The Third Bit

I believe very strongly that if you want to write well, you have to read relentlessly and critically: relentlessly, because there’s a lot out there, and critically, because you must always be asking yourself, “What’s good about this? What’s bad? What do I want to imitate? What mistakes do I want to avoid?” I keep going back to the trilogy Kernighan and colleagues wrote in the 1980s (The C Programming Language, The Unix Programming Environment, Software Tools in Pascal), just as musicians I know go back to Coltrane’s early recordings or bootlegs of The Cure; I think a lot of books about computing would be greatly improved if their authors would do the same.

Take Flaig’s Bioinformatics Programming in Python, for example. It is as pretentious as Kernighan’s books are unassuming, and by trying to cover everything the author knows about computing, it manages to take the reader nowhere. The trouble starts right at the beginning, with a page about Japanese swordplay that ends, “Do yourself a favor and think about this man’s advice,” and the realization that the book is divided into sections called “Earth”, “Water”, “Fire”, “Air”, and “Void” (only the first two of which are included in these 418 pages). There are endless references to other languages (particularly Haskell and Erlang), which I believe will only muddy the exposition for newcomers to Python, and far too many attempts to be clever that only fall flat. Lots of interesting and useful topics are actually covered, but it’s impossible to see past the author to the book’s content.

Berman’s Ruby Programming for Medicine and Biology is a much better book, though still flawed. Berman comes from a medical background, and after years of wrestling with odd data formats and Perl’s syntax, he has discovered RDF and Ruby, and thinks they’ve got sliced bread beat cold. Those parts of the book that describe how to grind biomedical data with Ruby are very strong; I learned things about both the language and medical data crunching that I hadn’t known before. I particularly liked the pragmatism of some of the examples: it isn’t every book that shows you how to put an RDF header in a JPEG image.

However, the book does have three flaws. The first is the example-driven way Ruby’s features are introduced: a reader who doesn’t already know how to program in a modern scripting language is going to have a hard time following along. The second is the side trips into topics like data formats: I thought they were awkwardly placed, and just long enough to distract readers from learning to program. Finally, I agree that RDF and Ruby are a step up from flat ASCII and Perl, but Berman’s claim that Ruby’s features map “naturally” onto RDF and vice versa grated a little: I could make arguments that were just as strong for half a dozen other languages, with just as little data to back them up.

LeBlanc and Dyer’s Perl for Exploring DNA doesn’t try to go as far as Flaig’s or Berman’s books, but is thereby more useful for working scientists. The authors are a computer scientist and a biologist respectively, and while they’ll never convince me to like Perl, their combination of clean prose and clear examples make for a readable and informative guide to everything from lists and functions to regular expressions and databases. They don’t assume too much or too little of their readers, and the occasional typo didn’t impede comprehension. The only thing I’d ask them to change is the quality of their fuzzy screen captures…

Harrop’s OCaml for Scientists and Odersky et al’s Programming in Scala share the same basic flaw as Berman’s book: the authors’ belief in what they’re trying to explain gets in the way of their explanations. The “what” in both cases is functional programming using either a language that’s been around for years, like OCaml, or one that’s relatively new, like Scala. Harrop’s style is stodgy (“As some approaches to pattern matching lead to more robust programs, some notions of good and bad programming styles arise in the context of pattern matching.”), while Odersky et al are almost gushing at points, but both have a habit of waving away the shortcomings of their subjects. Kernighan and Ritchie didn’t try to sell C; they described it, and let readers make up their own minds. It’s a model worth imitating.

Next this month (gosh, I have been on a lot of flights, haven’t I?) is The ThoughtWorks Anthology, a collection of essays from developers and managers at a consulting firm that counts among its staff several luminaries from the design patterns/refactoring/agile world. Some chapters, like Singham and Robinson’s “Solving the Business Software ‘Last Mile’” or Parsons’ “The Lush Landscape of Languages”, are high-level handwaving, but there are several gems: Lentz on “What Is an Iteration Manager Anyway?”, Pantazopoulos on “Project Vital Signs”, and (my favorite) Simpson on “Refactoring Ant Build Files”. If the book had been a blog, I would have read about half the posts end-to-end, which is a pretty good hit rate.

