Computing Internet Books

This book was linked as a companion product on the Amazon website when I bought the HP Media Smart Home Server. The book is loaded with information but helped very little when I had problems establishing a remote desktop session. I still have not been able to access the desktop either remotely or through the network. All of the Console features work fine but I've gotten no help from the Windows Home Server Unleashed textbook in determining why I can't access the desktop.

Much more than just install, configure and review Help. It gets under the hood. WHS is based on Windows 2003 server. For XP users, the author adds a LOT of information on how to make thw server hum - better than many server books. The section on networking is worth the price of the book.

This book is for people who build home server from a regular pc. It assumes you have a keyboard, mouse, and monitor connected, and not headless (like HP MediaSmart Server). It reveals technical material in very detail. In addition, this book will teach you many ways to enhance its functionality. The author is extremely knowledgeable and a very good writer.

I have configured many SBS 2003 servers, and this by far is the easiest thing to set up. This book will help out the novice and the experienced. It includes some great material on how to customize your server as well how to install and configure MS SharePoint service to your server.

I bought the book before I decided to buy the Windows Home Server and it really helped me make my decision. You may not need this if you're not a power user but if you really want to maximize your WHS, you should get this book.

Are you a novice or a hardcore Skyper who wants to play with Skype's innards? If you are, then this book is for you! Author Andrew Sheppard, has done an outstanding job of writing a book that shows you how to save money by using Skype; and, how to remove boundaries imposed by having lived within the confines of your regular phone system for so long, a system that has been in stasis for decades--dumb, lifeless, and unmoving.

Sheppard, begins by explaining what Skype is and how it works, and introduces Skype's main features. Then, the author focuses on the economics of Skype and the ways of figuring potential savings. Next, he focuses on Skype configuration, by showing you how to improve performance, and customize Skype to meet your individual needs. The author then shows you how to improve and enhance your communication while on the move. He continues by showing you the fun and playful side of Skype. Then, the author shows you how to hack around with Skype's other major features; namely, instant messaging or chat, and voicemail. Next, he shows you how to have the visibility you require within the Skype community, and how you can be secure against some of the more common risks encountered by Skype users. The author continues by showing you how to deal with Skype limitations. Then, the author gives you a glimpse of Skype add-on products and tools that are currently available, and a sense of what is yet to come. Finally, he introduces you to the Skype API and how you can extend Skype's functionality and automate repetitive tasks using scripting methods: VBScript on Windows, Python on Linux, and AppleScript on Mac OS X.

This most excellent book aims to liberate your imagination and show, in a practical hands-on way, how Skype can do amazing new things--sometimes things that even its creators never envisioned. More importantly, this book shows you how to make Skype work for you.

Andrew Sheppard's Skype Hacks: Tips & Tools For Cheap, Fun, Innovative Phone Service tells how to make the Internet telephony Skype application work well. Haven't heard of Skype? It brings a range of new possibilities for those tired of the confusion of internet telephony options, and Skype Hacks covers all the basics; from how to set up a Skype server and put shortcuts on the computer to avoiding Skype problems and spammers. The program may be newer but the idea of money-saving internet telephony just went up a notch with the ease Skype Hacks Offers.

Skype is one of the most popular VOIP applications for the individual user and small office on the market today. If you have already installed it or are considering installing it then you will want this book so you can configure it to work the way you want it to work and head off any problems before they occur. The first thing I have to say about Skype is that it is so user friendly that many of the hacks in this book are unnecessary. It is easy enough to figure out how to make conference calls, transfer calls, forward calls and do various other common tasks. On the other hand, there are a lot of useful tips including how to claim your money back if something goes wrong, avoiding additional mobile phone charges, building a Skype server, working with routers, using Skype at work, working with privacy issues, and add-on products. Because Skype is a peer-to-peer network service it is very important to understand the privacy and security issues and the author does a great job of both explaining them as well as how to work with them. Skype Hacks is highly recommended for advanced computer users or anyone responsible for administering Skype in a business environment.

A generally well-written book, but offers few nifty insights to save more money or get more service. Look, download Skype and start using it; if you want to go beyond what's obvious from simple use, google will have what few insights are out there; no book will offer a wealth of tips because Skype isn't that kind of produce/service. Secret commands or "hacks" just don't exist for Skype.

And why does the author put that bizzare tip on how to physically cut your phone lines??

The one thing I really wanted to have more info on--how to integrate Skype long distance into your existing home phones with Skype's products under Shop->Accessories--the book barely mentioned as Option 1 of several. Very little help.

Given that I have a number of international colleagues, you'd think that Skype would be a must-have piece of software for me. But I downloaded it during the initial beta and it never really gained traction on my radar screen. All that may now change after reading Skype Hacks - Tips & Tools for Cheap, Fun, Innovative Phone Service by Andrew Sheppard.

