Book Reviews |
I have an “oh, no!” reaction when I see a book titled “Power This” or “Secrets of That,” especially when the book doesn’t appear to give the reader any more power than any other book provides. So when I got a copy of PHP 5 Power Programming, I was a little apprehensive. This apprehension was compounded by the fact that one of the authors is the lead designer of PHP. (The creator is often the least likely to explain a topic in a way that others can understand.)
To my surprise and enjoyment, PHP 5 Power Programming is not one of those power books that rehashes old material. Although it does spend two chapters on what I would called PHP basics, it does so only for review or reference. In fact, it comes right out and tells you if you are experienced with PHP4, you can skip right over one of the chapters.
Rather than teaching you to program, this book teaches you how to develop. There are chapters on database access, error handling, and performance, all of which are essential aspects of developing PHP applications. You’ll even find a chapter entitled simply “How to Write a Web Application with PHP.” While many of the points made in this chapter are obvious in hindsight, I was constantly reading pages thinking “Wow! I should do that!” The book is loaded with tips, tricks, and “behind the scenes” information.
PHP 5 Power Programming spends a lot of time on the PHP Extension and Application Repository (PEAR). If you use Perl, you’ll understand that PEAR is similar to CPAN. A handful of chapters cover the basic PEAR tools and describe how to write your own PEAR packages. You’ll also find an excellent chapter on PHP with HTML and a chapter on phpDocumentor, a tool for creating documentation from comments in your PHP code.
Interestingly, no CD is included with the book, but you will find a serial number on the inside cover that you can use to download a 90-day free trial version of Zend Studio.
Andi Gutmans, Stig Bakken, Derick Rethans
689 pages
Prentice Hall PTR, 0-13-147149-X
£ 31.99, US$ 39.99, EUR 34.90
Nessus Network Auditing is the definitive book on the popular open source security scanner. The book is recommended by the Nessus.org website, as well as the world’s biggest online bookstores, and this was reason enough for Linux Magazine to take a closer look. What we discovered is a well-organized guide to the Nessus tool with contributions by none other than Renauld Deraison, the guy who launched the Nessus project back in 1998.
Starting with the basics of vulnerability assessment, the book takes readers through the download and install phases. The authors describe the details of configuration, explain the importance of regular updates, and show how to perform an actual security scan. Security admins need to know where best to run the scanner, and they need to be aware of the issues associated with scanning, such as obtaining permission before starting, avoiding false positives, avoiding taking down critical machines, and avoiding using up the network’s bandwidth. You’ll find this critical information in Nesus Network Auditing.
Once you have the results of a scan, it is important to analyze the results correctly and generate useful and accurate reports. Again, the book gives you the necessary information. An introduction to NASL, the Nessus Attack Scripting Language, and a hard copy of the open source NASL2 Reference Manual by Michel Arboi, including a currently incomplete guide to the interpreter, add value for programmers. In the reference manual, Michel Arboi states that the “grammar may be incorrect,” and he’s right of course. In fact, you’ll even find an occasional word of French in this section. But if you don’t let that faze you too much, Nessus Network Auditing will give you everything you need to install, configure, deploy, and leverage security scanning in an IT environment of any shape and size.
Renauld Deraison et. al.
508 pages
Syngress Publishing, 1-931836-08-6
£ 29.99, US$ 49.95, EUR 43.50
It is hard for me not to sing the praises of a computer book, since I know how hard it is to write one. That said, I don’t want to say that Open Source Network Administration is bad, but I will say that it is hard to sing any praises about it.
The first thing that struck me is that, at 238 pages, the book can barely scratch the surface of the topics it addresses. This is compounded by the fact that the author spends over 30 pages on basic system administration, like shell scripting, cron, regular expressions, and so forth. Although these are important topics, a book at this level should assume a certain amount of basic knowledge (for example, setting variables in a shell script). Taking over 10% of an already thin book to talk about these basic issues was downright annoying.
Also lacking was a discussion of management applications such as OpenNMS, Big Brother, or Nagios. Although, Nagios was mentioned over a couple of pages, nothing at all was said about how to configure it. Granted, Nagios is a complex application, but network administration is a complex task that requires complex tools, so I was disappointed to see important details missing. Other tools like OpenNMS and Big Brother were not mentioned at all.
The author seemed only interested in addressing the handful of tools he uses himself. In fact, he chose a handful of tools that he wrote himself. Although this is not necessarily a bad thing, I found it misleading to describe the book as a “survey of a wide range of Open Source network management tools.” For me, this would be like calling a book “a survey of programming languages” when it discusses Perl and Prolog but ignores C and PHP.
Knowing what to do with information is just as important as being able to collect it. This book mostly stops at the point of telling you what to do with the data. (There are a few places where the book does describe certain problems and how the tools can be used to detect these problems.) For information on network troubleshooting, O’Reilly’s “Network Troubleshooting Tools” is a much better source.
If you happen to use the tools specifically addressed in this book (MRTG, Neo, Netflow, Oak, and tcpdump) then you would probably be well-served by it. The explanations are clear and concise, and I did learn a bit about how certain programs and protocols behave. Plus, you’ll find a number of examples and configuration options for the various tools.
James Ketchmar
238 pages
Prentice Hall PTR, 0-14-046210-1
£ 35.99, US$ 44.99, EUR 39.50