BlogFish

Design Patterns in Ruby by Russ Olsen is an introduction to Design Patterns. It covers 14 out of the 23 patterns of the GoF Design Patters: Elements of Reusable Object-Oriented Software book and adds three Ruby-related patterns. The book examines each pattern in general, shows how it applies to a dynamic language like Ruby and explains when to use or not use the pattern. The fact that the book is written in an informal style with lots of examples makes it really easy to read and follow. I really liked the format of the pattern examination and find it an excellent overview of and introduction to Design Patterns. The covered GoF patterns (Template Method, Strategy, Observer, Composite, Iterator, Command, Adapter, Proxy, Decorator, Singleton, Factory Method, Abstract Factory Method, Builder, and Interpreter) are the most important ones and are easy to apply in Ruby. Especially the chapter on Interpreter made a very good job of explaining a widely under-utilized pattern. It even showed how to build a parser and didn't stop at the AST.

Apart from those classic patterns, the book introduces Internal Domain-Specific Languages, Meta-Programming, and Convention Over Configuration as newer patterns that are closely related to dynamic languages like Ruby. Those chapters cover nothing new to Rails programmers but are a nice addition to a general Ruby Patterns book. In my opinion the discussion of Meta-Programming could be a bit longer as it only covers class_eval and Ruby has more to offer.

In general, Design Patterns in Ruby is a very good overview of Design Patterns in the modern, dynamic world of Ruby. The book makes sure that the reader understands where a pattern arises and is very good in explaining its usage by example. Further, I cannot praise enough the fact that the author also tells you when NOT to use a pattern and warns about over-usage of inheritance or patterns.

With 338 pages of informal, easy to read examples and explanations, the book is easy to read in two or three afternoons. If you look for an introduction to Design Patterns or want to know how they apply in Ruby, I really recommend Design Patterns in Ruby.

In their book Better, Faster, Lighter Java, Bruce A. Tate and Justin Gehtland argue against heavyweight architectures and approaches like J2EE, EJB, and CORBA. This book is aimed at advanced Java programmers who feel that the “industry standards” for Enterprise Java are inflexible and too complicated. Bruce A. Tate and Justin Gehtland present in 11 chapters and 242 pages more “lightweight” and non-invasive frameworks like Hibernate and Spring as an alternative.

The book is organized into two main parts. The first part (chapter one to six) examines existing enterprise solutions like J2EE and EJB and shows why they often do more harm then they help to develop better applications. Further five principles for fighting the “bloat” are presented. The second part (chapter seven to eleven) shows how to apply those principles and presents existing frameworks like Hibernate and Spring that adhere to those principles.

Chapter 1 introduces the “bloat” and develops the principles:

1. Keep it simple
2. Do one thing, and do it well
3. Strive for transparency
4. Allow for extension
5. You are what you eat

Then chapter 2 to 6 cover each principle in detail and show where existing Java enterprise solutions violate these rules. The resulting hindrances for development, extension, and change are examined. Further agile techniques and principles like Unit Testing, louse coupling and Inversion of Control are introduced. Many problems are supported by code examples and are quite convincing.

Not only the bad examples are given, also more “lightweight” frameworks and approaches are described in each chapter and more agile solutions to the problems that the “heavyweight” methods are attacking are presented. A nice side effect is that by reading this you will get a good overview of existing approaches and solutions.

After introducing general “lightweight” methods, the second part of the book examines two frameworks in detail and uses these to build an example application.

Bruce A. Tate and Justin Gehtland start by introducing Hibernate, an OpenSource object/relational persistence and query service for Java. With Hibernate your Java objects gets persistence just through configuration, without adding code. Chapter 8 will then introduce Spring, a lightweight container for EJBs that includes an abstraction layer for transactions, JDBC, persistence (through Hibernate, JDO, or iBATIS), AOP functionality, and a MVC web framework.

Chapter 9 and 10 will show you how to use Spring and Hibernate by developing example applications and are successful in given an overview of Spring’s capabilities. The book ends with chapter 11 and an outlook challenges and interesting techniques.

