Tuesday, December 20, 2005

Year End Cleanup

This article appears in slightly different form in the November/December 2005 issue of IEEE Micro © 2005 IEEE.

I see far more books than I have time to write adequate reviews of. This time, I point you to a number of books that I hope I'll have time to do justice to some day. Experience tells me, however, that some day rarely comes. More books come in, and other priorities intervene, so I'll probably never get back to these. But they are too promising to pass by without comment.
Programming Practices

Prefactoring -- Extreme Abstraction, Extreme Separation, Extreme Readability by Ken Pugh (O'Reilly, Sebastopol CA, 2005, 238pp, ISBN 0-596-00874-0, www.oreilly.com, $29.95)

Refactoring entails changing the internal structure of code without changing its external behavior. The objective might be to make the code more maintainable or to accommodate an extension. Pugh uses his experience of refactoring to arrive at prefactoring, that is, design principles that anticipate these objectives. Using prefactoring principles can reduce the need for refactoring, thus saving time and effort later in the project.

Of course, many books on programming style have stressed the need for maintainability and extensibility. Some of them predate extreme programming, refactoring, design patterns, or even object oriented programming by many years. What distinguishes Pugh's book is that he assumes that you will be using object oriented programming and many of the design and testing principles that characterize extreme programming. I find it interesting to compare this book to Joshua Bloch's Effective Java (Micro Review Jul/Aug 2002). They are both about writing better code, but Pugh's book is not so intimately tied to a specific computer language. It focuses on the entire development process, not just the code, and it does so within the context of specific application problems.

Pugh illustrates his principles with an example that he follows through most of the book. He invents a client, Sam, who runs a lawnmower and music CD rental business. Pugh and his partner, Tim, work with Sam and each other to provide a system for keeping track of rentals.

Here is one example of a design issue that comes up in Pugh's imagined work with Sam. After the system design has advanced sufficiently to have a class representing customers and a class representing music CDs, Sam introduces new requirements that mean that the system should know which customers have rented a certain CD and which CDs have been rented by a certain customer. Rather than keeping that information in one class or the other, Pugh introduces the principle Decouple with Associations. This leads to association classes that keep track of each coupling of a customer and a CD for a specific period of time.

I was delighted to find that Pugh advocates a design principle that has been around for a long time. Pugh states his principle as Separate Policy from Implementation. I don't remember the source, but in the 1960s, that principle took the form don't build policy into the code.

Pugh advocates one principle that I understand but dislike. He likes highly specific method names, such as read_line_up_to_new_line_and_toss_new_line, so that you don't have to look at the method to see what it does. For the same reason, he doesn't like overloaded methods. By using unique names, you can make the methods describe themselves.

Pugh has had a long career and has lots of wisdom to share. This short book will definitely repay the time you spend reading it. 

Core Security Patterns -- Best Practices and Strategies for J2EE, Web Services, and Identity Management by Christopher Steel, Ramesh Nagappan, and Ray Lai (Prentice Hall PTR, Upper Saddle River NJ, 2005, 1088pp, ISBN 0-13-146307-1, www.phptr.com/smp, $59.99)

I started reviewing books in the Sun Microsystems Press Java series from Prentice Hall almost ten years ago. These books are comprehensive and authoritative, and this one is especially so. Christopher Steel is a well known security consultant. He was chief architect of the United States Treasury's Pay.gov project. His co-authors are software systems architects at Sun. They specialize in the technologies that underlie effective security.

The underlying message of the book is that you must build security into your applications. The current widespread practice of adding security after the fact is the cause of many of the security nightmares we are all familiar with. Building security into applications means using successful patterns and technologies. Of course, even before that, it means understanding the security issues that can arise in the kinds of networked applications that our society depends upon.

This book describes the problems to be addressed in the various application layers, explains the patterns and best practices that can help you address those problems, and points to the technologies you can use to implement the resulting strategies. The authors show you how to transform a chaotic and intractable problem into one that is difficult but manageable.

If you are involved in any way with enterprise software, this book belongs on your shelf.

C# Precisely by Peter Sestof & Henrik I. Hansen (MIT, Cambridge MA, 2005, 214pp, ISBN 0-262-69317-8, mitpress.mit.edu, $19.95)

If you have used Java Precisely (now in its second edition) by Peter Sestof, then you know what to expect from this book. It is a reference, not a textbook. Most of the brief reference sections have accompanying code examples. 

As I look at the two books side by side, I find it interesting that C# Precisely is almost twice as thick as Java Precisely. I'll let you draw your own conclusions from that.

If you already know C# but want to look up the rules and see a code example for, say, explicit interface member implementations, all in about half a page, this is the book for you.


Reviewing PDF Documents in Acrobat -- Visual QuickProject Guide by Donna L. Baker (Peachpit, Berkeley CA, 2005, 126pp, ISBN 0-321-32119-7, www.peachpit.com, $12.99)

Peachpit's Visual QuickStart and Visual QuickProject guides are a marvelous resource for visual learners. If you find that a picture is better than a thousand words, this series of books is for you.

