RickJWagner writes: "ETL is an IT discipline that deals with efficient handling of multiple rows of data. Reading, writing, augmenting, transforming, validating, reporting-- all this is covered by ETL. See how it differs from an ESB (or Data Integration Framework) and why ease-of-use is a strong point."
I'm pretty certain this is the definitive guide to Apache Camel, destined to be referred to as "The Camel Book" by Camel users for a long time. It covers Camel inside and out, upside and down, 550 pages worth of gritty detail that takes the reader from level zero to monitoring of your production applications. If you use Camel, or think you might want to, you need to pick up a copy of this book.
If you haven't used Camel, it's known as an "Integration Framework", a phrase that I like to equate to "ESB Lite". By that I mean if you want to route messages or transform them, this is a tool you might consider. Still not quite sure what I'm describing? Here's a couple of examples. If you want to read messages from a JMS queue, use the contents to invoke a web service and put the results of the web service call in a database, Camel's a good tool. If you want to read in a flat file, split it into individual lines, take a part from each line to call a web service, Camel's a good tool. Camel does all this and more, acting as a sort of universal router and message transformer. Camel aims to implement the famed "Enterprise Integration Patterns", which are easily understandable descriptions of processing snippets that provide functionality in likely scenarios when you're using messaging. If you're brand new to this type of programming, I'd encourage you to use Google to check out "Enterprise Integration Patterns"-- you'll quickly get a feel for the workspace Camel lives in.
The book is exhaustive in it's coverage of Camel. It shows the reader how to configure Camel using both Java code and Spring configuration snippets. It's meant to be progressive in nature, showing the reader simple uses to start with, then progressing to more advanced scenarios as the book gets into the latter chapters. (More about this later, it involves my only complaint about the book.) Along the way, the authors address real-world topics like transactions, production monitoring, and deployment to different hosting containers. All told, the book reflects the concerns of someone who has actually used Camel for real-world work, and as such will prove to be an invaluable resource for anyone moving Camel to production.
The source code that goes with the book is clean, easy to read, and above all it works right out of the box. It's all Maven-centric, so if you're not a Maven user yet you will be at least partially practiced in it by the time you're done with this book. The examples are straight out of the chapters, so you can look to the book for a detailed explanation of what you're running. (You can also run what's being described, and monkey with it to learn new things. Very handy.) I offer no improvement for the sample code, it works as advertised.
I was especially impressed by the care the authors took to explain the really nitty-gritty stuff that a real-world user is going to need. Concurrency and transactions fall into this category. All the sample examples in the world won't help you if the book doesn't help you scale you app and make it safe for production use, considerations you sometimes don't find in tech books. They're here, though, and covered in sufficient detail to meet your go-to-production needs.
This is a big book, and the text it contains is as simple as it should be but no simpler. The illustrations are simple and relevant. If you're brand new to Camel and want to read it front to back, be prepared to allocate a good number of hours for this task. This is because there's just a lot of material covered here, none of it fluff. If you're already an established Camel user, this book will serve well as a desktop reference for when you want to venture off into more of Camel's abundant functionality.
So what's not to like? The only criticism I have for this book is that the ordering of the chapters is not quite to my liking. It starts out with the simple canned examples, and they get progressively harder, 'till the reader is finally given the knowledge to write their own applications way out in chapter 11. If you're like me, you like to see an example or two, then you like to start hacking out your own "Hello World" apps to get a feel for how to build the artifacts you need to get things running. I thought chapter 11 was too late in the game for that knowledge. In fairness, if you're a reader who doesn't mind skipping around as you read, then just skip to chapter 11 right away and you needn't worry about this tiny nit.
So who's this book good for? Camel users of all types, from beginners to those who already own running Camel apps will benefit from this book. You won't be sorry-- you'll never wish you'd held out for a better book, because there just flat isn't going to be one, at least not for a long, long time. I give this book a solid 9 out of 10 stars.
RickJWagner writes: "Book Review for 'BackTrack 4: Assuring Security by Penetration Testing'.