My impression is that the book is really helpful in order to convince you of the advantages of “lightweight” approaches and to learn the drawbacks of common technologies. If you already know that EJB 2 is horrible, don’t worry, you won’t be bored as enough alternatives are presented. Especially the second part of the book gives a good overview on the most popular alternative, Spring in combination with Hibernate.

Apart from the technology centered view, Bruce A. Tate and Justin Gehtland teach general principles that apply to every software development process.

Hardcore Java by Robert Simmons, Jr. is targeted at intermediate to advanced Java programmers who want to learn some advanced techniques and underused concepts of Java. The book is organized into 12 chapters over 324 pages.

The book begins with a brief review of Java’s core concepts like references, runtime type identification, and iterators. Not so popular features like break, continue, labels, and assert are covered before constructors and initialization are discussed. The chapter ends with common mistakes like overuse of System.exit(). Also access issue are covered. Personally I liked this review as most of the visualized items are often not used or misused in Java like using private accessors for instance variables and therefore prohibiting extension of a class.

Chapter 2 is completely devoted to the final keyword. Final constants, parameters, methods, classes and variables are covered. This may sound boring but instead useful hints and concepts are taught. For example Rober Simmons, Jr. shows how to archive conditional compilation in Java.

Chapter 3 covers immutable types and immutable collections while chapter 4 examines the various collection types that are supported in Java. What I didn’t like were the performance hints like using temporal variables to hold query results instead of calling the query inside a loop or using StringBuffer instead of String for appending long Strings. I just read Martin Fowler’s “Refactoring” some days before and he argues that such performance optimizations cost readability and maintainability and I tend to agree. Apart from that chapter 3 and 4 give you a strong background on immutable types and collections and on when to use which collection.

The next chapter is about Exceptions and on how and when to use Exceptions and RuntimeExceptions. The presented advices are sound and useful as many programmers either over- or underuse Exceptions (including myself, I tend to overuse them).

Chapter 6 examines Java’s nested classes like inner class, limited-scope inner class, anonymous inner class, and static inner class. This also a part of Java that is often not clear to many novice programmers and Robert Simmons, Jr. succeeds in clarifying it.

Chapter 7 covers how to use constants in Java. It begins by explaining bit fields and why they are evil. Constant Objects are proposed as an better alternative.

The next chapter, “Data Modeling”, is about how to attack a bigger problem. Gathering requirements, modeling and object relationships are covered briefly. Then mutable objects and constrains are explored. The beginning of the chapter was a little bit too “Waterfall model” for me as I tend to favor agile methods. Then Robert Simmons, Jr. tries to build a framework for decoupling and programming for bigger projects and I liked his approach apart from the design phase.

The book then continues with Java features and patterns that are not so known. Chapter 9 is all about Reflection. Not a very deep API discussion but more a discussion on why to use Reflection and how the main approaches are used. Chapter 10 uses Reflection to build Proxies and introduces their idea. Chapter 11 discusses the lesser know references in Java; weak references, phantom references, and soft references. An overview of ReferenceQueues, Garbage Collection and practical applications make this a very good chapter on references in Java.

The book ends with a preview on JDK 1.5 Tiger and the new features like autoboxing, generics, and for each loops.

In summary this is a very good book on advanced Java features that introduces many patterns that are assumed in J2EE or EJB books. The chapters on the final keyword, on references, and on constant objects should be read by every Java programmer.

I bought Snort Cookbook written by Angela Orebaugh, Simon Biles & Jacob Babbin back in march but it was until yesterday that I read it.

I am disappointed by this book. It presents hints and receipts for installing snort, managing rules and alerts, administration, and third party tools in 270 pages. The problem is, that many hints are presented twice only under a slightly different topic. For example, using Snort with MySQL is covered in the logging section and in the management interface section where ACID is covered. The same text in both places. And this is not the only time you can find such double entries.

While I’m speaking of ACID, the authors do not tell you that ACID is not actively maintained and they do not presents any references to use BASE. Sguil is only mentioned once as a reference but should have made it’s way into this book if IDScenter, Snort-Center, Snortsnarf, IDS Policy Manager and HenWen are in it.