Finally there is Head First Software Development, the latest in O’Reilly’s not-quite-cartoon series aimed at developers with short attention spans. (OK, that’s a bit unfair, but that’s what it feels like to read them.) Take away the jokiness, crossword puzzles, and thought-bubbles, and this is actually a really good book: mostly agile in approach, but refreshingly free of dogmatism, and intensely practical. If you’re trying to get the most out of a team of a dozen programmers, you won’t find many better roadmaps than this; if it was half its current size (which it could be), I’d seriously consider adopting it as a textbook in my third-year software engineering class.

---

ThoughtWorks Inc.: The Thoughtworks Anthology. Pragmatic Bookshelf, 2008, 193435614X.

Jules J. Berman: Ruby Programming for Medicine and Biology Jones & Bartlett, 2007, 0763750905.

Ruediger-Marcus Flaig: Bioinformatics Programming in Python. Wiley-VCH, 2008, 3527320946.

Jon D. Harrop: OCaml for Scientists. Flying Frog Consultancy, 2007.

Mark D. LeBlanc and Betsey Dexter Dyer: Perl for Exploring DNA. Oxford University Press, 2007, 0195305892.

Martin Odersky, Lex Spoon, and Bill Venners: Programming in Scala. Artima, 2008.

Dan Pilone and Russ Miles: Head First Software Development. O’Reilly, 2008, 0596527357.

Books

I can’t remember the last time I read three books in a row that I really liked:

• Robert Hutchinson: Elizabeth’s Spymaster: Francis Walsingham and the Secret War That Saved England. (Precede or follow with Patricia Finney’s excellent novel Firedrake’s Eye for best effect. Would someone please make a movie of this?)
• Michael Chabon: The Yiddish Policeman’s Union.
• Catherynne M. Valente: In the Night Garden.

Of course, this means I have a stack of technical books waiting for me;  I hope at least one is as good.

Books

For a long time, I have believed that Jon Udell has the best job in the world. He gets to build interesting systems and talk to interesting people about interesting futuristic things, and best of all, he gets paid for it.

A couple of years ago, though, I discovered Brian Hayes‘ column in American Scientist magazine. His job looks like a lot of fun too: every couple of months, he has to explore some interesting and revealing idea that is somehow related to mathematics and computing. Some of his past columns have now been collected in Group Theory in the Bedroom, and they are as entertaining as they were the first time around. The opening article talks about the most elaborate mechanical clock ever made; others look at the problem of determining where the continental divide actually is, different ways DNA could have coded for proteins (but didn’t), the statistical distribution of violent events, and what, if anything, “equality” actually means. Fans of Martin Gardner’s long-running Scientific American column are particularly likely to enjoy Hayes’ tone, insight, and playful curiosity.

Demaine and O’Rourke’s Geometric Folding Algorithms is the raw material that popularizers like Hayes mine to create their essays. During the past decade there has been an explosion of interest in several closely-related problems: how to fold shapes up in two or more dimensions, and how to cut folded material so that it has a certain shape when unfolded. Applications range from drug design and robotics to forming metal sheets; the algorithms range from straightforward (though never trivial) to mind-bending.

This book does an excellent job of surveying the state of the art. There are copious examples and illustrations, and the authors manage throughout to convey the excitement of working in an area where many basic questions are still unanswered. Pick a page at random, and there’s a fair chance you’ll find a conjecture that is still awaiting proof. It is not for the mathematically challenged, but I expect graduate and undergraduate students will be finding research projects in it for years to come.

Cawood and Fiala’s Augmented Reality: A Practical Guide is aimed at less advanced readers, but offers just as many avenues for the curious to explore. (Disclaimer: Pragmatic Bookshelf published my last programming book, and will be publishing my next one as well.) “Augmented reality” is the practice of overlaying a virtual world on top of the real one, i.e., of synthesizing video data in real time to make imaginary objects appear to exist in the real world. Today’s systems rely on contraptions that combine video goggles with a camera; the goggles put a small screen in front of each eye, while data is injected into the signal from the camera to create tanks, flying fish, or whatever else the programmer wants.

