1 comments about An Information Systems Approach to Object-Oriented Programming Using Microsoft Visual C# .NET.

1. An excellent introduction of VS.Net and explanation of IDE development vs stand-alone development, and a thorough coverage of analysis and design phases of the development process. Also excellent worked out examples in each chapter. There are a good number of objective questions and several programming exercises at the end of each chapter, which is very helpful help for the teacher using this textbook. Writing style is extremely clear and very effective. Complex topics, including the ones listed below have been explained in a manner that every student can easily understand them:
   
   data validation in response to a question:" What should you do when input values are incorrect, Existence Check, Data Type Check, Range Check, Reasonableness Check, Code Check, Cross-Field Check, manipulation of numbers using arithmetical operators, manipulation of strings using operators like concatenation, substring, parsing, methods for changing to upper case etc., date-time manipulation, exceptions and exception handling, call stack, application exception, execution call stack, stack trace property, pass by reference, pass by value, instance method, overloading, shared method, static method, top of stack, recursive methods, theoretical concepts of "arrays," and "good use of arrays," use of proper encapsulation by making the operations visible and the data and the implementation of the operations hidden in the objects, common formats for saving information in sequential data files using plain text: (1) Fixed-width text files, (2) CSV (Comma-separated values) files, and (3) Tab-delimited file, Inheritance and Polymorphism -- two important important components of Object Oriented Programming etc. )
   
   I have seen other books where authors create confusion in reader's mind when they try explaining complex topics in a confusing way. I found everything in this book very easy to understand.
   
   After looking at the table of contents, I admire the strategy of the authors - they are presenting the "more technical things earlier" and "more management issues a "bit later." Also they have separated some programming conventions into appendix B (because the conventions may differ at some software houses). I like the authors separating such material from the chapters of the textbook.
   
   Writing style is indeed very clear and very effective, and it reflects the pedagogical skills of the authors. The authors skillfully and successfully explain many difficult issues in programming, like, hash table, stacks, queues, etc. I fully expect to use this book when I teach C# at my university.

5 comments about Introduction to 3D Game Programming with DirectX 9 (Wordware Game and Graphics Library).

1. This book is written very well, and it is written in a way that allows the reader to follow without getting lost in the terminology. Everything is explained very well. I use the book constantly as a reference when programming. Pick this book up if your serious about learning DirectX.



2. I started DirectX programming recently. This book brings you upto speed very fast. It is well organized, written well, and is kept very simple. It's objective is to teach concepts and how to program specific concepts is C++. The examples and straightforward and illustrate whats in the text very well.
   
   Like all other reviewers, I should agree that the title of this book is misleading. There is very little, if any "Game development". The book is all about the basics of 3D drawing using drect X
   
   If you want to start programming DirectX over the weekend with some nice 3D graphics including textures, lights and terrains and even fireworks, this is the book for you. I highly recommend it.



3. I guess this book delivers what it promises, more or less. It effectively introduces you to directx. It devotes 20 or so pages to each of 20 or so topics (the dimensions of the book are real small though, so the page counts are somewhat misleading). By the end of the book you'll understand what directx is and what directx can do, but what I found is that there just isn't enough "meat" there to learn any part of directx well enough to do anything useful with this knowledge.



4. This review covers the first 13 chapters. It is a book that you will definitely learn from; however, beware that it is not written for users of C#. C# samples can be downloaded from the book's web site and I talk extensively about that in this review. This review is more a How-To than anything else - it documents my experience with the book and using the sample code from the book's web site. I am new to 3D game programming so I started out with giving myself a crash course in Linear Algebra (for this I studied the book, "3D Math Primer for Graphics and Game Development").
   
   In Part 1 the author could do a better job of explaining how a vector cross product is calculated. He refers to "formula (4)" which is a formula in final form (i.e. it does not show the steps). Furthermore, "formula (4)" comes seven pages after the first three formulas, so when you come to "(4)" (on page 13) you may have already forgotten about (1), (2) and (3) (which are on page 6) -- it is awkward. It should be highlighted and labeled as "FORMULA 4:" or something like that.
   
   In Part II, Chapter 1 (Direct3D Initialization), section 1.4.1 describes initializing a pointer to an IDirect3D9 interface as...
   IDirect3D9* _d3d9;
   however, in section 1.4.2 the code for checking the capabilities of the primary display adapter shows this code...
   d3d9->GetDeviceCaps...
   The underscore character is missing from the IDirect3D9 object. It should read...
   _d3d9->GetDeviceCaps
   
   The source code can be downloaded from http://www.moon-labs.com/ml_book_samples.htm. C# versions of the sample programs are available. The download instructions include a username/password but I was able to download the files without having to provide them. Should you be prompted for a username/password the author's instructions state, "The user name is exactly the second word on page 212 in the first paragraph of Chapter 13. The password is exactly the fourth word on page 213 in the first paragraph of section 13.1." Let's cut to the chase, its "terrain/heightmap" (without the quotation marks or forward slash).
   
