also recommend it for beginning developers wanting to know more about ADO and database design.
   The authors have a great approach to design that anyone doing E-Commerce would do well to follow. Better yet they mention the pros and cons of different approaches and explain why they chose their approach. I've been thrilled to learn some new strategies to improve performance that I hadn't considered before as well as some new features in ASP.Net and ADO 2.0 that I wasn't aware of.
   The only negative, for me, is the database as well as ADO basics this book spends many pages covering. However there's plenty of worthwhile content to justify the price. So if you are familiar with database design and have a working knowledge of ADO you can just skip past those pages. I do recommend you skim thru them though as, like me, you may learn some new 2.0 features you weren't aware of.
   The book covered all my E-Commerce questions: catalog design, how to scale up/performance considerations, SSL, Security issues, credit card processing, and costs involved. They even point you in the direction of a few recommended credit card processing businesses. Best of all they approach the site creation in such a way you can quickly get up and going and then later on focus on fine tuning payment options and really making the site standout with features.



3. 'Beginning ASP .NET 2.0 E-Commerce in C# 2005: From Novice to Professional' by Cristian Darie and Karli Watson is one of the most unique and important books out there for anyone that is developing an E-Commerce site with ASP.NET 2.0. Starting from scratch, the authors step by step show you how to get a site running and WORKING well and efficient. Packed with 650+ pages of material, the authors break the steps down in logical parts, show how they go about the work to be done, and then provide the code which does the dirty work. Not only is it helpful, but it's a joy to follow the steps as so much of the curtain is pulled away to show the developer how to get the job done. This is easily one of my favorite Apress books that I have seen. One of the nicest things about the Apress line of books is the fact that they write and publish books that no one else seems to and this is a perfect example of this. I'll close with a chapter overview for your inspection:
   
   01. Starting off
   02. Laying Out the Foundation
   03. Creating the Product Catalog: Part I
   04. Creating the Product Catalog: Part II
   05. Searching the Catalog
   06. Improving Performance
   07. Receiving Payments Using PayPal
   08. Catalog Administration
   09. Creating a Custom Shopping Cart
   10. Custom Orders
   11. Making Product Recommendations
   12. Adding Customer Accounts
   13. Advanced Customer Orders
   14. Order Pipeline
   15. Implementing the Pipeline
   16. Credit Card Transactions
   17. Integrating with Amazon
   
   Tack on 2 appendixes to the end and you have a MUST-HAVE book for anyone that is looking to achieve the same goals that this books does!!
   
   ***** HIGHLY RECOMMENDED



4. It's an excellent book, the book teaches you how to develop a site in three layers (presentation, business and data) in my ishe goal of this book.



5. Dos ultimos livros que tenho comprado, assim como os da serie Head First da O'Really este livro superou muito as minhas espectativas.
   
   Como um livro de tutorial foi maravilhoso e me trouxe muito conteudo !!!
   
   Realmente vale a pena !!!

5 comments about The Art of Project Management (Theory in Practice (O'Reilly)).

1. The subject of my review pretty much sums up how I feel about this book. After the first 100 pages, I thought to myself "I've gotten a handful of gems and a few good visuals, but did I need 100 pages to accomplish that?"
   
   Seriously, that sums up my impression of the entire book. There is a LOT to be desired in terms of organization and it really feels like there's a lot of good information, but so poorly organized that it's hard to connect ideas. Several times per chapter, I find myself seeing references to how something will be better dealt with in further chapters. I have to ask myself why that happens constantly, and whether or not it says something about the organization of the book.
   
   There also seems to be a tendency to wander away from central topics into tangents or only loosely related ideas. Very rarely does the author tie his thoughts back to what each particular chapter is about, or to a central idea. I have a hard time learning from books that are written this way. I have constantly found myself reading a paragraph in this book and thinking "Okay, but what does this have to do with the aspect of project management that this chapter is supposed to be about?" I tried very hard not to fall into that trap, but it kept happening.
   