Most of the book is taken up with very detailed descriptions of the code required to glue the real and virtual worlds together. At the end, the authors pull everything together by creating a virtual tabletop tank game. Basic computer graphics concepts are introduced as needed, as is a little bit of AI (for navigating mazes). I don’t think all the code examples were necessary—anyone capable of understanding the book could browse the source for themselves in most places—but this would still be a good starting point for an exciting undergraduate course.

Fourth on my winter reading list was Armstrong’s Programming Erlang, also from Pragmatic. The subtitle, Software for a Concurrent World, explains why so many people are suddenly interested in functional languages like Erlang: there’s a feeling that traditional imperative languages simply can’t cope with a world of multicore processors and web services. I’m still waiting for evidence that it’s easier to build such systems with functional languages, but even if it’s not, programming in Erlang and its siblings is like stepping into a parallel universe.

Armstrong’s book is a workmanlike introduction to Erlang in particular and parallel functional programming in general. Its author one of the language’s creators, and that occasionally shows through in discussion that is more nit-picky than newcomers probably need. The wealth of examples more than makes up for that, though, and everything is solidly grounded in real-world needs. Many of the underlying ideas can be used in other languages, even if not as gracefully, and should be in every programmer’s mental toolbox.

Last but not least are Thatcher et al’s Web Accessibility and Sydik’s Design Accessible Web Sites. Their common theme is making the web usable by people with disabilities, particularly visual handicaps. A quick audit of the web sites I’ve built in the past three years was pretty humbling; as the number of elderly web users grows, and as regulatory agencies start to enforce equal access rules, closing the gap between what is and what should be is going to become more and more important.

Of these two books, I preferred Sydik’s, primarily because it was shorter (less than half the size of Web Accessibility). On the other hand, the latter covers topics in more depth, and assumes its readers are somewhat more advanced. Both have plenty of pointers to tools and primary references; either would be a solid basis for several undergraduate lectures or an intensive two-day course in industry.

---

Joe Armstrong: Programming Erlang: Software for a Concurrent World. Pragmatic Bookshelf, 2007, 978-1934356005, 536 pages.

Stephen Cawood and Mark Fiala: Augmented Reality: A Practical Guide. Pragmatic Bookshelf, 2008, 978-1934356036, 328 pages.

Erik D. Demaine and Joseph O’Rourke: Geometric Folding Algorithms: Linkages, Origami, Polyhedra. Cambridge University Press, 2007, 978-0521857574, 496 pages.

Brian Hayes: Group Theory in the Bedroom, and Other Mathematical Diversions. Hill and Wang, 2008, 978-0809052196, 288 pages.

Jeremy Sydik: Design Accessible Web Sites. Pragmatic Bookshelf, 2007, 978-1934356029, 328 pages.

Jim Thatcher, Richard Rutter, Christian Heilmann, Andrew Kirkpatrick, and Cynthia Waddell: Web Accessibility: Web Standards and Regulatory Compliance. Friends of ED, 2006, 978-1590596388, 696 pages.

Books

My favorite books these days are Boynton’s Your Personal Penguin and Pratchett’s Where’s My Cow?, but since this is a magazine for programmers, not parents, I’ll turn my attention to six others: one very good, two useful, and three that missed the mark.

The first is Smith and Marchesini’s The Craft of System Security, which is the best undergraduate textbook on computer security I’ve read to date. The authors know their field well—Smith does academic research into trustworthy systems, while Marchesini has worked at several software security companies—and their experience is evident on almost every page.

The book is broken down into five sections: history, the modern landscape (which summarizes flaws in operating systems and networks, and explain where and why they arise), building blocks (including cryptography and authentication), applications (the web, desktop tools, e-cash) and emerging tools, such as formal proofs of correctness, hardware-based security, AI techniques for detecting intrusion, and human factors. The history section was particularly welcome: unlike most books aimed at developers, this one takes the time to explain and critique the US Department of Defense “Orange Book”, Bell and LaPadula’s groundbreaking work on formal analysis of security, and Saltzer and Schroeder’s design principles.