   The code in the book is meant to be used in a C++ development environment. I use C# 2005 Express Edition therefore there wasn't anything I could do with the code in the book. When you open a sample code project (one from the C# versions available at the web site) in the C# 2005 Express Edition, a "Visual Studio Conversion Wizard" will prompt you to convert the project to the current edition's format. Just go ahead and click on "Finish." As I mentioned in a previous paragraph, there is a C# version of the sample programs provided on the web site.
   
   Beginning with Chapter 3's sample and in all of the samples I could not understand why the 'Window' parameter would not work the way I understood it to work. In Form1.cs, when a d3d object is instantiated with a 'true' instead of 'false' for the Window parameter (the 3rd parameter), nothing worked. This works...
   d3d = new D3DInit.D3DInit(800, 600, false, DeviceType.Hardware, ref device);
   but this does not...
   d3d = new D3DInit.D3DInit(800, 600, true, DeviceType.Hardware, ref device);
   
   I had trouble with the sample for Chapter 6 (Texturing). The problem was due to the sample program's inability to find the texture image. To fix it, all I had to do was change the source code to reflect the FULL path to the image file. I'll clarify... this is the original line 136 in D3DInit.cs...
   
   tex = Microsoft.DirectX.Direct3D.TextureLoader.FromFile(device, "dx5_logo.bmp");
   
   I modified it to...
   
   tex = Microsoft.DirectX.Direct3D.TextureLoader.FromFile(device, "D:\\david.emmith\\Books\\Intro to 3D Game Programming\\Part II CS\\Chapter6\\dx5_logo.bmp");
   (Note: Remember to escape backslashes in path names by making double-backslashes, otherwise you'll get an error.)
   
   The same problem occurred again in Chapter 7's sample.
   
   In Chapter 11's sample you may find a similar problem to the ones I described above for Chapter's 6 and 7. In Chapter 11 there is a line in D3DInit.cs (line #55) that reads...
   
   private string shipFilename = "bigship1.x";
   
   You may need to modify it to reflect the full path name.
   
   If you are writing your own app and using the .NET samples as a guide you may run into a few problems when you build the solution. You may see a "... has more than one entry point defined" error. This will happen if you have the following code in your Form1.cs file...
   
   [STAThread]
   static void Main()
   {
   Application.Run(new Form1());
   }
   
   There is no need to have those lines in your Form1.cs (or whatever filename you are using in place of Form1.cs). A Program.cs file should have automatically been created in your project (click on the 'Show All Files' icon in Solution Explorer). You can do one of two things to rectify this problem:
   (1) Comment out or delete the code shown above in your Form1.cs (or its equivalent) file.
   *** OR ***
   (2) Exclude Program.cs from your project (right click the Program.cs icon and select 'Exclude From Project').
   
   There is a similar situation in the D3DInit.cs file. There is no need to include the Dispose() method - it will already be in the D3DInit.Designer.cs file (this file, like Program.cs, is automatically created by the Visual C# IDE).
   
   Another problem you may encounter if you are trying to use the Esc key to terminate your DirectX app is the Esc key not working. To solve this problem open your Form1.Designer.cs file and add the following line at the end of the InitializeComponent() method...
   this.KeyUp += new System.Windows.Forms.KeyEventHandler(this.Form1_KeyUp);
   Then make sure you have this method in your Form1.cs file...
   
   private void Form1_KeyUp(object sender, System.Windows.Forms.KeyEventArgs e)
   {
   d3d.CloseD3DInit();
   Close();
   }
   
   And of course your D3DInit.cs file should have the CloseD3DInit() method defined. If not it should look like this...
   
   public void CloseD3DInit()
   {
   displayThread.Abort();
   Close();
   }
   
   In Chapter 11, as I mentioned earlier, there is a reference to a file named bigship1.x which is provided in the sample project. This is a mesh file which is nothing more than a geometric description of an object - in this case, a spaceship. If you're like me and you want to workout your own example you would like to create your own mesh file and test it in your own application. To create a mesh of your own design you will need the aid of a program. DirectX uses the .x file format for its mesh files. Some of the more popular 3D design programs do not readily provide a method for turning their meshes into the .x format. I will describe as briefly as possible the steps I took to create a simple mesh, convert it to a .x file and use it in my own program. There is probably a better way but this is the way I did it.
   
   (1) Find a FREE 3D design program. I downloaded and installed two programs:
   
   (a) Maya 7.0 Personal Learning Edition
   
   (a.1) Can be found at the Autodesk web site.
   
   (b) Autodesk 3DS Max 9 (30-day trial)
   
   (b.1) Can be found at the Autodesk web site.
   I was more interested in 3DS Max because I have my eyes on some aircraft models I want to use and they were created in the .max file format. So this is the program I used to create a very simple model.
   
   (2) Create a model. I created a sphere with a green texture in 3DS Max. I won't go into the details of how I did that because it is not that difficult to figure out on your own. You may want to create something a little more 'elaborate' than a green sphere. Have at it.
   
   (3) Convert the model into an x-file. This sounds simple enough but try doing it on the cheap, i.e. $0.00.
   