Contents: Start Using Skype; Save Money with Skype; Configure Skype; Tweak and Tune Skype; Skype at Work; Mobile Skype; Skype Fun and Play; Skype Chat and Voicemail; Security and Privacy; Quirks, Gotchas, and Workarounds; Skype Add-Ons and Tools; Automate Skype; Index

Skype has become the path of least resistance for people starting to explore Voice over Internet Protocol (VoIP) technology, because its easy and free. When I first downloaded Skype during the beta period, it seemed like an interesting concept. But I found that most of the people I'd want to talk with weren't on Skype. Now it's changed, and I think I'll be running Skype on a regular basis. Skype Hacks takes a pretty comprehensive tour through the software and covers 100 "hacks" (tips and tricks) you can do to get the most out of the software. For some, the first couple of chapters will be more than enough... how to get started on Skype, how to set the software up, and how you can use Skype to replace your regular phone (or at least reduce your monthly bills). But if you're already past that point, the rest of the chapters will allow you to venture into areas you may not have known about. For instance, the Automate Skype chapter shows a number of scripts you can use to interact with Skype programmatically. Great if you want to have an agent send you a chat message when something is completed. Or take the Skype Add-Ons chapter... There's a website called skyperunner.com that allows you to send a chat message to a Skype user without having to be logged on to the service. Great if you want to send a message to someone in an asynchronous fashion. And using Skype to practice your foreign language skills with willing Skype users around the world was something that never occurred to me...

So, if you've downloaded Skype and used the basic functionality, great. A copy of this book will take you to the next step and open up some interesting possibilities...

A good way to think of this book: a treatise for kids that grew up in the GUI and getting them to understand the importance of proper syntax. On the shell. Because that's where the hotness is at.

You would think that a book focused on operating systems--even one with a focus on the sociological and philosophical implications of the rapid evolution of interface technologies--which was written in 1999 would be rather dated by now.

But this is a book written by Seattle author and revered science fiction prophet, Neal Stephenson (author of Cryptonomicon).

The book is called In the Beginning...Was the Command Line. I recommend it. To geeks and non alike. Stephenson is a man who's easy to read and good with metaphors for those of us/you who are not ubernerds.

A passage that I particularly like:

"Contemporary culture is a two-tiered system, like the Morlocks and the Eloi in H.G. Wells's The Time Machine, except that it's been turned upside down. In The Time machine, the Eloi were an effete upper class, supported by lots of subterranean Morlocks who kept the technological wheels turning. But in our world it's the other way round. the Morlocks are in the minority, and they are running the show, because they understand how everything works. The much more numerous Eloi learn everything they know from being steeped from birth in electronic media directed and controlled by book-reading Morlocks. that many ignorant people would be dangerous if they got pointed in the wrong direction, and so we've evolved a popular culture that is (a) almost unbelievably infectious, and (b) neuters every person who infected by it, by rendering them unwilling to make judgments and incapable of taking stands. Morlocks, who have the energy and intelligence to comprehend details, go out and master complex subjects and produce Disney-like Sensorial Interfaces so that Eloi can get the gist without having to strain their minds or endure boredom."

Good comparison, but as he says, lest you think he's just an "intellectual throwing a tantrum," he points out that "The situation I describe here could be bad, but doesn't have to be bad and isn't necessarily bad now."

Reading the comments on amazon, you'll see the usual--some glowing "must have!" reviews, and some snobby "not technical enough" reviews. This isn't a long book, but it's a good non-fiction read. Especially for those of you who have SOME background and interest in developing technology and what it could be doing to us en masse.

This book introduced me to the open source movement. Refreshing view of the programmer as "creator" in the domain of binary world. Interesting parallels to religion. This book captures the heart and soul of the information age.

This essay is nearly 8 years old, and in dire need of an update. So in 2004 Grant Birkel set out to do just that, producing a set of comments called "The Command Line in 2004". It's freely available on the web, and I suggest you read that version instead of the (older) book.

As far as Stephenson's original writing: Wow, what a disappointment. I love his fiction, but this was a subject that needed much more grounding, and the essay doesn't have it - it's prone to offer ridiculous analogies, and often ditches the point entirely so it can lament McDonald's expansion into foreign countries and the popularity of the television show Cops outside American borders.

Let me try to distill his main argument: the GUI evolved on top of the command-line, and it allowed the computer to become much more accessible to the everyday user. However, the two major commercial OSes don't offer a way to get back to the command line in a useful way, and so "hackers" lose out on a lot of power and flexibility that they used to have over the machine. He praises Linux because it gives you the TTY and doesn't offer the hand-holding and useless features that other OSes do. Stephenson likens the GUI to Disney Land, where ideas and cultures pass through a filter that narrows down the world to a single presentation accepted by the masses. In choosing the GUI we give up our control so we aren't overwhelmed by choice. (OS X pretty much demolishes this premise by itself, as Stephenson readily admits today, but things were different 8 years ago so it's better to look at this in a historical context)

Now, this argument doesn't really hold up under close inspection. It's easy to formulate a counter-argument on any number of points, though the essay has a hard time sticking to one argument, so it's tough to see even where best to challenge it. I will only suggest that interface troubles plague every application and operating system, regardless of who developed it, and that the way in which software is built does not dictate how useful it will be.

I think the real trouble with this essay is one of viewpoint. Stephenson takes the position of someone who is computing just for computing's sake - he finds programming interesting in its own right, without a need to accomplish any specific task. So the most efficient way to do this at the time was the command-line interface, because you can be coding your function very quickly without having to delve into pages upon pages of window-opening code. (Incidentally this is largely a problem of library refinement: CLI programming is only easy because we have the C stdlib, and in 1999 GUI toolkits were still convoluted. Nowadays new tools make coding GUI applications almost as easy as the CLI, and some are even cross-platform!)

