Software Books

When I bought this book I never realized how handy it would be. Reading it from cover to cover is a pleasure but it's also very easy to use as a reference -- I've never spent more than a minute trying to find whatever I need. This book has saved me uncountable hours both while debugging software and while porting to various platforms.

After 10 years of developing real-time software for DOS and embedded systems, I needed to develop software for the real-time O/S, QNX, a POSIX compliant O/S. Unlike DOS, QNX is a real operating system which demands a different programming paradigm. Without Lewine's book, I'm not certain I could have made the shift.

This book may be too complicated for somebody unfamiliar with C programming. But, if you know the language, it provides all the basics to successfully create software on a POSIX system. The first half of the book elaborates on how to do things in POSIX. Lewine does not assume that the reader knows anything about UNIX. Plenty of example code clarifies the the theory. All the examples are heavily annotated. One cannot *not* learn the POSIX programming paradigm from this book.

For real-time programming, information about POSIX.4 was needed, and I gleaned this from Gallmeister's PROGRAMMING FOR THE REAL WORLD: POSIX.4, also an O'Reilly book. Once through these books, code began to flow from my keyboard. The QNX library manuals made far more sense.

As an "expert" (I've been doing this for about 5 years), I still refer to the back of Lewine's book. The last half is a reference to the POSIX library functions. Although I haven't done much programming under LINUX, I presume this would be a useful reference for that O/S. The latter half of the book documents the function calls at least as well as any manual for a C programming library that I've ever seen. I've gotten to the point where this book mostly sits on my shelf--but it's comforting to know that when I can't remember the arguments for sigprocmask(), I can take it down and find the answer quickly.

For many programmers, interoperability is the name of the game.
Write once, compile everywhere. Yes, compile, because a compiled
program runs 80 times as fast as an interpreted program. Now comes
the gotcha: different compilers come with different libraries.
C source written for HP-UX might look different from C source written
for Solaris, which might look different from C source written for AIX
or Linux. What features of the language should we use? What library
calls should we use? Answer: Use ANSI C with IEEE 1003.1 POSIX
standard library calls. This gives you the most bang for your buck,
because nearly all C compilers support these standards. Write your
code on one platform, compile it on the other platforms. If you
conform to the POSIX standard, you will minimize your porting
headaches. Follow this book and you'll conform to the standard.

When I bought this book I never realized how handy it would be. Reading it from cover to cover is a pleasure but it's also very easy to use as a reference -- I've never spent more than a minute trying to find whatever I need. This book has saved me uncountable hours both while debugging software and while porting to various platforms.

After 10 years of developing real-time software for DOS and embedded systems, I needed to develop software for the real-time O/S, QNX, a POSIX compliant O/S. Unlike DOS, QNX is a real operating system which demands a different programming paradigm. Without Lewine's book, I'm not certain I could have made the shift.

This book may be too complicated for somebody unfamiliar with C programming. But, if you know the language, it provides all the basics to successfully create software on a POSIX system. The first half of the book elaborates on how to do things in POSIX. Lewine does not assume that the reader knows anything about UNIX. Plenty of example code clarifies the the theory. All the examples are heavily annotated. One cannot *not* learn the POSIX programming paradigm from this book.

For real-time programming, information about POSIX.4 was needed, and I gleaned this from Gallmeister's PROGRAMMING FOR THE REAL WORLD POSIX.4, also an O'Reilly book. Once through these books, code began to flow from my keyboard. The QNX library manuals made far more sense.

As an "expert" (I've been doing this for about 5 years), I still refer to the back of Lewine's book. The last half is a reference to the POSIX library functions. Although I haven't done much programming under LINUX, I presume this would be a useful reference for that O/S. The latter half of the book documents the function calls at least as well as any manual for a C programming library that I've ever seen. I've gotten to the point where this book mostly sits on my shelf--but it's comforting to know that when I can't remember the arguments for sigprocmask(), I can take it down and find the answer quickly.

POSIX is only one operating system standard in IEEE/IEC.
But now ISO have another oerating sysm standard, OSEK OS.
OSEK OS is more slight, simple and real time oriented.
Why Posix is not so portable and not so Open.
NIST made a POSIX Test Suite based on old POSIX standard.
But where is POSIX Test Suite based on new POSIX standard.
This book was based on old POSIX.
So, you can understand this with NIST posix test suite.