   (a) If you want to pay for a conversion utility up front then check out two products from Okino Computer Graphics:
   
   (a.1) NuGraf
   
   (a.2) Polytrans (a simpler version of NuGraf)
   It should be noted that Robert Lansdale (lansd[at]okino.com) offered to do a one-time conversion for me. I emailed him my .max file and he sent me back a .x file. I had already done the conversion by the time he sent the file back but I certainly appreciated his kind gesture.
   
   (b) If your cheap like me you want to do this for free because afterall, you're just trying to learn how all this works. I contacted a 3D guru by the name of Chad Vernon. Chad was very helpful in pointing out a couple of free conversion tools:
   
   (b.1) kiloWatt X file Exporter
   
   (b.2) Pandasoft's Panda Xporter Tool
   
   (c) I used Panda Xporter. After you unzip the .zip file you have a file named PandaDirectXMaxExporter.dle. This is a 'plugin'. So what you need to do next is to make this file known to 3DS Max and the way you do that is place the file in 3DS Max's plugin folder. On my machine this folder is located at D:\Program Files\Autodesk\3ds Max 9\plugins. Now you are ready to convert your model to the .x file format.
   
   (d) Launch 3DS Max (close the Welcome Screen if it appears) and open your model file (File | Open Recent). The first time I did this with the Panda Xporter in place 3DS Max crashed. I removed the Xporter from the plugin folder and re-launched 3DS Max. It crashed again. I eventually got it to work and put the Xporter back in the plugin folder. 3DS Max did not crash after that. This remains a mystery. The problem appeared to have fixed itself.
   
   (e) Select File | Export. Click on the down arrow for 'Save as type' and choose Panda DirectX (*.X). Click in the 'File name' textbox and enter a file name without a file extension. Note where the file is being saved to. You will need to know the full path to your .x file when you create your own 3D app. Click on 'Save'.
   
   (f) In the 'PandaSoft DirectX Exporter' dialog, '3DS Max Objects' tab, uncheck 'Include Animation' if your object is not animated. In the 'XFile Settings' tab, the 'DX File Type' of either 'Text' or 'Binary' worked for me. I believe the default is text. Click 'OK'.
   
   (4) Create your own 3D app. Again, I am using Visual C# 2005 Express Edition. Use the C# samples provided at the book's web site to guide you. Remember, as I have pointed above, that there are some differences that come into play between the samples and what you create in a Visual Studio 2005 environment. Read through my earlier comments.
   
   I hope this helps. Now on to the review.
   
   In Chapter 12's sample, line #138 of D3DInit.cs needs the full path to dx5_logo.bmp. I described this same problem in earlier chapter reviews.
   
   In Chapter 13's sample, line #601 of D3DInit.cs refers to a temp.raw file. This file, as far as I can tell, is not included in the managed (.NET) sample files. So I came up with my own work around which I describe below...
   
   (1) Download Terragen which is a free terrain generation tool. Look for the link labeled, "Install Terragen v0.9.43 (1.6Mb)" in the download page. Now install Terragen.
   
   The following steps are for once you have launched Terragen.
   
   (2) Click on the 'Landscape' icon in Terragen and then click on the 'Generate Terrain' button.
   
   (3) Click on the 'Export' button.
   
   (4) In the 'Terrain Export' dialog click on the 'Export Method' dropdown listbox and choose 'Raw 8 bits'.
   
   (5) Click on the 'Select File and Save' button and choose the name for your .raw file and its location.
   
   Now that you have your own raw file you can insert the file's full pathname into the Chapter 13 sample.
   
   If you have found or already have Terragen .ter files you can convert them to .raw files with a little free utility named 'Terrify'.
   
   The book's web site has some additional information pertaining to Chapter 13. You can go to the Resources page and scroll down to 'Basic Terrain Rendering Part II'. The 'Download Code' link will give you a file named 'TexBlendTerrain.zip' which, according to my WinZip utility, is not a recognized Zip file. The links in 'Remark 2' do not work (they take you to some useless page).
   
   This is the extent of my review. This is a very good book but I wish it were geared towards .NET developers.



5. This is the best intro to Direct3d book I have. For the game programming aspect, it sucks, but there are so many books that tell you how to make a certain type of game (Premier Press come to mind).
   
   The first section is purely math! This surprised me since it's the only Direct3d book I have found that covered that much math.
   
   The reasons why I gave it 4 out of 5: could be better. It needs more complete sample code. I mean, there's sample code on his web page, but the sample code starts at chapter 9! However, the (incomplete) code before chapter 9 is pretty easy to follow. Whenever he omits a piece of information, it's minor details like
   
   int stuff[10] = { ... }; // fill stuff in with stuff
   
   The book provides a very detailed explanation on how Direct3d works. Sure, there are times where he puts "see the MSDN for this struct", but that's usually when there's not much explaining he could do that's not in the MSDN already. I like that it feels like the author took a good deal of time to figure out how to explain every topic. The information is incredibly clear.
   
   If you are like me and look at a bunch of DirectX books and just have no idea what the author(s) is talking about, you should try this book, especially if you have a good math background. And if this dude releases a book on DirectX 10, I'll definitely get it. If you know DirectX and are looking for a book on game programming, look for another book.

5 comments about Pro JSF and Ajax: Building Rich Internet Components (Pro).

