5 comments about Software for Use: A Practical Guide to the Models and Methods of Usage-Centered Design (ACM Press).

1. Perseverence is required, as the text is a little dry and verbose. However, there are too many leading edge ideas to score it other than full marks. Advances the state-of-the-art in systems engineering by promoting thorough requirements engineering using interaction neutral Essential Use Cases and then good quality Interaction Design as an integrated part of the lifecycle



2. I very much enjoyed Software for Use. When I got the book, I read it from cover to cover. Now, six months later, I still turn to it regularly as I develop use cases for our application - especially when I'm working on the user interface for each use case.

   You might expect that anything from Larry Constantine would be terrific and again he - this time with equally adept co-author Lucy Lockwood - hasn't let us down. SfU (as it seems to be called in the chat groups) addresses one of the most under-addressed issues in our industry: Why is so much potentially useful software in fact useless because of its appalling user interfaces?

   There are lots of valuable topics in this book. But probably the most valuable thing that I got from the book was a methodical approach to developing user interfaces, through the user role maps, task models, essential use cases, use case narrative, tools and materials and ... well, perhaps you should read the book!

   If you're in the mood for some edutainment (i.e. cheap laughs while learning something handy), read the section on Web wisdom. There you'll find some wonderfully silly interface designs to avoid on your next e-commerce project.

   Bottom line: I'll bet this book's on the way to becoming a classic. It's a "must read" for every software developer involved in any way with software that's meant to be used. And if you're actually charged with developing user interfaces, I'd say it's a "must own".




3. I have heard very good things about this book and I already own it for 6 months. Still I haven't been able to read more than the first 100 pages. I generally have no trouble reading books that are written in English but this one is extremely hard to read. The sentences are way to long and a lot of the used words are unknown to foreign people. I also feel that the information could be presented in a better way. I rate 2 stars because I like what I have been able to read.



4. For anyone in the business of delivering usable software, the book 'Software for Use' by Larry Constantine and Lucy Lockwood is a must addition to their personal library. This book is wonderfully written in a very readable format (as would be expected from usability experts).

   'Software for Use' embraces the key principles of usability in a very pragmatic way. The book is also 'in tune' with trends in the field of usability: moving to a more collaborative team model; addressing usability as a proactive design process rather than a reactive QA function; rethinking technology, tools, & techniques for the purpose of delivering user-centric software products - these are all fundamental aspects of how usability is maturing as a discipline.

   One of things I enjoyed most about the book, was its hidden gems of wisdom embedded in each chapter. For example, in discussing the issues of marketability versus usability, the authors offer this simple maxim: "Design for use; refine for sale.... It is almost always far easier to make a functional but unaesthetic system attractive, than to take an attractive but impractical system and make it work."

   If I had any criticisms about this book, there would be only one. As with many of today's practical guides, I find there is a recurring challenge with terminology. It is sometimes difficult to identify terms that are 'standard' versus those being introduced by the authors as new. As practitioners we rely heavily on the clarity of words to communicate tasks and deliverables. When applied terms are unfamiliar in context and origin, or they suggest double meaning, we introduce cost and confusion to the process of communication. This is not so much a criticism of the book as it is an observation of humankind, and our struggle to expand the English language.

   As the authors themselves note, 'usability is not rocket science,' but it takes time and effort to achieve. Usability needs to be experienced before it can be standardized within an organization. That is why 'Software for Use' is such a good book - it is an experiential guide.




5. First off, the information in this book is fantastic! I have attended lectures by Larry Constantine and as a professional software designer with 10 years experience myself I find his methods well grounded in the realities of building actual product. That said, this book has a major flaw. I completely agree with a prior review titled, "Why use 1000 words to explain that which could be done in 10?" This book is too wordy and poorly organized. It meanders about intermixing the mechanics of constructing design artifacts with anecdotes that are tangentially related. The book could be half as long and should separate overviews, details and examples. As stated by Constantine & Lockwood, software (or a technical book for that matter) is at it's core a tool. As a designer I want to be able to easily jump from big picture concepts to details to usage examples as needed. This book as currently organized makes that very difficult. So the information is great, but I would very much like to see this book re-edited and released as a thinner, more focused v2.0.
   