However, he's trying to foist this viewpoint onto all users, without allowing them the freedom to choose an OS to suit their own individual needs. It's almost as though he is insulting the users who want their PC to be nothing more than a tool to get their work done - those who like the simplicity of clicking emails in Outlook, who want to use the Start menu because it's fast and easy, or who think the Office paperclip is a handy feature. (Okay just kidding about that last one: nobody really believes that.) At times he's suggesting that people are simply ignorant of other operating systems, and if they knew more, they'd pick a "better one". In any case, needing less direct interaction with the PC isn't any indication of a person's general interest in complex things... we all give up options in some areas of our lives to make time for flexibility in others. Birkel's counterpoint here is especially relevant because he continually points out that the real value of any UI is how much it enhances our ability to accomplish tasks, not how much we can muck things up with it.

In summary: Don't bother with this one, unless you're highly interested in Neil Stephenson, operating systems in 1999, Linux zealotry, and anti-American Global culture. And even then, read the annotated version. I think Birkel's comments provide the grounding in reality that the original essay desperately needed.

I was excited about this book for about the first 10 pages. I did manage to read the first 100 pages but I just couldn't make myself read the rest of it.

This book is full of gross technical errors, sweeping generalizations, long sidebars about unrelated topics, and useless anecdotes.

I am a professional software engineer and spent years working early stage start-ups in Silicon Valley--The author knows very little about computers, programmers, and user interfaces.

Yes, the book is 10 years old, and thus is dated--but even ignoring this, the book has serious problems with its facts. The author's credentials do not enable him to write this type of book. Stick to fiction, please.

This book was excellent and very informative. At first there was so many to chose from but I am positive I made the right choice. It is not expensive and worth every penny. I would recommend this book to anyone interested in either buying or selling on ebay.

Michael Banks' The eBay Survival Guide is another fine guide to selling and buying on eBay - and avoiding common pitfalls - which covers just about everything including discerning the 'real prices' of items and learning more effective bidding strategies. From using HTML in listings and handling templates to considering private auctions and handling problem buyers or sellers, all the basics of the interactive auction forum that is eBay are covered.

This book is great whether you are new to eBay or you have been using it for years. I have done some buying and selling on eBay and while I don't consider myself an expert I felt pretty confident in my abilities. There are a great many books out there about mastering eBay, but this one stands out amongst the crowd. This book opened my eyes to a whole lot more that eBay can do, for me, for you. The first chapter is the basics of what eBay is. After that it is a plethora of information. It covers topics from how to search to how to bid and how to post and item for the best results and how to attract bidders. This should be called the eBay bible because it is all you need. It can save you money, time, and effort. This book is packed with information that is easy to read and understand. Space is not wasted on excessive graphics; only the most appropriate and useful graphics are included. It is a fast read especially when you start getting excited about what you will learn and how soon you can use this knowledge. For those who are interested in eBay it is a page-turner. I am recommending this book to any one who uses eBay, from beginners to seasoned eBayers. The author participated in some of the original auctions in 1983 aimed at trading computer parts on college campuses, and now is a regular on eBay. He has written over 40 books on various topics, such as technology, writing and eBay.

Are you a frequent buyer or seller on eBay. If you are, this book is for you. Author Michael Banks, has written an outstanding book that is a nonconformist, irreverent, and realistic handbook for both buyers and sellers.

Banks, begins by presenting an overview of the organization and structure of eBay, along with what it offers and the basics of how it works. Then, he covers the basics of participating in eBay auctions. The author continues by introducing you to the basics of searching on eBay. In addition, he also shows you how to combine basic search techniques with Search commands and unconventional techniques to conduct truly high-powered searches. The author also considers the relationship between value, price, and demand, and looks at some methods for calculating prices. Then, the author takes a look at how you can fit the profile of the ideal seller, and how to handle those less-than-ideal buyers you may consider. Next, he shows you how to decide what you are going to sell.
Next, the author suggests how you might go about finding items to sell on eBay. Then, he explains how to go about creating a successful auction. The author continues by showing you how to write copy on eBay. In addition, he covers how to relist an item and how to improve your chances of selling it. The author also presents an overview of things you should know before you bid and buy on eBay, focusing on dealing with sellers. Then, he answers questions about bidding and tracking auctions, along with information about techniques and tools you can use to win consistently. Next, he presents some approaches to getting those auction items you've lost. Then, the author covers the steps and options involved in paying for and getting your items. The author continues by looking at some common scams and downright illegal activities that take place on eBay. In addition, he looks at several types of products that aren't what they appear to be. Finally, the authors shows you how you might go about getting information about an eBay member, through eBay and other channels.

This excellent book shows you how eBay works; how to find things on eBay; how to bid effectively and win; the best times for buying and selling; how to draw bidders without spending a bunch on eBay auction features; how to spot shills, fraudulent sellers and deadbeat buyers; and, a lot more. In addition, you'll find information about how to handle the offline aspects of online buying and selling, and some useful information about using the Internet in general.

If you've never used eBay before you'd be silly to do so without first picking up 'The eBay Survival Guide' by Michael Banks. Even if you've been using the auction site for years you will also benefit from the information found in this book.

'The eBay Survival Guide' starts out, not surprisingly, with an overview and history of online auctions and of eBay itself. It then moves on to how the site works and also provides some great tips and techniques for finding items you want. Even though I've been using eBay since 1999 I found it interesting to go back to the beginning and get an overall sense of what's really happening on one of the biggest sites on the internet.