1. The authors begin "This book is not, and we would like to emphasize this, not an introductory level book..." That's for certain. Except for quick review material in the first chapter, the authors move quickly into a project that assumes a good amount of experience.
   
   The book effectively follows a pattern that you have seen before. Build a simple component, integrate it, then progressively build in functionality and complexity while dealing with usability and maintainability issues.
   
   One factor that makes this book stand out is the great number of flow diagrams. This book has the expected code printouts and screenshots but the extra emphasis on logic diagrams is exceptional. Also not seen in other JSF books are two chapters on providing Mozilla XUL and Microsoft .htc renderers. Yes, the last is a bit of a surprise!



2. If you already have a background in JavaServer Faces (JSF) and you want to start exploring the integration of that with some of the Web 2.0 technologies, Jonas Jacobi and John R. Fallows have a book that might interest you... Pro JSF and Ajax - Building Rich Internet Components.
   
   Contents:
   Part 1 - Developing Smarter with JavaServer Faces: The Foundation of JSF - Components; Defining the Date Field Component; Defining the Deck Component
   Part 2 - Designing Rich Internet Components: Using Rich Internet Technologies; Loading Resources with Weblets; Ajax Enabling the Deck Component; Ajax Enabling the Date Field Component; Providing Mozilla XUL Renderers; Providing Microsoft HTC Renderers; Switching RenderKits Dynamically
   Index
   
   To be honest, this book was beyond my current technology level. While there is a brief overview of JSF technology, you'll get the most out of the book if you already have a relatively solid grounding in it. They use two components, the Date Field and the Deck components, to show how JSF can be used to build internet application components that are able to be reused in other applications. The real value comes in Part 2, where they take those two components and start mixing them up with technologies that allow for rich internet functionality, such as Ajax and XUL. Using the examples provided, you start to see how a JSF application mixed with something like Ajax allows you to start building internet applications that behave more like desktop client apps... no round-trips to the server... no constant screen refreshes to get new content... Pretty cool stuff. I'd also recommend that you be pretty conversant with the rich internet technology already. Like with JSF, there's an assumption that you already understand the basics, so don't think that your first exposure to Ajax could be with this book. You'll be in pain if you try that route...
   
   If you've had the exposure and you're now looking for some really cool project on which to apply your JSF skills, this could easily be the book that helps you make that transition from "Hello World" to "ooooohhh..."



3. I tried reading the first chapter, got through half and realized that the overview was simply hitting the architecture big picture with no code (this is after reading the complete reference cover to cover) -- skipped to the second chapter cause I had no clue where the author was at on chapter 1. Chapter 2, trying to describe component extensions -- the code examples had a bunch of css. CSS? And no mention that css was a part or not a part of jsf. To someone without a design background this would be very confusing. Huh? Why? To take up space that's why.
   
   This is a worthless book that obfuscates. My opinion, they put this thing together to capitalize on the hype surrounding jsf and ajax with no clue as to how to actually teach how to integrate the two. Finally the most annoying thing is about half of the copy starts out "in this chapter you will ... " then some worthless unrelated code and then another section with "in this chapter you will ..." Waste of my precious time and mental space to read this book. They should take a hint from NIKE and just do it rather than talk about it. CODE... examples and more code -- I don't want to read or waste time reading "in this chapter you will"...



4. Even for an advanced developer/architect this book does not make sense. There are too many typos, wrong references to Figures and Tables, and confusing diagrams. On the top of all these things, it is poorly written. For example (Verbatim from chapter 2):
   
   Figure -1 shows the five classes you'11 create in this chapter, they are HtmlInputDateRenderer,ProInputData,UIComponentTagSupport,and ProInputDateTag, as well as two you'11 be extending Renderer and UIInput.
   
   As you can tell from the above the author is quite confusing.



5. I bought this book looking for examples on how to create custom JSF components and AJAX or extend existing components. The book is very light on this. It starts with a general overview of the JSF life cycle. Chapter 2 shows you how to create a date component and chapter 3 a deck component. Unfortunately the information is scattered and does not flow very well. Part 2 of the book has very little to do with JSF. Explains what Rich internet technologies then it give other examples of Rich Technologies which don't help you in developing JSF components It even goes into Microsoft technologies
   This book would be better with more JSF/AJAX examples and less fluff. They try to bring you from entry level knowledge to expert knowledge. If I wish to create JSF components I have been using JSF and the components available to me are limit so when I buy a book like this I do not want to start at the beginning and I am not interested in other technologies that are similar to JSF like XUL, Weblets and Microsoft HTC I have choose my technology when I come to a book like this. If you want a general high level overview this book covering technologies besides JSF this book is ok. If you want and indebt book about creating JSF components with AJAX this is not it.

5 comments about UML Demystified.

1. I tried reading two other UML books before I found Paul's. After the first two I didn't even know what I had read. I almost gave up but work kind of made me keep trying. When I found Paul's book, everything started to make sense. Not only did I seem to be able to actually use the diagrams in useful ways but his book enhanced my understanding of object oriented programming, which was a bonus.
   