The topics in the middle three sections are more conventional, but still well done. Throughout, the authors hit exactly the right tone and level for their intended audience, use clear, pertinent examples, and provide extensive references to the primary literature. The final section, on emerging tools, is necessarily less nitty-gritty than its predecessors, since much of what they describe is still taking shape. Even there, though, they show how practical theory can be.

My one criticism of the book is that it doesn’t devote as much space as I would have liked to “soft” issues, such as the economics of information security, usability, or developers’ professional responsibilities. That’s a minor quibble, though; at over 500 pages, the book is already going to be a challenge to get through in a single semester course. I believe the rewards for doing so are considerable, and I hope many instructors and students choose to take it on.

Next up is Holmes’ Windows PowerShell Cookbook. Regular readers will know that I think PowerShell (formerly known as “Monad”) is one of the most important developments in practical programming in the last ten years. If you still need convincing, the recipes in this book show why. Yes, the syntax could have been better (there are better models to borrow from than Perl), but look at what you can do when your pipes and filters can pass objects around, instead of having to squeeze everything into lines of plain old ASCII. The core cmdlets show up several times, and hundreds of simple pipes and longer scripts are shown and explained.

Shortcomings? First, I would have liked more for developers, rather than users—if you want to extend PowerShell with new cmdlets, you’re going to need more than what’s here. Second, it all runs only on recent versions of Windows. As a result, examples involving Active Directory and registry manipulation probably won’t make much sense to readers from the other side of the “two solitudes” that are Unix and Windows. Finally, and most importantly, I don’t know why this is a printed book, rather than a dynamic web site. As much as I love flipping pages, I don’t think reference material belongs on paper any more: it’s hard to search, it’s never at hand when you need it, and the under-30s who do most of the world’s programming just aren’t that into dead trees.

I had the same reaction to Burns et al’s Security Power Tools. It contains a wealth of useful information on how to use a wide variety of tools for reconnaissance, penetration, defense, monitoring, and hardening, but some of it is already out of date (damn those new releases), and its 850 pages of often dense text would be more useful to me online and hyperlinked.

That said, it’s more than useful in its present form. The authors build firewalls, VPNs, and intrusion detection products for a living, and their in-depth experience with Linux, Windows, and Mac OS shows through in their examples. Most importantly, they almost never lose sight of the fact that the point of these tools is to find and fix problems. Sys admins and testers will particularly like this book, as it gives them a toolbox full of ways to find out what’s broken before the bad guys do. It’s not for cover-to-cover reading, but for sixty dollars plus shipping and handling, it’s a pretty good investment.

That brings us to the last three books in this month’s column. Shore and Warden’s Art of Agile Development was the best: well written and well organized, it covers everything in the agile canon without ever being preachy. However, it doesn’t say anything new: pair programming, test-driven development, continuous integration, and all the other practices it describes are now standard fare in undergraduate software engineering courses, and I doubt that anyone in industry who actually cares about their craft hasn’t heard about them before.

The same cannot be said of Pelesko’s Self Assembly. As the subtitle says, this book is about the science of things that put themselves together—in particular, about how we might be able to get nanomachines to build themselves in the same way as many biological molecules and other self-organizing systems. Most of it is very new (at least to me), and all of it’s fascinating.

However, playing this game requires more math than most programmers have today. If integrals frighten you, or if you’re not sure what an amphiphile is, a lot of what’s in here will wash right over you. If you’re under 30, this ought to worry you—it’s easy to imagine a future in which knowing aspect-oriented functional concurrent languages is the equivalent of being really good at COBOL, while all the really cool stuff is being done by physicists on nano-quantum thingies. Until then, though, this one is probably something most readers of this column will only want to dip into.

Finally, there is Inmon and Nesavich’s Tapping Into Unstructured Data, which I read in manuscript. To be frank, I’m not sure who this book is for: it doesn’t have enough depth or detail to be useful to programmers, and its “explanation” of the kinds of data to be found in spreadsheets and email messages won’t come as news to anyone in management, either. The authors have impressive credentials, and this is an important topic; it’s a shame the book doesn’t live up to either.