The next major section of the book is geared toward those people who are using the site to sell things. That brings up a point worth mentioning. This book is for both sellers and buyers on eBay. It's a 'survival guide' for all users, not just a "how to make lots of money on eBay" book. I'll look at the section for buyers in a minute. The section for sellers includes suggestions for creating better listings, when to relist items, how to deal with problems that may arise and so on. It's loaded with screenshots, so you're not just reading about eBay you're seeing what things will look like when you use the real site. I think a great many sellers would benefit from reading Chapter 10 called, "How To Create Listings That Sell". Banks points out the many pluses that come with writing effective descriptions and titles for your auction items.

Next comes the section for buyers. Again there are lots of screenshots that really help bring the examples to life. And there are more than just a few examples. The book is obviously written from a great deal of personal experience not just clinical research. Banks' anecdote about the historic airplane photograph and negative (page 186) is proof of this. In presenting it he helps illustrate best practices for bidding, outbidding and sniping. Here's an area where I had some experience but again felt that the book either reinforced some of the things I already knew (making me feel more confident in bidding) or suggested things I should be doing but wasn't (like spending more time researching other bidders).

Near the end of the book he discusses how not to get ripped off using eBay and in doing so exposes some of the uglier sides of the site. This is important information though and helps buyers and sellers better understand what can go wrong and how to avoid it.

Throughout the book Banks writes in a clear easy-to-understand style that feels like a friend sitting down to explain eBay to you. Despite the fact that the guide is about an internet website it feels not at all like a computer textbook. Its short concise sections make finding the information easy and learning from it even easier. You should find it easy to pick up the book and skip to whatever section is currently most relevant to your eBay activities. The well-written index also helps you to find the help you need quickly.

Whether you're new to eBay or not and no matter whether you're buying or selling it's a sure bet that "The eBay Survival Guide: How to Make Money and Avoid Losing Your Shirt" will help you get the most out of online auctions. Highly recommended.

Great starter book into Pen Testing. Big book with lots of information. Great book to read to prepare to start your CEH or CISSP studies.

If you live and breathe IT security, this books is for you. I would like to somewhat disagree with some of the earlier reviewers. I don't think this book was intended to be "the one and only" penetration toolkit manual. However, what it does do - it introduces one to the world of penetration testing providing enough information and examples on a wide variety of tools. A lot of great subjects are covered, such as reconnaissance, enumeration, scanning, web application testing, wireless penetration and more. It's a very insightful read, even for those who are just researching in the area of security. It will open your eyes on many aspects of information security. The CD itself is a good resource, but you may need to update some applications by now. Nessus signatures do get updated regularly.

At around 700 pages in size, the 'Penetration Tester's Open Source Toolkit' by Johnny Long is a solid reference material which is a nice pickup for anyone that is concerned with this subject matter. As with all Syngress books, you aren't buying these for the highest quality paper or design, but rather the material within. This is a solid book that most users should find helpful in their jobs.

**** RECOMMENDED

If you are going to do any work in the Information Assurance world you will want to add this book to your shelf and keep it handy. The authors of this book know the topics and present information clearly.
Each chapter is a stand-alone lesson, and all chapters build on each other to create a big-picture of exploiting any network and reporting results. The CD that comes with the book gives you excellent tools to start or fill out your library. Some are getting dated as of this writing, but all are still solid tools that you can update once you've learned them.
I highly recommend this book!

Title: Penetration Tester's Open Source Toolkit
Author: Johnny Long, Aaron Bayles, James Foster, Chris Hurley, Mike Petruzzi Noam Rathaus, Mark Wolfgang
Publisher: Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Copyright: 2006
ISBN: 1597490210
Pages: 678 plus appendix and index

This book not only covers what tools are available for penetration testing but also details how to use them to effectively test the system. Some of the tools, such as whois and ping, will be very familiar to the Linux user and most power users of other operating systems. Other tools are less familiar but very powerful and a real insight into what can be done to gather information on a system before attempting to penetrate it. Part of what makes this book really interesting is the way the authors approach this subject. They don't walk the reader through all the details of a handful of tools but instead they take a task-oriented approach. For example they go first through enumerating and scanning a system, then testing databases, web server testing, web application testing, wireless penetration and network devices. They then end this section with information about writing open source security tools. Chapter 8 starts a section on the Open Source vulnerability scanner Nessus. It automatically finds many problems in the system by trying to penetrate it using various scripts. The results are captured and the generated reports detail the information it was able to obtain. This is a very powerful testing product and one of the most common ones you will find in the marketplace.
The authors detail how to set up a Nessus client and server, scan the system and understand the results. Although almost three hundred pages are dedicated to Nessus it is a very powerful and highly configurable program that can consume a full book by itself to use its full potential. Penetration Tester's Open Source Toolkit is highly recommended, insightful, and very interesting to read and experiment with.

Excellent book. Really excellent. Doesn't make you feel like an idiot for not knowing much about Gmail

VERY highly recommended

I'd originally purchased this to give to my husband who's constantly pestering me to look things up on the internet because he doesn't know how to find them easily. After thumbing through a few chapters, I realized that it's not just for novices at all.

