[UKUUG Logo] Copyright © 1995-2004 UKUUG Ltd

UKUUG


[Back]

Newsletter Section 2

Reviews




Apache: The Definitive Guide


Ben Laurie & Peter Laurie
O'Reilly & Associates, March 1997
xvi + 255 pages, £25.95 including CD-ROM
ISBN 1-56592-250-6

(Reviewed by Andrew Cormack)

Despite the great success of the Apache web server, relatively few books about it have been published. This one, written by one of the program's developers, therefore has the advantage of scarcity as well as authority. For many readers, Apache will be their first web server so the first chapter describes what the program does, how to obtain it, and how to compile it. The CD-ROM contains two versions of the program (1.1 and 1.2beta) which are suitable for experimentation. However the authors recommend that anyone running a live web site should take time to obtain the latest release from the Internet. This is good advice, as both of the versions on the CD have bugs which have since been fixed.

Compiling Apache is usually straightforward, so the next stage is to configure the program. A web server is best developed in stages, and this is the approach taken by the book. A series of complete web sites is described (and included on the CD) with each one introducing a few new facilities. The configuration files are printed and discussed, but would be clearer if the new lines added at each stage were highlighted in some way. Each section closes with brief definitions of the new configuration directives which have been used; this material is similar to the reference web pages provided with the Apache server distribution. These tutorial chapters guide the novice webmaster from the simplest possible web server, through setting up multiple virtual web sites, controlling access to pages, and publishing dynamic information using server side includes, indexes, CGI scripts and content negotiation. There are also sections on redirection and Apache's proxy server, though these are too brief to be useful to anyone who is not already familiar with these functions. Progress is generally smooth except for the appearance of passwords in the access control section before they have been described.

Apache includes several additional modules as well as the basic server. Two modules which provide information about the server's operation and status are described in detail in the book; there is also a brief catalogue of others, which were available at the time of printing. More modules are likely to be developed, since Apache has a programming interface to which suitable C subroutines may be added. This interface is described in two chapters and illustrated

by an example of a debugging module. This should be of considerable use to programmers who want to extend the functionality of their server, but is not for the faint of heart.

The final chapters cover security and contain a good introduction to the possibilities and risks. There are also clear instructions for adding Secure Sockets Layer (SSL) support to the server: this cannot be included in the standard distribution without breaking US export restrictions.

The instructions for testing web servers make some assumptions about the user's environment which may cause confusion. The most important of these is that the server is run with the FreeBSD operating system. Anyone who is using some other flavour of UNIX should either be familiar with it, or else have a friend on hand who is. The book is also very keen to get a server up and running, before discussing the security implications. It might be safer to carry out early experiments on a machine disconnected from the Internet, to avoid the possibility of hacking.

This would certainly be a useful book for anyone learning about the Apache web server, as it gives a good introduction to most of the program's facilities. Programmers developing additional modules for the server should also find it very helpful. Existing webmasters may be disappointed to find little information, either about converting from other server programs, or the daily administration of a site.

The reference material is scattered through the book and is very similar to the on-line documentation. It also omits at least one useful directive ( ErrorDocument ), which should not happen in a definitive guide.

Andrew Cormack works in Information Systems Support at the University of Wales, Cardiff.



Planning & Managing ATM Networks


Daniel Minoli, Thomas Golway with Norris Parker Smith
Prentice Hall/Manning Publications, 1997
xvii + 321 pages, £26.95
ISBN 0-13-262189-4

(Reviewed by Raza Rizvi)

ATM – the very sight of the initials are enough to bring most people out in a cold sweat! This book will do nothing to change this as it helps perpetuate the commonly held belief that you need a brain the size of a small planet to 'do ATM'. This is no “Dummies Guide to ATM” – it is a serious book in serious typefaces with serious looking diagrams.

The main problem lies in the title. You are led to believe that finally here is a book that will deal with a technology that is quite different from the collision-based Ethernet from an operational viewpoint, but this is not the case.

There is the standard introduction to the history of ATM followed by a clear breakdown of the cell architecture.

After a chapter that asks what we might want to be able to manage, it tells us what management information the respective packets within ATM carry. This is repeated for performance, accounting, and security.

The deployment chapters do deliver some light relief, with the chapter on VLAN implementation likely to deliver a familiar note to operational staff.

Overall the book is too dry, too general, asks too many questions of the reader, and there are far too many references to the authors' own publications in the bibliographies. This book would not have greatly helped our ATM customers before or after they made their leap to ATM.

Raza Rizvi ( raza.rizvi@red.net ) is technical support manager at REDNET, a very busy network integration company and medium sized ISP. He is still recruiting networking staff so that he can have the odd day off sometime.



CGI Programming on the World Wide Web


Shishir Gundavaram
O'Reilly & Associates, Inc.
XXXpp
ISBNXX

(Reviewed by Roger Mitton)

It is some measure of the success of the World Wide Web that facilities which seemed amazing just a few years ago – viewing pages of text from computers all over the world at the click of a mouse – are now taken for granted. The providers of web pages are tiring of displaying static pages of text and want to incorporate interactive features, taking input from the user and generating tailor-made output on the fly. This changes the metaphor. The web site is not so much a page, more a gateway. The web server needs to communicate with other programs at the server site, passing on the users' input on the one hand and passing back the programs' output on the other. Hence the Common Gateway Interface.

If you were designing, from scratch, a system to do this, I doubt if you would come up with CGI. It is not a new system. It is rather a bundle of facilities tacked on to an old system to get it to do this new job.

So there's not much structure to it; it's more like a bag of tricks. Programming tricks. You need to be a programmer with a taste for backslashes and curly brackets or you won't get far.

Given that the subject matter is a bit of a mullock, the author has done a good job of presenting it in a reasonably orderly way. Early chapters cover getting data in and out of a CGI program. (A CGI program is one that uses CGI; CGI is not a programming language. CGI programs are written in a standard programming language – the ones in this book are written in Perl.) There is good coverage of forms and hypermedia and more advanced applications such as generating a pie chart and interrogating a relational database.

The book is written with enthusiasm and clarity, and the editing and presentation are excellent. It is liberally sprinkled with examples – great if you know Perl, rather heavy-going if you don't. I don't know

enough about CGI to say if he's covered everything but it looks pretty thorough to me. It's not a light read but if you want to get to grips with CGI, I'd recommend it.

Roger Mitton is a lecturer in the Department of Computer Science, Birkbeck College, University of London.



Configuration and Capacity Planning for Solaris Servers


Brian L. Wong
Prentice Hall/Sun Microsystems Press
vii + 428 pages, £31.95
ISBN 0-13-349952-9

(Reviewed by Elliott Atkins)

Right from the outset, this book reminds me somewhat of Adrian Cockcroft's “Sun Performance and Tuning” – similar topic, and obligitary “fast car” graphic on the front cover!

The book aims to help systems administrators through the sometimes mind boggling tasks of optimising existing Solaris systems, or planning new ones. As well as the expected formulae and performance graphs, the book is refreshing in its use of excellent case studies. These include sections covering typical Solaris installations for the Internet (showing typical configurations as Mail, WWW, DNS, News servers, etc), NFS, Database and Application server environments.

The second half of the text provides detailed technical material on a variety of subjects related to configuration planning in real-world environments. Versions of Solaris from 1.x to 2.5.1 are covered, with a whole chapter put aside to explain the added “features” available in Solaris 2.x. However, because this section covers industry-standards, such as SCSI and RAID, it is not necessarly specific to Sun products.

I found the book easy to pick up and read, although it's the sort of book you would refer to, rather than read from cover to cover. The examples and case studies are well presented, and most systems administrators would find at least one section of relevance in their particular environment. I feel that the book would be especially useful if you are trying to specify a system for a pre-defined number of users/processes. The only real downfall of the book, as with all technical references, is that it will start to go out of date as soon as new versions of Solaris are released.

Elliott Atkins is the UNIX Systems Administrator for REDNET, an Internet Provider and Network Integrator based in High Wycombe. He drinks coffee, white, with one sugar.



DNS & BIND - 2nd Ed.


Paul Albitz & Cricket Liu
O'Reilly & Associates Inc
405 pages
ISBN 1-565692-236-0

(Reviewed by Huw Gulliver)

All of us who use the Internet make use of the Domain Name System (DNS), most without realising it, to translate from names to addresses and vice versa. DNS and BIND provides a full description of both the DNS and BIND (Berkeley Internet Name Domain) the most frequently used implementation of DNS Server software. The book deals with version 4.9.4 of BIND

but mentions the earlier versions 4.9.3 and 4.8.3 where necessary.

The front cover states 'Help for System Administrators', but the book provides help for more than just system administrators. The initial chapters give general background information on the history and theory of the DNS which, together with a later chapter on ' nslookup ' the tool for interrogating the DNS, are of use to anyone who uses the Internet, (I wish I could get all our users to read at least this much). Other chapters are aimed at Postmasters, Programmers and of course systems administrators. To aid the reader in finding the sections most relevant to them the authors have provided an excellent roadmap in the preface section.

Having explained how the DNS works in the first two chapters the authors work through choosing a domain name, getting the BIND software and setting up your first server in the next two chapters. For those who wish to compile BIND from source there is an appendix giving details of how this is done on a Sun. This is also where the reader is introduced to Movie University the fictitious college the authors use in examples throughout the book. This helps to pull things together giving the reader a better picture of how the DNS & BIND work.

With the server set up, chapters five and six show how MX (Mail Exchanger) records are used to route electronic mail and how to configure a host's BIND resolver, the software libraries responsible for querying the DNS on behalf of application programs. This chapter also includes notes on the idiosyncrasies of some versions of UNIX (SunOS 4.x, Solaris 2.x, HP-UX and IBM AIX) and Windows 95 and NT (a beta version of 4.0 ?) also get a mention.

Chapters seven and eight move the focus back to the server dealing with periodic maintenance to keep things running smoothly, how many servers are enough, how to add new servers and how to plan for and cope with a disaster.

Parenting, the creation of subdomains and the delegation of authority for that part of the DNS to the child (subdomain) has a chapter (nine) devoted to it. This chapter should be a must for all system administrators because of the trouble incorrect or broken delegation can cause.

Advanced features and security are dealt with in chapter 10. This chapter only applies to BIND 4.9.3 and 4.9.4. The advanced features such as multihomed hosts and load sharing are probably only of interest to a few, whilst the security features such as restricting/controlling who may take copies of your DNS data, zone transfers, will be of interest to a wider audience.

As mentioned earlier nslookup, the tool for interrogating the DNS, gets a chapter (11) to its self. This goes into quite some detail, showing the reader how to carry out both common tasks, such as name to address and MX lookups; and less common tasks, such as turning debug mode on to see query and responses.

Should you need to, chapter 12 shows you how to turn on debugging on the BIND server and how to read the output produced. Chapter 13, Trouble Shooting DNS and BIND, pulls together what has been shown in the last two chapters to show how to diagnose some real world problems the reader might encounter.

For those who like to or find they have to, chapter 14 looks at programming, shell with nslookup and C with the resolver library routines. The chapter includes a number of examples which, to save the reader having to type in, can be downloaded from ftp.uu.net or ftp.ora.com along with other tools written in Perl. Finally, chapter 15 ties up the loose ends looking at special cases such as wild card entries and working through a firewall.

Overall the book is nicely presented making it pleasant to read. If it has any disadvantages it is the one that afflicts all computing books: namely that the software version on which the book is based has been superseded. In fact, in the case of BIND, version 4.9.x is now deprecated other than for security patches and the most up to date version is now version 8.x. Don't let this put you off though; if you want to learn about the DNS and BIND this book is highly recommended.

Huw Gulliver is a member of the Service Communications Group at Computing Centre, University of Wales, Cardiff.