   I highly recommend this to anyone who has been baffled by UML in the past. It's the first time I have seen how really valuable the whole process is. Now I'm hooked. Also, his book keeps me awake and is well thumbed, the other books would make me nod off.



2. The authors easy going style makes this an easy read. Kimmel succeeds in turning a tedious and technical subject into a tolerable learning experience. If you're new to UML, this is the book to start with.



3. Bravo! Bravo! Prometheus has brought UML fire to the forsaken and dank world of UML neophytes. UML Inherently lends itself as an acutely idiomatic abstraction on the science of software engineering, and could be a rather knotty topic to elucidate. Paul has created a dazzling masterpiece for those of us who have been frazzled and bedazzled by attempts to understand the language to any practicable extent. His prose is sufficiently balanced with literary invites and his techno jargon is tamed enough to foster a pleasant reading experience. Now that I have exposed the relevance of this book to me, I will offer a few words on how it might benefit you.
   
   With a desire for more than an a cursory excursion into the study of UML, you might ask yourself these questions: how can this enhance my career? or how can I employ this newfound knowledge? Well, it will prepare you to overshadow the initial daunting feeling you might experience on your first encounter with a UML CASE tool; this type of software engineering tool could enable you to become very productive in a respectable time span, but this feat is achieved only after you have had a profound understanding of the robust and industry-proven design methodology that is inherent in UML--this book will bolster your confidence for that mission.
   
   Again, Bravo!



4. UML is not exactly an easy subject to understand and I don't think this book can "demystify" UML for any beginner.
   My biggest complain about this book is that it could be less verbose and more clear.
   But it's definitely worth reading.



5. Recomemnded as
   
   - The only read, for people wanting to have an understanding of what UML really is. For example, managers who need to grasp the benefit of UML and assess the difficulty of it's use.
   - The first read, for people wanting to actually use and implement UML.

5 comments about Professional Pen Testing for Web Applications (Programmer to Programmer).

1. First things first, this book is not intended for newbies... That being said, this is by far the most comprehensive guide to application security that exists today. No other books out there can give you the depth and practical security knowledge that is presented here.
   
   Anyone that is serious about application security will find this book to be a great tool to augment their existing skillset...
   
   Anyone who thinks that they know security because they run traditional network firewalls and/or IDS/IPS systems will find this book eye opening!!!



2. I recently received copies of Hacking Exposed: Web Applications, 2nd Ed (HE:WA2E) by Joel Scambray, Mike Shema, and Caleb Sima, and Professional Pen Testing for Web Applications (PPTFWA) by Andres Andreu. I read HE:WA2E first, then PPTFWA. Both are excellent books, but I expect potential readers want to know which is best for them. I could honestly recommend readers buy either (or both) books. Most people should start by reading HE:WA2E, and then fill in gaps by reading PPTFWA.
   
   Before proceeding I should note I used to work with the two ex-Foundstone authors of HE:WA2E, although I haven't been afraid in the past to review books honestly.
   
   First, I must say PPTFWA was published in the right series. The motto "Programmer to Programmer," and the term "Professional" in the title, clearly apply to this book. Author Andres Andreu takes his work very seriously, sometimes at the expense of the non-programming network security crowd. You will feel welcome if you are a programmer/security person, but maybe not if you work with "edge devices" like firewalls, IDS, and so on. Given this stance, I found it ironic that PPTFWA's advice (on p 220) for dealing with such impediments is "[m]ake sure your client disables these." Despite the author's focus on application security, he still notes (on p 425) "edge-level protective steps are interesting because they can provide the same level of protection to multiple Web applications simultaneously... [t]his is important because many times you will be faced with a Web application that needs remediation, but the stakeholders will not allow anyone to touch it at the core." Exactly!
   
   PPTFWA's strengths lie in the depth it covers certain subjects. For example, its discussions of Web Services are very strong, easily better than HE:WA2E. PPTFWA introduces a wider variety of tools than HE:WA2E, many of which were totally new to me. Even tools without a strict security use (e.g., Twill) are shown to have powerful assessment features. (I liked the hints on p0f in Ch 3, and I use p0f with Sguil.) I like the examples of real cross-site scripting attacks in Ch 4 and the case studies in several parts of the book.
   
   PPTFWA deserves credit for two other features. First, the book covers report writing, especially identification and removal of false positives. This is critical yet not often mentioned elsewhere. Second, the book links to a VMware image built by the author containing vulnerable Web app software. This is exceptional and much appreciated.
   
   I couldn't give PPTFWA five stars for two reasons. First, I didn't think the book was as well-organized as HE:WA2E. One of the other reviews mentions this fact. Signs of weak structure include repeating or rephrasing material, or wondering why a chapter is placed (e.g., Ch 5?).
   
   Second, I found conceptional problems with PPTFWA that are unfortunately not limited to this book; i.e, they often appear in Web app security community discussions. On p 5 the author writes "truly thorough defensive postures can always beat out the offense in these scenarios because there will just be an easier target elsewhere." I disagree, especially when targeted attacks or insiders are at work. Speaking of insiders, on p 11 we read that FBI and CSI reports say "a majority of attacks [come] from inside." This isn't true either, and hasn't been for many years (if it were ever true at all).
   
