Dr. Dobb's Journal December 2001
It's been several months since I wrote one of these reviews, but death marches will do that to you. To be fair, getting Version 3.0 out the door was more of a death stroll than a death march: There were no overnighters, and everybody got at least some time off every weekend. Still, hours like those suck the intelligence and creativity right out of you — which is kind of scary when you realize how much software is written by people who are in that mode. The bright side is that after a while, everything becomes laughable. Especially Harald's favorite line: "Yes, there's a light at the end of the tunnel. It's a guy with a flashlight, bringing us more bad news."
Going back to an "all day, every day" grind felt like revisiting an alien world. So did going back to Perl after a year of using Python; it felt strange to have to puzzle over code, line by line, to figure out what it was (or might be) doing. But Perl is what our product's web interface is written in, so Perl it was. The bright side was that it gave me an excuse to read Lincoln Stein's new book, Network Programming with Perl.
Like everything he writes, NPP is clear, accurate, well organized, and comprehensive without being exhausting. After a five-chapter introduction to basic concepts, such as Perl I/O and the TCP protocol, Stein explains how to develop clients for common services such as FTP, Telnet, SMTP, POP, and so on. The third part of the book then looks at TCP-based client/server systems, with chapters on forking servers, multithreading, multiplexing, and nonblocking I/O. The last part covers advanced topics, including urgent data, UDP, broadcasting, and multicasting.
Every chapter has lots of short examples, many of which would be good starting points for real applications. What's even better, Stein takes the time to explain why things ought to be done certain ways, and which problems can be avoided by using which techniques.
The other Perl book on this month's list is Perl Debugged, by Peter Scott and Ed Wright. This book is lighter than NPP, both literally (it's about one third the length) and stylistically, but its subject is a serious one: How do you find and fix problems in a Perl program? Some of the authors' suggestions are preventive, such as, "Don't enter the same text in different places in a program and depend on having to keep them in sync." Others are curative — there are, for example, entire chapters on tracing, and on using the Perl debugger. Many readers of this magazine will find the occasional reference to Fortran a bit odd (one of the authors works with scientific programmers at the Jet Propulsion Laboratory), but every new or intermediate Perl programmer will find this book useful.
As alien as Perl feels after a year away, it's still meant for human beings. (No, really...) In Beyond Contact, Brian McConnell takes a look at how we would communicate with nonhuman intelligence. His centerpiece is the SETI@home project, a screen saver that looks for repetitive signals in radio astronomy data. With an estimated 3 million installs worldwide, SETI@home is now the world's biggest distributed supercomputer, and has spawned a growing number of imitators and commercial startups.
But the SETI@home software is only a small part of this book. Most of it is about the communication problem: What are the odds of a signal being out there to detect, how would we detect it, and how would we establish a common language for communication with whoever, or whatever, was on the other end of the line? McConnell discusses each point in turn in semitechnical terms, at about the level you would find in a popular science magazine such as Discover.
The broad range of this book is its greatest strength. Its greatest weaknesses are its often-stilted style and its repetitiveness. If you are looking for a present for a technically inclined 15-year-old, though, this would be a good one.
Sadly, security is another "alien world" as far as most programmers are concerned. I've learned two things about security in my present job: It has to be designed into a product's architecture right from the start, and there's a wealth of technology out there to help programmers do the job right. I'm still looking for a good book on the former, but Daniel Barrett and Richard Silverman's SSH, The Secure Shell: The Definitive Guide is a very good guide to one key element of the latter.
SSH is a set of protocols, conventions, and software tools for establishing secure connections across untrusted networks. It can make use of a variety of authentication schemes, such as Kerberos and RSA, and provides Telnet-like terminal sessions, secure file copying, and a way to forward traffic bound for one port to another.
Barrett and Silverman's book is an example of O'Reilly books at their best — accurate, comprehensive, well edited, and dense without being crowded. The authors cover the Versions 1 and 2 protocols, installation, key management, port forwarding, and troubleshooting. I particularly liked the "Case Studies" chapter: The "FTP Forwarding" example probably saved me 300 calories. (Banging your head against a wall burns off 150 calories an hour. It's a handy way to measure some tasks...)
The last book on this month's list is also security related. Hacking Exposed: Network Security Secrets & Solutions, by Joel Scambray, Stuart McClure, and George Kurtz, really should have been called "Hacking Surveyed." Either way, it's a good reference for both programmers and system administrators. The authors' aim is to describe every major network security hole in every widely used operating system, and to explain what can be done to plug each one. Want to know about Windows 98 Trojans? Or brute force attacks against rsh on UNIX? This book describes these, and many others, and includes links (some of them already 404'd) to software and other reference materials. I expect that only the truly hardcore (on either side of the fence) will read the whole book, but anyone responsible for system security will find plenty to browse through.
DDJ