This book follows a simple Adobe Acrobat use case: Create a PDF file representing a document that you plan to publish. Invite reviewers to annotate the file with their comments. Read and evaluate the comments, and incorporate them into a final version.

Many people already do this, but gingerly and minimally, because they have only learned a few essential Acrobat features. Baker covers all of the Acrobat features that pertain to this task. If you'd like to use Acrobat and PDF more effectively to facilitate your review process, and if you're a visual learner, you should read this book.

No Nonsense XML Web Development with PHP by Thomas Meyer (Sitepoint, Melbourne Australia, 2005, 368pp, ISBN 0-9752402-0-X, www.sitepoint.com, $39.95)

Thomas Meyer is a consultant who specializes in developing dynamic websites that use XML and databases to manage the underlying content. He envisions his audience for this book as "intelligent and curious, with a wide range of technical proficiency, but all feeling a little overwhelmed by the terminology, processes, and technologies surrounding XML." 

Meyer uses the book to develop an XML-powered website, while teaching you what you need to know about XML. The "no nonsense" part of the title refers to the fact that he leaves out many important aspects of XML that don't pertain directly to the task at hand. For example, he talks about document type definitions (DTDs) but not XML schemas. He talks a lot about Xpath, but says nothing about Xquery or Xlink.

If you work your way through this book, you will understand how to use XML and PHP to manage the content of a website. You will also have a sound basis from which to explore other aspects of XML as you expand your website's capabilities.

Document Engineering -- Analyzing and Designing Documents for Business Informatics and Web Services by Robert J. Glushko  Tim McGrath (MIT, Cambridge MA, 2005, 724pp, ISBN 0-262-07261-0, mitpress.mit.edu, $34.00)

Robert Glushko leads the Center for Document Engineering at UC Berkeley. Tim McGrath is an independent consultant and chair of an Oasis Universal Business Language subcommittee.

This book is at the opposite pole from the "no nonsense" book I review elsewhere in this column. It treats its subject exhaustively and abstractly in a way that will surely prove daunting to most potential readers.

While many people use the phrase document engineering, Glushko and McGrath define it as an approach, not a methodology. They see Document Engineering as a discipline, defined by this book, that applies equally to documents that carry data between business applications and documents that carry information or instructions to human readers in a business context.

As best I can tell, this book describes an approach to designing loosely coupled message-driven business systems, with special emphasis on the messages. The successful document engineer, according to the authors, can come from any discipline that teaches people to think abstractly and reason about information and processes. If this sounds like something you're interested in, then consider buying this book. 

Living on the Web

Ambient Findability by Peter Morville (O'Reilly, Sebastopol CA, 2005, 204pp, ISBN 0-596-00765-5, www.oreilly.com, $29.95)

In The World is Flat (Micro Review, May/June 2005), Tom Friedman lists in-forming as one of his ten flatteners. By this term Friedman refers to the powerful search tools that make huge amounts of information quickly available on demand. Friedman glosses over this flattener, but Peter Morville delves deeply into it.

The biggest problem with this book is figuring out exactly what it's about. Jakob Nielsen says in a blurb on the back cover that it puts search engine marketing into a larger context and provides insights into human behavior. The author says in his preface that he doesn't know what the book is about or whom it's for. He asks you to read it, then send a copy to anyone who should read it. 

If you want to understand how networks and ubiquitous computing are changing our world, read this book. You may not be able to summarize it, but it will give you a lot of information quickly and painlessly.

The Symantec Guide to Home Internet Security by Andrew Conry-Murray & Vincent Weafer (Addison-Wesley, Boston MA, 2005, 240pp, ISBN 0-321-35641-1, www.awprofessional.com, $19.99)

We all love the convenience of being connected to the vast resources of a networked world, but that convenience is increasingly balanced by danger. Many of us will never be security experts. We have a few tools that we rely on for our personal business, entertainment, and communication. They come out of the box with a variety of protections, and they continually update themselves. Nonetheless, there are still risks, and most of us have no idea how to assess, mitigate against, or devise contingency plans for those risks.

The authors, a writer and a security researcher, offer this book as "a comprehensive resource for the broad range of risks that Internet users face." If you use computers in your personal life, you should look at this book.

The eBay Survival Guide -- How to Make Money and Avoid Losing Your Shirt by Michael Banks (No Starch, San Francisco CA, 2005, 284pp, ISBN 1-59327-063-1, www.nostarch.com, $19.95)

More that a hundred million people have used eBay, the online auction site. There is a tremendous potential benefit from buying or selling there. Many people do so successfully with no formal training, but a few tips and tricks can be worth hundreds of dollars.

This book assumes that you can figure out how to navigate the site and handle the mechanics of buying and selling. It focuses, according to the publisher, on "how to get the best price if you're selling; how not to overpay; and how not to get ripped off."