Gallmeister splits this book into two main sections, an introduction to the material and a reference section, which provides detailed documentation for the various function calls and header files. Somebody new to the material will find the first section indispensable, while the pro will flip to the reference section to answer questions.

Chapter one provides an overview of the problems this book addresses. The second chapter examines POSIX, POSIX options, and POSIX namespaces. Chapters 3 - 6 define real-time problems and POSIX.4 solutions. Chapter 7 considers the issues of real-time performance.

Gallmeister provides many example code fragments to illustrate his points. He would have done better to have annotated his examples, instead of writing a number of descriptive paragraphs after each fragment. A particularly useful feature is his discussion of "current UNIX practice."

Overall, this book provides a reasonable introduction to the concepts of real-time programming, and a number of "recipe" examples for the POSIX environment. Recommended if you'd like to develop real-time skills or need a reference work on the subject. I found it useful learning to develop QNX software, even though QNX implements a number of "optional" features differently.

This is the best book on the subject. One can tell that the author is an expert and knows very well what he is talking about.
Unlike one reviwer mentioned below - I dont think he has read any part of the book - this is not an "reasonable introduction" at all. This is an in depth handling of the topic.

If you know C and know UNIX, this book is for you. Simply put, he knows what he's writing about and he presents the material in a logical, methodical manner.
This book was written just before the POSIX4a standard was completed, so no PThreads are covered.
As long as you're not expecting PThreads coverage, you won't be disappointed. Most of the topics you need to know about mutli-threaded programming (besides PThreads) are here.

The book consists of 2 parts. The 1st part is a detailed guide to the real-time POSIX programming. The 2nd part presents a reference to all POSIX real-time functions. The book also has an appendix with various sample and exercise code.

All explanations in the first part are very clear and complete. Writing style resembles the best programming books (like those from K&R or R.Stevens). At the same time everything is given in a distilled manner without unnecessary water, so that you might handle the stuff surprisingly fast.

The second part is less valuable since all this material can be found in UNIX man. But if to see it as just a free bonus for the 1st part it is not bad at all. In any case having printed manuals is quite useful.

Sample code in the appendix is also interesting to look at.

Actually I didn't notice any considerable drawbacks in the book and recommend it to everyone interested in the subject.

The prerequisites are minimal. You should know C and be familiar with the basic UNIX/POSIX API (like working with files, etc.). The next reading is obvious - some book on POSIX threads (I'd recommend one by Mr. Butenhof).

I've managed to get about halfway through this book so far. It's NOT an easy read. Coverage and detail are excellent, however, and if you're interested in plumbing the depths of how MySql works, I would recommend this book as a solid reference for improving your overall knowledge.

No, I am not associated with the authors in any way. I was looking for a book for MySQL that was beyond "this is a database, here is how you select".

I wanted something more challenging that covered topics like clustering, backups, etc.

This book dives deep into MySQL database use and design, including detailed information on indexes, optimizations, etc.

Very good read. I totally recommend this book.

cbmeeks

This book is a great expert overview of all that is current in MySQL 5. This covers both the SQL interaction with the database and the management. There are aspects that users often don't use in any SQL platform, and it is a shame. The effort expended to learn stored procedures and custom functions is greatly rewarded in code creation and support. This is another book I rate as ROI super positive.

Highly indicated reading for any database designer involved in developing a major application or in optimizing database operations using MySQL, this intermediate/advanced level book assumes the reader has a general knowledge of database operations and some familiarity with MySQL database system. However, should such awareness be lacking, the book is sprinkled generously with additional source of information to remedy the deficiency. From conceptualizing and elaborating a database to fit business needs to implementing it in an efficient manner, the author takes the reader deep into the inner workings of MySQL in order to optimize database operations. Tools for benchmarking and profiling, which are essentials to indicate where coding performance could be improved, are explored in an insightful manner.
As much as it is possible to make a book on data processing, much less database innards interesting and captivating reading, the author has done an excellent job in this regard.
Overall, a must reading for any MySQL developer looking into enhancing his/her skills.