I'm a blogger, and I'm online almost constantly. Even so, I found plenty of information here that has made my online time more efficient, just as the title promised.

Not only did I wind up getting another copy for my husband (because I'd dog-eared the first one for my own use), but I gave one to a relative who's driven me nuts with her "How do I...?" phone calls (which almost without fail come right as we sit down to dinner).

Awesome resource.

Mark Frauenfelder certainly covers a lot of ground and isn't kidding with the books subtitle "How to do anything and everything on the Internet - better, faster, easier.

This is the kind of book that you will want to keep on a shelf right by your computer for handy reference. Read the book from front to back cover or skip around and sample the chapters that interest you the most. Whichever way you do it you will learn some handy new things about surfing the web.

You may also want to keep paper, pencil, and a highlighter handy for noting all the web site addresses in the book. I was disappointed there wasn't an appendix of them or at least some method of highlighting them when the book was printed.

One site described in the book made the whole purchase price worthwhile. A gold mine of information. The claim on the cover that you can "raze you old home page and build a modern Web masterpiece" is unfounded. Otherwise spectacular.

This inexpensive book is chock full of information for Internet professionals who wants to keep up with the latest tools and trends. It is easy to read and even entertaining. There are hundreds of tricks and stories how to put the Internet to use, e.g. how to start a blog, how to create podcasts, video podcasts, crop the size of image attachments etc. etc.
Internet business developers should read this to stay abreast of latest developments and new business models. Technologist should read it to find inspiration.

I had the chance to read this book, and found it well written, comprehensive and extremely useful reference. It is amazing how all the "predictions" from the moment the book was written (1999) are now (2007) a reality. I'd really like to see the 4th Edition, not to see a change in its contents or layout, but to see upgraded information on the products.

The picture shown back then has now been cleared up, and some of the actors back then are now gone and others have appeared.

If you are not familiar with the Client/Server and Web programming jargon and/or are having trouble figuring out how all of the pieces fit together, this book is for you.

You'll need to get past some of the 'cuteness' that the authors use to make their points. However, they cover the topic soup to nuts in a way that you will understand going forward.

I picked up the first edition of the book by accident when I was trying to figure out fat client server computing and subsequently bought the other two versions to get more overview and to use as a desk reference (i.e. I had to explain the concept of ACID properties of transactions and needed a brush up)

Lastly, if your manager is non-technical, do yourself a favor and get him/her a copy of this book.

I found this book very interesting 1.5 years ago when I read it. Partially because there was a very good match between what was written in there, and what I could hear around me in the work place.

Time has passed, and I hear less and less talk about CORBA (except in negative terms), and more and more talk about Websphere (based on some technologies explained in the book also - I have to say)...

The third edition remains mostly interesting, but it is now more of a book providing background information, rather than a book providing cutting edge info and likely to help people make choices for the future.

I am impatiently waiting for the fourth edition.

Bernard

Pros:

- Easy to understand
This book explains technical concepts in simple english and gives analog to things we are familiar with. Most books out there "talks greek" and present technical concepts in a way that is more complicated than they actually are.

- Breadth
I have been in the IT line for more than ten years and I can say that the breadth covered is simply astounding eg. user interface,
web server, application server, databases, remote procedure call, message passing.

- Depth
The important parts of a topic is covered in sufficient depth to allow us to have a overview of the subject without being deeply buried and lost in the details. If further details on any topic is required, one can always look up the other books. We just need a good overview here.

- Humor
I loved the humorous cartoons that aptly describe the concepts and keeps us from falling asleep.

- Organization
The topics are well organized with similar concepts grouped under a common heading with subheadings and so on. Most books out there group multiple large concepts under one heading (with no subheadings) making it harder to read and bookmark.

Cons:
This book is outdated. We need to know where does microsoft .net framework fits in. Is COM/COM+ dead ? Who is winning - .net or CORBA ? What about new standards such as SOAP ? What does microsoft new language C# brings to the world of client/server ?

I found this book to be both a waste of money and my valuable time. I was looking for an intermediate to advance level treatment of client server systems. I was utterly disappointed. This book attempts to start from the very basic fundamentals and delve into the more advanced concepts. It miserably fails at its task. For the intermediate to advanced level readers, it fails to deliver what they were expecting. For example, 80%+ of each chapter is devoted to covering the basic terminology and the remainder tries to touch base on the various technologies. I found the coverage to lack detail and completeness. If you happen to be a begginer at the subject matter, you may be even more disappointed. Skimming through the fundemantals, I was surprised to find the basics were explained in terms of the advanceds. For instance, middleware was explained in terms of its utility in transaction integrity and load balancing. Anyone who understands transaction integrity and load balancing doesn't need an explanation of middleware. He/she would most likely be interested in specific methodologies. And, anyone who doesn't know what middleware is, most likely will not know what transaction integrity and load balancing mean. This book is full of such, let's say, logical inconsistency. ...

Excellent high-lvel book for anyone involved with software development and implementation. This book digs deep with enough details of security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The book also does well in terms of secure coding, white box and black box testing very well.

Few things where this book falls short "Ignorant" to emerging application landscape and the coding complexities in a multi-platform and application integration environment - J2EE, .NET, XML Web Services and SOA. I am sure, the author will agree on those gaps hopefully we see in the next edition of this book.

The book deserves 5 stars for the concepts + illustrations and 3 stars for those keen on development details for distributed applications.