   I found the author's use of the terms threat and vulnerability to be all over the map. For example, p 191 says "Threats that are identified as unresolved become vulnerabilities. Vulnerability is also present when a threat exists and the steps to mediate it have not been implemented." This is just wrong; vulnerabilities exist despite the presence or absence of threats. Risk exists when a vulnerability is present, a threat has the capabilities and intentions to exploit it, and an asset has value. Furthermore, much of the "threat" talk in PPTFWA is built on the flawed characterizations of mostly attacks and vulnerabilities found in WASC and OWASP documents. It would have been great for PPTFWA to build on these technically exceptional but terminologically challenged guides by wrapping them with a sound risk, threat, vulnerability, asset, and attack framework.
   
   Aside from these issues (which bother me but can be ignored in favor of technical material) I really liked PPTFWA. I think the book is an example of the sort of higher-end book we should expect to see from good security authors in the future. There is much more to digital security than Web applications, although you might not feel that way when reading PPTFWA. Nevertheless, I consider PPTFWA a must-read after HE:WA2E.



3. Awesome book on Pen Testing!! I believe this is right up there with Richard Bejtlich's books. Great examples and very 3D. I highly recommend this book to ANY hands on security folks out there at all levels of skill.



4. Just a quick note about this book; the book was entertaining enough to keep you interested and contained alot of useful and practical information. Recommend for anyone who is a IT professional entering into a pen testing role and any web developer.



5. For the last 9 years I had been working daily in security tasks, (no managerial position!) in multiple tasks IDS, Firewalls, Switches, and had been exposed with multiple flavors of security products. From Open Source to Windows. Working with the products! In our arena we need security books references that will help us improve our analytical skills, and let us know what is out there. The field is very dynamic and nobody holds the torch of "guru" in this arena (Even thou many claim it!). Very very few books excel in quality of delivery, and comprehension. And understand our day to day security jobs. This book is one of the few books I recomend for your average security guy, that needs help to understand what is behind the scene in the web network traffic. Go ahead and buy this book. Its worth it.

No comments about Practical Google Maps Mashups with Google Mapplets, GeoRSS and KML (Practical).

No comments about Introduction to Logic and Computer Design.

5 comments about Advanced .NET Remoting, Second Edition.

1. I hate it when I pay good money for a poorly written book. So when I buy a book like this and it turns out so well, I am thrilled!
   
   I have been in ".NET land" since 2001 when .NET beta 2 came out. I have written ASP.NET and Winform applications. During that time I just have not had the need to use .NET remoting, until now. The first 2 or 3 chapters are a great introduction for experienced .NET developers. I like the fact that I did not have to wade through a lot of stuff for beginners. From there the topics get advanced, with plenty of good example code to highlight the topics. Even though I had never really touched .NET remoting (except SOAP Web Services), the explanations and examples work well for me. The author keeps the examples simple, and on-topic. In my opinion, this helps to highlight the topics at hand. The content is geared towards real programmers who will be using the technology.
   
   I also have really enjoyed the authors' candor concerning the weaknesses of .NET remoting. They have already highlighted a bad approach that I was considering.
   
   I am more than happy to give this book a 5 star review!



2. This book almost contain every detail of .NET Remoting.I am sure you can well understanding the .NET Remoting with the help of this book.It gives many good tips and useful cases ,also have some additional experiences of the author.However, I am sory that this book don't have any real and integrated distributed business solutions based on .NET Remoting(I think so ,at least ), although it contains many good cases. but I still strongly recommend you to buy this book, if you want to know .NET Remoting deeply.



3. This is actually a good book, however, it approaches the subject with an extremely hypothetical view. Lack of real world examples has made reading this book a real bore.
   
   The book on the other hand offers in-depth information regarding the "behind the scenes" work of .NET remoting.
   
   Final verdict: Good value for money, but do not expect any code to work.



4. I'm never one to buy books one technology, mainly because they change frequently and you can always find tutorials online. This book however, is well written, descriptive and a must for anyone working with .NET remoting. Excellent!



5. Excellent book. Exactly what I was looking for. With it you can gain a very well understanding of the subject. simple examples that you can easyly adapt to your specific needs.

5 comments about Object-Oriented Design Heuristics.

1. I have plenty of books on patterns, but I want to get more information on the basics of OOP and why the patterns are effective instead of "this is pattern X, and this what it does." This is a very complicated subject, which I have no doubt that most programmers on the planet have very little understanding of. We mostly write crummy code that "works", and most of the time that's good enough.
   
   I was uncertain about getting this book because of how old it was, but after reading most of it, I'm happy I got it. Although complex, it is written in an understandable manner with useful diagrams. I wasn't as interested in the "one-liner" heuristics as I was the detailed explanations of the problems caused by particular design mistakes and the other examples and pitfalls presented.



2. I have been studying the object oriented methodology for some time now. I felt that I had a good understanding of what OOP was all about. I have studied OOA/D and design patterns from numerous sources. All of my sense for OOA/D knowledge changed completely when I read this book. This book really showed me that I was stuck somewhere in the middle of the paradigm shift between action oriented programming (aka procedural programming) and object oriented programming. After reading this, I feel like my knowledge in OOA/D has truly advanced to the next level.
   