For people like me who have a good understanding of MYSQL, the next logical step would be this book. I already know about stored procedures, transactions and the basics of triggers, but I want to learn more about these topics in more "real-world" scenarios in how to develop larger, enterprise-wide applications. Also I want to know more about other advanced topics that I may not even know to think about. If this sounds like you as well, then read on...

The author starts in with reviewing how business requirements and the software development cycle can be part of database development. This a great chapter for people like me who would like to learn how different approaches are taken from different IT perspectives in a team environment (business analysts, application developers, and project managers) This chapter gives you a good understanding of how the other side thinks.

The next chapter focuses on the importance of proper indexing and strategies as pertaining to data storage. Because once your databases reach to the multiple gigabits of storage space, you need to very focused on how long each request takes. A few seconds here and there begin to add up and can cause serious issues if not taken into consideration early in your database design. Like me who only deals with small to an occasional medium-size database I never really had to think about this before.

The next chapter focuses on transaction processing in MYSQL which is one of the more difficult concepts for many and I am in the process now of reading it. I really like the author's explanations and examples. Each point is explained thoroughly and in an easy to read manner.

The rest of the book goes into more advanced topics (system architecture, benchmarking and profiling, security, replication and clustering) as well as giving more detail and explanation to topics that may only be briefly covered in other MYSQL books (stored procedures, functions, and views).

If you already know the basics of MYSQL and want to really advance your knowledge with "real-world" scenarios, this is the book for you.

John Jordan has written an excellent book on SAP Product Costing. I have read this book cover to cover more than once and use it as a reference often. To me it is more than a book on variance analysis as it also provides great perspective on the product costing process. There is also a good bit of detail regarding scrap analysis as well. I look forward to reading another book authored by Mr. Jordan on product costing in the future.

This is a great book, and a long-awaited resource, for anyone involved in product cost controlling in SAP. It's got great information, from high level to detailed, for people at all levels of expertise. It covers so much more than just analyzing your production variances. It covers the whole process of how variances are determined, including planning, master data, actual postings, and variance calculations. I highly recommend it.

Good Book.Worth Buying and also it does take you through the whole process of the Product Costing and gives you in a Snap Shot what the whole product costing is .There is nowhere in the books the Complete View ,given in one book. After Reading the Book read the SAP help for Cost Center Planning and the SAP book on Production Planning then you have covered all the Bases in the Product Costing

This is an excellent book. I've been working in SAP for over twelve years as a logistics consultant and project manager. I've been able to cobble together a cursory knowledge of CO by reading the help files. This book has taken my understanding to the next level. It provides a comprehensive overview of product costing in SAP, going far beyond the standard SAP help screens.

The book follows the process of product costing from planning, through master data, to month-end processes, such as overhead allocation, WIP calculation via results analysis, variance calculation, and order settlement.

I highly recommend this book.

Jeff Knowlton

This book is the bible for anyone who needs to understand how the production planning and variance reporting systems work in SAP. Its clear and takes you step by step throught the process. I highly recomend this book

Mr. Bassiri definitely has an excellent grasp of the Netscape Server architecture. After reading this book, I have gained a better understanding of the Netscape server inner workings. I found the chapters on WAI very helpful! I would definitely recommend this to anyone developing applications for the Netscape platform.

My only complaint is that some of the sections are too wordy and redundant.

I thought I knew a lot before I read this book. I was just fooling my self..... Must own book if you work with NES.

Just got my copy of this book and it is great. Wish Netscape provided such accurate and detailed information in their books. Mr. Bassiri seems to know what he is writing about. He seems to write from experience instead of reading Netscape manuals and rehashing the old story. Appendix A and B are really helpful. They included a complete list of server configuration settings. The NSAPI tutorial is the best around and the WAI section provides a true programmer's review of this API. This book is packed full of information. If you want to know how the Netscape server works and program applications for it, you should definitely buy this book.

If you administer or develop for Netscape servers, you will benefit from this book. Administrators: the knowledge you gain from this book will allow you to modify the config files to do correctly what the Server Manager sometimes doesn't do properly, and configure features that simply cannot be administered from the Server Manager. Developers and Architects: Having read this book, you will know what options you have, and be more easily able to decide which architecture is best for your application -- and you'll be able to code it. In addition, your understanding of the key concepts will allow you to grasp quickly how external but related technologies (like Forte's Web Enterprise) work. Well-written, detailed and comprehensive; highly recommended.