---

Bryan Burns, Jennifer Stisa Granick, Steve Manzuik, Paul Guersch, Dave Killion, Nicolas Beauchesne, Eric Moret, Julien Sobrier, Michael Lynn, Eric Markham, Chris Iezzoni, Philippe Biondi: Security Power Tools. O’Reilly Media, 2007, 978-0596009632.

Lee Holmes: Windows PowerShell Cookbook. O’Reilly Media, 2007, 978-0596528492.

William H. Inmon and Anthony Nesavich: Tapping Into Unstructured Data. Prentice Hall, 2007, 978-0132360296.

John A. Pelesko: Self Assembly: The Science of Things That Put Themselves Together. Chapman & Hall/CRC, 2007, 978-1584886877.

James Shore and Shane Warden: The Art of Agile Development. O’Reilly Media, 2007, 978-0596527679.

Sean Smith and John Marchesini: The Craft of System Security. Addison-Wesley, 2007, 978-0321434838.

Books

Inspired by Jorge’s list (but sadly, no games):

Sandra Boynton: Your Personal Penguin. Workman Publishing, 2006, 0761143726. Now, lots of other penguins seem to be fine // In a universe of nothing but ice. // But if I could be yours, and you could be mine, // Our cozy little world would be twice as nice. // I want to be Your Personal Penguin.

Stephen J. Ceci and Wendy M. Williams (eds): Why Aren’t More Women in Science? American Psychological Association, 2006, 159147485X. Chapters written by leading researchers on both sides of the nature vs. nurture debate. Dense and dry, but fascinating.

Frances Hardinge: Fly By Night. Harper-Collins, 2006, 0060876271. An orphan named Mosca and her not-really-very-tame attack goose get caught up in a revolutionary plot; delivers the heft and page-turning pleasure Pullman’s Dark Materials trilogy eventually failed to.
Margo Lanagan: Black Juice. Eos, 2006, 0060743921. The setting of these graceful, disturbing stories is never quite our world, but never quite not.

Scott Lynch: The Lies of Locke Lamora. Spectra, 2007, 055358894X. An orphan becomes a criminal mastermind, but at a price—pure swashbuckling fun.

Michael Nygard: Release It! Pragmatic Bookshelf, 2007, 0978739213. It could equally well have been called, “how to make enterprise-scale applications work in the real world.”

Ellen Ullman: Close to the Machine. City Lights, 1997, 0872863328. As the dot-com wave swelled towards crest and collapse, Ullman had to decide whether to ride it or let it slip by. An engaging phase-of-life memoir.

Books

The latest On Spec magazine (Vol 19, No 3, Fall 2007) includes “The Sorceress’ Assistant”, by Bakka‘s own Leah Bobet, and (ahem) “…But With A Whimper”, by yours truly.

Books

I just finished the final [sic] round of edits on A Bottle of Light, my next children’s book, and sent them to the publisher. I’ve been over this manuscript a dozen times or more, but I still keep catching silly typos and inconsistencies—I wonder if my code is this flaky, too?

Books

Plane flights are a great way to catch up on my reading, though they play hell with my back. I got through two and a half books on my way to and from the west coast last week, and finished the last one while eating handfuls of Vitamin I [1]. One of the three was very good, and the other two were certainly worth reading, so herewith the reviews.

The best of the three was Chess and West’s Secure Programming with Static Analysis. The authors work for Fortify Software, which (unsurprisingly) builds and sells static analysis tools to help programmers identify security holes in their code. Here, “static analysis” means “what you can find out by analyzing the program’s source, rather than by running it”. It’s a rich and complicated field, full of undecidable problems, but the authors make the core concepts accessible by grounding them in real-world problems. What data structures do analysis tools use to represent programs? How does Perl’s “taint mode” trace user-entered values through a program? Perhaps most importantly, how can you incorporate static analysis into your regular build and QA cycles, so that problems are caught and corrected before they reach the customer?

Readers will need a basic understanding of how compilers, call stacks, and pointers work to follow the discussion, but anyone who has ever forked a process or opened a socket should be OK. If you’re not, now’s the time to go back to your old textbooks and refresh your memory: tools like the ones discussed in this book are quickly becoming part of the mainstream, and developers who don’t know how to drive them will soon find themselves in the same bucket as ones who never got on top of HTTP, or still aren’t quite sure what a design pattern is.

