book reviews
RAILSSPACE: BUILDING A
SOCIAL NET WORKING WEBSITE
WITH RUBY ON RAILS
(Addison-Wesley Professional Ruby Series)
Michael Hartl, Aurelius Prochazka,
Addison-Wesley Professional, 2007,
$44.99, ISBN: 0321480791.
Ruby on Rails is an open source Web framework to support programming in Ruby. RailsSpace uses the development of an imaginary social networking Web site of the
same name to introduce the reader to Ruby on Rails. This
networking Web site serves as a vehicle for explaining
the concepts of the Ruby language and the Ruby on Rails
framework. The book is written as a tutorial presenting all
of the steps needed to get a Web site going.
It is best suited for beginning and intermediate programmers with some knowledge of other programming
languages. It comes to the topic not from the theory side,
but from the viewpoint of a practitioner. It would be a
good companion to a more theoretical book about Ruby
on Rails.
The book has two main parts: “Foundations” teaches
how to model users, connect to databases, perform testing, login and logout, and update information; “Building
a Social Network” focuses on creating a working social
network site. The Web application is built up step by step.
The complete source code is available on the book’s Web
site ( http://www.railsspace.com). This makes it easier
to follow the build-up of the Web page by trying it out
without having to retype everything. The authors encourage readers to explore and find out things for themselves.
They explain in an easy-to-follow way how to look for
further information by using the Rails API.
The book has a clear layout and font, and the code
examples work well and can be used as is. The authors
present output examples after each code listing, which
makes it easy for readers to check their own programming. Some of the explanations are rather offhand, however, and are not helpful if you want to know precisely
what is going on. Concepts that a reader may be familiar
with are often first used in the text and then explained
in a separate paragraph or section. This works well, as it
allows the reader to skip the explanations if they are not
required. On the downside, the book has a number of
annoying typographical errors. —Annika Hinze
BOTNE T DE TEC TION: COUNTERING
THE LARGES T SECURIT Y THREAT
(Advances in Information Security)
Wenke Lee, Cliff Wang, David Dagon,
Springer-Verlag New York Inc., 2007,
$99.00, ISBN: 0387687661.
Bots are computers that have been
manipulated to perform tasks, usually
malicious, without the owner’s knowledge. Botnets are
distributed networks of bots, coordinated by botmasters,
generally for illegal activities such as fraud. Large organized networks of these compromised machines present
a serious threat to the Internet community, by virtue of
their ability to deliver significant processing power into
the hands of those with nefarious intent.
Botnet Detection is a collection of papers from a 2006
workshop, sponsored by several U.S. government agencies, on botnets and techniques for detecting them. The
book contains eight chapters—one for each of the papers
presented at the workshop. In some cases, the authors
augmented the papers with more recent work.
Several chapters are devoted to various aspects of botnet structure and operation. One chapter discusses how
botnets can be used to compromise online commerce.
Others describe potential methods for detecting botnets
using network traffic analysis. Particularly interesting is
the chapter that discusses the management techniques
that botmasters typically use to control their bots and
how the network trail left by them can be used to detect
the presence of bots. The main themes of the book are
the analysis of typical network traffic patterns of botnets
and how traffic characteristics can be used in detection.
Each chapter ends with a thorough bibliography.
The book will be useful to people involved in network
security, particularly those developing defenses against
botnets. It is one of the few books in print that covers this
facet of the Internet. Unfortunately, the index is less than
complete, and some of the papers could have benefited
from a more thorough review. —David B. Henderson