Programming with GNU Software


Mike Loukides and Andy Oram
O'Reilly & Associates, January 1997
xiv + 244 pages, £29.50 including CD-ROM
ISBN 1-56592-112-7

(Reviewed by Chris Cook)

(The CD-ROM contains a complete set of Free Software Foundation tools, with binaries supplied by Cygnus Support Inc.)

There is little doubt that the Free Software Foundation's GNU project has made a significant contribution to the availability of high-quality, publicly available software. In providing a good standard across platforms, it facilitates far easier porting of software between differing operating systems. That significance has become even greater as vendors unbundle their own compilers, making it an expensive pastime if you just need to compile the occasional binary, or as they point out, if you are a student or home user.

This nutshell book aims to introduce the experienced (principally C/C++) programmer to the GNU development tools in a UNIX environment. It also tries to act as emissary to the corporate world where free products can often be instantly dismissed as being amateur, second class and unsupported. It begins by describing the FSF's philosophy and comparing it with the different levels of “free” software. It also tries to dispel the myth that the use of free software, even under one of the GNU licences, implies the inability to charge for any piece of software produced by it. There are good words put in for the contributors to the included CD-ROM, Cygnus Support Inc. and Cyclic Software, two companies that have answered corporate fears that no price means valueless, by providing professional quality support contracts to institutions.

The main thrust of the book is the creation, compilation, tuning and debugging of programs using GNU tools. To ease the progress of the novice who might have come from a non-UNIX fiefdom, it begins with an introduction to the operating system. Starting with logging in (and out, I'm glad to say), it conveys adequately all the usual details about how to run commands, their flags, the filesystem structure and permissions. It is perhaps more succinct than many similar primers, but with justification as the audience can be assumed to already be reasonably computer literate and able to quickly assimilate these facts. It goes on to cover topics more appropriate for the future “power user” – redirection, pipes, job control, shell programming and customisation.

Chapter three covers source code creation and manipulation using that old stalwart, Emacs. This is an editor that I have never much liked; this chapter left me feeling what a shame it was that I hadn't thrown my lot in with Emacs all those years ago, as at least by now my main reluctance to learn it, all those funny control sequences, would have been overcome.

They do a good job of easing the reader into Emacs' peculiar way of doing things, balancing the idiosyncrasies with the simple power of the animal. After the basics of text entry and manipulation, they cover the features most useful to a programmer, automatic formatting, multiple portholes in a non-windowing environment, and multi-file source code tags.

Chapter four describes the GNU C compiler, gcc . The command line options of major importance are explained, with brief individual sections devoted to constant definition and the all important library flags. The interrelation between the pre-processor, compiler, assembler and linker is discussed, along with the output filenames at the various stages of the process. The use of the assembler and linker are described and the topics of cross-compilation and embedded systems are touched upon.

In the next chapter, the book transcends one of its stated limitations, by actually giving some C tuition. This is fair, and perhaps necessary, as the subjects covered, time structures, signal handling and error handling, are likely to be new and unsuspected by many experienced programmers coming from other operating systems. They finish this section by revisiting the subject of programming for embedded systems, giving advice on prototyping for them, and reinforcing the book's view that these tools are as much for commercial applications as for geek-ware.

Surprisingly, the chapters on debugging and profiling straddle two more on Make and source code management. I would have expected these two to be more closely entwined as a debugger is as useful a tool for a working program as for a broken one. The versatility and power of gdb and gprof are explored at length, enabling the reader to quickly trace problems as well as

performance bottlenecks in an application. There is advice on which options are likely to slow a program intolerably and suggestions of how to work around the problem.

Bar the chapter on profiling and the various appendices describing the Cygnus Support, the CD-ROM contents, data representation and the GPL, the book closes with a couple of chapters on source code maintenance. I got the feeling that the section on RCS may have been lifted from another text; a recycling practise which I'm not against as long as lame references are tidied up. Nevertheless, the chapters on code compilation and management are typically practical with a warning printed that whilst it is trivial to circumvent RCS safeguards using standard shell commands, such clever-dicks may as well not use it at all.

The book could only ever be an introduction to its subject matter but in each short chapter, it manages to take the reader quite far into the topic without marooning the reader out of their depth. Whilst the back cover claim to turn the reader into a power user is a little ambitious, the text is littered with suggestions for further reading and there is plenty of detail to whet the appetite. Once again, the CD-ROM clearly adds a good deal to the price, but I concede that at least it overcomes for some people the chicken-and-egg problem of how to compile a compiler when you have no compiler. I would strongly recommend this book to professional and amateur programmers alike.

Chris Cook is the Postmaster and a System Administrator at Cardiff University.



Internetworking over ATM: An Introduction


Brian Dorling, Daniel Freedman, Chris Metz, Jaap Burger
Prentice Hall, 1996
x + 260 pages
ISBN 0-13-612384

(Reviewed by Michael Jorgenson)

This book contains a very detailed description of ATM and how it can be integrated with legacy LAN technologies. Before I started reading it my knowledge of ATM was restricted to “fast hardware switching of small data packets” with no knowledge of any of the protocols associated with ATM – now I understand much more.

The book uses very technical language that is littered with abbreviations. Fortunately there is an extensive (and well thumbed) glossary at the back of the book. The authors also provide many clear diagrams that are useful in explaining the more complicated aspects.

This book builds on (and expects) a detailed knowledge of “legacy” LAN technology and the seven layer OSI model. This is described very briefly in

the first chapter, which also provides a concise introduction to ATM. The next chapters cover the integration of ATM and legacy LANs, with LAN emulation (Lane) and multi-protocol over ATM (Mpoa). Later chapters build on this information and cover frame relay integration, IP support, IPv6 and switched virtual networks. Many appendices include very detailed specifications for ATM protocols.

The introductory chapter begins by highlighting the size of problem that ATM was designed to resolve. Ever-increasing numbers of networks and ever-faster networks need greater bandwidth at network interconnection devices, and as the data throughput increases, so the time to process each packet of data decreases. Fixed size data packets permit hardware switching which is faster than routing the data through a processor. This is equivalent to (network) layer 3 and (data- link) layer 2 in legacy LANs. ATM is presented as the best solution to the problem presented, both for linking networks and the technology for new LANs.

The chapters on Lane and Mpoa describe two techniques for interfacing legacy LANs with ATM networks. Lane provides protocols and servers that make the ATM network appear to be a network using the same technology as the rest of the legacy LAN, with servers providing address resolution services and storing configuration information. Lane emulates layer 2 (data-link) and so works transparently for layer 3 (network) protocols. The aim of Mpoa is to take full advantage of the new features of ATM, such as guaranteed bandwidth and latency. At the time the book was written, version 1.0 of Mpoa was being finalised, with the expected date of the approved specification in April 1997. The design of Mpoa was initially focused on IP, with support for IPX, AppleTalk and advanced peer to peer networking (Appn, see next paragraph) being provided later. Mpoa allows subnetworks to exist transparently through the ATM cloud, so different physical parts of the network are part of the same logical group. Mpoa uses Lane to link to legacy LANs.

Three of the authors are employed by IBM, and the book was written with assistance from many members of IBM, so the book has a definite slant. For example, the fourth chapter covers IBMAEs Appn, a technology that the reviewer had never heard of before! The special notes at the end of the book state that IBM products were used as the reference when writing the book, but are not necessarily the only products that will work in the situations described.

This book was very informative, especially for readers who want to learn about ATM and related technologies. The reviewer found the book useful, as an introduction to ATM and the likely future course of technology integration and migration. Readers with limited experience of networks will find the book has a steep learning curve. The reviewer would therefore recommend this book to anyone with experience of legacy LAN

technology who seeks to broaden their horizon.

Michael Jorgenson is a recent graduate of Cardiff University of Wales, and is about to embark on a PhD in conjunction with the Defence Evaluation & Research Agency, studying robust network architectures.



Internetworking: The Way to a Structured Network


Petra Borowka
ITCP
xi + 738 pages, £29.95
ISBN 1-85032-137-X

(Reviewed by Huw Gulliver)

This is an ambitious book covering in 16 chapters, plus an appendix, a broad spectrum of network design areas from the basic categories of network and network technologies through to hardware devices and how to use them.

The book starts off by looking at the development of the LAN (Local Area Network) and the ISO (International Standards Organisation) OSI (Open Systems Interconnection) reference model. It then introduces the more important LAN standards: CSMA/CD (Ethernet), Token Ring and FDDI, and then their main interconnection components: repeaters, bridges and routers.

The author then shows how, using the fictitious United Barbie Dolls company, a network can be developed to meet the changing needs of the company. And all in the first two chapters.

The next four chapters take a detailed look at bridges and bridging, covering Ethernet, Token Ring and FDDI environments. The last chapter of this section includes information on the problems of bridging between different MAC types e.g. Ethernet to FDDI or Token Ring. This is where we learn of the author's other interest, as the examples all use names of places and characters from “Asterix the Gaul”.

Chapter 7 describes what, where and how to use LAN Switches. These can be considered as multiport bridges in essence. The chapter also includes some useful help when considering a product or network design.

The next three chapters look at router types and function, routing protocols including theTCP/IP family, OSI, DECnet and Netware. And how to use routers and routing in a structured network.

ATM comes under the microscope in chapter 11. How ATM works, its cell structure and LANE (LAN Emulation) are described. This is followed by a discussion of multiprotocol operation. The chapter is completed with a look at the state of development and includes a check list for anyone considering investing in ATM.

Virtual LANs (VLANs) are covered in the next chapter. The author puts forward the view that they may provide a way to manage, in a cost effective manner, the difficulties presented by frequent staff moves, but that a VLAN standard has not been produced although it is under development. Once again, though, for those interested in implementing this technology a check list of features/functions is provided.

LANs are increasingly being interconnected using Wide Area Networks (WANs); this area is covered in chapter

13. X.21 and X.25 standards are examined first before moving onto newer standards that offer higher capacity transmission such as ISDN, Frame Relay and encapsulation using the Point to Point Protocol (PPP).

Chapter 14 takes a slight departure to look at examples of vendors' products, the chip sets used, and how functions such as VLANs are implemented. Whilst this is interesting to read it will date the book in such a rapidly changing field.

Chapter 15, entitled “Deployment and Operation”, mainly deals with management aspects both of the devices themselves and network management platforms giving some useful check lists and evaluation criteria.

Chapter 16 compares and contrasts bridge and router major functional differences. It also presents the responses from five vendors to provide a multi-protocol backbone for an enterprise with several locations and heterogeneous computer systems.

The book is rounded off by Chapter 17, which is really an appendix containing three sections: references, directory of manufacturers and networking abbreviations.

For those who look after our networks, independent guidance on structuring our networks to meet present and future needs can be invaluable. This book goes some way to provide that guidance, particularly the check lists and examples, but is let down by a number of instances of strange sentences “mostly of these PCs ...” which made reading hard work at times. [ Ed: an indication that the original was written in German ]. The one concern is the book was first published in 1996 by DATACOM-Verlag. During the last two years we have seen FastEthernet (100MBps) established as a standard product and GigaBit Ethernet just around the corner, plus other technologies which are currently proprietary or pre-standard which will affect the way we design our networks.

Huw Gulliver is a member of the Service Communications Group at the Computing Centre University of Wales, Cardiff.



JAVA Reviews


(Reviewed by Lindsay F Marshall)

It's quite amazing what a pile of Java books does for your popularity! “Lindsay, can I borrow one of these?” “Have you got a book on Java I can read?” etc. etc. I've had the pile for some time now and a lot of people have looked at them and mostly their opinions about them were very similar. In fact I've had them so long that some of the books are now in their second and even third editions. This is what comes of trying to write books about a moving target like the Java language! (I've even seen a book about JDK 1.1.1 which is in its second edition - but I haven't seen any Java books in remainder piles yet. Odd.)

So, where to start? Well, lets start with the best ones and then you don't actually have to read the whole article (unless you feel you need to know about what to avoid!).