   I recommend checking out Constantine & Lockwood web site www.foruse.com for more distilled documents. Unfortunately that site has been "under construction" for quite some time (going on three years I think!!!). The result is it's not very up to date.

5 comments about Modern Compiler Implementation in ML.

1. This book aims at teaching the reader how to write compilers and interpreters. Compared to other books (most notably the Dragon book - Aho, Sethi & Ullman: Compilers - Principles, Techniques and Tools) the structure and organization of the compiler he teaches are better and more in sync with modern compiler research. So although ML is not a language that is used much in practice it is well choosen for teaching compilers.

   The first part of the book is intended for undergraduate Computer Science university student and the second part is for graduate students. I have only read the first part and browsed the second part. The first part is founded on the development of a compiler - the Tiger compiler - and that is the main flaw of the book. The Tiger compiler is fairly advanced and it is built up one phase at the time (see the chapter headings in the synopsis). A undergraduate reader who has never read anything about compiler design before will be very confused. The book is good in the way that it presents many good compiler design ideas and I learned some from it, but for me it was not the first book on compiler. I just think that the first part of the book has too steep a learning curve - even if you are proficient with ML, which is an absolute must. Recommended for serious readers who already know something about compiler construction before reading it. For other people I recommend the older but somewhat outdated book: Aho, Sethi & Ullman: Compilers - Principles, Techniques and Tools.




2. Appel explains the structure of a compiler in a very clear and precise fashion, including a lot of quite modern techniques. *However* it is only clear and precise if you have a rough high-level understanding of compilers and a good knowledge of ML beforehand. (If you understand one of the two, it is an excellent book for learning the other but you will need to do some thinking for yourself.)

   If you're looking to learn about compilers from the very beginning, buy something else (I liked "Crafting A Compiler" as a starting point). If you're wanting to get a lot more precise about the way you build compilers, buy this book.




3. This book has a lot of valuable information with regard to the construction of a compiler, that fact is overshadowed by the amazingly poor editting.

   This is supposedly the "first edition reprint with corrections", but it seems like the vast majority of errors are yet to be corrected.




4. This book covers a remarkably broad territory of compiler issues, with a good balance of clarity and depth. It spends long enough on each topic to work through examples of functioning code, but doesn't dwell on any for so long that the reader loses interest. A decent set of variations on language design, runtime organization, and machine architecture are also discussed and implemented.
   
   An important caveat is that readers ought to know some dialect of ML. If not, this book does not teach it; there are alternative renditions of the same text in C and Java, but I have not read them. Apparently many reviewers find those confusing. The java rendition, for example, has many angry reviewers. Possibly disgruntled students who had a hard time with their coursework, possibly people with valid complaints about the text.
   
   All I can say is that I quite enjoyed it, and return to it regularly for its clear presentation, when working with related algorithms.



5. I love this book. Having experimented with compiler construction for some time (though never seriously), and being a long-time ML user, Modern Compiler Implementation in ML was the perfect companion to my compiler-construction project. I largely ignored the "Tiger" language described in the book - I had my own ideas about what I wanted to create. Relying on the book to give you code for a whole compiler is asking far too much. The general concepts are explained, and then reinforced with sample code. I suspect the people who have complained bitterly about this book are actually just looking for a source code print out.
   
   All in all, very worthwhile. Read a chapter, try to implement the concepts, and then either re-read the same chapter, or move on.

3 comments about Digital Logic: Applications and Design.

1. after studying from this book, and from being in Yarbrough's class, i found this book hard to learn from. it does make a great reveiw book if you already know digital logic. since it is faily easy to find tables or diagrams of of what you would need. trying to learn it for the frist time is fustrating at times, trying to figure out where he came up with the problems and answers for the examples. another thing that make the book harder to understand was that there are alot of typeo's in it, missing data, and or numbers, wrong labeling. which makes it hard to do some of the homework problems. it is Yarbrough 's frist book, though hopefully he can get a second edition that will be much easier to undertand, and not require mass amounts of reading sections over and over.