   Are you the type of person that knows what OOP is? I mean, if you've studied up on OOP then you are probably aware of what an abstract class is. You know what interfaces, inheritance, polymorphism, information hiding (...etc) are. You may have a sense in when you should use inheritance and when you should use containment. You probably follow certain OOP practices like keeping all of your variables private, hiding secrets from other objects (information hiding). This may all make sense to you but are you also the type of person that just never feels comfortable about your designs? Do you look at your classes and just get a sense that something doesn't seem right, yet you just can't figure out what it is even if your software system is running fine? I am willing to wager that you are in the middle of a paradigm shift. You are probably taking the route that a lot of developers take when they shift from thinking in a procedural fashion (action-oriented design) into object oriented design. There is nothing wrong with this, but if you're like a lot of developers you will have a long hard journey utilizing a lot of experience before you really make that shift. This book is an essential tool that will help you make that shift a LOT faster. After reading this book you will see why you felt your designs were't quite right.
   
   One of the first topics that really hit home for me was when the author Arthur Riel talks about God classes in chapter 3. God classes are classes that have too much implementation in them. Most of the complexity of a piece of software resides in these classes. They are the all-knowing classes that delegate messages between the much smaller, less complex classes. Signs of God classes are classes that have words in their name such as "Manager" or "System" in them. This one hit home because there are numerous classes in the software i'm working on now with the name Manager in them. For example one of our classes is called the "BiDirectional_Dataflow_Manager". This is definitely a God class through and through. While I was reading about the disadvantages of these types of classes I couldn't help but agree with everything Arthur was saying. I began to see the light already and I was just on chapter 3. There are 59 other Heuristics, all equally important in this book.
   
   Most books that teach OOA/D seem to really only teach the definition of OOA/D and perhaps clue you in to the whole idea. You learn the terminology well and you see a few examples (I'm sure you've seen an animal hierarchy a time or two), but you don't really gain a solid understanding in how you actually think in objects. This book will bridge that gap. This is the best book i've read by far on OOA/D. This book will apply to you no matter what your skill level is in OOA/D, unless you're a complete beginner then you might find yourself a little bit lost. If you are brand new to OOA/D then you should probably read a short book on OOP, just to gain the basic concepts first. "Object Oriented Thought Process" might be a good start as it's short and sweet, then you should move on to this book. If you are advanced then you may know a lot of this information, but this book will probably help tweak your OOA/D skills; helping you become an even more solid developer. But for you guys and gals out there that know what OOP is and read a few books on it, but still don't feel quite right about your designs, this book is essential. You guys out there are the sweet spot for a book like this. That's how I was. Now I feel so much better, I feel like i've gained more knowledge in OOA/D with this book then all other books on OOA/D and OOP that i've read combined - and then some.
   
   Arthur Riel is a very talented programmer and author. He is able to communicate ideas to you that are sure to hit home, as if he's right there with you and understands your problems in OOA/D. This book is densly packed. Not including the bibliography and index this book is a mere 367 pages. Even more, if you don't include the example code at the end of the book (all C++ code) this book is only 243 pages. The real meat of this book is in the first 9 chapters (where he talks about all of the heuristics), which totals 182 pages. After that he talks about topics such as handling memory leaks and such. Most of the dim lights will shine brightly after a mere 182 pages! This may sound too good to be true, but as I said earlier Arthur is VERY talented in communicating his ideas. You just have to read this book very carefully, don't skim! Because it's so dense, it may take a couple of passes before you really get the idea but once you understand it you will surely belt out a resounding "AH HA!". This book is 10 years old at the time of this review, but the information inside is far from being outdated.
   
   To conclude this lengthy review (sorry about that) I would like to say that I give this book my highest recommendation. In fact, this may be the best book on software development that i've ever read! This book has influenced my software development more then any other book i've read and that's a fact. This is truly a rare gem. The only downside (not this books fault) is that it's become a bit harder to work on the software that i'm currently working with because I now see where all of the pitfalls are. My co-workers think i'm just being anal about design now, but you don't have to be like them. Step up, become the best software developer that you can be. Just read this book and you will take a giant leap forward in your OOA/D understanding, especially if you're stuck in a paradigm shift like I was. Thank you very much Arthur!



3. OO design and analysis is so very gray. No book can cover every aspect because the possibilities are endless. Everyone's application and environment is different which causes each and every one of us to approach our design differently and value different affects of our coding practices. By far this is the best book I have read that simply lays out OO rules-of-thumb and then explains why each is beneficial and when they might contradict other rules-of-thumb. The book encourages the reader to be reasonable and practical in your application of OO best practices.
   
   I strongly recommend that every development team read this book and discuss it amongst themselves.



4. Ok, I had to look up heuristics in the dictionary before buying this. But other than that I found this to be one of only a handful I've read that tells you how to look at OOD work you've done and decide if it is good (and how to improve it). Particularly good was the discussion of cases where design goals conflict and how to resolve the conflict.