A required reading for anyone involved with software development and implementation. This book drills-down to security in coding and testing practices and how to avoid security related bugs and vulnerabilities. The concepts illustrated on secure coding, white box and black box testing are excellent. As a developer/architect, I thoroughly enjoyed this book and I suggest to everyone who wants to get started on secure coding and testing practices.

Couple of things I QUIBBLE with are... the book does'nt realize the emerging issues and how-to's for build/refactor security for distributed application proliferation as your it - Portals, Web Services and SOA. The way we develop software is changing, the applications are becoming more pervasive and no-longer contained standalone to a system which makes the built-in security brittle impeding the agile business requirements for application/process orchestration, b2b federation and Web based application mashups. I am sure, the author will realize those gaps in the next edition of this book.

Havingsaid - This book is still a must-read for the budding security developer who wants to focus on secure programming and testing.

What is MISSING - You will not find answers for how you do secure web-centric applications, XML Web services - message-level security, identity federation and other b2b application complexities.

Software Security is the best book for learning to integrate security throughout your software development lifecycle. It contains all the security material that is missing from software engineering books. The author understands that your software development lifecycle is different from his, and so focuses on seven touchpoints that can be introduced into any software development lifecycle, instead of attempting to sell you a new lifecycle. He also understands that no matter how important security is to you, you can't change everything about you develop software tomorrow, so he introduces the touchpoints in order of effectiveness based on his extensive consulting experience, starting with tool-assisted code reviews and architectural risk analysis.

If you're a software developer, Software Security is an essential book to have on your shelf, and you'll also want a secure programming book like Secure Programming with Static Analysis (Addison-Wesley Software Security Series) or the author's own Building Secure Software: How to Avoid Security Problems the Right Way.

The root cause of many security vulnerabilities is poorly written software. Often, software applications are written without security in mind. The logical, yet elusive, solution is to ensure that software developers are trained in writing secure code.

Software Security: Building Security In is a valiant attempt to show software developers how to do just that. The book is the latest step in Gary McGraw's software security series, whose previous titles include Building Secure Software and Exploiting Software.

In past decades, writing secure code was left to the military and banking industry. Today, with everything on networks, all sectors must get into the act.

Much of the problem is that organizations target their security elsewhere--specifically on networks--rather than on software. But so many malicious attacks are directed at software that it is foolish to leave this vulnerability exposed.

McGraw goes into detail not only about writing secure code but also about key related areas, which he terms "the seven touchpoints of software security."

These points comprise code review, architectural risk analysis, penetration testing, risk-based security tests, abuse cases, security requirements, and security operations. A major portion of the book effectively discusses these "touchpoints," making the work a recommended tool for inculcating software developers with a security mind-set.

I read six books on software security recently, namely "Writing Secure Code, 2nd Ed" by Michael Howard and David LeBlanc; "19 Deadly Sins of Software Security" by Michael Howard, David LeBlanc, and John Viega; "Software Security" by Gary McGraw; "The Security Development Lifecycle" by Michael Howard and Steve Lipner; "High-Assurance Design" by Cliff Berg; and "Security Patterns" by Markus Schumacher, et al. Each book takes a different approach to the software security problem, although the first two focus on coding bugs and flaws; the second two examine development processes; and the last two discuss practices or patterns for improved design and implementation. My favorite of the six is Gary McGraw's, thanks to his clear thinking and logical analysis. The other five are still noteworthy books. All six will contribute to the production of more security software.

Gary McGraw's book gets my vote as the best of the six because it made the biggest impact on the way I look at the software security problem. First, Gary emphasizes the differences between bugs (coding errors) and flaws (deeper architectural problems). He shows that automated code inspection tools can be applied more or less successfully to the first problem set, but human investigation is required to address the second. Gary applauds the diversity of backgrounds found in today's security professionals, but wonders what will happen when this rag-tag bunch (myself included) is eventually replaced by "formally" trained college security graduates.

Second, Gary explains that although tools cannot replace a flaw-finding human, they can assist programmers trying to avoid writing bugs. Gary is the only author I encountered who acknowledged that it is unrealistic to expect a programmer to keep dozens or hundreds of sound coding practices and historical vulnerabilities in his head while writing software. An automated tool is a powerful way to apply secure coding lessons in a repeatable and measurable manner. Gary also reframed the way I look at software penetration testing, by showing in ch 6 that they are best used to discover environmental and configuration problems of software in production.

Third, Gary is not afraid to point out the problems with other interpretations of the software security problem. I almost fell out of my chair when I read his critique on pp 140-7 and p 213 of Microsoft's improper use of terms like "threat" in their so-called "threat model." Gary is absolutely right to say Microsoft is performing "risk analysis," not "threat analysis." (I laughed when I read him describe Microsoft's "Threat Modeling" as "[t]he unfortunately titled book" on p 310.) I examine this issue deeper in my reviews of Microsoft's books. Gary is also correct when he states on p 153 that "security is more like insurance than it is some kind of investment." I bookmarked the section (pp 292, 296-7) where Gary explained how the "19 Deadly Sins of Software Security" mix "specific types of errors and vulnerability classes and talk about them all at the same level of abstraction." He's also right that the OWASP Top Ten suffers the same problem. Finally, Gary understands the relationships between operators and developers and the importance of security vocabulary.