2. I would like to say that the author had people working for years in the engineering field in mind when he wrote this book, because it is very CRYPTIC. Beginners who read this book will feel really stupid due to the fact that the author does not concede himself in giving clear and enlighting examples. The language of the author might be adapt for Claude Shannon, but not for me. I am a computer science major who had difficulties in grasping the concepts, and I have seen many at my school who had to re-take this course more than once to fully comprehend the material, and that was mostly likely a result of this horrible book. My teacher relies mostly on his notes, therefore it were as if the book were not used, which is a good thing. If I were an experienced user, I would probably be praising this book, but as novice I am very displeased.



3. This book is not good for beginners. The homework problems are very long and difficult for the most part. Luckily the answers to the odd problems are in the back. Good luck learning anything from this piece of junk.

3 comments about Architecting Enterprise Solutions: Patterns for High-Capability Internet-based Systems.

1. My background is in enterprise application development/architecture, and I found this book to be a great introduction to the larger scope of system architecture. The patterns presented paint an easy to understand picture of what a highly capable Inter/intra- net system should look like.
   
   I found the level of detail to be great, as I was interested in an overview. If you're looking for implementation specifics, this would be a good starting point, but many of the platform-specific details would probably be found in other books.



2. Non-functional requirements, i.e. the many software -ilities, are often neglected in the development of software systems. Even though they are a key factor in final user satisfaction and everybody acknowledges their importance, their prominence is usually downplayed. This book tries to fill this gap and it focuses on balancing the non-functional features of Internet-based software systems.
   
   "Architecting Enterprise Solutions", following the so-called patterns movement, is organized around a set of patterns, which are classified into four groups:
   
   1. Fundamental patterns describe the basic shape for Internet-based systems, why they tend to use application servers and why they recur to "specialist peripherals."
   
   2. Performance, availability, and scalability involve some kind of redundancy (e.g. the performance-related patterns involve tiers with redundant elements, load balancing, data replication, and effective resource management, such as pooling and caching).
   
   3. Control patterns deal with system manageability and security. Status reporting, monitoring, alerting, logging and dynamic configuration are key for manageability, while the proper use of demilitarized zones, firewalls, intrusion detection systems, encryption, and public key infrastructure are fundamental for security.
   
   4. Finally, evolution patterns address maintainability, flexibility, portability, and migration. Among other things, here you will find information on virtual platforms and staging environments.
   
   A final section describes how the patterns can be applied in practice, illustrating how the patterns trade-offs can lead to different system configurations.
   
   In summary, "Architecting Enterprise Solutions" collects the know-how of experienced system architects. It clearly shows how design decisions affect the non-functional characteristics of Internet-based systems and it does so without forgetting the cost implications of such decisions (something every architect on a tight budget will surely thank).
   
   Disclaimer: If you are just looking for solutions to the problems you face using a particular programming language, framework or platform, you should look elsewhere. If you would like to delve into the rationale behind key design decisions in Internet-based systems (beyond the use of particular technologies), this might be a good place to start.



3. I regret having spent at least two weeks (on and off) trying to read this book.
   It has some good points, yet its drawbacks make it almost useless:
   - it is not very practical, it is quite abstract actually
   - it is dry, confusing and filled with repetitions
   - the contents of this book could fit in 30-40 pages and this would save a lot of reading time
   - it is specific to J2EE and its associated architecture (web server -> application server -> database server, etc). The book's title should reflect this and yet it doesn't.
   - most of the so called patterns (local cache, logging, etc) have been around for some time and are much better described in other books
   
   I could go on and on.
   It just suffices to say that I finished the book in the end and, since I do not wish to inflict the pain of reading this book on others, I just threw it away.
   
   In conclusion, do not waste your time reading this book.

1 comments about Mobile Interaction Design.

1. Jones and Marsden offer us a high level way to design mobile devices. The emphasis is on cell phones. But there is the broader scope of various types of handheld devices, like PDAs. They suggest how to design within the typically severe constraints imposed upon you. Like low power, small screen, a limited keyboard or keypad. The small screen means that menus have to be carefully thought out.
   
   Various ways of prototyping are given.
   
   The book has informal case studies of actual product design methods used by Nokia, HP and other companies. Some of you will find these valuable, as a tangible focus for study. All of this is explained at a level understandable to a broad audience.