   I am an avid reading and an academic, so I know dry reading and I'm not saying that this is dry or anything like that. Quite the opposite, it's witty and fun to read in places. The thing that gets me so much is that it's poorly organized and poorly optimized. I find the author spends way too much time trying to say things and not nearly enough time relating them back to his main ideas.
   
   I have read the authors second book, on Myths of Innovation, and I have to say that I was disappointed by going back to his first book (this one) on project management. I think his second book is excellent and vastly improved upon. It is much shorter than this project management book and MUCH better written, largely in part because of the organization but also because of how concise it is. In retrospect, perhaps he has since improved his craft, but his first outing (this project management book) is definitely tricky.
   
   I see all the positive comments and I believe those people are being genuine about the content of the book. On the other hand, I do believe they have neglected to mention the issues I'm pointing out here. Don't get me wrong, there is useful information here, and lots of it. I have really enjoyed the nuggets that I've found in several chapters, but I lament the page count I had to forge through to get to them.
   
   Again, the content is good here, but the presentation leaves a LOT to be desired. If you have issues with reading books where the author wanders away from central ideas and loses himself in tangents, and where you can easily forget what you're reading about in a particular chapter, you may have difficulties here. If you're just after the book for some good ideas about project management and plan to skim it, you should be okay. Anyone planning to read this from cover to cover is in for some real disappointment.



2. If you're looking to figure out why you're having problems getting your ideas heard or your projects wrapped up on time, ESPECIALLY IF YOU ARE NOT THE PM, this is a great book! Almost any software or system project with companies of any size require "project management" skills from anyone interested in getting things done.
   
   Scott will show you how to better estimate time, see the phases a project goes through, and give you some new perspectives and ways you can improve your product. Easy to read and enough ideas to get you thinking. Right now I'm thinking how much better my professional career would have been if I understood this a decade ago.
   
   Good book, read it!



3. I'm a rookie, so a playbook that organizes my thinking and allows me to execute the plays each day is perfect for what I need. I was surprised at how much of the role of project manager I do right now, and how much of the work is accessible if not desirable to me. The general feeling upon conclusion of the book is that I was just short of an epiphany in thinking, but it helped solidify my suspicions about project management:
   -it is about getting things done through others;
   -it requires a disciplined mind and organizational ability;
   -it can be learned;
   -it can be more rewarding than being an individual contributor.
   
   Mr. Berkun has a lot of commercial software development background, so you'll need to map his model onto yours, but this isn't difficult. The processes for new projects are identical to maintenance work, only you have a smaller timeline and a more focused objective. Really, the ideas and practices scale very well.
   
   Where I was put off, somewhat was in how the footnotes were organized, and how his anecdotes tended to end. Footnotes go at the bottom of the page or, much less ideally, at the end of the chapter. Putting them at the back of the book is the least helpful of the options. I'd have rather seen long parenthetical ramblings than a collection of now-contextless footnotes to read.
   
   The anecdotes were illustrative, but lacked some kind of conclusion or resolution almost every time. "We had a problem, I discovered 'x', and we applied it." So how did it turn out? There's no reflection upon the efficacy of his examples in many cases, and it's an annoying method of storytelling.
   
   Overall, I'm pleased that I found the book, and plan to use it in my expanded role at work. Once I develop some mastery of daily/ weekly/ monthly planning and execution, I'm sure I'll be able to move onto more advanced study, but I'm not ready, and this book is clearly for rookies with some self-awareness.
   
   -C



4. I'm the author and wanted to make sure you were informed there is a new, updated edition of this book, and its now called Making Things Happen: Mastering Project Management. It has been revised, polished, and enhanced, with 120+ new exercises, a discussion guide, improved footnotes, and much more.
   
