Dr. Dobb's Journal, March 2006
Analyzing Computer System Performance With Perl::PDQ
Neil J. Gunther
Springer, 2005
536 pp., $69.95
ISBN 3540208658
Performance by Design: Computer Capacity Planning by Example
Daniel A. Menasci, Virgilio A.F. Almeida, and Lawrence W. Dowdy
Prentice Hall PTR, 2004
462 pp., $54.99
ISBN 0130906735
Practical Development Environments
Matthew B. Doar
O'Reilly & Associates, 2005
297 pp., $39.95
ISBN 0596007965
Pro PHP Security
Chris Snyder and Michael Southwell
Apress, 2005
500 pp., $44.99
ISBN 1590595084
Analyzing Computer System Performance with Perl::PDQ, by Neil Gunther, and Performance by Design, by Daniel Menasci, Virgilio Almeida, and Lawrence Dowdy, both aim to introduce you to the mathematics used to analyze and predict system performance. Both start with the kinds of simple models used to figure out how many customers a grocery store checkout clerk can handle in an hour. From there, they move on to more complex setups with preemptive interrupts or feedback loops.
Both books compare theory's predictions with measurements of actual systems, and both are clearly written and well organized. The big difference between them is their pace: The book by Menasci et al., is a gentle stroll, while the book by Gunther varies between a fast jog and a gallop. As a result, I often found myself flipping ahead in Menasci, but flipping back to reread something crucial in Gunther. The extra effort Gunther requires is paid back by the Perl toolkit his book is built around, but on the other hand, I sometimes found myself tripping over minor layout problems, such as the word "Perl" followed immediately by another word without a break.
Which book you read depends on how much calculus and probability you remember, and how complex the systems you're trying to tune are. If you're building something whose performance matters, though, you should definitely read one. Otherwise, you may find that a week reconfiguring a server farm has saved you 20 minutes of thought.
Of course, performance doesn't just mean real-time speed. In 2002, scientists at Lawrence Livermore National Laboratory found that on average, 12 percent of the effort in a large project went into maintaining the build environment, and that on some projects, the figure was in the 20-30 percent range. If you include the time needed to cull stale entries from the bugbase, figure out which parts of the documentation are out of date, and manage tests, it's surprising that any actual development ever gets done.
Luckily for all of us, Matt Doar has produced a practical guide to what should be in every team's toolbox, how competing entries stack up, and how they ought to be used. His book, Practical Development Environments, covers everything from configuration management tools such as CVS and Subversion, to build tools (make, GNU's Autotools, Ant, Jam, and SCons), various testing aids, bug tracking systems, documentation generators, and we're still only at the halfway mark. He names names, provides links, and treats free and commercial offerings on equal terms. My copy currently has 28 folded-down corners, which is 28 more than most books get.
Finally, Pro PHP Security, by Chris Snyder and Michael Southwell, on the other hand, is very much a how-to book—and a very useful one. PHP has a bad reputation when it comes to security—by making web programming easy, it also made it easy for people to do things the wrong way. This book takes you step-by-step through common attacks, such as session hijacking and cross-site scripting, and explains how to foil each. While the examples are all in PHP, the discussion is thorough enough that many of the ideas can be applied directly to Ruby, Python, and other nimble languages. If you're using PHP, this book's definitely worth buying.
DDJ