Also there are many screenshots and step-by-step instructions on how to install the Windows GUI tools. Does a security person, who buys a book about Snort really need a screenshot of how to click on “Finish” when an MSI application is successfully installed?

For me this and the double entries are just a way to fill pages.

But my biggest complain is this quote from page 21:

If your Snort machine has only one network interface, using the passive tap, run both lines to a small hub. Then from another port of the hub, run a cable to your IDS. This will combine and maybe even buffer the traffic for the IDS and give a full duplex connection.

This is just so wrong! Due to collisions your IDS will never see all the traffic. See Richard Bejtlich on this topic.

My conclusion is: stay away from this book. You maybe learn some good tips but also many bad ones.

I had very little contact with Cisco gear and enjoyed the BSD books of Michael W. Lucas (Absolute BSD and Absolute OpenBSD), so I bought Cisco Routers For The Desperate.

This book aims to be “the book I wished I had read before I first touched a Cisco device”. And I can clearly agree. Read on for the details.

The book is organized in 9 Chapters plus a small appendix on IP addresses and netmasks. It has only 127 pages but it gives you quite a good overview of Cisco routers and how to configure them.

The introduction and chapter 1 will guide you through connecting to your Cisco with a serial console and how to use the command line. Also the difference between exec and privileged exec mode is discussed.

Chapter 2, router configuration, will teach you the basics about running/startup configuration, how to edit the configuration and how to back it up. Chapter 3 discusses the various interfaces (serial, ethernet, loopback and null) and how to set them up.

With chapter 4 it’s getting interesting. WAN connections to ISPs and other office branches are discussed. Michael W. Lucas describes how to choose an ISP for your needs and how to connect your router to his network. Most of the chapter is dedicated to “private connections”, that means private T1 connections to remote offices and not VPN. The static routes and configuration entries for the Ciscos are included and clearly examined.

The next chapter (5) discussed troubleshooting and it is very informative. Lucas includes every hint, from how to check the circuit to interface debugging information. One nice hint is how to use extended pings to test circuits that are working sometimes and sometimes not.

Chapter 6 walks you through an IOS update and describes all the issues like backup, choosing the flash image and recovery.

My personal favorite is chapter 7, redundancy with BGP and HSRP. This is a very long chapter that obviously teaches you how to use BGP and HSRP for redundant connectivity. The basics of BGP and the steps for getting an ASN (Autonomous System Number) are covered. Next the configuration, management and load balancing of BGP are discussed. For a BPG greenhorn like me very informative. The chapter ends with a firm discussion of HSRP and how to combine it with BGP.

Chapter 8 examines all the different login and authentication possibilities on a Cisco; like how to enable SSH. The book ends with a small chapter on various services like NTP, SNMP, and logging.

I really enjoyed reading this book.This is certainly not a detailed discussion of every aspect of Cisco routers but you get all the important information and pointers to where to get the details. I can only restate:

This is “the book I wished I had read before I first touched a Cisco device”. Now I can say that I did.

My first review of the Agile Web Development with Rails review covered the first half of the book which takes a tutorial approach to build a web shop. This review will cover the second part of the book called “Rails in Depth”. These 280 pages examine the various components of Rails like ActiveRecord or ActionController in detail. Further security issues and scaling are covered as well. Note that this review is based on the first beta of the book.

Chapter 13 gives an overview of the Rails environment and configuration. It explains the responsibility of each component and touches debugging and logging.

Chapter 14 and 15 are devoted to ActiveRecord, the Object-Relational Mapper used by Rails. From teaching rails how to access the database, how to create, read, update, and delete records (CRUD) to the built-in functions like find and count, every basic aspect of ActiveRecord is covered. After the teaching the basics, more advanced topics like locking and the various relationships between objects (has_may, belongs_to,...) are explained. Also more exotic relations like acts_as_tree and inheritance are shown and explained very clearly. Chapter 15 ends with a detailed description of validations, call-backs and observers.

Chapter 16 (ActionController) describes routes, url creation, rendering and choosing of the templates, cookies and sessions, before explaining filters and verification. It ends with examining caching (page caching and action caching, fragment caching is part of chapter 17).