For serious Java programmers, that is people who are wanting more than just an introduction to the language, then at the moment there is only one choice: The O'Reilly Java Series. There are several titles available now:

*     Exploring Java
*     Java Threads
*     Java Network Programming
*     Java Virtual Machine
*     Java AWT Reference
*     Java Language Reference
*     Java Fundamental Classes Reference

I am not even going to say anything about these individually. They are the business (even if they aren't “authorised”) and since they are O'Reilly books you can probably get them at a reduced price through the UKUUG! You won't do better than these.

Of the introductory books, the number one favourite and most requested is Core Java by Gary Cornell and Cay S. Horstmann, Prentice-Hall ISBN 0-13-565755-5

Heck, even I liked this one (with reservations naturally!). As its title suggests this gives a comprehensive coverage of the whole of the Java language and its main libraries and if you just want to write straightforward Java programs then this is the only book you need. It is particularly pleasing because the authors have a sensible attitude to the language – good in parts, utterly dreadful elsewhere – and they detest the hype. There are scads of good worked examples and explanations are clear. Also featured are notes that relate Java features to those found in C++ and Visual Basic (whatever that is). One of the best shows that for one example program, the C++ version is 50 times faster than the equivalent Java program...

Since everything you need to know is here, what's wrong with it? Well it is far too long – 622 pages of it. It does a very good impersonation of a brick. Like many of these books it falls between two stools. For experienced C++ programmers there is far too much background and programming related information, whilst for novices there is probably not enough. A book half the size would be perfect; but even at this size, this is still my pick of the bunch. Oh, there's a CD with it too – what a surprise. Just the usual stuff – you can get fresher off the Net.

Writing Java Applets by John Rodley, Coriolis Group Books, ISBN 1-883577-78-0

From the slightly better than ordinary to the ridiculous. This has to be one of the worst books I have ever had the misfortune to come across.

Mastering the art of creating distributed Internet programs, Way-cool applets, and even Battle of the Java Sea, which is a game in Java that shows you how to create animated explosions (to be fair the latter is not in the book, just on the CD. Yes, another CD). Practically everything you can possibly think of is wrong with this book. It jumps straight in at the deep end and then flounders around trying to save itself. Absolutely the worst thing about it is the set of examples. These are formatted using a particularly unreadable indentation scheme, which is inconsistently applied, and some of them stretch for over 20 pages. Imagine 20 pages of someone else's badly presented Java? Now imagine that several times throughout the book.

The author is also sometimes an I and sometimes a we – presumably something to do with Threads. (Actually the example he builds – an agent delivery system – is quite good. It's spoilt by being incomprehensible.)

Did I mention the CD? Great for making bird scarers. This book would make great kindling and would have made an even better tree.

Instant Java by John A. Pew, Prentice-Hall, ISBN 0-13-565821-7

100 pages of Java listings (decently formatted though), 200 pages of manual-style information, and yet another CD. The cover tells you everything you need to know about this one – Create sizzling hot web pages with this Java cookbook – instantly.

Apart from being illiterate (I don't blame the author for the cover – would I judge a book by its cover? (Yes)), you know that anything that uses the words hot, sizzling and web in the same sentence has got to be a waste of time. It is exactly what it says, a cookbook for applets. You can pull them off the CD and reuse them to make your web pages look exactly like those of everyone else who has bought the book.

If you think that having an animated Java applet on your web page is the acme of cool (or should I say k3Wl) then you are probably 16 years old and like Iron Maiden. But if it's what you want, then this book probably is good value. The applets do provide some interesting effects (for about 2 minutes that is) and the code is sound. But, you can poke around the net and find pretty similar stuff just lying around. (You can also do a lot of the tricks with animated gifs just as effectively.)

Why are the CD enclosures in books so hard to get into? When I got this one out I stuck it in my Mac to see what was on it. No attempt to add nice icons or anything. Boring Mac application icons and self extracting archives containing examples from all the Sunsoft Java series and the JDK. There's also a Readme that says that the programs haven't been tested on a Mac so might not work. I thought Java was supposed to be portable?

Just Java by Peter van der Linden, Prentice-Hall, ISBN 0-13-565838-X

Are you bored yet? Have a look at this CD. Oops, it's exactly the same as the last one. Sorry. Being written by someone from Sun this is a bit of a hymn to the wonders of Java, so you can skip the first couple of chapters right away. (van der Linden also appears to be the author of The Official Handbook of Practical Jokes, according to the blurb. He doesn't seem to be directly involved in the development of Java, but one wonders...) There are lots of witty asides (well, they would have been witty if I'd made them), cartoons and jokes as well as lots of irrelevant information - did you know the Crays at the Met office were referred to as Ronnie and Reggie? The Java content is OK - all the usual stuff about applets and networking and the

AWT - but calling it Just Java is a bit rich - Java and a lot of other stuff that you don't need to know besides would be a better title. However when compared with Core Java, apart from being half the size, it is not really that great. I wouldn't bother.

Java by example by Jerry R. Jackson and Alan L.McLellan, Prentice-Hall, ISBN 0-13-565763-6

You want a cheap Java CD? I've got several. Time for a cup of coffee... (and I had to see what was wrong with my leaking roof too). This one is pretty much like all the others - they start to blur after a while. There are some simple, well constructed examples here, though it also has the problem of examples that take up several pages. It is really hard to read code in the context of a book and it breaks up the flow of the text so you start to lose track of what you are reading about.

The worst feature of this book is the fact that it relegates Object Oriented programming to an appendix and even then it is simply a list of the features in Java that support OOP. There is nothing on how you might go about designing an object oriented program, or about the principles you need to understand to do it. Fine if you are an experienced OO programmer, but awful if you are not. This is a problem from which many Java books suffer. Basically, in order to get a Java book into a manageable size (which publishers seem to think is around 600 to 900 pages - personally I would prefer 200 to 300, but never mind) you either have to do all of the language, with no in-depth coverage of OO, or you have to write a book on Object Oriented programming using Java, which really can't cover the whole language. The problem from the publishers point of view is that most people don't want to shell out £40 for a book that they are going to use once, so they have to provide something that will be of use in the long term. This is made even worse by the fact that the language is a moving target; books on Java are bit like PCs – if it's on your desk it's obsolete!

Java Programming for the Internet by Michael D. Thomas, Pratik R. Patel, Alan D. Hudson and Donald A. Ball Jr., Ventana ISBN 1-56604-355-7

Four authors and 780 pages...and a CD (but a different one this time). Patronising is how one of my team of guinea pigs described this one, though it gets better towards the end. Considering that it's written by four different people this one is not too bad, though they do definitely talk down to the reader. Again lots of examples and chunks of uncommented hard-to-read code. The examples are pretty reasonable though and if you are looking for some specific nugget of information then you might very well find it in one of the them. The section on the networking interface is probably the best in the book and it manages to get the coverage about right. I found the typefaces used in this book hard on the eye, particularly the rather thin, fixed-width sans-serif used for code. This book claims never to go out of date because it has an online companion.

I'll just pop over and have a look at it...well, the Updates and Errata section contains one correction and nothing at all about any of the recent changes to the Java language. There is not a lot that is useful here at all (apart from the usual links you get everywhere). It is also rather discouraging to see that of all the Online Companions that Ventana provide, only three of them are still being updated (this book, one on Photoshop and one on Quake), so “Never Out-of-date” does not look like a promise that they keep.

As to the CD, I reckon the person who designs cardboard milk cartons designs the plastic CD packets found in books. When I finally got it out and tried it on the Mac, I found the JDK, code samples and a rather nicely produced (but ultimately useless) multi-media Ventana browser which was all advertising, apart from an index for the code examples. (These people have got Kai's Power Tools – you can tell because they use the ubiquitous Page Curl filter on some of their graphics). This is not really a great value addition to the package.

Teach yourself Java in 21 days by Laura Lemay and Charles L. Perkins, Sams Net ISBN 1-57521-030-4

Well, blow me! Another CD! Beer mats anyone? This describes itself as a “National Bestseller”, though neglects to say which nation. Unfortunately I find it hard to be objective about this book - I am not a fan of Laura Lemay's books and I find this one especially unappealing. The presentation is ugly and the whole idea of learning a new programming language in 21 days (and expecting fluency as the result) to be ridiculous. My team of guinea-pigs had a look at this one – “It's OK”, “You can learn from it”, “Does the job”. You get the picture. Don't waste your money, get one of the good books!

Lindsay Marshall is a lecturer in the Department of Computing Science at the University of Newcastle upon Tyne. He has some UNIX DECtapes and a paper tape machine in his office.



JavaScript Developer's Resource


Kamran Husain & Jason Levitt
Prentice Hall
xxiv + 561 pages, £25.50 including CD-ROM
ISBN 0-13-267923-X

(Reviewed by Andrew Cormack)

I had hoped that this book might persuade me that JavaScript was worth learning, but it was not to be. There are just too many flaws in both the language and the book. The text suffers from a mass of spelling errors and, in a bizarre printing accident, some of the sample programs have been line-wrapped and hyphenated. This is particularly unfortunate when an example demonstrating single line comments is wrapped, or a hyphen is inserted into a function name!

The first section of the book gives the history of JavaScript and provides a gentle introduction the language. Objects are mentioned only as having a hierarchical name structure so it comes as something of shock to be told to “treat strings like the objects they are”. Turning the page, and with no further explanation, the reader is expected to make sense of constructs such as "bubba".indexOf("b",3) . Apparently these are called functions, except when they are called string methods (there is a similar confusing mix of the terms “member” and “property” later on). One particularly clever string method is escape(), which apparently converts the string "Bugs Bunny" to "Al%20Bundy" . The unescape() method can retrieve the original string, presumably using either telepathy or global variables. Some of this confusion is the fault of the language, which itself is half-hearted about objects, but would-be learners are likely to give up around this point.

Those who struggle on will find little improvement. The second section describes how JavaScript can access information within the browser and the HTML page. The arrangement of chapters seems strange and confusing. First come the History and Location objects which belong to the browser, grouped in a chapter with the Link and Anchor objects which are part of the HTML document. The Document object itself – “the most important object in the JavaScript arsenal” according to the introduction – is separated from these by a chapter on event handlers. The organisation within chapters is also confusing with some topics interrupting others. A few sentences make no sense at all and can only be ignored.

Many examples of JavaScript programs are included as illustrations, indeed so many that one example is not referenced in the text and only a selection appear on the accompanying CD-ROM. The printed program listings use a very wide line spacing leaving only twenty or so lines per page. This spreads even simple programs over several pages making their structure hard to follow. The meaning could have been made much clearer by including only relevant fragments of code in the book with the full programs available on the CD. Even casual examination reveals many bugs in the printed programs: variable names change during the program or have inconsistent case, blocks of code have been copied incorrectly and a program supposed to show how to avoid memory leaks contains a fine example of exactly that error.

The last two sections of the book contain reference material on working with Netscape plug-ins and an alphabetical appendix giving details of all JavaScript reserved words, objects and functions. This appendix would be more useful as separate lists, rather than having the different parts of the language mixed together, and has a few obvious contradictions between text and tables. The plug-in section is probably the best in the book but is based on a pre-release version of Netscape 3. Other versions and other browsers may well have different features from those described. This

highlights a fundamental problem in writing a book on JavaScript: Versions 2 and 3 of Netscape and Internet Explorer each have their own unique version of the language. There are further subtle variations in bugs and supported features depending on the underlying operating system. Keeping up with this variety makes things hard for both author and publisher; if a standard version of the language ever appears it should be possible to write a book which can be recommended. This one is not it.

Andrew Cormack works in Information Systems Support at the University of Wales, Cardiff.