Easy to read, I delved in and finished it in 2 workdays without falling asleep. The info is clear and the examples great. Two suggestions: more examples, and greater focus on what the non-threadsafe functions are. He lists NSAPI funcs and says to use 'em (util_sprintf() for instance) but doesn't mention if strlen or other functions are threadsafe. Also, the time function - I can't get a compile using time funcs that don't have a local time_t or timeb structure (instead of pointers to system structures). That should be noted. Otherwise, totally required book and excellent for beginners to get into it.

This book is very good for all types of projects. It covers setting up a project, organizing the work, managing a project, handling several projects at once, dealing with project issues and crises, using modern technology such as groupware and the Internet. The approach of establishing an issues data base and relating issues to specific tasks in a project is unique. It is very useful.

This is one of the best project management books for introducing employees to modern project management in an interesting way. Most project management books are ver dry and lack realistic examples. Thus, it is difficult to motivate people to read and use such materials. This is a very practical, down to earth book that has many guidelines that you can use immediately as you read the book. Some of the strengths of the book are: 1) best description of matrix management; 2) use of collaborative tools in managing projects; 3) how to deal with multiple projects; 4) how to share resources across several projects; 5) how to deal with risk in projects. The authors have developed a very creative and useful approach in dealing with project risk that associates project risk with unresolved issues. I highly recommend this book.

Project management for the 21st century is one of the most usable, easy to read, and complete project management books. There are good examples. Techniques are modern--better than that available in other books. This books stresses working together, sharing information, and dealing with resources that are spread among various projects. Very good reference.

This book provides the basics of project management in an easy to use casual style. It proceeds step by step through building a plan and then managing a project. The chapter on project costing is good, but could use some more detail. The modern and historical examples are usefully examined. These could be expanded more later.

This book not only gives you all of the basics, but also highlights how to use the Internet for project management. Very useful material.

There seem to be three categories of computer security books. The first category is books written for system administrators or computer owners, and explains how to protect the computers under their control. The second category is the "true crime" genre that recounts the exploits of black hat hackers or explains the hacker culture (sometimes as "how-to" books for non-programmers). The third, and rarest, category is books for professional programmers that explain the coding idioms that make programs more secure or more insecure.

This book is an excellent contribution to the third category. It explains how certain ways of programming in C and C++ make programs vulnerable to security attacks. There are many code examples throughout the book illustrating the issues.

Although everything is explained in great detail, the treatment is not superficial. (No background in computer security is required, but the reader should be at least a journeyman C or C++ programmer.) Some of the security holes will surprise readers familiar with the basics of computer security. My favorite example: Many programmers know that the gets() function once was involved with compromising 10% of the computers on the Internet in a single day, but did you know that printf can also be a security flaw in some cases? The statement:
printf(s);
can allow an attacker to run any code of his choosing if s is a string provided by the attacker. Even more surprising is the printf attack has been used successfully on popular programs.

This book should be read by any programmer who does I/O across a network, or who writes applications that provide a captive environment for their users (data entry stations, information kiosks), or who writes programs to manipulate sensitive data. Even programmers merely curious about security issues will find this book a readable treatment. I guess the Black Hats can read the book to get more ideas for future attacks.

I can personally vouch for Seacord's expertise. He is a security analyst as the Computer Emergency Response Team/Coordination Center, and I've worked with him on the ANSI/ISO C Programming Language Standards Committee. I've found his information on computer security both educational and valuable.
[...]

This is an important book for people that write computer programs and their managers.
It is also very well organized and well written. Seacord reveals how the bad guys take
advantage of bugs in programs to break into a system or damage it. It is the most
complete list of exploitable bug types that I am aware of.

Many examples are given, naming software that have been exploited by bad guys. Some
may protest that this provides the bad guys with a list of easy targets. All of the
vulnerable software has been updated to fix the bug, and the improved version has been
available for a long time.

Everyone that writes software intended to be used by someone else should read this book.
Every organization that writes software should have a copy.