I was pleasantly surprised by "Software Security". I reviewed an early draft for Addison-Wesley and wondered where the author was taking this book. It ended up being my favorite software security book, easily complementing Gary's earlier book "Building Secure Software." In my opinion, Gary is thinking properly about all the fundamental issues that matter. This book should be distributed to all Microsoft developers to help them frame the software security problem properly.

Fine ideas in the area of managing the test code part of test driven development
Aimed at developers, testers may find some ideas that fit in their ballpark too.

Let me start by stating the obvious: this is a patterns book about the organisation of tests and the workings of the xUnit family of unit testing frameworks. It is _not_ a book about Test Driven Development, although there is material that is pertinent to that. Given that the use of JUnit and TDD is pretty intertwined in the minds of many Java developers, it's worth making this distinction, so you know what sort of book you're getting. Speaking of JUnit, most of the code examples uses Java, although there are some examples in C#, VB and Ruby.

Like Martin Fowler's Patterns of Enterprise Application Architecture, the book is split into two main sections, a narrative that weaves together a lot of the patterns and strategies, and then a catalogue of individual patterns. Between the two, there is a catalogue of 'test smells', similar to the 'code smells' discussed by Fowler in Refactoring, which I would suggest can be read profitably with the narrative section, rather than used as reference material.

There are a lot of patterns here on the mechanics of xUnit, such as 'Test Runner', 'Garbage-Collected Teardown' and 'Named Test Suite'. I was a bit confused about who this material is aimed at -- maybe someone looking at porting xUnit to a new programming language would find it useful, but a lot of it is fairly obvious to anyone who's used an xUnit in a non-trivial fashion (and certainly, if you haven't done so, this book is not a format that makes for a good introduction), or requires playing against xUnit's strengths (e.g. not putting setup and teardown code in their eponymous methods), although there is good reason for doing so in some of the examples provided, such as databases.

Beyond this, there is some good stuff on design-for-testability patterns (e.g. dependency injection versus dependency lookup), value patterns to replace magic constants, custom assertions and custom creation and other utility methods to make the intent of tests more clear. This material, along with the test smells chapter, is where the real value of the book lies. It encourages the application of the same software engineering principles you would apply to your applications (encapsulation, intent-revealing names, Don't Repeat Yourself) as you would to your testing code, something that's surprisingly easy to overlook, at least in my experience.

Also, the material on 'Test Doubles' (mocks, stubs, dummies and their ilk) is extremely useful. It touches on designing with mocks only superficially, but it does provide a helpful taxonomy of what different classes of doubles do. Now, if only everyone would standardise on this nomenclature, it would make life a lot easier. I suggest we brandish this enormous book threateningly at anyone who refuses to toe the line, and that should do the trick.

Because, boy, this book is big (about 900 pages). To be honest, it's too big. I rarely complain about getting too much book for my money, but the likes of GoF, PoEAA and PoSA 1 manage to come in between 400-500ish pages, so there's no reason XTP couldn't. The advantage is that the patterns in the catalogue, which take up most of the space, stand alone, without requiring too much flicking backwards and forwards between patterns.

The disadvantage is that there is a lot of repetition, so unlike the three design patterns books I mentioned above, which I suspect most people read cover to cover (or maybe that was just me and I'm a complete freak), I would suggest only dipping into the catalogue as necessary. For instance, how much difference is there between the 'Testcase Class per Class', 'Testcase Class per Feature' and the 'Testcase Class per Fixture' patterns? Not a lot, as you might expect.

I definitely liked this book. I would have liked it even more if it came in at about half its size and I would have preferred more emphasis on test and assertion organisation than the mechanics of the xUnit framework, but maybe that would have been a different type of book to the one Gerard Meszaros intended. This is nonetheless a must buy for anyone who cares about unit testing.

I've been familiar with agile concepts of automated unit testing (AUT) and test-driven development (TDD) for awhile now. In the past few years I've made several attempts at incorporating AUT and TDD into my own personal workflow, but each attempt soon resulted in my abandoning the whole idea. The testing effort quickly outweighed the benefits. I've believed in the ideal of TDD, but I didn't see quite how to pull it off.

Then I bought XUnit Test Patterns by Gerard Meszaros. Wow! Finally the issues I've struggled with are being addressed. Okay, I must admit I'm not very plugged in to the online software development community, and I'm sure these issues have been discussed before. But this book looks special. I sense it's giving voice to these issues in a big way that's introducing many developers to these ideas for the first time. After all, it had to take time for this kind of book to be written. Time for the patterns to be developed through hard and frustrating work.

Rarely have I bought a thick book on software development and eagerly read every single word from cover to cover. But I have with this book. And I know I'll soon do it again. I'm even tempted to also purchase the PDF version of the book, just so I can reference it wherever I happen to be.

It's not the final word on AUT, but it has me embracing the ideal of TDD once more. The company I work for develops a huge OO-based enterprise software system with no automated tests. As Meszaros explains, this kind of legacy system is the most difficult for incorporating AUT (and daunting for those new to AUT). But at least now I feel like we have a good chance.

By now, the concept of "patterns" in program design is pretty well accepted. And the concept of test-driven development has a solid foundation also. But are there certain "patterns" to building and running those tests? The answer is yes, and the book that covers it is xUnit Test Patterns: Refactoring Test Code by Gerard Meszaros. If you use any of the xUnit software in your development efforts, you need to have this book...