Watch out, System Admins. The floodgates to BlackHat Hackerdom are now open.
Packt Publishing has just released "BackTrack 4: Assuring Security by Penetration Testing", a how-to book based on the freely available BackTrack 4 Linux distribution. The intent of the book is to educate security consultants on the use of this devastatingly complete Hacker's toolkit, and to provide sage words of advice on how to conduct yourself as a penetration testing consultant. On both counts, the authors do well.
I have to admit, at first blush I wasn't impressed by the book. I usually start looking a tech book over by thumbing through it, quickly glancing over snippets every chapter or so to get a feel for how the book is written. My initial impression was that the book contained many 2-page introductions to what appeared to be system tools, showing how to invoke them and the type of text output they would produce. Who needs that, I thought? I settled down to read the text front to back, then realized the full horror of what I was reading. More on that later.
The book starts out telling you how to find BackTrack 4, how to install it or run it as a live DVD, and how to get the parts working. Suffice it to say this is all easy for anyone who's installed a Linux distribution before.
Next up, the authors cover some solid basics for the would-be security professional. There are other tips throughout the book, too-- what kinds of written agreements you should have, what types of reports you should produce, and generally how you should conduct yourself. Well done, and I'm sure anyone reading this book will have the thought that maybe they'll go into business doing this someday. At least that's what I hope everyone is thinking, because after that the gloves are off and you are shown the dark side of this magnificent machinery.
The authors outline a disciplined framework for penetration testing. By myself, I never would have considered such a thing, but these guys clearly have given this a lot of time and effort. The following chapters are broken out into each phase, and within those chapters the various tools of the trade are grouped. (So you'd find the tools that can provide you with a reverse shell in the 'Target Exploitation' chapter, for example.)
The first phase is Information Gathering, and here the reader is introduced to several tools that can glean information like domain names, IP addresses, host names, and other data that can identify potential targets. The 2-page tool introductions I mentioned earlier contain all the tools that do this kind of work. There's enough introductory material to let you figure out which ones you want to try (it seems each chapter covers at least a dozen tools), and how to get started.
Target Discovery is the next phase, it's all about finding hosts and identifying operating systems. Again, no malicious stuff goes on yet, just methodically gathering information. Par for the course, there are a variety of tools presented to help the user.
Target Enumeration is next. The user is exposed to applications that can help find which ports are open, which services (i.e. MySQL) are running, and even what kinds of VPN are present. By the way, throughout the book the authors throw in brief but relevant snippets concerning the topic at hand. As an example, in this chapter you'll find an example of the TCP protocol (SYN, SYN-ACK, etc.) that will tell you when a port's available and when it's not. There's more of this kind of information throughout the book, too. Some of it I knew (not much, really) and some I didn't, so I felt the book advanced my basic knowledge of IT systems in some ways.
Now that the user has all this useful information, they can proceed on to Vulnerability Mapping. Here the tools are used to help calculate which vulnerabilities might exist in the targeted systems.
The following chapters are where the really bad toys come out. They deal with Target Exploitation, Privilege Escalation, and Maintaining Access. True to their titles, they tell all about how the user can attack the targeted systems, set up shop, and leave a backdoor for returning later.
Of course, no good book on penetration technique would be complete without a chapter on Social Engineering, and so we have one here as well. Hardcore hackers might look down their nose at such a thing, but I imagine this is really one of the more effective avenues of attack.
So, who is this book good for? First, for security professionals. They'll want to get a copy just so they can be sure they understand what they're up against, and how to check their own systems using the same tools the bad guys have. Second, programmers with an active sense of curiosity. I fall into this category. Lastly, the bad guys will probably buy a copy (or pirate one), unfortunately. I hope they're too lazy to read it well and end up getting busted and thrown in the clink. Maybe they can talk ethics in programming with Hans Reiser while they're awaiting parole.
Rating? 9 (evil) stars out of 10.
If your livelihood depends on keeping a secure environment, you probably ought to get a copy of this book for your in-house penetration tester. It's an eye-opener."