Most of the security flaws are buffer overflows. Secord shows how, from the simple use of
gets() through mistakes triggered by subtle differences in the rules for signed and unsigned
integers of various sizes. There are other ways, and some are quite subtle, but still
preventable. The bad guys are not Jay Leno's "Dumb crooks."

The primary way to frustrate the bad guys is to not have any of the bugs they exploit.
Seacord admits zero bugs is an elusive goal and recommends defense in depth by the use of
various freeware or commercial packages intended to trap or prevent certain errors.
He lists and describes many, with their strengths and weaknesses.

Read this book and make your code better. Read it again, next year.

The following are my opinions, based on over 40 years writing software, but I doubt
Seacord would disagree. Every security bug is also a bug that can cause a crash or a
wrong output from a program. The major cause of fewer bugs is the attitude of the
programmer. Managers can affect the attitude of the programmers by their choice of
questions. Do not ask "Is it done yet?" Instead try approaches like: "Tell me about how
you validated the inputs and how you identified all the inputs." "Who reviewed your test
cases?" "How did you decide you had tested enough?" The fewer bugs of any kind in your
product, the less likely the bad guys are going to target it, other things being equal.

I had the honor of taking a short course at a software security summit from Robert Seacord. I would have to say it was one of the most informative security related courses that I have taken. This book encompasses the course that I took and does a great job of explaining what to watch out for when writing code.

I highly recommend this book for any serious developer.

This book slipped under my radar, but I recently picked it up and was quite impressed.

This book is fairly unique in that it is accessible and well-written, yet, at the same time, unabashedly technical. It's quite simply a very good book, and it should prove valuable to readers new to software security, as well as experienced security consultants and vulnerability researchers.

I know the problem domain intimately, and was quite impressed at the level of thoroughness and the technical depth of the coverage. This book isn't merely a well-written exploration of known insecure programming idioms and attack techniques; there's actually a considerable amount of original research and material that you won't find elsewhere. Specifically, the coverage of integer issues goes above and beyond what has been previously written, and it's incredibly topical given the current trends in vulnerability research. Seacord's mastery of the C language and his ability to distill the practical rules of thumb out of the somewhat fragmented C standards really results in an excellent resource.

Seacord gives an unsettling walkthrough of vulnerabilities present in much of C and C++ coding. Buffer overflows take up a significant portion of the discussion. Which leads into considering how these can be introduced into unwary code. Consider C. The common string functions of strcpy, strcat, gets, streadd() and others are shown to be very exposed to error or attack. C++ also has similar drawbacks.

The text explains that much of these trace back to some bad usages. Strings are defined to be null terminated. And bounds checking is often not done. While this is often true of code that the programmer writes, it is also true of various common C library functions, like those mentioned above. In fact, Seacord goes so far as to emphatically assert that gets() should never be used in your code. Instead, he suggests fgets() or gets_s().

Seacord also covers other topics, like dynamic memory management, which might have vulnerable heaps. Various 3rd party analysis tools are suggested, to find these errors.

Overall, the book can be quite disturbing, if you are maintaining a large body of C or C++ code. Might make you want to delve in and replace those gets(), at the very least.

While the text doesn't mention this, it turns out that recent languages like Java and C# have far more robust string handling abilities. They were written after the above flaws in C and C++ become apparent.

Have been using code from this book with great success, extending the functionality of SSJS objects (SuperFile, SuperMail)--until now (SuperClient). SuperClient can't seem to see the [client] object in an iPlanet WebServer 4.1 environment. So, digging around in vendor supplied documentation for that version, we find [customClient]. The description of this [customClient] object is very similar to [SuperClient]. Now, while merging the functionality of the two, the book continues to be a wonderful asset.

iPlanet Web Server, Enterprise Edition Server-Side JavaScript Guide (v4.1)* March 2000 (p140 ff) Creating a Custom [client] Object

EXTRACT: Properties of the predefined [client] object can have only string values. To extend the [client] object with a custom object include the following line at the beginning of pages that require it: [var customClient = getCustomClient();] If this is NOT the first page that requests the object you get an existing object, otherwise a new one is created.

I have been using and referring this book to development teams for the past year. An excellent tutorial and reference point for people exposing the power of Server-side JavaScript.

