Four Reviews

I have a confession to make: I fold down page corners when I'm reviewing technical books. Only technical books, mind---I'd never, ever do something like that to a novel. And yes, I've tried yellow sticky notes, bits of strings, and other mnemonic devices, but somehow, a folded corner is just more...satisfying. My copy of the second of Alistair Cockburn's Agile Software Development has a lot of folded-down corners, most of them marking passages that I want to use in the two new software engineering courses I'm going to be teaching next (school) year. His nuanced examination of development processes---what they are, where they come from, why there's more than one, and how to tell which is right for your project---is almost always quotable, and frequently thought-provoking. Much of the credit for this goes to the fact that it is so clearly derived from extensive personal experience: Cockburn makes liberal use of war stories to illustrate his points. Of course, nothing is perfect. While he tries hard to be even-handed, his bias toward planless methodologies [1] sometimes shows through. I also found myself wanting him to cite data more often: personal experience is invaluable, but I'd like to know how general his is. Those are both quibbles, though; this is a very good book about issues that people running small and medium-sized teams have to grapple with over and over. My other Christmas find was Robert Sabourin's I am a Bug. Sabourin, a software tester, wrote the book in the late 1990s to explain to his daughter (then aged 8) what QA was all about. She drew the illustrations, and the result is warm and funny without ever being condescending. (I particularly liked the bit that said you can have too many frogs...) The book is self-published, so you'll have to order it from or another print-on-demand outfit. Book number three, Benantar's Access Control Systems, is unfortunately much less satisfying than either Cockburn's or Sabourin's. Keeping track of who can access what has always been a hard problem; as applications go global, it is an ever-more-significant element in system architecture and design. Unfortunately, this book is more theoretical than practical. In the section starting on page 160, for example, the author explains what a Turing Machine is, so that he can later sketch a proof for the undecidability of the general safety problem. That's nice to know, but some Java, C#, or Python that actually implements RBAC (or at least a few class diagrams showing what an implementation would look like) would have made a nice counterpoint. Benantar presentation is also rather IBM-centric, and focuses more than I'd have liked on role-based access control (RBAC). Last and least is Andersson, Greenspun, and Grumet's Software Engineering for Internet Applications. I think the authors meant to show how theory and practice inform each other; what they've produced instead reads like a set of course notes that have been updated haphazardly by several different lecturers over a ten-year period. Sebesta's Programming the World Wide Web is better organized and more up-to-date; if you're looking for an all-around textbook, it's a much better buy.
[1] More often called "agile"; I'm calling them "planless" here to draw attention to the spin factor in people's choices of names.
Eve Andersson, Philip Greenspun, and Andrew Grumet: Software Engineering for Internet Applications. MIT Press, 2006, 0-262-51191-6, 398 pages. Messaoud Benantar: Access Control Systems: Security, Identity management and Trust Models. Springer, 2006, 0-387-00445-9, 261 pages. Alistair Cockburn: Agile Software Development: The Cooperative Game (2nd ed). Addison Wesley, 2007, 0321482751, 467 pages. Robert Sabourin: I am a Bug. Self-published (available through, 1999, 62 pages. Robert W. Sebesta: Programming the World Wide Web (3rd ed). Addison Wesley, 2005, 0321303326, 672 pages.