RickJWagner writes: "Book review for "Android User Interface Development: Beginner's Guide"
So you want to be an Android developer? If you're like me, you've probably been wanting to learn how to program a mobile device, but just haven't found the time to master Objective-C. So now that Android is here, all of us garden-variety Java coders can jump on the bandwagon and start slinging apps out, right? Well, it turns out there's a little more to it than that. This book can make the trail from everyday Java code slinger to best-selling Android app writer a little more plausible.
The book does not teach Android development. For that, there are other books and the Android SDK documentation, which I found adequate for my uses so far. This book emphasizes teaching Android User Interface development, which is something I would not have had much of a clue about without the book. (The Java and XML-based configuration of Android is easy enough for a back-end Java coder like myself, but I've never been a web-design and layout guy. Or fat-client layout and design guy for that matter, either.) That's the sweet spot for this book.
Android newbies do get an introductory chapter that guides the reader through setting up the SDK and writing a quick first app. After that, the book starts to take a serious UI bent, and that's o.k. because that's where the book's intended to go. The earliest chapters cover UI-centric matters like asking the user a question and processing the answer that is returned. List selections are explained (i.e. single-select button choices versus multi-select). Functional features like adding a header or a footer are explained.
The middle chapters cover pragmatic issues like producing an image gallery, handling date/time inputs, and validating user inputs. Layouts in Android are explained, which will be somewhat familiar to Java Swing developers. I had an interest in learning how animation works (don't we all dream of writing the next viral-selling game?), this is explained as well.
The final chapters deal with styling (i.e. how to change the way a button looks) and themes. It's very important that your application 'feels' like it should, and this is given adequate coverage in the book. I'm sure a back-end coder like myself would botch this part horribly without guidance, so I can appreciate the reason the book emphasizes these things.
The book is written in Packt's 'Cookbook' style. If you haven't seen one of these before, the book is largely cut up into sections covering some general idea. Within the section you'll find headings for the topics "Time for Action", "What Just Happened" and "Have a Go, Hero". "Time for Action" is a series of instructions that spell out exactly what to do for a sample scenario. "What Just Happened" follows up with an explanation of why the reader was asked to execute the instructions. "Have a Go, Hero" is a section challenging the reader to extend the spoon-fed instructions by implementing a next-step challenge. This style of writing emphasizes hands-on knowledge transfer without a lot of verbose theory, so it'll be good for readers who like to learn as they code. Contrast this to books that have a lengthy section of text explaining all the details of some topic, followed by a monolithic code blob towards the end of the chapter-- this book is not written that way.
The sample code that's available on Packt's site is clean and easy to understand. It follows the same structure as the sample code you'd find in the SDK, so if you're brand new to Android development you might start with the SDK teachings and then extend it with the book as soon as you're ready. I thought the examples the book presented were almost all reasonably relevant. The author did a good job of keeping the exercises presented throughout the book well contained, so you're never asked to code too much stuff at one time. I like that, as it lets you read the book without having to set aside a huge block of time at once to see the results of your coding efforts.
So who is this book good for? I'd say it's a good resource for Android developers who aren't already UI experts. I'm not saying it's good for Android newbies who need to learn the basics of Android programming, because there's just too little introductory material for that. But if you can already hack something together, and want it to be appealing to someone besides yourself, this book can help. On a 1-10 scale, I'd give this book 7 stars.
RickJWagner writes: jBPM is a mature, open source BPM solution. This book, written in a developer-centric manner, guides the reader through the framework and exposes many important considerations for production use.
BPM tools are used to define and execute business processes. They usually come with a graphical editor, which is used to drag and drop boxes onto a graph. The boxes represent activities performed by programs, activities performed by humans, and decision points. If this all sounds like 'graphical programming', it isn't. The picture does draw out the desired series of steps, but there's always configuration and maybe some programming involved as well.
Developers new to the scene will probably draw parallels between BPEL and BPM. While they both allow the designer to orchestrate a series of activities, BPEL uses web services exclusively. (BPM doesn't specify, and often uses Java classes to accomplish desired goals.) BPEL offers support for human-activities (from BPEL4People and WS-HumanTask), but BPM has offered human tasks from the early days, so probably is a better choice if you have lots of them.