Second on my list was Conti’s Security Data Visualization. As you’d guess from the title, Conti believes that developers and administrators can, and should, use data visualization to monitor and improve computer security. After a fairly slow-moving introduction, he presents a series of increasingly complicated case studies: an attack (or possible attack), a way of representing the key data pictorially, and then some analysis. Conti even includes a chapter on how to attack security visualizations, i.e., ways of pushing data into them that mask the signal of an attack. I’m not entirely convinced that the techniques he describes will scale to very large systems, but there are so many holes in small ones that I probably shouldn’t worry.

The last book of my trip was Hoglund and McGraw’s Exploiting Online Games. It’s a timely topic: more and more real money is tied up in virtual economies, and online gambling (particularly poker) is a multi-billion dollar industry. I also think it’s a great way to introduce security to students, many of whom spend as much time in the world of Warcraft as they do in this one.

The book covers a lot of important issues. It also includes a refreshing amount of nitty-gritty detail, much of which assumes in-depth knowledge of C/C++ Windows programming. But there was a little too much “gosh wow!” for my liking. Page 85 is just one example: are all those exclamation marks really necessary!!?? A sterner editor, and a little less self-reference, would have made this a stronger book, but even with its flaws, it’s a much better investment of time than Air Canada’s in-flight entertainment.

[1] Ibuprofen.

---

Brian Chess and Jacob West: Secure Programming with Static Analysis. Addison-Wesley Professional, 2007, 0321424778, 624 pages.

Greg Conti: Security Data Visualization. No Starch Press, 2007, 1593271433, 272 pages.

Greg Hoglund and Gary McGraw: Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional, 2007, 0132271915, 384 pages.

Books

Part way through Tracy Kidder’s classic look at the computing industry, The Soul of a New Machine, one of the hardware team burns out and quits. After months of worrying about clock ticks and microseconds, his intent is to think about nothing shorter than a season. When I first read the book, in the summer of my twentieth year, I pitied him; now, at forty-four, with the leaves turning orange and my daughter turning six months, I feel rather envious.

That’s one of the reasons I read as much as I do: it gives me an excuse to slow down a little, and to think about something more interesting than the grant application deadline that’s about to whoosh by. Nygard’s Release It! is a perfect example. It is full of useful information and practical advice, interspersed with war stories that help ground the general in the specific. As the blurb on the back cover says, Release It! is about designing applications to deal with the things that don’t happen in the classroom or the lab: load fluctuations, power outages, upgrades, tangled configurations, and the fact that Firefox sometimes sends two HTTP requests when you click on a link once. (OK, that’s not in this book, but it’s the problem the DrProject team is wrestling with right now, and this book has given me a couple of ideas for dealing with.)

Nygard’s focus is on how to make enterprise-scale applications work in the real world. He assumes his readers are familiar with something like J2EE, and with server farms, web caches, and industrial-strength databases; what he explains is how to use them more effectively. As an example, the chapter on capacity patterns talks about connection pooling, the importance of building a flush mechanism into every cache, when precomputing content will pay off, why you should tune garbage collection, and why object pooling no longer makes sense (if in fact it ever did). The rest of the book is equally practical, and just as well written. It would make a great text for a second course in web programming, and ought to be read by everyone tasked with building an e-commerce site capable of handling a customer’s rush season.

Segaran’s Programming Collective Intelligence is equally practical, though its subject is very different. The book is an introduction to the machine learning techniques that have helped make Google and Amazon household names. In Chapter 2, for example, Segaran explains how recommendation engines work by building a simple one in Python. In Chapter 3, he implements some simple clustering algorithms; in Chapter 4, he covers page ranking, and so on. Later topics include optimization, spam filtering, decision trees, and many other goodies.

Segaran’s examples are all interesting, and both his explanations and his code are exceptionally clear. Some readers will find there’s more math in the book than they’d like, but given the subject matter, that can’t be helped. With a few more exercises at the end of each chapter, it’d be a great textbook; as it is, it’s an excellent introduction to a topic that grows more important every day.