Networking with Microsoft TCP/IP, Second Edition


Drew Heywood
New Riders Publishing
xiv + 633 pages, £41.49
ISBN 1-56205-713-8

(Reviewed by Huw Gulliver)

The first thing you notice about this book is that the title is a bit misleading. The text in the top left hand corner of the front cover “Comprehensive coverage of implementing TCP/IP with Windows NT 4” would have been more appropriate. Although Windows95 (WIN95), Window for Workgroups and MS-DOS/Windows 3.1 (WIN-3.x) do get covered, it is only from the point of view of installing TCP/IP client software which equates to one chapter of 18 pages.

The book is split into two parts: TCP/IP Concepts (six chapters) and Implementing Microsoft TCP/IP (eleven chapters), with a single appendix dealing with number representation in binary, decimal, and hexadecimal.

In “TCP/IP Concepts” the author introduces the reader to basic communications concepts, and the TCP/IP protocol suite. This is really just a flying visit to the subject, designed to give someone unfamiliar with TCP/IP enough understanding to be able to make sense of Part 2. The main criticism is, having described IP, TCP and UDP, the author moves onto “The Process/Application layer”, where he takes a US-centric look at the Domain Name Service and WHOIS. Then proceeds to walk the user through using FTP, TELNET on Windows NT and finishes off with a very brief description (nine pages) of SMTP, SNMP and NFS. But in all this the author only briefly mentions TCP or UDP port numbers, mainly to refer the reader to RFC1700 (Assigned Numbers). I feel this is an important part of TCP/IP, particularly in respect of security which is dealt with in Part 2 of the book and should have received greater coverage.

Part 2, “Implementing Microsoft TCP/IP”, is what the book will really be bought for. The book's Chapter 7 starts the section off with a general overview of what protocols Windows NT (WIN-NT) 4 supports and the RFCs supported by Microsoft's TCP/IP implementation. Plus noting a few things not supported, such as standard SMTP, Dynamic routing and NFS. Two things that struck me about this chapter – was Drew Heywood an alias for Bill Gates? and, I must tell my management that we need at least one WIN-NT server to provide automatic IP address assignment. Silly me has been using, quite successfully,

a couple of UNIX boxes running CMU's BOOTP/DHCP server to do the job.

Chapter eight goes through the steps of installing and basic testing of TCP/IP on WIN-NT computers. No distinction is made between WIN-NT Server and Workstation installations. The figures used in the chapter relate to the installation on WIN-NT Server, with no mention of this fact. I know this is a small point but it is something that could be misleading or confusing to a reader with limited experience.

Having installed TCP/IP on the WIN-NT computer, the author moves on in the next chapter to show the reader how to use WIN-NT to build a routed IP network using WIN-NT servers as routers. The interesting feature of WIN-NT for someone with a UNIX background, is the lack of a routed or gated daemon equivalent as standard to dynamically update WIN-NT's routing tables. The result is that everything has to be done with static routes and default gateways.

Chapter 10 covers “Dynamic Host Configuration Protocol DHCP” – how it works and how to set up and manage a DHCP server on WIN-NT. For those who may not know, DHCP allows the network manager to assign IP addresses and supply other necessary information, for example, the DNS servers to and default gateway to clients. It can be considered a development of the older boot strap protocol Bootp .

Chapter 11 deals with the Microsoft Networking specific question of NetBIOS naming in a TCP/IP environment, the setting up of a Windows Internet Name Service (WINS) server and its management. It would appear that you only need this service if you are using Microsoft Networking heavily as opposed to, say, Netware or PCNFS. If the former is the case, there are hooks to link WINS to a Microsoft DNS server, allowing dynamic updating of the DNS indirectly via the WINS server. This is supported only for NetBIOS clients, thus restricting its use to WIN-3.x, WIN95 and WIN-NT systems.

Chapter 12, “Managing the Microsoft DNS server” first covers whether to implement DNS for your site and whether all or some of your hosts need to be DNS registered. Then it shows how to set up Primary and Secondary DNS servers. There are a number of errors in the figures dealing with setting up the Domain Database Files (Name to IP address), where there is use of non fully-qualified names and/or the omission of trailing periods in NS, MX and CNAME resource records. This is surprising since the author draws the reader's attention to the improper use of trailing periods in a “Warning” in this section. These errors are not repeated however in the following section on Reverse-Matching Database Files. The author's advice is probably best followed: “consult the book DNS and Bind, written by Paul Albitz and Cricket Liu, from O'Reilly & Associates”.

Having set-up a TCP/IP network based on WIN-NT the author looks at the question of installation and configuration of client TCP/IP software for WIN95 and WIN-3.x/MS-DOS.

Chapter 14 takes a look at “Managing Microsoft TCP/IP”. The majority of the chapter is a general guide to using Microsoft's Network Monitor – Microsoft's tool for protocol analysis. There are also short sections on Trouble Shooting utilities ARP, tracer ( traceroute ), netstat , nbstat (NetBIOS version of netstat ), and how to activate SNMP agents on WIN-NT and WIN95.

Chapter 15, “Connecting to the Internet” first examines some of the issues surrounding connecting a site to the Internet, including the type of connection: dial-up, ISDN, leased line and security. The last is covered only as far as outlining a few simple configurations to isolate a private network from the threats on the Internet. There is no mention of the demilitarised zones model, or references to other sources of information. This is surprising, since the author on a number of occasions draws the reader's attention to how potentially dangerous connection to the Internet can be. The remainder of the chapter is taken up with a description of the dial-out component of the Remote Access Service (RAS), to provide a connection to the Internet, with a short section on Point-to-Point Tunnelling Protocol (PPTP), which can be used to create virtual private networks (VPNs).

Chapter 16, “Introduction to the Internet Information Server” takes the reader through the steps to set-up Internet Information Server (IIS) (Microsoft's combined FTP, Gopher and Web server product) on a WIN-NT server. The emphasis is on setting up ISS for a private network i.e. an intranet. The chapter appears to have been written based on an earlier version of ISS, since there are a number of subtle changes, such as: the default path where files being served are placed, is given as C:\WINNT\SYSTEM32\INETSRV\WW WROOT , but on servers I have set up the default has been C:\INETPUB\WWWROOT . Luckily these are small points and would not seriously affect someone installing IIS for the first time.

The final chapter 17, “Using Front Page” seems out of place in this book. Front Page is Microsoft's Web authoring tool. The only reason I can see for including it is that Front Page allows collaborative creation and management of a Web site's contents over the network, provided the Web server has the Front Page extensions installed – a rather tenuous link.

Overall I found the book readable and reasonably well laid out, though it did prove irritating in places, either because of

a heavy US or Microsoft bias, or the author's habit of referring you to another New Riders book for a more detailed presentation of a particular topic. That said, I did find a number of useful things about TCP/IP on WIN-NT scattered throughout the book. But I might have missed them had I not forced myself to read cover to cover, and I feel that these, collated together, would have made a more appropriate appendix than the one included.

Huw Gulliver is a member of the Service Communications Group at Computing Centre, University of Wales, Cardiff.



NetTravel: How Travelers Use the Internet


Michael Shapiro
O'Reilly & Associates
284 pages, £18.50 including CD-ROM
ISBN 1-56592-172-0

(Reviewed by Andrew Cormack)

When I first used the Internet, finding your way around was a slow and frustrating progress through unavailable sites, broken links and word of mouth recommendations.
Songline Guides aim to help today's net newcomers through this stage with a mixture of advice, recommended sites and stories from those who have been there before. Each of the guides concentrates on a particular theme. This one covers travel: a subject where the Internet's global coverage and timeliness are of particular benefit.

Simple lists of web sites are unlikely to be useful to someone new to the Internet. Instead of these, each chapter discusses the kinds of resources which are available, illustrated with frequent screen shots. Detailed references – URLs, e-mail addresses and newsgroup names – are given in the margins and are also collected in an appendix as a more concise reference. The layout is attractive and easy to read: the only slight inconsistency is in the typeface used for quotations. These stories from experienced (and not so experienced) travellers give a good impression of the many ways in which the Internet can be used.

The early chapters cover the basic requirements of any journey: transport and accommodation. As well as providing information, an increasing number of web sites take reservations and may even offer special deals which are not available elsewhere. Some services are dedicated to business travel, allowing an organisation to construct travel planners for its staff. Small, specialist travel sites can reach a global audience across the Internet, and two chapters give examples of the kinds of adventure holidays which can result. The Internet is often equated to the World Wide Web but in travel planning, human contact through newsgroups and mailing lists can often be even more valuable. These sources are given due credit, and readers are encouraged to contribute their own experiences in return.

Finally, there is a section on accessing the Internet while travelling, either from your own portable computer or using cybercafes and other local installations. The AOL subscription CD inside the back cover is presumably intended to help with this, though it is not mentioned in the book. Similar disks are available on magazine covers and in junk mail. The web site on how to protect your modem from foreign power and telephone systems may be more relevant.

The selection of sites included in the book reflects American travel requirements. There is far more information on air travel than rail, with none of the major European rail networks represented. Even the German Railways web site ( http://www.bahn.de/ ), which has timetables and information for most of the continent, is missing. The only trains mentioned in the UK are the Great Little Trains of Wales! While there is certainly less information available on line in Europe than the USA, the situation is not as bad as the reader might imagine. Several of the sites in the book accept credit card payments, but there is no comment on the privacy of a card number sent over the open network. Again, this may reflect the American situation where stronger cryptography is available: elsewhere more caution may be required.

The book is a good introduction to the possibilities of the Internet for planning and arranging travel, especially for destinations in North America. No previous experience is required, as there is a good introduction to e-mail and the web in an appendix. For European travel it is of more limited use, though anyone searching for similar information over here may be pleasantly surprised by what they find.

Andrew Cormack works in Information Systems Support at the University of Wales, Cardiff.



NetResearch: Finding Information Online


Daniel J. Barrett
O'Reilly & Associates
xiii + 186 pages, #18.50
ISBN 1-56592-245-X

(Reviewed by Andrew Cormack)

Many advertisements for the Internet proclaim the huge amount of information available, but fail to mention how hard it can be to find. Some books try to overcome the network's lack of structure by grouping sites by topic, but the size of these directories can often be as overwhelming as the network itself. NetResearch takes a different approach, teaching the reader how to find information for themselves rather than simply listing its current location.

The book is aimed at newcomers, so begins by describing the fundamental services which the Internet offers: web, e-mail, usenet, gopher and FTP. The web has the best developed search tools, but

these have their own problems, illustrated by searching for a Sherlock Holmes mystery involving a snake. Using “Sherlock Holmes” as the query returns too many matches to be useful: adding “snake” is unlikely to return any. The limitations of simple queries can often be overcome by a better understanding of how search engines build their indexes and the different types of queries which can be used. These are well covered in the next chapter. Web search engines are not always the best way to find information. Examples are given of specialist sites, Frequently Asked Questions (FAQ) lists and discussion groups which may provide quicker answers to some kinds of enquiry.

Although the web can be used without understanding its addresses, it is often useful to know a little more about how they, and other Internet names, are constructed. When searching for e-mail addresses this is usually essential. The author gives a clear explanation of the hierarchical naming of domains, and this may be used to guess the names of particular machines such as “Microsoft's web site”. He also gives hints on guessing e-mail addresses, which may worry some postmasters, but does stress the importance of being polite in case of accidents. It is a small step from individual e-mail to using discussion groups, so the next chapter explains how to find an appropriate group and how to behave once there. Here, and in the following section on FTP and Archie, there are only limited instructions for using programs since these will vary greatly between sites.

The final section discusses ways of contributing to the Internet by answering questions, maintaining web pages or FAQs, or helping to moderate a discussion list. This is a good idea, but unfortunately the detailed instructions will only work for some readers. Most people would be better using the documentation provided with their own Internet connection.