The book is true to it's title, it's definitely a book for developers. In the early chapters the reader is guided through implementing their own mini-BPM engine. This is an interesting exercise and helps solidify in the reader's mind the core concepts behind jBPM. It also reinforces the notion that jBPM can be used in a lightweight manner-- it's just as easily embeddable in a standalone Java application as it is deployed in a JEE container.
Speaking of JEE containers, jBPM is a JBoss product, so it's natural that it makes use of available infrastructure like Hibernate, poolable data sources, and enterprise beans for enterprise use. These are all optional-- if you want to write a minimal application that sits outside of JBoss, that's fine. But if you have heavyweight needs, heavyweight infrastructure is readily available. The book covers these important options in detail, which will be useful for developers writing real-world applications.
jBPM is popular enough that it's mentioned in quite a few SOA books as an enabling technology for process management. Most of these books provide coverage of the minimal, embedded use of jBPM. This book differs in that it provides good explanations of the 'enterprise' use.
Normally I strongly prefer paper books to electronic versions, but in this case I'd recommend you might consider the eBook. I say that because the book is much more useful if it's used in conjunction with the source code found on the publisher's site. The book shows source code in each example, but it's just a snippet out of context. I found the content much easier to understand when it was viewed next to all the related artifacts, so you can understand how they relate. (By the way, the toolkit used includes Maven and Eclipse. The reader is given adequate instruction in the front part of the book on setting these up.)
There's not much fluff in the book. It runs about 350 pages. Heavy Developer-type stuff starts after about 40 pages and never really gets lighter after that. Screen shots and diagrams are given where necessary, but mostly it's code and text. Sometimes books are criticized for being light on technical content and overstuffed with pictures and basic diagrams. This criticism does not apply in this case.
A big part of jBPM development is in data handling-- how do you get data into your process instance, and how do you get data out? The author explains this well, and it is a necessary discussion.
You might wonder why you should be interested in this book, which covers jBPM 3.2.6. After all, jBPM 5 was just released. What about jBPM 4? I believe this book will be relevant for quite a while yet, as jBPM 4 is not going to be included in JBoss's support cycle. They'll stay with jBPM 3 (the current supported standard) and will eventually move on to jBPM 5 (after it's gone through the 'community trial by fire' on it's way to productization.) jBPM 5 is going to be a big change from the current landscape-- it's converging with the rules engine Drools. For these reasons, I expect there will be a lot of jBPM 3 development done for a while yet.
So, who would I recommend this book for? I'd say it's a good book for anyone supporting a jBPM 3 deployment, or anyone considering developing a process-centric application. jBPM is a good product, and this book can help a reasonably skilled Java developer get off the ground. I would not recommend the book for someone just out trolling for a technology book to pick up, or an analyst charged with developing the graphical process depictions. As the title says, this is a book for developers.
RickJWagner writes: 20 percent inert ingredients, 80 percent nitro glycerin. That's how I'd describe "JBoss AS 5 Performance Tuning" from Packt. The first 50 pages are nothing to get excited about. This first chapter and a half describes the author's performance tuning life cycle methodology and introduces us to a handful of open source tools that can assist us in our tuning efforts. The tools section seems especially weak-- there are plenty of screenshots showing the tool's menu screens, something you'd normally pick up in about a minute from the tool's distribution website. Honestly, at this point I was beginning to wonder if this book was going to live up to my expectations. Luckily I pressed on for a few more pages, and hit the rich paydirt that makes up the rest of the book. From that point on, every section yielded valuable tuning advice.
The author breaks the environment down into slices: Operating System, Application Server stack components, application code. Starting with the O/S, the book tells us the signs to watch for in various situations (i.e. how to detect and compensate for high or low utilization of the processor, or the disk.) The author explains likely causes for the problem, and what can be done about it.