5 comments about Genetic Programming : An Introduction : On the Automatic Evolution of Computer Programs and Its Applications (The Morgan Kaufmann Series in Artificial Intelligence).

1. We all know that kind of books where the author likes to show how much he knows making things intentionally complex....well...this is the opposite side of the spectrum.
   The book is very complete and detailed yet easy to read, even after a day of work.
   The first part of the book contains introductory information on background areas like probability, biology and computer science as a general discipline.
   Getting into the topic, it clarifies some of the differences between evolutionary systems and genetic algorithms and shows how all this contributes to the theory of genetic programming and the evolution of computer programs.
   It explains how things are done with different types of individuals (tree, linear, graph, etc) and gives valuable insight about the implementation process.
   Although you may need other sources for formal treatment of some topics, this book is a very good acquisition.



2. I skimmed the Koza books (GP: I & II) and this one at the store. Using the layout, chapter names, and the introductory chapters as my guide, I decided to buy this book to introduce me to the current state of the art in GP. The strengths of this book are its textbook format and the informal exercises that are presented for the reader at the end of every chapter. There is also a great deal of compilation from other relevant gp works presented in a localized, intra-chapter basis. The book is thus highly digestable to a newcomer, and is a far less time-consuming way to learn about GP than through the "expert" papers on the web. Having now almost finished the book, I feel that I am ready and able to author and apply GP techniques in a wide variety of applications and languages, having spent less than 20 hours in study time. A terrific achievement by Banzhaf and company, highly recommended.



3. This book is good for getting a general view of genetic programming. Nevertheless, I think it neglects many details. For example, it is very hard to from the book how a simple selection strategy (tournament selection) works in practice.

   I do not think this book is useful for someone intending to code a genetic programming algorithm.




4. It's rare to find an advanced computer science textbook that's both so engaging and so informative. I've only read the first seven chapters so far, but when I sat down to write my first genetic algorithm (for real research use), the book had already prepared me well.
   
   It's hard to imagine a better introductory textbook for this topic.



5. I have no idea how this is marketed as a college level text on the subject. It is just a 'high level' text suitable for non programmers interested in learning some of the terminology regarding Genetic Programming, with little or no practical information. This book was published in 1998, there are many free texts with far more practical information. I bought A Field Guide to Genetic Programming, which is also available as a free pdf, with this book, and the Field Guide is a far far better book on all counts.

2 comments about Pro Windows PowerShell (Pro).

1. I've been using the command prompt (DOS for your old schoolers) since the days of MS-DOS 2.11. I thought I had done about everything a person could possibly do with the limited scripting abilities of the command prompt -- and then I happened across this book and it was like going back to school.
   
   Windows Powershell is essentially object-oriented programming mashing up with the command line, with some extras thrown in. In this book the author shows you all the new tricks of the trade and will have you looking at ways to automate your Windows tasks in ways you never thought possible.
   
   There are many things that we want to do on our Windows servers or XP/Vista boxes that you have to "hack" or find a third-party utility to do. With Windows Powershell a lot of those tasks can now be brought back "in house" without the need for hacks and kludges.
   
   The nice thing about this book is that it not only talks about Powershell, it also walks you through real-life examples. It's written in many ways like an introductory programming language book would be -- but at the same time the author remembers that most readers will be IT System Admins and not programmers, so he doesn't bury the reader in programming talk to the point they are lost.
   
   If you work in IT and deal with Windows servers you owe it to yourself to check out Windows Powershell and this book. You will find that under the hood of that Windows box is a supercharged '78 Trans-Am just waiting for you to put the pedal to the metal and experience the power!



2. Being a systems admin with a good working knowledge of Powershell, I decided to check out this book to get a better understanding of how Powershell works. I was not disappointed. Never having gotten an introduction to programming concepts this book proved helpful. Just doesn't give you the syntax for performing certain operations but tells you why. Overall a very good book, however, at points it does digress into tangents. Also would have liked some practical real world examples and recommendations on script constructions. I recommend it.

5 comments about Access 2000 VBA Handbook.