Throughout the book the emphasis is on searching as a practical skill and each chapter has a set of useful exercises for the reader. Sidebars within the chapters describe how different individuals solved particular problems, to show the range of approaches which can be taken. There are no magic solutions to information overload on the Internet, but the newcomer will find plenty of good and reassuring advice in this book. It is easy to read and better value, in time and money, than most Internet Yellow Pages; furthermore its lessons should be much more durable.

Andrew Cormack works in Information Systems Support at the University of Wales, Cardiff.

Oracle Performance Tuning, Second Edition


Mark Gurry & Peter Corrigan
O'Reilly & Associates
xxii + 940 pages, £32.95 including floppy diskette
ISBN 1-56592-237-9

(Reviewed by Adrian Cummings)

This second edition of an excellent work has resulted in a gain of over three hundred pages – so what's new? The authors' claim that this edition is a complete rewrite would appear to be the case, with sections being updated as new features have been incorporated into Oracle. Furthermore new advice has been added covering disc striping and mirrors, RAID, distributed databases and MPPs. Particularly welcome are the chapters on tuning the backup process.

It should be borne in mind that the performance of an Oracle (or, for that matter, any) database is also greatly influenced by the applications programmers. Simple changes in the SQL used by the application can produce large changes in the execution times of the program.

This substantial work starts with an overview of the general problems and the major differences between versions. The next section covers the areas of tuning that planners can influence along with more general advice on the use of standards.
The authors then turn their attention to the needs of designers and analysts, followed closely by the programmers and their use of SQL, PL/SQL and locking. Naturally the DBA and system administrators do not escape attention, with these sections occupying about half of the book.

Appendices cover features in versions 7.0, 7.1, 7.2 and 7.3, tuning tips, tuning Oracle Financials, the Oracle performance pack, tuning forms versions 4.0 and 4.5, case studies and the dynamic perfomance tables.

Also included is a floppy diskette (in PC format); this contains the examples from the book. A listing of the dynamic performance tables can also be found on the diskette (this is not in the book), along with a number of shell and SQL scripts for analysing the performance of the database.

This is another welcome addition to the bookshelf from O'Reilly. The examples on the disc even work – something which is not always true of such additions to books.

Adrian Cummings can often be found tending his flock of Oracle databases.



Advanced Oracle PL/SQL: Programming with Packages


Steven Fuerstein
O'Reilly & Associates
xxvi + 661 pages, £31.50 including floppy
ISBN 1-56592-238-7

(Reviewed by Adrian Cummings)

Following on from Oracle PL/SQL Programming (same author and publisher, ISBN 1-56592-142-9) this book takes a detailed look at one particular aspect of the language which, as the title suggests, is the package. For the uninitiated, a package is what most procedural languages call a module.

So, you ask, why is such a large book needed to describe modules? The answer is soon revealed ... enter PL/Vision. PL/Vision is a collection of SQL*Plus

scripts and PL/SQL packages written by the author. On the included diskette is PL/Vision Lite software and an online reference. As is so depressingly familiar these days, this is for Windows 3.1, 3.11, 95 and NT; for those of us that choose to run an operating system on our hardware there is a website “for some other environments”. However, I have to say that it wasn't apparent which other environments when I looked ( http://www.revealnet.com/ ).

PL/Vision consists of various building block, developer utility and (the ubiquitous) plug-and-play packages. The various packages are described clearly and in great detail. The back cover claims that this is much more than a book – this is true, it is more of manual. That said, the author has a clear, if rather verbose, style and doesn't hesitate to share his philosophy of life with you.

This book is primarily a manual for PL/Vision. Whether PL/Vision will be of use to you will depend on your environment. I suggest that you look at the website before choosing this book. If you need a book on PL/SQL, I would suggest either the other O'Reilly mentioned earlier or the Oracle Press ORACLE PL/SQL Programming by Scott Urman (ISBN 0-07-882176-2).

Adrian Cummings is curator of a collection of databases .

Oracle Design


Dave Ensor and Ian Steveson
O'Reilly & Associates
526 pages, £29.50
ISBN 1-56592-268-9

(Reviewed by Adrian Cummings)

Given the large numbers of books available about databases, there are very few that tackle the important topic of how to create the best design. This is particularly strange, given that a poor design is unlikely to run well, even on the fastest hardware with the best tuned database. For Oracle this glaring hole in the market has been filled by Oracle Design . Why design just for Oracle? What about relational database X? I hear you ask. The authors explain the reason by drawing our attention to the features and characteristics of Oracle.

The first topic to be covered is data modelling. As one would expect this includes designing the database, deciding when to denormalize, choosing datatypes, keys and indexes. There is a clear disusssion of normalisation, including how (and why) one might go beyond the much vaunted “third normal form”. Further chapters cover temporal data, loading and unloading data, data placement along with storage and safeguarding the data.

Having thoroughly covered the basics of design, the authors move on to designing for specific architectures; client/server, distributed databases, data warehouses and parallel processing.

The later chapters cover designing the code modules. This includes where to locate the processing, the various locking strategies, plus how to select appropriate tools for screens, reports and batch processing.

The appendices cover off-the-shelf packages, and the reasons for and against choosing that particular route. Finally a few tricks of the trade covering mutating tables (where the table is being altered by the current statement), the year 2000 problem and providing user extensibility.

While much of this work applies equally to any relational database system, the authors do go into the processes that the Oracle RDBMS will use to perform the task at hand. For this reason alone, this book should be a welcome addition to the bookshelf of any Oracle programmer, system analyst or administrator. If you don't know how a tool works, how can you expect to make best use of it?

Highly recommended.

Adrian Cummings is the curator of collection of several exotic species of database.

Oracle Design


Dave Ensor and Ian Steveson
O'Reilly & Associates
526 pages, £29.50
ISBN 1-56592-268-9

(Reviewed by Robert Pitchford)

This book is aimed at Oracle system designers, already experienced in Oracle7, rather than programmers. It may provide good background reading for the latter who wish to extend and deepen their knowledge of the subject. The main emphasis of the book is on the design aspects of an Oracle system; anyone wishing to embark on Oracle programming for the first time should look elsewhere for more suitable literature.

The structure of the book is well organised and is very accessible to those who simply wish to “dip in” and explore certain Oracle topics.

Extensive examples of both PL/SQL and SQL*Plus are presented throughout to illustrate topics. I did find a few syntactical errors, however. Another slight irritant is that although the book claims to be for the experienced Oracle user, it does spend a lot of time explaining what should be second nature to such people, for example, explaining the use of “'Indexes”. While this is obviously done for the sake of completeness, it does seem to contradict the stated intentions of the book.

One useful feature of the book is the use of “side bars”. These are used to either discuss certain topics in more detail rather than disrupt the normal flow of the chapter, or offer tips relating to the current subject being explored by the text. “Designing for Client/Server”, for example, gives a tip concerning the 'authentication

of server-side applications and how to ensure that servers present the correct software version.

This is a useful reference book for the serious Oracle7 designer. My main reservation is in the book's life expectancy. Oracle8 is on the horizon and while there will undoubtedly be vast similarities, investment in a book which may very soon contain out-of-date information may be questionable.

Robert Pitchford has worked at the University of Manchester for the past 12 year and is involved in the maintenance of an Oracle financial software package.



Learning Perl, Second edition


Randal Schwartz & Tom Christiansen
O'Reilly & Associates
269 pages, £21.95
ISBN 1-56592-284-0

(Reviewed by Andrew Cormack)

This “Llama book” has introduced many people to Perl and the new edition brings it right up-to-date with version 5.004. The major changes to the language – packages and object-oriented constructs – are too advanced for an introductory text, so this revision is less dramatic than its companion volume Programming Perl which required a complete re-write. There is a new final chapter, which gives hints of the new features, and a useful appendix listing the functions available in the standard library, but other changes are mostly corrections and updates.

The book is described as a tutorial, but this is only partly true. Some previous experience of programming in other languages is assumed, so that variables, control structures and I/O can be summarised briefly. A few things are skipped, such as the ability to include underscores as punctuation in long numbers and the upper/lower case operators in strings. These may cause a shock when they are used later without comment.

Perl's special features are introduced more gently and there are good descriptions of simple regular expressions, functions, formatted output and sorting. The chapter on hashes (formerly known as associative arrays) is surprisingly short for one of the most useful features of the language. Some more explanation and examples would be helpful. The chapters on system calls and file handling list the functions which are available but rely on the UNIX man pages for details. Since Perl is already spreading to other operating systems, future editions of the book may need to give more detail here. The final chapter illustrates some of Perl 5's new abilities in a program for handling World Wide Web forms. Security is vital in writing server scripts, yet there is no mention of tainted variables which can help to detect problems. Creating world-writable files, as suggested, is a dangerous short-cut.

Each chapter finishes with some programming exercises. These are well chosen and the sample solutions and explanations are worth studying. A nice

touch is that later solutions are more concisely written, using many of the short cuts familiar to experienced (i.e. lazy) Perl programmers. One good habit, which beginners are unlikely to pick up from the book, is using a #! line in scripts to invoke the Perl interpreter. This is only mentioned in the introduction and is missing from later examples and solutions. The examples suffer from a few misprints which may confuse learners, though most will be spotted by the Perl interpreter. In addition, Chapter 4 has fewer solutions than questions!

This book still provides a good introduction to the Perl language and culture. Readers need to have some experience of programming and a sense of humour. Bad jokes are pervasive in the Perl world (even infecting the man pages), though Larry Wall's foreword is an extreme case. The language has grown since the first edition, and the teaching chapters no longer cover all of it. There is little help with using Perl objects, even though many of the standard libraries have now been recast in object-oriented form. Anyone completing the first edition of the Llama book was ready to move onto the corresponding Camel book; with the second editions the progression may not be so smooth.

Programming Python


Mark Lutz
O'Reilly & Associates
xxii + 880 pages, £32.95
ISBN 1-56592-197-6

(Reviewed by Chris Cook)

Let me begin with my gripe, as it's preying on my mind and spoiling my perspective of this book. I am getting tired of seeing computing texts with CD-ROMs inside the back cover. At first glance they appear to add value for money. The problem is that very often all they contain is programs and data that are freely available from the network or other sources, or even pre-installed in the case of many Linux distributions, whilst at the same time adding between £10 and £20 to the price of the book. I appreciate that for some people, this may be the only way they can obtain a source distribution or associated documents but surely there is a case for unbundling these CDs in the same way that the Running Linux CD set is sold separately? The extra cost can sometimes as much as double the price of a book and in any event, quite possibly push it out of the affordable range for students and the hobbyist. Programming Python includes such a CD containing examples and pre-compiled distributions for a number of operating systems. Whilst useful as a free gift, this could probably best be substituted for a floppy or, better still, the good old O'Reilly FTP server, in favour of reducing

the price. In fact, the preface admits that the book nearly escaped the encumbrance but that the CD was added at a late stage. I await your slingshots and arrows.

The book is large but not unnecessarily so. It is divided into three principal sections, “Introducing Python”, “Language fundamentals” and “Tools and Applications”. The first section is 75 pages of a quick dash through what Python can do and how it accomplishes it. The author presents a number of examples illustrating the language's strengths and provides a good overview of what the reader can expect of the language and the book. It concludes with a brief chapter on installation and configuration of the main distribution, plus how to install the extensions referred to in the book.

Part two highlights the practical nature of the language by introducing a real application that the author needed to throw together when blizzards prevented him from getting to work. It starts with a very simple file packing/unpacking program that allowed the quick transfer of many text files along a primitive dial-up connection. Having demonstrated the language's suitability for rapid, concise development, the book slowly improves this application over the next 200 pages, extending it to make it more flexible and robust. Gradually, all the major aspects of the core language are introduced so that the reader is able to see the impact of different philosophies being used. The two chapters devoted to Object-Oriented Programming are a little hard going but well worth persevering with.