Java programmers need to understand JVM tuning, and here it is given a whole chapter. This includes a lengthy explanation of how to correctly size your heap, followed by a nicely illustrated section on garbage collection, gc sizing, and choosing the best algorithm for your needs. All well done and very readable.
The book's subject is JBoss AS 5, and it's given a whole chapter, too. Thread pools and Connection pools are explained, as well as proper tuning of prepared statements and logging recommendations. Every programmer knows that logging can really drag performance down, right? Here we learn how to optimize it.
The middle of the book deals with JEE applications and the application server components that enable them. EJBs are given extensive coverage. JMS, a JEE hot-button, is also covered well. (Both JBoss Messaging and the newer HornetMQ are explained.)
The persistence layer is given holistic coverage. Starting with database design recommendations, the author proceeds to indexing, JDBC, connection pooling, and JPA/Hibernate. The Hibernate section is a good example of the kind of detail you'll find-- the author explains caching (first and second level) and the considerations you'll want to make to optimize their usage. Besides tuning the application server parts, there are recommendations for your application code, too. Hopefully you've bought into the recommendation to tune your code all throughout the development life cycle. If not, well, too bad for that one. Ditto for the database design.
One of the things JBoss makes really easy is clustering. Note: I didn't say cluster tuning, I said clustering. To optimize clustering, you'll have to understand all that low-level networky stuff like ethernet flow control and UDP buffer sizing. (I'm guessing this is not something your garden-variety developer thinks about every day, and make specific mention here as a demonstration of the kind of depth you get in this book.) Besides these bottom-layer concerns, the book also covers higher level parts of the stack like JGroups and JCache configuration, replication, and tuning cache storage. Unless you're really, really a bit-head, all that probably sounds a little deep. But the book explains it all in a way that makes it understandable and approachable.
JBoss uses Tomcat for it's web server tasks, so Tomcat is given good coverage as well. Nothing here seems JBoss specific, so most any Tomcat user could benefit from this part of the book. Connector configuration, thread pool sizing, and the Apache Portable Runtime are included. JBoss web server integration with Apache introduces us to mod_jk, mod_proxy, and mod_cluster. As throughout the book, the author uses JMeter to capture metrics to demonstrate to us the kind of performance we might get from each.
The final technical chapter deals with web application frameworks and web services. Web applications seem especially tunable in the development stage, while web services get code construction tips as well as configuration hints. The book ends with one more suggestion to make performance tuning part of your every day life rather than something crammed in after deployment time.
Like many technicians, I respect technical knowledge. This book is crammed full of it, and it's all presented in a readable manner. What's the bottom line? I'd recommend this book to any JBoss user (strongly), any JEE developer (with little reservation, especially Tomcat users), or any Java coder (who has a little extra money to spend.) Anyone else can probably live without this book. But if you're running JBoss (and you're technically minded), spend the money, you'll be glad you did.
RickJWagner writes: Look out Erlang-- There's a New Book in Town
Manning has just released a new Erlang title, called 'Erlang and OTP in Action'. For quite some time now, there's been a definitive guide to Erlang-- Joe Armstrong's excellent book 'Programming Erlang'. Well, guess what-- it's time to make a little extra room on the bookshelf, because the Erlang book-o-sphere has just shifted. There are now two must-have resources for an Erlang programmer.
The book is divided into three sections. The first one deals with the basics of Erlang and details about the OTP application framework. Part two shows how to build a production-worthy application in Erlang. The third part of the book is about integration and tuning.
Section 1 has chapters that cover the following: basics of Erlang and OTP, Erlang language fundamentals, writing a TCP-based RPC server, OTP and the supervisor model, and graphical tools to help your development efforts. Language newbies will spend some time here, as Erlang can be a little odd to programmers coming from non-functional environments. (Concepts like recursion are given great coverage, as it should be.) OTP, the Erlang ubber-framework, is explained in detail as well. Section 1 alone would make a decent book on Erlang, but there is much more here.
Section 2 covers building a production application. The example given is a caching application, designed to increase throughput of a web application. In addition to expected topics like logging and an event-framework, the reader is exposed to Erlang's built-in distributed database, Mnesia. Application packaging and deployment considerations are also covered here.