1. The book illustrates data that is not in the referenced database and discusses information in a database that is on the supplied CD. However, the author does not reveal the password for the database for an additional 20 pages. That database is also encrypted so that it is virtually useless since the author discusses making changes to it.

   Very poorly written.




2. There was a lot of material in this book, but it has nearly all presented elsewhere better and more clearly. This basically reads like a book that somebody put together by cutting and pasting from other books on the market. There was not any kind of help with problems that users would encounter in the real world.
   I would say this book is about 80% filler. Not worth the money.



3. I must agree with other reviewers. In spite of a good knowledge of Access the reading of this book does not help to write practical applications, and is very frustrating. The author jumps from topic to topic and gives very little code that can be used in real life situations. I would qualify this book as no more than a broad and theoretical overview.



4. This book really stands out from the crowd. Most VBA texts are written by great programmers who are terrible teachers. Not in this case - Using VBA to unlock the power of MS Access is thoroughly and clearly explained - from concepts such as database design and objects to JET, DAO/ADO and beyond. The author shows how to do everything that you can do with Macros, how to do many things that you can't do without VB and then how to most efficiently do all of them! Most useful is the clear way in which the book shows how to perform tasks efficiently in interactive (Forms) and automated (DAO/ADO Recordset manipulation) ways and when to choose each- this book will remain an invaluable tool in my library and be referenced often.



5. Good book. Easy to find the answers to my questions and get back to work. Good examples and written with clear explanations that get to the point.
   
   Good Day.

5 comments about Preventing Web Attacks with Apache.

1. I should start with a disclaimer, I know Ryan Barnett and have followed his work through the years. That said, my responsibility as a reviewer is to help you as the reader decide whether to purchase this book, take the time to leaf through the book with the sample pages or Amazon, or to skip this book. I take that responsibility seriously.
   
   If you have nothing to do with Web servers, you can safely skip this book. If you have operations, security or audit responsibilities for an organization that runs Apache and you do not read this book at least twice you are negligent. Please allow me to explain why I say that.
   
   The book introduces the Center for Internet Security benchmark early on. This group, www.cisecurity.org, does two things very well, they determine to appropriate security configuration for a number of operating systems, devices, and programs and they produce tools to check the configuration. Wouldn't it make sense to know if your web server is configured properly, on average there are about 1,000 web defacements per day.
   
   There are security books that about things and that is OK, but the best security books tell you how to do things. Ryan takes you through the download, installation and configuration of Apache. The "secret sauce" in the book starts in Chapter 5, where you are introduced to what is possible with the security modules for Apache. If you are an auditor, grab your highlighter, mark the tools and configurations and go pay the web admins a visit! Chapter 8 gives you a scenario to bring everything together. For the average reader, this is about as far as you are going to go.
   
   Beyond Chapter 8, you are in advanced material, where Ryan is sharing the results of years of his research. This is for the security person looking for a bit of an edge to help protect their organization, or to do additional research. This is not a book for everyone, but it is a book for everyone running Apache!



2. According to Netcraft's latest Website Server Survey (February 2006), over 68% of internet websites are hosted on Apache servers. This presents a large group of potential targets for malicious attacks.
   
   'Preventing Web Attacks with Apache' attempts to provide a comprehensive treatment of the thorny area of web server security with the sole emphasis being on Apache. Initial doubts about the viability of a 500 page treatise on securing an Apache server were dispelled by the in-depth and thorough approach of the author.
   
   The book kicks off by exposing common misconceptions about web server security. For example, the fact that web servers need to have ports 80 (http) and 443 (SSL) open in order to function properly means that the effectiveness of security measures such as firewalls, DMZs and intrusion detection systems is somewhat diminished.
   
   The proper configuration of the underlying operating system is then highlighted as the first line of defence. Issues such as the timely application of vendor patches, disabling of non-essential services, user management and proper application of file permissions are addressed.
   
   At this stage it is necessary to note that the author has tailored the book specifically to cater for the 2.0 version fork of Apache as opposed to the 1.3 version. This is in spite of the fact that the 1.3 legacy version holds the majority of market share. His reason is that the version 2.0 fork contains a number of new security features, amongst other improvements, which make it easier to secure. Therefore users of the 1.3 version will need to take this into account when reading the book. Obviously, the general principles of "OS-hardening" and other common features, which both forks still share, will ensure that the book is still a useful read for version 1.3 administrators.
   
