By James Mohr
You can't judge a book by its cover, so you should not be misled by this book's subtitle: Facilitation Skills for Software Project Leaders." Granted, the leaders of software projects are the target audience, but this book has advice for everyone.
Many departments and even entire companies would be well-served by projectizing much of their work. Implementing even a few ideas in this book would increase productivity and efficiency dramatically.
The focus of the book is on working together toward a common goal. In other words: collaboration. In the first part of the book, the author talks about collaboration itself and why it is important. For those managers or project leaders who have the "my way or the highway" approach, there are some very convincing arguments as to why collaboration is not only important, but essential to any successful project.
In the second part of the book, the author shows how to implement techniques necessary for collaboration. Even if you are not the actual leader of a collaborative project, you can guide an ineffective manager. If you are not the official leader of your current project, this book can help you become the unofficial leader.
The book is splattered with many anecdotes from the author's 25-year career in IT. Many of these stories read like a Dilbert cartoon but still definitely show how things can go wrong - and what to do about the problems.
Although having a good management tool is useful in any kind of project, this book is not about using a particular piece of software. Instead, it is about the most crucial aspect of any project: the team members. From steering the "rambler" back to the topic at hand to documenting each meeting, to managing conflict, this book is loaded with useful information on taking advantage of the potential that all of us have within us. In short, it's a "must-read" for all project leaders.
Jean Tabaka
412 Pages
Addison-Wesley,
0-321-26877-6
£ 31.99, US$ 44.99, EUR 42.75
The days of the old saying "Never touch a running system" are long gone. Any good administrator knows that keeping their system up-to-date is necessary to keep the data safe. Even when limiting your updates and patches to security related issues or bugs, the task can be daunting. Unfortunately, the very nature of Linux makes this even more complicated because of the many different sources for the software.
This is not a book about using RPM. Instead, the author addresses a variety of other update tools, such as apt, YOU, and YUM. Further, you are not simply given a repeat of what is in the manpages, but rather you are guided through using each package in a live environment. Here, the author takes the title seriously, and discusses the administrative aspects of patches and updates.
One of the nicest aspects of the book is that it is not simply a narrative describing the way the various programs work. Instead, the author guides you step-by-step through the tasks. Even as a seasoned system administrator, I like books that do this for new things I am trying to learn, as it saves me the trouble of having to figure it out myself. Unfortunately, this turns out to be one of the book's greatest weaknesses, as this approach is not consistent throughout the book. At a number of places, the author should have provided step-by-step instructions, but didn't.
Another thing that bothered me was the inconsistent level of explanation. The book includes a number of topics that should be "common knowledge" for a system administrator. However, there were other places that were even more in-depth where the author simply mentioned a topic as if everyone already knew what he was talking about.
These problems do not make for a bad book. Instead, they are simply things the author should address in the next version. With the author's "no nonsense" style and his ability to quickly get to the core issues, I think this is a useful book for administrators at all levels.
Michael Jang
288 Pages
Prentice Hall PTR,
0132366754
£ 31.99, US$ 44.99, EUR 42.75
The downside of this book is that you won't find much that is directly applicable to your code. That's really not the goal. It is the factors that are indirectly applicable that make this an interesting book.
Targeted more toward project managers than programmers, this book provides details of many of the concepts as well as a number of specifics of software security. Still, being more a programmer than a manager, I felt the book provided me with a lot of information that I could use to "persuade" my managers. In addition, I found much of the information easily transferable to areas other than software development.
The emphasis is on the methodologies or "best practices" based on the "Three Pillars of Software Security": risk management, touchpoints, and knowledge. Instead of dealing with specific errors, the book deals mostly with the development and design process. Although this is not a bad thing, don't expect to be able to immediately fix all of the specific problems in your code.
One problem I frequently encountered is the belief that the developer's job is done when the code is "finished." I have worked on many projects and received software that "does what it is supposed to," but unfortunately being secure is not one of the things it is "supposed to do." This is something the author also addresses.
Included is a 35-page appendix, which covers a large number of common functions, along with a description of potential problems. Although this is an extremely useful reference, I think the reader would have been better served by less rhetoric in the main body of the book and more details of how to solve the problems.
Although this book contains a lot of useful information, I was left wondering whether the intent was not to sell a particular methodology, but rather to sell a particular software product. The book comes with a CD with a demonstration version of the Fortify Source Code Analysis product. You not only have to register the demo software in order to use it; a notice also informs you that the company is going to "share this personal information" with their "partners" and there is nothing on the registration form to tell them not to.
Gary McGraw
408 pages
Addison-Wesley,
0-321-35670-5
£ 35.37, US$ 49.99, EUR 43.90