Chapters in section 2 follow a helpful pattern to guide the reader through building an application. First, there is an introduction to some high level concept. Next, it is shown how this new widget can be used to further the needs of our production-worthy caching application. Finally the authors provide code that brings the desired functionality into the ever growing caching application. Erlang code tends to be somewhat dense-- not much code goes a long way-- so much of the latter part of each chapter is explanatory text explaining why you'd want to implement things in the way the authors did. Chapters in this part of the book read like an in-depth tutorial, and that's not a bad thing.
The third section of the book shows how to integrate with external users via HTTP, how to allow programs written in other languages to communicate with your Erlang code, and how to tune your environment. It's notable that Java gets a whole chapter on integration, through JInterface (in comparison, Joe's book offers about 4 lines on this topic. In fairness, that's a much older book, though.)
Throughout the book, simple illustrations are used to demonstrate key concepts. I found these to be extremely helpful, as Erlang in general is quite different than most programming languages. The delta between Erlang application development and other-language development is an order of magnitude different than something like the difference between Java and Ruby or Python and.Net. It's got different characteristics and different concepts. Given these large differences, I really appreciated the illustrations.
The book covers language built-ins like management tools, profilers, etc. (If you've ever used GNU development tools to profile an application, some of these might look a little familiar). The reader is given a lot to think about, and it's scattered over nearly 400 pages. To make a Java analogy, it's like an all-in-one book that teaches the language, the JDK and tools, JEE, and shows how to integrate your enterprise application with external entities. It's ambitious, but the book does a good job in explaining everything. That's why the impressive page-count helps. A skinnier book probably wouldn't be able to pull all that off.
The book is written with easy-to-understand anecdotes that help the reader grasp the finer points of Erlang craftsmanship. You definately get the impression the authors have written 'real' code, and they offer strong direction to guide the reader through constructing application code. There is a big difference between understanding language syntax and understanding best practices in application construction. Section 2 in particular is loaded with best practices, and this alone makes this book a worthwhile read for Erlang coders writing production applications.
Probably the best thing I can say about this book is that the authors seem to put the advancement of Erlang above all else. To bolster that statement, I'd point out that they give the reader a list of other Erlang books they may wish to read, and they also include several mentions of Joe Armstrong. (Joe is the author of what has been the most popular Erlang book.) In my opinion, the authors can afford this indulgence, as this book is strong enough to merit inclusion on the Erlang programmer's bookshelf.
So who is this book good for? I'd recommend this book to anyone who wants to program in Erlang. It can get beginners off the ground, and will reveal many best-practices to those who already know their way around Erlang.
RickJWagner writes: This book is written for the person who has to set up and run a Plone site. It's not a development book-- it doesn't show you how to write software, rather it shows you how to acquire, install, and configure software components that will greatly enhance your Plone site. It covers a lot of ground, but much of it is covered in only the barest detail to instruct you in how to add a feature to your site. It doesn't devote much text to explaining what the add-ons do, only how to get them and how to integrate them into your site. There's also a lot of good general advice for a web-site administrator.
Here's a rough run-down on the contents of the book:
Chapter 1 What you'll need to run a Plone site (computer and basic tools, like a text editor) and installation procedures.
Chapter 2 Is titled "Site Basics" and covers the use of Buildout, which is a framework for installing add-ons in Plone. Buildout is very important for a Plone administrator, so it's nice to have coverage of the tool. Truth be told, I wish there was a little more material on Buildout in this book, but this is enough to get you introduced and the web can tell you the rest. To the book's credit, it uses a hands-on approach and immediately instructs you on how to use Buildout to change the default portlet navigation feature of your site and how to add blogging capabilities.