   The exhaustive approach is continued with a chapter dedicated to downloading and compiling the source code, while another 40-page chapter provides secure settings for httpd.conf, the primary configuration file for Apache. An interesting comparative exercise was performed using Nikto, the popular open-source vulnerability scanner. The scanner was run initially against a newly installed Apache server with the default configuration, and then again after httpd.conf had been "hardened" with revealing results.
   
   Apache has been designed so that its functionality can be extended by the installation of additional modules. Chapter 5 deals with the installation and configuration of security-related modules that can be added to Apache in order to improve its security.
   
   The installation and running of the CIS Apache Benchmark Scoring Tool rounds up the first part of the book, which concentrates on securing Apache and the underlying operating system. The second part of the book majors on the protection of web applications that run on top of Apache.
   
   A vast array of possible web threats such as SQL injection attacks, cross-site scripting and path traversal attacks are detailed with corresponding countermeasures. These concepts are then applied to a suitably named demonstration web application called Buggy Bank. The use of web honeypots is also covered with a whole chapter on an open web proxy honeypot project conducted by the author.
   
   Finally, a practical scenario is enacted to allow the application of appropriate Apache countermeasures to a vulnerability alert email. Step by step details are provided making use of skills acquired in the previous chapters.
   
   This book will serve as a very useful tool to anyone charged with securing web servers, especially those running Apache. Concepts are clearly presented and then demonstrated using practical illustrations and examples.



3. It's a good book. I'm glad to have it. But I'm only giving it 4 stars, not 5. To me - not as mind blowing as some of the other people have said. I found some information not useful, but the other half is quite useful and going through the whole book is giving me confidence in my servers.



4. I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.
   
   Author Ryan Barnett takes a wider look at the world of Web application security than Ivan Ristic. As a result I find their two books very complementary. You'll find coverage of topics in PWAWA that do not appear in AS. For example, Ryan explains how to use the Center for Internet Security Apache Benchmark Scoring Tool to evaluate your httpd.conf file. He uses the Apache Benchmark (ab) application (packaged with Apache) to measure Web server performance characteristics. He uses these tools in before-and-after situations to show how his recommended changes improve the defaults.
   
   I thought PWAWA's coverage of the fundamentals of Web security was not as good as that of AS. That's ok, though, because PWAWA addresses areas not as well covered by AS. For example, PWAWA spends a lot of quality ink on mod_security filters. This is ironic, given that AS author Ivan Ristic coded mod_security! What's impressive about PWAWA's mod_security explanations are the many sample filters. These are developed after discussions of various attack techniques and serve as countermeasures one can implement until a patch is ready.
   
   PWAWA is a mix of defense and offense, with a whole chapter showing how to attack and defend the WebMaven/Buggy Bank learning Web application. Attacks are nice, but showing development of defenses is excellent. PWAWA features some clever ideas too, like snort2modsec.pl and an Open Web Proxy Honeypot. I was not as keen on the inclusion of the Web Application Security Consortium's Web Security "Threat" Classification document. Please search my blog for a thorough discussion of why that guide should be an "attack, vulnerabilities, and exposures" document.
   
   I found few technical nits. It's not correct that a NIDS protects its sniffing interface by "removing [the] IP stack" (p 299). Inline IDS isn't just for honeypots, either. I could have used inline packet rewriting to defend a Web hosting company that had lost control of its IIS customer sites. The customers were compromised and were unwittingly attaching malicious frames in their Web pages, thanks to an intruder.
   
   I was also concerned by the author's statement that upon seeing a Snort Web attack alert, he connects to the Web server via SSH and begins reviewing logs (p 419). Proper network security monitoring wouldn't necessarily require immediate log review, and if log review is needed it should be done via a central log host. Connecting to a potential victim immediately after suspected compromise is a great way to alert the intruder and potentially alter evidence.
   
   Overall, I liked PWAWA. The book is a mix of Apache security and Web application assessment, so if you are more interested in purely securing Apache you might prefer AS. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly.



5. Thanks a lot, we are very happy to have this book in our library!