Contents:
Part 1 - The Narratives: A Brief Tour; Test Smells; Goals of Test Automation; Philosophy of Test Automation; Principles of Test Automation; Test Automation Strategy; xUnit Basics; Transient Fixture Management; Persistent Fixture Management; Result Verification; Using Test Doubles; Organizing Our Tests; Testing with Databases; A Roadmap to Effective Test Automation
Part 2 - The Test Smells: Code Smells; Behavior Smells; Project Smells
Part 3 - The Patterns: Test Strategy Patterns; xUnit Basics Patterns; Fixture Setup Patterns; Result Verification Patterns; Fixture Teardown Patterns; Test Double Patterns; Test Organization Patterns; Database Patterns; Design-for-Testability Patterns; Value Patterns
Part 4 - Appendixes: Test Refactorings; xUnit Terminology; xUnit Family Members; Tools; Goals and Principles; Smells, Aliases, and Causes; Patterns, Aliases, and Variations
Glossary; References; Index

Most of the books that cover xUnit software do so from the perspective of a technical manual. Everything is geared to writing the actual code for the test. Meszaros takes a different tack. He covers more of the "why" behind test writing in xUnit, as well as the basic patterns and principles you should be aware of when you're putting together your tests. People new to xUnit will throw together tests without much thought as to the structure and robustness of that script. Meszaros maintains that much of the same care that goes into writing and designing programs should also go into the test scripts. Patterns such as In-line Setup, Chained Tests, State Verification, and many others can adjust your whole mindset towards what makes a solid and maintainable test script that will serve you well both now and down the road when you have to make changes to the program (and add more scripts to your test suite). The book is set up such that you can scan for basic ideas, and then go back to specific patterns for more information as the situations and needs arise. With the use of both actual code and UML diagrams, it's very easy to catch the gist of each pattern, as well as seeing how it would actually be implemented. Very good stuff here...

If you practice test-driven development (and you should), you have no doubt worked with your particular xUnit variant. This book is the next step in your learning, and it will make you a much better developer and tester...

We went over 2,000 unit tests this past week during Iteration 72 on our Agile project. Of course, over the course of the last 18-24 months we have removed some tests, and in many cases, refactored the existing tests many times. We also have been learning a whole lot about TDD and the actual domain that we are building and testing. As we were doing this, we were implicitly discovering Test Smells, and discovering test automation patterns. The value in establishing patterns, and more precisely a pattern language in a particular domain are substantial. It's not so much that the "collector" of patterns is defining something new (some often mistakenly criticize pattern books in that regard) that you didn't know, but defining a shared terminology of our practices that we keep doing over and over. To that end, the patterns themselves not only define a shared vocabulary but serve other functions, not the least of which is learning from others. An obvious example of this is Martin's PEAA collection of patterns that enables us to say things like PageController or Lazy Load or TableDataGateway and we all know what it means. In fact, when I am talking about Interaction versus State/Behavior type of testing on CB, and others here use much of this terminology, I am in fact, talking about patterns like TestDoubles and MockObjects, among others.

When I became aware that Gerard Meszaros ' xUnit Test Patterns book was going to ship Friday, I ordered it for overnight delivery on Saturday. I read well over 200 pages yesterday pretty much at one sitting, contented with a book that will change the face of the software industry, just as JUnit and all the other xUnit family have fundamentally altered software development for the better. Its definitely a big book at 944 pages, but it's not a book of excess, unnecessary pages. Rather it shows how hard it is to write defect-free software and the depth of the work that people are putting into this endeavor. The book uses Java as the language which obviously is no hardship to the C# programmer. Like most of the sound practices that have been evolving in the last ten years, this work has been evolving out of the terrific Java community.

Just like their are Code Smells, there are Test Smells, and writing good test code is just as hard and as worthy as writing good production code. Meszaros categorizes Test Smells into ProjectSmells, BehaviorSmells, and CodeSmells. Particularly interesting is his discussion in this regard to the commercial "record and playback" test automation products that have given test automation a bad name in many circles with their tendency to create FragileTests particularly with regard to Interface Sensitivity. Like many others, we were drawn in, and spent and wasted thousands of dollars with a vendor and exhibiting extreme Interface Sensitivity with the user interface. Their interface was not only unable to "pick up" most of the controls we use but even minor changes to the interface can cause tests to fail, even in circumstances in which a human user would say the test should pass. This only goes to support the notion many of us have talked about here about factoring a UI into MVP or MVC and not having logic in the "presentation."

Meszaros goes onto to provide very valuable discussions of Goals of Test Automation, Philosophies of Test Automation, and a Roadmap to Test Automation. We talk about things like Tests as Specification, also known as Executable Specification: "If we are doing test-driven development or test-first development, the tests give us a way to capture what the SUT should be doing before we start implementing it. They give us a way to specify the behavior in various scenarios captured in a form that we can then execute (essentially an "executable specification".) To ensure we are "building the right software", we must ensure that our tests reflect how the SUT will actually be used." We also talk about Tests as Documentation.

The main part of the book, of course, is the catalog of the patterns. Meszaros has provided a tremendous service to our community by not only cataloging and naming much of what we do, but also providing excellent discussions of why and how we do those things. I think, over time, this will be regarded as a seminal work in Software Development.