Chapter 3 The third chapter is about appearance, so it covers themes and changing the way your Plone site looks. As with much of the book, there isn't a lot of introductory overview, just step-by-step instructions on how to accomplish some given action. (In this case, the action is changing the look of your site through a new theme.) Buildout is used, of course. Also covered here are some handy tools for examining the things that make up a 'theme' and how to make your own theme. In making your own theme, the book instructs the user on the use of ZopeSkel and Paster, two tools important to Plone development. Again-- the book covers very little "Here is a tool, this is what it does, here's a nice diagram", rather there is "do this, do that, run this script, see how it changed your site".
Chapter 4 This is the administration chapter. The first topic covered is one that confused me on my first Plone site-- how do I add a user account without the requisite mail account? The author covers this topic well, I'm sure it will be appreciated by many Plone tire-kickers. Next, the book gives us the low-down on Zope 2 administration as a prerequisite to user and group management in Plone. (By the way, the CMS application Plone is running on the Zope application server. Sort of like the JBoss administration console is a feature-rich JEE application that runs on top of JBoss, for you Java-types.) The chapter concludes with a very nice section on using Plone with LDAP, which I'm sure is going to be a real-life concern for many corporate Plone users.
Chapter 5 The next chapter is the "Deployment and Maintenance" chapter. It covers such necessities as backing up and packing Plone's underlying database. It also covers log rotation and automation of tasks through mechanisms like cron and windows task scheduler.
Chapter 6 Chapter 6 is the Optimization chapter. It starts with some good advice about keeping Buildout configs (of course!) in source control for managing production deployments. From there, the book gets a little recommendation-happy as it shows how to install and configure several caching components (choosing which is best for you is left as an exercise for the reader), a couple of load balancers and a process supervisor. Front-end HTTP server configurations are covered, again in the usual "You'd better know what you want, but here's how to configure a few" style. Lastly, performance monitoring and viewing is given good coverage.
Chapter 7 This chapter is the 'security' chapter, and it carries some valuable tips. The first is how to restrict TCP/IP access to your host, then you are told how to effectively manage user permissions. Application of patches in Plone is covered, which naturally comes with some good advice about your buildout configuration files. There's also a section about using Apache Cassandra for monitoring user permissions-- in typical fashion, this side-topic is given little material outside the instructions on how to install and configure it. (Figuring out what Cassandra is, how it works, why you would choose it, etc. are left for you to figure out.)
Chapter 8 The final chapter again offers advice on using zc.buildout effectively, this time in the context of upgrading to future versions of Plone.
Overall Impressions This book is difficult to categorize. On one hand, it often shows the reader how to install an add-on with precious little instruction on exactly what it is you're installing. On the other hand, it does provide very good instructions on how to get those add-ons downloaded and configured for your site. For readers unafraid to augment the book's material with a web browser, there is a lot of valuable insite here. (But for readers who like nice high level diagrams and introductory text that gives you some hint about products you're about to introduce to your environment-- this may not be your favorite book.) I think there is a lot of knowledge about use of buildout here, the reader certainly has enough examples that it will be a familiar friend by the time you're done with the book. There's also a lot of good advice about administering a production CMS site in general. Use of cache products, version control tips for configuration, ongoing maintenance, etc. are all covered. The back of the book states this book is meant as a resource for Plone administrators and content editors. For this audience, I think the book hits the mark well. For others interested in Plone-- i.e. developers who don't have a production site to run-- the book may not feel like such a good fit. All things considered, I think this book is a good resource for the Plone administrator, it's stated target audience.
RickJWagner writes: This book takes an interesting path to teaching Plone 3 development. Unlike most software instructional books, it starts way back in the often-unread Preface by listing 10 requirements a mythical customer is asking the reader to implement in Plone 3. The requirements are realistic and I think would probably be quite a stretch for an inexperienced Plone developer. The rest of the book is dedicated to implementing those 10 features, and coaching the reader on Plone 3 development along the way.
I wouldn't say this is a good book for a novice Plone user. There really isn't much introductory material, and there is little material to transition the reader from Plone installation to meaty development. A newbie could certainly use this book if it were augmented with additional material (say, the Internet and a fair amount of time allocate), but the reader had better be ready to self-educate on Plone/Zope/Python development if they are not already proficient in these areas. For developers who already know their way around Plone, however, this book is an excellent step-by-step guide to adding serious functionality to the platform.