Templates are discussed in chapter 17 with a focus on RTHML templates (as opposed to builder XML templates). Also helpers and pagination, components, layouts and partials are covered.

Chapter 18 is one of my favorites. It’s called “The Web, 2.0” and describes how to use the various AJAX enabled helpers and how to use fancy built-in JavaScript effects to notify the user that something changes behind the scenes. This is one of the places where you can really feel how powerful and easy Rails is.

Chapter 19 is a short review of the capabilities of ActionMail with which you can send and receive emails in you Rails applications.

ActionWebService is discussed in chapter 20. You are shown how to transform normal actions into WebServices and how to defines the APIs. The three dispatching modes are examined briefly before the chapter ends with a guide on how to test WebServices.

After discussing the components of Rails, more general topics are focused on. Chapter 21 shows how to protect your Rails application from SQLInjection and Cross Site Scripting. Further it teaches some basic web application security like “do not execute uploaded files” or “do not cache authenticated pages”.

The last chapter addresses deployment and scaling. It provides an overview of deployment on WEBrick, Apache and lighttpd with example configuration. FastCGI and some advices on log files, error handling and sessions are described. Performance and how to identify bottlenecks conclude the chapter.

The book features three appendices. The first is a short (15 pages) introduction to Ruby in order to get the basics of Rails. Certainly enough for somebody who knows another OO-programming language. Appendix B lists all configuration options and Appendix C the source code used in the book.

My conclusion of this book is a very positive one. The first part shows you the power of Rails by building a small shop application in minutes and the second part explains all the details and hooks of Rails. Therefore this book is suited for everyone. The beginner starts with the tutorial while the expert can use the second part to enforce his knowledge.

If I hadn’t already bought it, I would buy it again!

I finished the first part of the book and wanted to give a short review.

The book is organized into two main parts. The first part (173 pages) is an introduction followed and a longer tutorial on how a build a rails app.
The second part (280 pages) is an in depth discussion of the various rails packages and discusses themes like AJAX, Action Mailer and deployment and scaling.

This review will focus on the first part.

The first part starts with an overview of the rails architecture and the Model-View-Controller pattern. Then it describes how to install rails on Windows, Linux and Mac OS X and how to setup the whole with databases and rubygems. After a short “Hello rails” application, the biggest part of the first half is devoted to the depot example.

Chapter 5 begins to create the depot application, a online store in rails. This tutorial continues to chapter 12 and give you an overview of the various capabilities of rails.

Chapter 6 discusses how to create the application, create the database and connect to it with rails. The scaffold generator is used to create a product table/model and some validations are shown.

Chapter 7 discusses the a new controller, extends the product model and show how to use views and stylesheets.

Chapter 8 talks about sessions, the flash notices and the relationships between models with belongs_to. The depot application can now display products, store them in a shopping cart and edit the available products.

Chapter 9 shows partials and some tricks with actions to implement a basic shipping function.

Chapter 10 adds authorization and filters to ensure that only logged-in users can add products and access the admin controller. Also application-wide helpers are introduced. After this chapter the power of rails is really apparent. Few lines of code lead to an very impressive application that would take a lot longer to implement for example in PHP.

Chapter 11, the last of the first part, introduces the various tests and benchmarks tools. Unit and functional test and their use of fixtures are shown. Especially the integrated functional tests are an advantage of the rails framework and I enjoyed reading this chapter. It also shows how to develop Test Driven, also this part could be longer.

The first part is more for rails beginners and introduces the main concepts very clearly. After this part, you could start your own rails application, all the important functions, helpers, and tricks are shown.

Although there are many references to Agile Developing, it is rarely more than “in rails we love to talk to our customer often” or “fast feedback is important” and “lets move this function”. I wished that the agile part of the title would play a bigger role. But it is already more than in any other web-application or programming book I read that is not entirely focused on Agile Development or Test Driven Development. Maybe I’m just too biased :-)

Apart from this, the first part is very good written and I recommend it to everybody who wants to have a look at this fancy rails-world. I liked the fact that one example application is used to demonstrate and teach all the basic knowledge. Therefore you can follow its development from scratch and see it growing like your real application would.

UPDATE:
See also the second part of the review.