   Since the old edition listed on this page is out of print and hard to find, it's selling for twice the list price of the new edition, and, if you care, I get no royalties from used book purchases. If you really really want it for some reason, go for it, but I wanted to make sure you knew there's a better, and likely cheaper edition available.
   
   Cheers and happy reading.



5. This is based on Scott's experience and it will give you good ideas, techniques and advices for project management. But if you're thinking in PMP book this isn't that kind of book.
   I red it three times and each time I learn something new. I strongly recommend read this other book "Applied Software Project Management" from Theory In Practice O'Reilly series.

No comments about Beginning CakePHP: From Novice to Professional (Beginning from Novice to Professional).

5 comments about Linux Cookbook.

1. I wanted to become more experienced with UNIX so I had the Ubuntu distribution installed in my computer. I spent six months having a hard time getting simple things done until I came accross this book.
   
   It is organized in such a way that it is easy to get to do what you want/need and, what's better, the explanations provided give you insights on how UNIX works. After a while, you will find yourself doing new stuff on your own.
   
   If you want to get into UNIX but knows little about it my advice for you is: get this book and jump into LINUX - it is worth it!



2. ... which comes in real handy considering how often I reference it.
   
   Chapter 10 (Patching, Customizing, and Upgrading Kernels) and Chapter 12 (Managing the Bootloader and Multi-Booting) helped me recompile my kernel for the first time. Not only are the instructions clear, but the author also made sure to explain each step so I knew why I was typing a certain command. There's even a section on how to create an initrd image for SCSI drive users, which I had a hard time finding on the web.
   
   This book does an excellent job covering all the basics, and it's worth spending the time to read it from beginning to end. I certainly see myself getting a lot of mileage from it.



3. A well-organised and clearly written collection of useful commands and solutions to help one along with the often exasperating arcana of Linux. Covers all flavours and is a 'must have' book.



4. Because this is a "cookbook," it gives you recipies -- step-by-step instructions for performing specific tasks.
   
   This makes Linux Cookbook EXTREMELY useful when it has a recipie you need, and it often gives you a good starting point when you need to do something that isn't specifically covered.
   
   For example, let's say you need to setup a mail server, which you've never done before. As long as you're willing to use the mail tools she describes (which are perfectly good tools), then this book is the fastest way to get the job done. She also shows you how to make sure the server will be secure.
   
   I'm glad I have this book on my shelf, I recommend it, and I refer to it whenever I need to do something new in Linux. The problem is, you can't have a step-by-step recipie for everything. When this book hits the mark, it's the best book you can have, but you cannot rely on this as your only Linux book.



5. Excellent Linux book! Gives step by step answers to common Linux problems in a "Problem - solution" style way. I'm a tad disappointed in the SAMBA section, but that really is a topic deserving of a book of its own.

5 comments about MCSA/MCSE Self-Paced Training Kit (Exam 70-350): Implementing Microsoft® Internet Security and Acceleration Server 2004 (Pro-Certification).

1. Very helpful for exam 70-350 and daily tasks as IT Network security administrator.



2. Very nice book , I recommended it for all specialist in Microsoft networking, and systems.



3. This book does not base itself in only Microsoft scenario, it covers networks and security in a wide context.
   Well written, gives you the ability to deploy and understand the ISA SERVER, which by itself is an excelent software, and the environments which your are deploy in.
   You don't need to be an expert in IT to comprehend this book, but need to know a little about protocols and TCP/IP.
   Who buys it can enjoy a good travel through the network boundaries world.
   I didn't rate it 5 for 2 reasons. First, the book says, sometimes, you have got an enterprise isa cd, but you have got the standard one.
   The author, sometimes, endeavours so much in assuring your understandable of the subject that spend a few pages more than needed. Another drawback is the excess of "plan, analyse, get information" advices. It becomes repetitive through the pages.
   Well, that is it, a good book and enough to pass the certification exam by yourself.



4. The writing style is somewhat dry.
   
   The enclosed software (ISA server 120 day evaluation) and the computerized test questions make the book worth the money.