Part three looks at advanced concepts using practical examples and case studies. It opens with a lengthy chapter on GUI programming using the Tk extension. It briefly indulges “Hello World” enthusiasts, but rapidly moves to more practical ground by extending the file packer/unpacker to present itself graphically. There are plenty of screen shots with good accompanying explanations of what transpired, such as key and button presses, to get the resultant display.

Python's interoperability is an important feature, and two large chapters are given over to it. The first addresses extending the language, principally in C. The second is really the same territory from the opposite viewpoint, the various ways of embedding Python within C. There are also smaller chapters on more minor subjects such as text processing, and object implementation, i.e. stacks and sets. Throughout the section, the relative merits of Python, C, built-in and home-brewed routines are addressed, along with the development cycle that the language supports: “Get it running quickly then optimise it, often dramatically”.

The book proper finishes with an analysis of where the language is and where it's going, along with a comparison of usability with other well known languages. The author rounds it all up with a reasonable ten-page treatise, justifying the choice of

Python for application development. There then follows 140 pages of appendices, pointers to resources, future (by now current) predictions, a condensed tutorial and a mini-reference. This last appendix was one of the main disappointments of the book. Thoughout, the author exhorts you to read the comprehensive on-line documentation that comes with a Python distribution. However, I would far rather have seen the CD displaced by nicely formatted, printed versions of the reference manuals, still preferring properly bound books to reading documentation on a screen or sheaves of laser printed manual pages in sub-standard folders. Maybe in version two, or perhaps they may appear as a separate publication.

The standard of writing throughout is high and the style is fairly informal, without being sloppily so, although some of the section titles were painfully punny. The presentation is of a high quality, as you would expect with an O'Reilly publication. Because of the development cycle of the language, program listings could benefit from some form of change bar to highlight which sections had been modified from the previous generation. In spite of my quarrel with the inclusion of the CD-ROM, this book still represents good value for money.

Chris Cook described elsewhere.

Mastering Regular Expressions


Jeffrey E.F. Friedl
O'Reilly & Associates
xxiv + 342 pages, £21.95
ISBN 1-56592-257-3

(Reviewed by Andrew Cormack)

This is the kind of book which made O'Reilly famous: quirky, expert, and dealing with an obscure subject. Not that regular expressions are particularly obscure any more: as well as their traditional hiding places in grep , awk and emacs , they are fundamental to Perl and well supported by other languages such as TCL and Python. Users of any of these programs should find the book of interest although, since its main concern is with the efficiency of regular expressions, programmers will have most to gain.

The book introduces regular expressions through the problems they can solve and the basic matching operations which are needed for these tasks. To postpone discussion of the differences between systems, this description is at a fairly abstract level and most readers will find it helpful to have a real implementation in mind.

With this knowledge of what a regular expression processor must do, the next step

is to learn how it does it. There are two basic methods – deterministic finite automata (DFA) and non-deterministic finite automata (NFA). DFAs offer little opportunity for fine tuning, so the rest of the book concentrates on NFAs, where the detail of the regular expression can have a dramatic effect on the speed of execution. A well-designed regular expression should find matches and non-matches both correctly and rapidly and the book has suggestions for achieving accuracy and avoiding inefficiency. Some of the speed penalties, such as excessive backtracking, should be obvious, but others are only found by careful benchmarking or, in the last resort, examining the source code of the regular expression parser.

When the time comes to put this knowledge into practice, it soon becomes apparent that every application has its own variant form of regular expression. Often there are even differences between versions of the same application. These are clearly summarised in text and tables; one chapter discusses awk , TCL and EMACS, while another is dedicated to Perl. This concentrates on version 5 of the language, but there are frequent endnotes for features which have changed or been added since version 4. Perl's rich collection of regular expression primitives is described and there are also useful sections on the context in which expressions are used. These include the match, substitute and split operators as well as regular expression compilation and the best description of scope I have come across. Some primitives have a severe effect on performance; the book not only advises on how to avoid them in your own code, but even lists the standard library routines which are affected.

I have only minor quibbles with the book. The author clearly takes great delight in computerised typesetting and the resulting fireworks can occasionally distract from the content. There is also a tendency to stretch good analogies too far. However, it can be strongly recommended to anyone who has used regular expressions and wants, or needs, to know how they really work. In the Perl menagerie this Owl fully deserves its place alongside the Llama and Camel.

Andrew Cormack works in Information Systems Support at the University of Wales, Cardiff.



sed & awk, Second Edition


Dale Dougherty & Arnold Robbins
O'Reilly & Associates
xxii + 407 pages, £21.95
ISBN 1-56592-225-5

and

Effective AWK Programming, Second Edition


Arnold Robbins
SSC
ix + 322 pages, $27.00 plus shipping (see URL http://www.ssc.com )

ISBN 0-57831-000-8

(Reviewed by Andrew Cormack)

sed and awk are the Swiss army knives of the UNIX toolkit: suitable for a wide variety of tasks, few of which their designers imagined. Both programs are now the subject of POSIX standards which have added some new features and clarified others. These changes have prompted new editions of two of the best known books on awk and, in one case, sed .

Effective Awk Programming is the official book of GNU awk so describes the GNU program's superset of the POSIX language. The author maintains the source code of this version, so can even provide definitive rulings on parts of the standard which are unclear or undefined. GNU awk includes modes which emulate its POSIX and “traditional” predecessors so the book also covers those versions. The different behaviours are described in the course of the text, which can occasionally be slightly confusing; it might have been better to concentrate on a single version with the variations collected in an appendix. After an introduction to awk , including some typical one-line awk utilities, each feature of the language is given a chapter to itself. The explanations are clear and comprehensive, ideal for a reference manual, but the structure is likely to make life hard for learners. Reading through the book they will find everything there is to know about regular expressions, input and output, before reaching the chapters on expressions and variables. There are plenty of illustrative programs, but most use features which are not described until later chapters.

By contrast sed and awk is written in tutorial style, with the emphasis on writing useful programs as soon as possible. Each utility has an introductory chapter covering simple programming tasks, followed by other chapters which develop the more complex aspects of the language. This structure, along with much of the text, is taken from the highly successful first edition. Typefaces and layout now match O'Reilly's current house style and the book is easier to read as result though there are a few inconsistencies in the use of printable characters to show spaces and tabs in the examples. The index is also improved from the original. The new edition describes awk according to the POSIX standard, but also has a chapter on other flavours, including useful suggestions for working around some of their omissions. Another change is that the “three hurdles to mastering sed and awk ” have increased to four! The extra one – how to interact with the shell – is necessary because the book tends to avoid discussion of shell quoting and variable expansion.

Both books have appendices giving quick references to the languages; Effective Awk Programming also includes a tear-out awk reference card. Both contain a lot of well-explained sample code, though most the programs in the O'Reilly book date from 1990 when processing troff markup was probably more familiar and more relevant to the average reader. Many of the examples in Effective Awk Programming are re-implementations of standard POSIX utilities such as cut and egrep . These are intended as examples of the power of the language, rather than for practical use.

These are two successful updates of classic books. There are few major changes in content and owners of earlier editions may decide not to upgrade until their existing copies wear out. The text of Effective Awk Programming is part of the GNU awk distribution so may be sampled before buying. Anyone who does not already have an Awk book should be well satisfied with either; beginners will be better served

by Sed and Awk while Effective Awk Programming is essential reading for gurus.

Andrew Cormack works in Information Systems Support at the University of Wales, Cardiff.




Sendmail Desktop Reference


Bryan Costales & Eric Allman
O'Reilly & Associates
viii + 68 pages, £5.50
ISBN 1-56592-278-6

(Reviewed by Chris Cook)

If you want to know all about Sendmail, the classic mail delivery agent, you need to get hold of Sendmail , also published by O'Reilly & Associates. The fact is that, on most occasions at least, few people actually need to know “all” about Sendmail. Frequently, the last thing any budding Postmasters and System Administrators want is to have to search through the whole scoop on this large and complicated program.

True, it can be valuable to have this thousand page, 1.5kg monster in your possession; in hairy situations where your mail server is bleating at you that there's a problem, you may require the level of detail provided here, but for other times, when you just want to check or tweak an option, I'd prefer to use this desktop reference. Incidentally, if this is the “desktop” reference, then perhaps the obvious inference is that the full size version is the “mini-tower”. When it makes it to the “mainframe” size volume, it's time for the world to surrender and seriously consider going back to using paper mail.

This reference consists of five chapters: “How to Run”, “The sendmail.cf file”, “Databases”, “Configuring with m4”, and “Additional Information Sources”, although in a larger book the last chapter would be considered an appendix and an extremely small one at that.

“How to Run” gives the command line options, an abridged list of useful debugging switches and the commands available in rule-testing mode. It also lists the other names that Sendmail can be invoked as and describes its behaviour.

Predictably, the largest chapter, over half of this small book, is reserved for the sendmail.cf configuration file. There are sections on the various flags, rules, macros and options. There are flow diagrams to demonstrate the sequence of rewriting and a few, but not abundant number of, examples to walk you through a rewriting sequence. A list of options is given but sorted by the new, multi-character names. The older single-character names are included in the individual option descriptions, but if you want to find out what such a single character option does, you will have to plough through the list until you see “was the X option”.

The “Databases” chapter concerns itself with the support for files, internal tables

and database hooks. These include the aliases file and the .forward file. Configuration of the Makefile prior to building Sendmail is covered, to enable support for various external databases. There is a small section describing Makemap, the DBM database creation tool, and another on utilising the databases within rewriting rules.

For those people who use m4 to generate sendmail.cf files, there are ten pages describing its function and configuration. The book finishes with a page of other sources of information, almost all of which are included in the program's source distribution.

The authors declare this to be a companion to the second edition of Sendmail , so it is no surprise that most of the information can be found in the larger volume. In fact, the text is interspersed with section numbers, showing the relevant passage in the main book. In addition, scattered throughout the book are worthy little hints and suggestions such as how to check a distribution list for undeliverable members (I already knew that one) and how to persuade mailq to show the number of queued messages, even on a heavily loaded machine (useful, I didn't know about that). Even if you don't own a copy of the Sendmail book, this is a worthy addition to your bookshelf if you have to infrequently tangle with Sendmail.

Chris Cook is the Postmaster at Cardiff University. For the inquisitive, Sendmail Desktop Reference weighs 77 grams.

UNIX System Programming for SVR4


David A. Curry
O'Reilly & Associates
xxi + 596 pages, £25.95
ISBN 1-56592-163-1

(Reviewed by Adrian Cummings )

Few programs can avoid using operating system functions. This book documents the operating system services of AT&T's release of System V Release 4 (SVR4). In addition SVR4 forms the basis of the recent UNIX systems from Sun (Solaris 2.x), Hewlett-Packard (HPUX 10.x) and Silicon Graphics (IRIX 5.x), all of which are given special attention. There are also notes covering the porting of software from BSD UNIX to SVR4.

The book starts with a historical introduction to SVR4, the manufacturer-supplied C compilers and gcc. History lesson completed, the author moves on to cover the utility routines (character manipulation, dynamic memory, command line arguments). The low-level I/O routines are covered in some detail leading on to the standard I/O library.

The next chapter discusses the UNIX filesystem, including memory-mapped files (used for shared libraries), special purpose file operations, time of day operations, users and groups, system configuration and resource limits.

Presumably to make the system

programmer's life interesting, SVR4 provides four different mechanisms for the handling of signals (software interrupts). Fortunately the author explains all of them in a clear manner.

The book then moves on to describes processes, terminal control, interprocess communications via pipes, UNIX-domain sockets, SVR4 IPC (queues, semaphores and shared memory), networking with sockets and TLI. At the risk of sounding like a shopping list, the rest of the book covers other systems routines including error logging, searching, sorting, environment variables and regular expressions.

The appendices cover the significant changes between K&R and ANSI C, accessing filesystem data structures, the /proc filesystem, pseudo-terminals and the network at the data-link provider inteface (DLPI) level.