Last up this month is Berkun’s The Myths of Innovation, which, I’m sorry to say, left me cold. It’s partly my fault: I didn’t subscribe to the myths Berkun set out to debunk, so there weren’t any “ah ha!” moments as I read it. I’m also instinctively sceptical of “big picture” overviews: whenever someone makes a sweeping general claim (and Berkun makes a lot of them), my first reaction is to say, “Yes, but…” As an undergraduate, I would have considered this book a life-changing experience. As a middle-aged first-time father with two and a half startups behind me and grant proposals to write, I didn’t feel bad about setting aside to finish another day.

---

Scott Berkun: The Myths of Innovation. O’Reilly Media, 2007, 0596527055, 192 pages.

Michael Nygard: Release It! Pragmatic Bookshelf, 2007, 0978739213, 326 pages.

Toby Segaran: Programming Collective Intelligence. O’Reilly Media, 2007, 0596529325, 360 pages.

Books, Uncategorized

It’s Sunday morning. My daughter (the cutest baby ever) is still asleep, my coffee is just the right temperature, and I have the pleasure of being able to review three very good books. If some passing Samaritan would mow my lawn for me, life would be pretty much perfect.

First up is Johanna Rothman’s Manage It!. I liked her 2004 book on hiring techical people, and enjoyed 2005′s Behind Closed Doors as well, so I was already a fan. Her new book is her best yet: personal without being chatty, and informative without being dry, it covers everything a technical manager needs to know about running a development project. Life cycles, planning and estimation, building teams, integrating testing into the project, how to finish—each topic has a chapter illustrated by war stories from her clients and colleagues. I particularly liked the chapters on managing meetings and project dashboards: the students in the software engineering class I’m due to start teaching in nine days will probably get healthy doses of both.

The book’s only real weakness, in my opinion, is that it doesn’t back up its descriptions with examples often enough. In the chapter on meetings, for example, I woud have liked to have seen what well-written meeting minutes look like, or the agenda from an actual meeting (with some comments about how the meeting actually went). Similarly, the discussion of product risk would have been stronger if it included a listing of the risks faced by an actual product part-way through its development. These are minor complaints, though; I think Manage It! is a solid, useful, book, and I’m glad to have read it.

I’m equally glad that I read Richardson and Ruby’s book, though it is very different from Rothman’s. “REST”, which stands for “Representational State Transfer”, is an architecture for web applications that leverages HTTP methods and URLs, rather than replacing them. RESTful Web Services is, for want of a better term, technically-grounded propaganda: its authors believe they know how (most) web services should be built, and this book is their attempt to persuade others that they’re right. Luckily for readers, their persuasion takes the form of lucid exposition, balanced argument, and lots of examples. It’s exactly the kind of book that still needs to be a book: as useful as blogged essays like those in Joe Gregorio’s “Restful Web” column are, 400 pages allows Richardson and Ruby to develop their themes at length.

Finally, there is Best Kept Secrets of Peer Code Review. I’m instinctively sceptical of any book whose title includes the word “secrets” (or “Zen”—how come we never see books like “The Presbyterianism of Device Drivers” or “The Reformed Judaism of Web Design”?), and of anything published in-house by software companies with something to sell. This book, though, is a very welcome exception. Slim and well-written, it examines why “classic” peer code review has never taken off (hint: too much effort for too little reward), then presents results from a large, long-running study at Cisco Systems that shows what actually works (hint: one reviewer, a few hundred lines, and tool support). Yes, the author is trying to persuade you to do things his way, and that it’d be worth buying his company’s peer review tool, but I actually came away believing him. I don’t know if I’ll be able to persuade my students to start critiquing their teammates’ code, but having read this book, I’m certainly going to try.

---

Jason Cohen: Best Kept Secrets of Peer Code Review. SmartBear Software, 2007. Available from http://smartbearsoftware.com/codecollab-code-review-book.php.

Leonard Richardson and Sam Ruby: RESTful Web Services O’Reilly Media, 2007, 0596529260.

Johanna Rothman: Manage It! Your Guide to Modern, Pragmatic Project Management. Pragmatic Bookshelf, 2007, 0978739248.

Books