5. I used this book (ISA 2004) as the primary material to study for the Isa 2006 70-351 Exam.
   
   It more than covers the foundations of ISA Server and with some time spent on MS.com researching ISA 2006 enhancements is all that was required.
   
   I am becoming a huge fan of the MS Press books and this one is no exception.
   
   Perhaps a little more focus on Enterprise rather than the single chapter would be good as there are a few Enterprise questions in the exam, but still that takes nothing away from this text.
   
   5 Stars!
   
   Mark Grogan

5 comments about Agile Database Techniques: Effective Strategies for the Agile Software Developer (Wiley Application Development).

1. The book was well written and very easy to use. I found many insightfull thoughts as to the purpose of Agile development. If you are looking for a great book to guide you into AGILE development, this will do it.
   Drawbacks or missed points, yes this book has two flaws that I have to list. 1. the repeated use of the word Legacy and the very negative congnitation of the word. Older database will have many flaws, and we need to identify them. They will also have many objects and data patterns that are valid and efficient and should not be abandoned because its not todays effort.
   2. Agile and refactoring of tables does not address, production, zero down time, large volume databases. How do you refactor a table with 2 terabites of data and can not allow downtime. (medical)



2. This is very well written, enjoyable book, with few (if any) competitors. Given its agile sensitivities, it's perfect for a programmer looking for an overview of the whole data modelling she-bang, from use cases to impedance mismatch. Despite clocking in at 400 pages of fairly dense type, interspersed with various tables and UML diagrams, it's a breeze to read. It assumes a bit of knowledge of database technologies, but you don't need anything more than a nodding familiarity with SQL and basic concepts like normalisation.
   
   This book deals with a lot of issues related to using databases as part of agile modelling. The main message is that agile application developers need to think about persistence issues, and database admins need to understand agile development. The differences between data-driven and object-driven models are clearly laid out, and there's an excellent section on refactoring databases.
   
   The important thing about this book is not so much offering you specific solutions to problems, but alerting you to potential problems you might not even know exist, and explaining that you do have options in solving them. As well as introducing agile methods like TDD and refactoring, it also covers database issues like transactions, security, concurrency and object-relational mapping.
   
   Additionally, there is an emphasis on the organisational and political issues you might face in transitioning to agile methodologies, and it's very pragmatic in pointing out that some things that might be considered the preserve of an application developer, could be done in the database itself. The issues are presented at the same level of detail as those presented in the likes of The Pragmatic Programmer (but a different subject, of course). For more specifics, you will need to turn to the likes of Martin Fowler's Patterns of Enterprise Application Architecture, or to see specific technologies being used, Chris Richardson's POJOs in Action. I would definitely recommend this book before reading those.
   
   As someone with little knowledge of databases, I found this an excellent and unique resource to join up the dots when it comes to persistence and agile.



3. Database refactoring is the harder part of development and this book give great information about how to deal with change.
   I personally recommend it.



4. To be fair, the book title suggests that it is for the software developer, and not a database administrator. I thought that it had a good overview of agile related items. Although it was probably not as useful for software developers who might have more exposure to the agile methods. From a DBA point of view, I thought it was a nice overview because agile is not typically used in DBA teams.
   
   As far as specifics relating to databases, I thought it could have had more real-life scenarios and suggestions on how to deal with them. Some of the ideas presented were just too unrealistic for my liking.
   
   That being said, there are a few good ideas in this book. It was a quick read too. So if you are a DBA who has no idea of agile, it might be something to start with.



5. If you are an application developer that has ever worked with a system that is difficult and convoluted because of fear of touching the Database then you owe it to yourself to read this book. This book will provide you with the insight and techniques to make changes to your Database with confidence.
   
   I also recommend Refactoring Databases: Evolutionary Database Design (The Addison-Wesley Signature Series) for those who seek details on how to implement the topics discussed in "Agile Database Techniques"