For anyone who either has to port applications or develop new code this book is a “must have” for the bookshelf. The author's style is clear, with plenty of code examples. "UNIX Systems Programming" should also prove a useful reference for students of operating systems.

Another excellent work from O'Reilly.

Adrian Cummings whiles away the time tending a mixed flock of BSD and SVR4 UNIX machines.

Switching Technology in the LocalNetwork: From LAN to Switched LAN to Virtual LAN


Mathias Hein, David Griffiths
ITCP
x + 486 pages, £29.95
ISBN 1-85032-166-3

(Reviewed by Raza Rizvi)

An Ethernet switch just works. You plug it in and away you go – so why do you need a 500 page book about switching technology? Well, if you are a network manager that is not interested in knowing the background of the technology you employ on your network then you will not need this book. If however you want a well written, easily readable and yet authoritative discourse on a quite specific topic then look no further.

After some well measured initial introduction to Ethernet signalling and cabling (for Thin, Thick, UTP, and Fibre) including some excellent comparisons of the transmission overhead within differing packet sizes, the authors move onto the pros and cons of cabling topologies. At chapter five we start to climb the ISO model with very good descriptions of the roles within LANs for 10Mbs and 100Mbs repeaters, bridges, and routers. The authors have not skimmed over routing technology to divert your attention to the main focus of the book, rather they present a truthful picture of the relative merits of

bridging and routing.

Thus far we have what could quite easily be a standard text for GCSE Ethernet Networking (if such a course existed) but this is no bad thing as one has to enjoy the starter to appreciate the main course.

When the main course arrives we are suprised to find that it consists of two chapters spanning 300 pages. We are taken through the reasons why we need switching to cope with the demands that are now placed on LANs and the “how they do it” approach to describe the differences in switch architectures. Here the book excels in explaining simply what is often just a throw-away piece of technical information in a product data sheet. The analysis of the design of switches leads to criteria for selection of, and perhaps far more interestingly, debunking of cost per port quotations. Even if you work in a company supplying networking equipment, this section cannot fail to get you thinking about the merits of one product over another.

Migration from 10Mbs to 100Mbs networks together with the requirements for fault tolerance and management are covered well (not suprising since the authors were also responsible for a set text on SNMP). Although the initial section about LAN Emulation within ATM is brief, it is as clear as anything I have seen in any other book, having as many diagrams as pages.

A generous side order of Virtual LAN technology is described with clarity before the book makes perhaps its sole mistake (ignoring the odd typo) with the inclusion of a great deal of largely unnecessary very low-level Fast Ethernet standards description before returning to ATM.

A good bibliography and focused glossary with a topping of the spanning tree protocol round off an unexpectedly pleasing hitherto description of this stable constituent of networking.

Raza Rizvi is technical support manager at REDNET, a very busy network integration company and medium sized ISP. He is still recruiting networking staff.



Learning VBScript


Paul Lomax
O'Reilly & Associates, Inc.
598pp
ISBN 1-56592-247-6

( Reviewed by Keith Mannock)

The established means for obtaining interaction with web pages has been via programs running on the server communicating with the client web browser using the Common Gateway Interface (CGI). The present trend is towards a migration of these programs from the server to the client, leading to what is known as client-side processing.

Client-side processing for web browsers can make web pages more interactive, and improve the performance of a web site because some of the processing is carried out at the client's end. This movement of

the processing to the client can be achieved by one of two main methods:

*     the use of Java, a byte compiled language which utilises a virtual machine within the browser;

*     the use of a text-based, interpreted language that is downloaded to the browser, embedded within the HTML stream.

The second approach has all the benefits associated with an interpreted language (ease of development, easy to learn, etc.) but also exhibits the disadvantages of such a language (poor performance, lack of flexibility/extensibility).

For the majority of web applications a scripting approach is more than adequate, allowing easy manipulation of graphical components and validation of input.

If a “real” programming language is required (e.g. for database processing) then the web designer can resort to Java or CGI scripts. Having made the decision that a scripting language is adequate for our requirements we are then left with two main alternatives:

*     JavaScript from Netscape;

*     VBScript from Microsoft.

JavaScript actually only has a superficial resemblance to Java; it has a similar C-like syntax but otherwise the class-based nature of Java is missing from JavaScript.

VBScript (Visual Basic Scripting Edition) is based upon the Visual Basic programming language common to Microsoft operating environments. It utilises an Object Linking and Embedding (OLE) Automation server interface, which has several advantages over the JavaScript approach to scripting, mainly the integration with Microsoft's desktop environment through the ability to download ActiveX controls. This enables the web designer to embed existing applications with a web page (e.g. a spreadsheet application). The disadvantage of this approach is that it tightly couples the web pages to the underlying operating system; an opposing philosophy to that of Java. It also ties the developer to a particular type of browser (Internet Explorer – although “plug-ins” are available for Netscape Navigator to interface with VBScript code).

Learning VBScript, is a thorough introduction to the use of scripting languages in the development of web sites. In the tradition of O'Reilly texts, it is clearly written with many illustrative examples and is accompanied by the ubiquitous CD containing the code examples described within the text. The author is enthusiastic about his subject matter, which is clearly conveyed within the text – my major reservation with any text of this type, is that it is all to easy to fall into the “blinkered” approach to the language, effectively glossing over the

shortfalls of the language. I think this is the case with Learning VBScript; there is little discussion of the possible interaction with Java and a belated discussion of the problems in using VBScript outside of a Microsoft-based environment. (It is noticeable that Microsoft's own pages associated with Internet Explorer 4 for UNIX are, in the main, written using Java and JavaScript rather than VBScript.)

Despite these reservations I can thoroughly recommend this book to anyone who is using Microsoft-based technology and has a background in Visual Basic. The text clearly shows how to develop applications which control the behaviour of the browser and generate HTML pages dynamically. The discussion of the ActiveX Control Pad is extremely clear; a tool which is essential for the development of OLE/ActiveX pages. This clearly shows the true power of VBScript; the ability to use the OLE services of the underlying operating system.

The problem with any review of this type is putting aside any natural prejudice to the underlying language (in this case Visual Basic). I think Learning VBScript convinced me of the validity of this approach to client-side scripting, and illustrated many techniques which are not clearly described in the vendors' documentation; but I am still left wondering whether it as suitable an approach as Java/JavaScript for web applications.

Keith Mannock is a lecturer in the Department of Computer Science at Birkbeck College, University of London.

Web Client Programming with Perl


Clinton Wong
O'Reilly & Associates
xii + 213 pages, £22.00
ISBN 1-56592-214-X

(Reviewed by Andrew Cormack)

Mosaic, Netscape and Internet Explorer are big web clients: this book is about little clients. Small is often beautiful and a dedicated program can do many things which a fully interactive browser cannot. The most familiar small clients are the robots and spiders which index documents on the web but even simpler programs can perform useful tasks by retrieving pages from web servers.

Clients must use the Hypertext Transfer Protocol (HTTP) to communicate with servers, so this protocol is the first topic in the book. One chapter illustrates the exchange of messages between browser and server in common situations: downloading a text document or graphic, following a hyperlink or filling in a form. The next builds on this gentle introduction, describing all the requests, headers and responses which client programs are likely to encounter. These are grouped by function from simple status headers to those involved in caching, authorisation and maintaining state (cookies). An appendix contains a complete list of all headers used by versions of HTTP up to

the current v1.1 (the draft on which the book is based has since been adopted as the official standard). The cookie headers, which are not yet in the standard, are those used by Netscape.

Once the protocol is understood, the next stage is to write programs to use it. The reader is assumed to be familiar with Perl programming, and anyone who is not comfortable with the object-oriented features of version 5 should consult the Camel book first. Network programming is not assumed so there is a chapter on the sockets interface which UNIX programs can use to access a TCP/IP network. This concentrates on the client side of the interface and shows the development of a complete client program; server routines such bind() , listen() and accept() are only mentioned briefly.

It is possible to write web clients using the sockets interface, but higher-level libraries exist which make the process simpler. A version of the same program using LWP (the Library for Web programming in Perl) is followed by a complete description of the classes and functions provided by this library. These are then used in three examples of real client programs: to fetch a web page and extract its hyperlinks; to track the delivery of a parcel by Federal Express; and to check a web site for broken hyperlinks. This last example is a recursive client, of a type which can place an unacceptable load on a server, so is accompanied by guidelines for good client design and behaviour including a description of the Robot Exclusion Standard. Each program is well documented and its operation clearly explained. The final chapter extends the small client further by adding a graphical user interface using another high-level library (Tk for Perl). The FedEx client acquires a windows front-end while other examples look up words on a dictionary server and monitor the health of a collection of web servers. These programs show the possibilities of small clients but some knowledge of GUI construction would help inunderstanding how they work.

It is a pleasure to read a book which has identified a subject and covered it in full. The author does not get sidetracked into teaching programming, HTML, or Perl, but provides a very clear description of HTTP and its use.

By their nature small clients are specialised so the book does not attempt to offer programs to meet all applications. Instead it provides an excellent source of ideas and the information needed to put them into practice.

Andrew Cormack works in Information Systems Support at the University of Wales, Cardiff.



Web Security & Commerce


Simson Garfinkel with Gene Spafford
O'Reilly & Associates
483 pages, £24.00
ISBN 1-56592-269-7

(Reviewed by Chris Cook)

The World Wide Web has grown somewhat in the last few years (understatement alert) and the business of the teeming millions of little people has finally attracted the attention of that pensive monster, Commerce. Now awakened, its constituent companies, large, small and fledgling, are determined to “improve” this phenomenon by transforming it from purely usable to

profitable (though not always both). Of course, not only is Commerce stirring but, immediately in its wake, follows the criminal brotherhood. This book is an attempt to inform the unwary of the potential and actual problems existing on the web at the moment. It aims to concentrate on information not readily available elsewhere. Again, because of the pedigree of the authors, the resulting collection of facts, anecdotes, and predictions, whilst not always surprising, certainly covers more ground than many writers could manage.

The book is compartmentalised into a short introduction, five main sections plus appendices. The introduction briefly covers the basics of security of computers connected to the Internet. This is important as the book points out – using military-grade encryption to transmit data between systems is valueless if the receiving system is electronically, or worse, physically insecure.

The section on User Safety covers the known risks and weaknesses of specific web browsers. Here, as throughout the book, it would be impossible to be exhaustive but predictably, Internet Explorer and Netscape Navigator are given much attention. They also devote several chapters to the difficulties with securing Java, JavaScript and Active-X. There are lots of good real-world examples of how the security models have been compromised and some of the real howlers that the big players really oughtn't to have released. Nevertheless, the authors' approach is not to simply ridicule and throw rocks. They examine the strengths and weaknesses in an informed and impartial manner, although they do go as far as to specifically name Netscape plug-ins and Microsoft's Active-X as potential methods to introduce Trojan horses.

Two of the sections are dedicated to the still emerging technologies that are attempting to secure commercial transactions on the web, Digital Certificates and Cryptography. These sections cover the reality of the topics, such as digitally signed plug-ins that only guarantee they were signed, not that they are actually safe to run. Again, there are fully documented examples of how to obtain and use a certificate. It's important that so much space has been reserved for these topics. Many people in the field know of their existence but fewer actually understand how they work and why they sometimes may not.

The section on cryptography details the history and current state of the main algorithms currently employed on the web. This includes a discussion of the issue of patents and export law, and how they have affected the development and roll-out of good encryption and certification. The authors are in no doubt that, amongst others, US export and patent laws have harmed the progress of this area of computer privacy and security. The section finishes with an introduction to SSL and TLS, protocols available for

securely transmitting data between web clients and servers.

This leads nicely into the last two sections, Web Server Security and ultimately, Commerce and Society. Many pages are given over to the security, primarily of UNIX and NT machines, the principal servers of the web. There are references to the variety of tools available to the system administrator in order to ease the task of securing their system or, if needs be, detect a possible security breach. Obviously, this can only ever be an introduction and the authors quite rightly plug their previous book Practical Unix & Internet Security for further reading.