The book was very good with the best history of JavaScript (server and client-side) I have ever read. However, nobody in the professional world will start a project today in SSJS, the language is extinct. Only legacy web applications will be using this and there are so many better server-side languages available now.

I have scanned this book, and true to what the other reviewers have said, this book looks excellent. I like that SSJS seems to separate the business stuff from the presentation stuff (HTML) unlike ColdFusion and ASP's. How many people are using SSJS?

If any one wanted to learn good SSJS programming techniques, this is the best buy. Authors not only have real stuff but they explained in a much better way than anyother about SSJS concepts with wonderful, real life examples. Ofcourse, you shoud know about javascript fundamentals (core javascript) before you read this book and authors are very specific about the content of the book and their target is only for users of SSJS

It is one of the best books on SQL I have read. This is a good book not only for those who want to use SQL Anywhere but for all SQL Afficianodos. It is both comprehensive and compact. I found this book useful while trying to understand Mobilink. I recommend this book without any hesitation to anyone who wants to understand how everything works in SQL Anywhere.

In a word: Awesome! This is the definitive book on Sybase SQL Anywhere 9. If you use this at work, especially in a replicated environment, then you MUST have this on your shelf.

This is a down-to-earth, no-holds barred approach to dealing with the good/bad/indifferent aspects of SQL Anywhere Studio 9. I am a data architect for a company that manages over 4,600 remote databases and this book has single-handedly helped me solve issues we have been having for months.

The author, Breck Carter, is a man who has been in the trenches with "the rest of us" to solve some of the most vexing data management problems. The solutions are as simple as they are elegant.

Written in a "real-world" tone, this book gets to the nitty-gritty of 99% of problems. The chapter on Mobilink replication is worth the price of the book alone as it goes into extreme detail on the how/whens/whys of moving data around and how to best utilize this impressive feature.

Highly Recommend!

Some of the documentation in this book is included no were else besides Sybase official docs. Given that "official docs" have such a dry reputation, I was happy to find this book. Indeed it is much easier to read, and contains lots of important information for configuring and programming in your SQL environment.

This book is packed with pertinant, in-depth info. The author does not have an overly-wordy style, so there is no inflated page-count.

This book is simply a must-to-have for db-developers; it presents a complete and compact reference for experienced developers as well as it offers a comprehensive immersion in SQL Anywhere to beginners and less experienced ones.

If I had to use only one word to express my opinion about this book I would just say: RELIEF. Relief of not getting drowned again in hundred of pages of irrelevant topics, misleading information, decorative pictures and tools descriptions.

I highly recommend this book to application programmers, as myself, accustomed to flirting with different db-engines but still seeking a solid understanding relational db paradigms.

I started using Sybase SQL Anywhere before Sybase owned it--when it was called The "Watcom" Database Engine. "SQL Anywhere Studio 9 Developer's Guide" is an outstanding reference. The book was written by someone who obviously has a great deal of experience using SQL Anywhere Studio to build real-world software solutions. Highly recommended.

While some passages are repetitive, on the whole, this book is very informative. The author leaves nothing to chance and is thorough in his explanation of various methods and how to reproduce them. The explanations by example are flushed out with no assumptions made about user knowledge, which was great in my case because before reading this book, all I knew about SAS is that it existed. Now, I can apply various and powerful statistical techniques on my own. Thanks Prof. Hatcher!

More detailed explanation of every subject discussed. Nothing was assummed. The appendix include vital information for new SAS users.

This is the single best statistics text I've ever read. It's extremely easy to follow, very practical, and gives outstanding examples. Everything is so clearly described in the book that one might call it Factor analysis and SEM for Dummies. I only wish that the book covered nonrecursive SEM models.

Very easy to read. Examples are simple and effective. The book explains the statistical concepts as well as the SAS programming tricks. In fact, the book provides complete code - you will be able to get good amount of analysis done just by copying that code. However, you also need to buy the "The Little SAS Book" if you never used SAS before.

This outstanding book was one of the mainstays for my Ph.D. dissertation. It explain factor analysis and SEM techniques in a clear and effective way, with an hands-on approach that guides the reader during all the data analysis and result interpretation phases.