Dr. Dobb's Journal September, 2005
Buffer Overflow Attacks: Detect, Exploit, Prevent
James C. Foster, Vitaly Osipov, Nish Bhalla, and Niels Heinen
Syngress, 2005
497 pp., $34.95
ISBN 1932266674
Java Testing and Design: From Unit Testing to Automated Web Tests
Frank Cohen
Prentice Hall PTR, 2004,
489 pp., $49.99
ISBN 0131421891
Painless Project Management With FogBugz
Mike Gunderloy
Apress, 2005
184 pp., $34.99
ISBN 159059486X
Designing Effective Database Systems
Rebecca M. Riordan
Addison-Wesley, 2005
353 pp., $49.99
ISBN 0321290933
The older I get, the more often I ask, "What were they thinking!?" Take The Hitchhiker's Guide to the Galaxy, for example: The books are among the funniest ever written, but somehow, Hollywood managed to turn them into a movie that makes a parlimantary debate on export duties for raw cabbage look like The Life of Brian. Didn't anyone read the script before they started shooting? More importantly, didn't anyone watch it the whole way through before they sent it to theaters? Sigh.
Unfortunately, it isn't just Hollywood. The same thing sometimes happens to books. Buffer Overflow Attacks, by James Foster et al., is a case in point. I was really looking forward to it, both because I'm interested in computer security and because I think that showing students how malware works is a great way to teach them the nitty-gritty of systems programming. The book itself, though, was a disappointment. The authors seem to have no idea who they're writing for: Anyone who needs to be told what a compiler is (page 13) isn't going to understand the fragments of assembly code that are presented just a few pages later. The material is also badly organized. Concepts are used before they're explained, then explained several times in quick succession. (Yes, I get it. You can't have a null byte in an instruction sequence if you want to smuggle it into a program as a string...) There's a lot of important material here, but it's too raw to be a cost-effective read.
Frank Cohen's Java Testing and Design is a much better book, although it's still one that I'd borrow rather than buy. The book gets off to a slow start, as ideas about testing are interrupted by apparent nonsequiturs on things like management style. After a while, though, the author settles into a fairly technical description of a web- testing tool called "TestMaker." There's plenty of example code (much of it written in the JVM-based dialect of Python called "Jython"), and some discussion of interoperating with .NET. It isn't the "web- testing bible" so many programmers have been looking for, but it is proof by example that automated testing of web-based applications doesn't have to be any harder than any other kind of testing.
Like Java Testing and Design, Mike Gunderloy's Painless Project Management with FogBugz focuses on a single product. Unlike JT&D, this book is brief, to the point, lavishly illustrated, and has an introduction by Joel Spolsky (whose company builds the bug-tracking product the book describes). This book is a user guide, but it is to user guides what Kernighan and Ritchie's The C Programming Language is to language manuals. Every question I had was answered within a paragraph or two of being raised; every explanation made sense, and the only thing that was missing was a glossary. I think we'll all be better off if this book will become the standard against which other end-user documentation is measured.
Finally, Rebecca Riordan's Designing Effective Database Systems is just as well written as Gunderloy's book and just as useful. I came to database programming late—I managed to program for a living for almost 15 years before writing my first SQL query—and it's been difficult to find a book for someone with that kind of background. Riordan's is a good fit. She writes for intelligent grownups, rather than dummies, without making too many assumptions about background knowledge. She starts with basic concepts, such as relations and normal forms, then moves on to database design, and finally talks about user-interface issues. Her examples are all Microsoft specific, but almost all apply equally well to PostgreSQL on Linux (which is my target platform). It's a good book and I hope it's as widely read as it deserves to be.
DDJ