The final section covers the real world security and privacy aspects that commerce and the user are going to be interested in, those of digital payments and content certification, enabling parents and the like to set some restrictions as to what may or may not be browsed, even in mail messages.

Various forms of digital payment are described, with careful attention given to the likely recourse, in the event of fraud by either party, and anonymity, which is important for some cyber-customers.

The appendices contain all the information you might expect from such a book, such as creating web server certificates, the SSL protocol and how to install the freely available SSLeay version.

The specification for the PICS content certification standard is included, with the final appendix listing references, resources and further reading, although one glaring omission was a source of Kerberos for non-US users.

The most curious of all these was the appendix that detailed Simson Garfinkel's creation of the Martha's Vineyard Internet service provider,Vineyard.NET. Initially it was difficult to see precisely how the tale related to the subject matter but gradually it became clear that in order to make the enterprise viable, Simson had to quickly learn about many of the topics covered in this book. He credits the inception of the ISP with the creation of this book.

The anticipated audience is those who have sufficient technical expertise to install and maintain a networked computer. However, they insist that it has been made readable by anyone who has a working knowledge of computers and the web, not just “propeller-heads” and “geeks”. They achieved this easily, as the book is extremely readable and contains many good examples of real accounts to illustrate points. They employ persuasive arguments and well thought out scenarios to demonstrate potential security nightmares. Nevertheless, the text is filled with side-bars and footnotes to alert those who haven't had their propeller fitted yet, to the real meaning behind some of the inevitable jargon. This is a must for anyone considering setting up business in cyberspace and a good read for all web masters too.

Chris Cook is a System Administrator at Cardiff University. Of course, as he's also the Postmaster,

mail any one of the 60,000 addresses and he's bound to read it sooner or later.



Web Security: A Matter of Trust (World Wide Web Journal, Volume 2, Issue 3)


Rohit Khare (Editor)
O'Reilly & Associates
272 pages, £21.95
ISBN 1-56592-329-4

(Reviewed by Andrew Cormack)

This is a particularly varied issue of the Web Journal, including standards, tutorials and even politics. The overall quality is as high as would be expected from the impressive list of contributors. The articles start from the premise that existing technology allows a single message to be signed and encrypted securely; the next problem is to establish the identity of the sender and recipient. In the real world, different levels of proof are required, depending on the action which is being requested (for example, the value of a financial transaction), but traditional models of computer networks seldom include this level of discrimination. This is the subject of Trust Management, which is well introduced in a paper by Khare and Rifkin. Trust can only be established through the exchange of signed statements (such as a bank card); passing these statements across the network is the subject of the Digital Signature initiative and its proposed DSig standard. DSig messages are based on PICS (Platform for Internet Content Selection), so readers should be familiar with that standard (in Volume 1, Issue 4 of the journal) before moving on to the two DSig papers. There are concrete examples of how DSig might be used in a paper on REFEREE, a trust management program with a truly awful acronym, but more guidance will be needed before individual users can make well-informed decisions.

Readers overwhelmed by cryptography acronyms should turn to the paper by Garfinkel and Spafford which translates most of them. This is a summary of two chapters in their book Web Security and Commerce ; unfortunately during the transfer, Figure 2 has lost its title – it actually shows a brute-force attack and not a message digest function. A second excerpt from the same book covers CGI programs, one of the main sources of insecurity on the web. The guidelines given should be familiar to everyone writing scripts for their web server, but apparently are not. The original book lists a selection of relevant web sites, but unfortunately these are not included in this Journal.

The name of a computer should provide some evidence of its identity, but the original Domain Name Service (DNS) is easily fooled. Some improvements in recent versions of the software are described in two papers by Liu and Gilbert. The former, extracted from DNS and BIND , explains the checks which can now be performed within a server to detect information which is inconsistent; the latter

shows how a future secure DNS will use cryptographic signatures to protect the exchange of information between servers. Cryptography may already be used to sign and encrypt web traffic using SSL (also known as TLS) which is the subject of a tutorial by Hirsch. This explains how to use the public domain package SSLeay to generate and exchange certificates between an Apache server and Netscape browser. Microsoft's Internet Explorer also supports SSL, but the author was unable to get this to work.

Talk of certificates and encryption keys soon turns to the thorny subject of key escrow. Many governments would like to ban all encrypted traffic unless they have the ability to decrypt it, and have proposed various systems for keys to be lodged with trusted third-parties. In emergencies, with the appropriate authority, keys could be disclosed rapidly and secretly by the third party. However, any encryption key can also be used to forge digital signatures and building a system with sufficient safeguards to hold these keys is likely to be hugely complex and expensive. A galaxy of encryption experts argue that such a large system would inevitably have fatal flaws, and in any case would not meet the requirements of the companies which are likely to have to fund it. These are far more interested in recovering information from encrypted disk files, perhaps left by a departing employee, than secretly listening to encrypted network traffic.

In his reply to this article, Clint Smith argues that the needs of industry and government are in fact similar, and that it is possible to build a key escrow system with “an acceptable level of security”. However, he seems to be only concerned with encryption keys, not with signatures. If digital signatures are ever to be accepted as legally binding (as written signatures are), it is essential that their authenticity be unchallengeable.

This is an excellent issue of the Web Journal, which should be read (on paper or soon on the web at www.w3j.com ) and discussed by anyone interested in the future of electronic communication. The issues it raises are much too important to be left to politicians.

Andrew Cormack works in Information Systems Support at the University of Wales, Cardiff.

Windows Annoyances: (Customizing Win95 and WinNT 4.0)


David A. Karp
O'Reilly & Associates, Inc

(Reviewed by Phil Docking)

The preface to this book starts very well, explaining the intended readership (anyone who works with Windows in one form or another) and pointing out that the job of an operating system, in this modern age, should be to augment the user rather than to constrain the user into a particular way of doing things. The reader is immediately given some pointers to a dedicated web-site for updates and information on specific parts of the book.

The format of the book is also explained well. It's not a book that's meant to be read linearly, but rather “dipped into” to solve specific problems. This process is aided by a pretty comprehensive and well thought-out index at the end of the book. Linear readers should note that there's sometimes a strange sense of déjà vu when reading sections which have obviously been cut and pasted from earlier sections.

The main part of the book itself is based on a set of web pages (at http://www.annoyances.org ), so if you are already able to browse this site, there's very little point in owning the book, unless you want a handy package for reading on your journey to or from work. However, the web-site and book structures do differ significantly enough to show that the book was not just printed from a browser and glued together.

One of the main problems with the transfer from Web-page content to a book is that the book format makes referencing other sections a little harder than on the web-pages. The in-text references now point to vague sections of the book rather than specific paragraphs, which is annoying in what is basically a reference book. What we really need is a set of symbols that say, “now go to paragraph (Chapter.Paragraph)”, rather more like a web-page type reference.

Chapter one starts by pointing the reader to the Glossary, where terms are described for new users of Windows. The history of Windows is then described without being over-indulgent in any particular version, which gives a good context for the reader using Windows 95/NT. A short discussion of the differences between 95 and NT follows, and then the expected future directions of the Windows operating system is outlined.

The important proviso, that the book is intended for users with the original shipping version of 95/NT, appears at the end of chapter one, when it really ought to be in the preface – most people with new computers will have bought it with 95/NT pre-installed, and for Windows 95, this will probably be the OEM (OSR2) version, which differs significantly in some areas relevant to this book.

Chapter two tells the user how to customise various parts of the user interface, starting with explorer mouse activity and continuing with an explanation of how to remove such things as the start-up and shutdown bitmaps, and how to put Windows' virtual folders into the start menu (this is where the proviso in chapter one starts to tell, as some things just won't work on all systems). The chapter ends with an explanation of how to get rid

of the explorer as the system shell altogether, and how to install Windows several times to enable users to use different language versions.

Many interesting points arise here in relating the quirks of the Explorer, such as the differences between dragging and dropping within a drive or between a drive, which the author puts down to poor design.

Chapter three is a pivotal chapter in the book, where Windows 95 Registry structure and the methods of editing it are explained in good detail. The “for-the-web” design problems show through most markedly here, where references are given but are pointless without a page number. Otherwise what is shown in this chapter is a good overview of shell settings in the registry and how to customise them.

Chapter four covers more advanced customisations which can be made in the registry, with sections on how to change icons for folders and changing Windows stock text, including changing the “Start Menu” text from “Start” to something else using a hex editor. The latter part of the chapter deals with systems administration shortcuts, such as changing printer timeouts and transferring windows 95 to another hard disk.

Chapter five is really slightly out of place in a book about Windows annoyances, since it's actually a discussion of how to improve the speed and efficiency of just about everything, from the way you work with Windows, to upgrading your computer; unless you allow that a lack of speed is one of the annoyances about Windows. The author starts with the ergonomics of a good working position and goes on to changing and removing drivers, through replacing parts of the computer and finally onto keyboard short-cuts, just to make your working life easier.

Chapter six is a relatively thorough discussion of how to fix both software and hardware if it doesn't work. This is a nicely methodical treatment of what to do if software fails, and how to fix resource conflicts. How to recover lost data, and how to make sure you don't lose data is covered, with good emphasis on preventive maintenance, rather than post-disaster recovery. A good section on “Getting things to work” covers hardware devices that can be plugged into the computer. A section on software configuration, and why CONFIG.SYS and AUTOEXEC.BAT files are still lying around, deals with loading drivers for DOS applications: which brings us back to annoyances again, in the form of how to boot directly into DOS and how to configure boot menus.

Chapter seven is about networking the computer. It deals with the simplest scenario of a dual computer single co-axial network, and covers setting up the network in hardware and software terms, and how to configure Windows for basic network operation. The second section, on dial-up networking, deals with setting up dial-up networking; what drivers to install, and how to configure it for first use. The author even deals with methods for selecting an ISP, which is a useful addition. Finally, the author goes back to the annoyances of dial-up networking and how to solve them.

There are four appendices to this book. Appendix A is a “Frequently asked questions” section, revised and re-organised from the FAQ on the www.annoyances.org web-site, which has, unfortunately, not been fully proof-read. However, it still provides a good basis for dealing with problems which may arise from Windows 95 or NT, particularly if you don't have access to the web-site. Appendix B is a crash course in DOS prompt utilities, which is a useful addition for new users who may have only used GUI type front-ends before. Appendix C is a glossary – something which ought to be in any book on such a complex topic – my congratulations go to the author for including it! Appendix D is a guide to what can be found in the MSDOS.SYS file – another useful addition for people who want to try things out for themselves.

In summary, this is a useful and well-organised book, with a good attempt to provide adequate information for new users. Sadly, because the book deals largely with the “original” Windows 95 build, some of the Windows 95 “annoyance-fixes” will not work, due to the widespread take-up of Windows 95 (OSR2) version sold with new machines. There are some inconsistencies in places within the book, sometimes even on the same page, where the author states that you should get the latest drivers for everything, and then says that you shouldn't fix things that aren't broken, even to the extent of saying that the “latest drivers” might highlight incompatibilities if installed.

There are many, almost subliminal, references to the shareware product “Route1 Pro”, throughout the book. Whether the author has anything to do with the software is not entirely clear, although the proximity of the book to the software on the “creative element” web-site is too close for comfort.

As the majority of the content of the book is available on the web, there seems little point in buying the book, unless you prefer reading hard-copy. If you do buy the book, I can recommend it, even if all you want to do is admire its well-designed structure.

Phil Docking is in Computer Science at Birkbeck College, University of London.
[Forward]
Tel: 01763 273 475
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
Join UKUUG Today!

UKUUG Secretariat
PO BOX 37
Buntingford
Herts
SG9 9UQ