C/C++ Users Journal April, 2005
Pragmatic Project Automation: How to Build, Deploy, and Monitor Java Apps
Mike Clark
Pragmatic Programmers, 2004
176 pp., $29.95
ISBN 0974514039
Java Cryptography Extensions: Practical Guide for Programmers
Jason Weiss
Elsevier/Morgan Kaufmann, 2004
158 pp., $21.95
ISBN 0127427511
At my first programming job, I asked a coworker if it was a pain to type in all his test data all the time. He showed me a couple of CSV (Comma-Separated Values) files and a Perl script and said "I only type once." I thought it was a great idea, but only used it myself sporadically in the years since.
Mike Clark's Pragmatic Project Automation is about taking that idea to its most useful extreme. The book is the third volume in the Pragmatic Starter kit, but is self-contained enough that it can be read on its own. The first chapter starts with a story about how build automation makes everyone's life better—especially the developer's. That's really what this book is about—letting the computer do boring, repetitive things so that we can concentrate on what's new and interesting.
The rest of the first chapter answers some frequently asked questions including why and when developers should automate. This FAQ is useful in its own right, but also helps readers figure out whether the rest of the book is for them.
The next two chapters show how to automate a Java build with Ant and then schedule that build. At first, I wondered how this would help me, since I'm doing web development with Python right now and don't usually compile Python. Then Clark pointed out that running tests is part of the build process. A day later, my build process consisted of checking out Python files from version control and running all my unit tests on them.
Chapters 4 and 5 describe how to generate and distribute releases of software. One of my favorite ideas from these chapters is writing a checklist script that clients can run on-site to check for "is it plugged in" errors.
The last chapter is about monitoring all this automation. In my mind, this chapter alone is worth the price of the book. Developers always want this information, but no one enjoys being spammed by their own computers, and it's a pain to set up filters so that the right messages reach exactly the right people. Clark's solution? Use RSS notifications so that your build system creates a blog as it goes along. It's a great idea, and I've already started implementing it locally.
Pragmatic Project Automation is short, but it's chock full of ideas and advice that can be put to use immediately. I found Clark's writing style clear, easy to read, and often entertaining. As a bonus, the book's concepts are language independent: Clark uses Java and Java-based tools, but I had no problems applying everything to Python. The book also has excellent support with its own web site (http://www .pragmaticprogrammer.com/starter_kit/au) and the authors' web log (http://www .pragmaticautomation.com/).
—M.T.
Cryptography is necessary, but not sufficient, for computer security: necessary, because unencrypted data can be read or modified by anyone with villainous intent, but insufficient, because villains can compromise systems in many other ways. Knowing how to integrate cryptography into software is therefore as important for programmers as knowing how to fork a process, read a file, or parse XML.
Unfortunately, crypto is still a lot harder than any of these things—so hard that most programmers don't know how to do it properly. Some of this difficulty is intrinsic, but a lot is also due to overly complex APIs, and to documentation that assumes more background knowledge than all but a handful of people have.
According to the blurb on its back cover, Jason Weiss's Java Cryptography Extensions discusses cryptography "...at the level that developers need to know to work with the JCE," but "...doesn't overwhelm by packing in details unimportant to the busy professional." After going through it twice, I believe it meets the second objective, but doesn't quite meet the first. It's not for lack of trying—Weiss's examples are well chosen and described in a fair bit of detail. However, he often assumes that readers know more about PKI (public key infrastructure) and related acronyms than people buying his book are likely to. He (or his editor) should have also proofread the examples more carefully: More than a few contain typos.
I was also a bit frustrated that this book didn't answer any of the specific questions I have about code that I'm currently porting from a proprietary library to Java 1.4's JCE. For that, I have to turn back to Google and to Sun's own documentation. Overall, I think it's worth having a copy of this book in the company library, but even given its low price, it isn't a must-buy for most Java programmers.
—G.V.W.