5. Regrettably, I disagree with the other reviewers here who seem to have liked this book. I didn't. Not that it's terrible: I found myself in agreement with most if not all of the rules of thumb the author talks about; the problem is more that this book is not well done.
   
   First, this is a textbook; as such it is aimed at a student, that is someone who doesn't know the material yet and tries to learn. But for a tutorial this text overwordy and imprecise, with a generous quantity of confusing, misleading metaphors. If you happen to know what the author is trying to say, then you sorta get it -- I mean, you get it 'cause you already know it -- but a newcomer will be confused.
   
   Sometimes the author doesn't seem to know why a particular rule is good, so he goes something like this: rule such-and-such is good because most software engineers would agree that it's good. I doubt the author conducted a statistically valid survey -- but forget that, suppose most software engineers do in fact agree: so what? All the author has now is a nice and juicy ad populum. But he, obviously, isn't even aware that something's wrong -- and that may be one of the problems with this book: the author may not be experienced enough to write books of this sort. He may be a competent practitioner, but this is not the same as teacher.
   
   He tries to compensate via an over-abstract and smart-sounding terminology (one of the reviewers below jokingly complains that he needed to look up the word "heuristics": that is a telling comment, and it is valid. I, too, noticed that the author takes delight in using a dozen hifalutin words where one simple word would do (and result in a clearer text).
   
   Riel also likes to belabour commonplace excessively ("data should be hidden inside objects"; "Objects should not depend on their users", blah-blah, brush teeth daily, apple a day etc.), anything to make the book thicker -- which brings me to its second defect, less important and quite a common one today: the book is blatantly padded. Out of about 400 pages only about 200 have readable text; the rest is mostly a source code printout (this code could have been supplied on an attached disk or put on the net somewhere). There's also a few pages with a concise restatement of the author's rules, which could have been printed on the cover insides (like in the Stevens network books) or supplied as a pullout; otherwise this list is hard to find and serves no purpose.
   
   To summarize: were it better written, Heuristics could be useful for a newbie, but it's not and so it isn't. A more experienced reader, despite being annoyed, will understand it -- but only because he already knows the stuff himself and will be recognizing rather than learning. YMMV, but in my opinion this tome isn't worth reading time for any reader, new or experienced. I'm sending it back.

3 comments about Quality Software Project Management (Software Quality Institute Series).

1. This is, without a doubt, the most comprehensive book available on software project management. I don't make this statement lightly - I have over two dozen books on the subject, and have reviewed a significant portion of them on this site. It isn't the fact that the book consists of 33 chapters and 7 appendices and consumes nearly 1700 pages that makes it comprehensive. What distinguishes this book from the rest are:
   (1) A process-oriented approach that is completely consistent with the PMI PMBOK, fully supports requirements for the higher levels of the capability maturity model, and can be adapted to virtually any life cycle model.
   (2) It completely covers the important elements of planning, scheduling and control, including work breakdown structure development, associating tasks and deliverables, estimating (the focus is on the constructive cost model), advanced scheduling techniques (including critical chain scheduling that has emerged from the theory of constraints body of knowledge), and earned value project management.
   (3) Ties software engineering, system engineering, reliability, SQA and software configuration management to the project process. Many books briefly address these, while this book addresses the requirements, issues and techniques head-on.
   (4) Business plan development, requirements analysis, project deliverables and other artifacts are thoroughly covered.
   (5) The web site that augments this book has errata, templates and checklists (in HTML format), links and other material that supports using the book as a course text.

   There are so many things I like about this book, but the size and depth of content makes it nearly overwhelming. My favorite chapters are 21-Metrics, 26-Continuous Improvement, 28-Post Performance Analysis and 32-Legal Issues. However, these reflect my personal interests. The book is, in my opinion, uniformly excellent. The only flaw I found was the scant attention given to releasing an application or system into production, and no mention of how to tie together issue management to the enhancement and maintenance cycle that initiates once an application is in production. However, to be fair, this book is focused on project management and not software engineering. An outstanding companion to this book would be Successful Software Development by Scott E. Donaldson, Stanley G. Siegel, which provides the same in-depth treatment of software engineering as this book does for project management.




2. This book's primary strength is in leaving no software management stone unturned. It relates well to established methodologies, standards, definitions, practices, etc. But, at over 1600 pages, it could use some serious editing. Many topics the authors like to dance around in an introductory (and obviously academic) fashion before settling on the chosen path. The style and language often reek of vague, committee-authored fashion, and make for some frankly boring reading. By far its worst crime is its use of illustrations and graphics, which are--generally but almost universally--confusingly drawn, meagerly captioned, and barely elaborated upon in the text. This is a shame, since many of the concepts in management and software can be elucidated wonderfully with quality symbolism and illustrations, yet this book often manages to obfuscate them further.
   
   Overall, this book serves as a thorough and well-researched reference tool, but makes for a lousy textbook.



3. Such a comprehensive book cannot be wholly used by a practitioner. My interest is on quality. On this subject the book is very practical and can direct all those that are hands-on in a project team. Chapter 30 is very useful for those involved with CMM Level 1 Quality Assurance. That is the start, because from there one can consult others chapters to have a broad view of a project and be prepared to interact with peers.