The book follows a consistent theme throughout. The desired functionality is briefly (very briefly) described, then the reader is given the following sections: Getting Ready, How to Do It, How it Works, and (sometimes) There's More. Here's how these work:
Getting Ready — outlines installation prerequisites, the things you'll need to gather. How to Do It — step by step instructions on how to implement your changes. How It Works — after you've configured things in the previous step, this step explains why things work. There's More — an optional section where further reading can be found, or maybe extras like test procedures.
The book includes more than just the 10 specified features from the Preface, though. The authors cover development best practices, documentation, a section on testing, and many other goodies that are not directly in the path of implementing those 10 requirements. I especially liked the parts about performance improvements, a consideration that's sometimes lacking in development books.
The book definately reads differently than most tech instructional books-- it's more like an expert's working notes than it is a typical dev book. It took me a few chapters to catch on, but after I figured out how to best use this format I can see how this would be very useful for random-access reference work. You don't need to do everything in sequence, just skip right to where you need to go.
If you're charged with doing Plone 3 development, I'd recommend this book. There's a lot of expert advice here, and it covers a wide range of development activities. I would imagine almost every developer will learn some things from this book, and many developers will learn a great deal. For producing Plone 3 products, it will provide a quick answer for many commonly encountered questions.
RickJWagner writes: CodeIgniter is a multi-purpose, open source PHP web application framework that can dramatically reduce the amount of coding required in developing a full-featured web site. This book promises to introduce the reader to the most productive APIs and demonstrate their usage with minimal code snippets. In that regard, I think the book lives up to it's promise.
The first chapter covers CodeIgniter's MVC framework, which provides a way for a programmer to logically partition code so it's easier to maintain. For those of us who aren't accomplished PHP coders, this chapter also contains a PHP style guide, which I thought was a nice feature. By the way, the code snippets throughout the book are clean and easy to read-- the author must have followed his own advice on code style.
The second chapter is an introduction to some of the more productive libraries you'll find in CodeIgniter. Here you'll find some excellent advice on how to take timing metrics in your application, how to secure it, and how to accomplish routine activities like retreiving data from the user's request. Other 'web topics' are addressed here, like how to manipulate the session, how to manage emails and file uploads, and much more.
Chapter 3 handles form inputs and databases. As is common throughout the book, the reader is given minimal technical overview. What you'll find instead is a very brief explanation of what's about to be covered, then a few very readable source lines that demonstrate use of CodeIgniter in action. If this book were your only resource, I'm sure there would be times where you didn't find enough material to get everything done you wanted to do. But if you have a web browser (and Google) handy, a book of this type can be an effective index to help you find the parts of a framework you want to leverage.
The next few chapters cover user authentication and application security. I found these to be a little spotty-- heavy in some places, light in others. Still, the material was useful and not difficult to read or understand.
A nice chapter on tips for building a large-scale application was next. I found this one interesting-- many of the ideas were well-known, but a few had not occurred to me before. I liked reading it. Next up was a chapter on Web Services. I didn't take the time to test the provided code for this chapter, but I would like to sometime. If it works as I hope it will, I may have a new way to stand-up test web services!
The final 2 chapters are on extending CodeIgniter (it's great that the library authors institutionalized this!) and donating code back to the community.
So who is this book for? The book itself tells you it's for expert PHP coders, but I don't believe that's exactly right. Given the easy-to-read nature of the book and the light treatment given to some of the meatier topics, I'd say this book is about right for a novice-to-intermediate level PHP coder. I haven't done a lot in PHP, yet I found the code reading very easy.
If I had a wish for the book, I'd wish for a little more depth in the harder topics and maybe some quick overviews for a few topics. (Diagrams accompanying the overviews would be nice, too. This book has few illustrations except for screen-shots.)
All things considered, I'd recommend this book to coders that are getting started with PHP and CodeIgniter. It's easy to read and will get the reader pointed in the right direction for solving many web problems.