Profile for Michael Schuerig > Reviews

Browse

Michael Schuerig's Profile

Customer Reviews: 12
Top Reviewer Ranking: 6,182,821
Helpful Votes: 228




Community Features
Review Discussion Boards
Top Reviewers

Guidelines: Learn more about the ins and outs of Your Profile.

Reviews Written by
Michael Schuerig RSS Feed (Bonn, Deutschland)
(REAL NAME)   

Show:  
Page: 1 | 2
pixel
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
by Mark Dowd
Edition: Paperback
Price: $53.75
53 used & new from $45.44

25 of 27 people found the following review helpful
4.0 out of 5 stars Bible? Rather hell without redemption!, November 29, 2008
This book was like a blow to the head for me. I'm not a security person, I'm not coveting ever more arcane vulnerabilities. Rather, I'm the poor guy at the other end of things: I'm a programmer. It's my job to avoid all the known and imaginable vulnerabilities while at the same time providing some useful functionality to my customers.

You bet I wouldn't like some self-styled security "researcher" tear apart my poor little programs and expose all their failings. What's troubling me, after reading this book, is that it looks very much like I hardly stand a chance. Security would be hard with the best of tools, unfortunately, at least when it comes to systems programming, the tools -- C, low-level APIs -- are dubious at best and introduce lots and lots of problems of their own. These tools hail from a happier time long ago when we were still trusting trust. I was overcome by a mixture of horror and chagrin when I saw proof in this book that not even the people writing sensitive security software (such as OpenSSH) wield these tools artfully enough to avoid vulnerabilities.

And this is where I come to the only beef I have with an otherwise comprehensive book. It's like a field guide to dangerous beasts that teaches you to recognize sabre-toothed tigers, but doesn't tell you how to get rid of them. Contrary to what the subtitle promises about preventing software vulnerabilities, there is just too little about it. This is a considerable shortcoming, in my view, as a lot of the demonstrated vulnerabilities don't have trivial remedies even after they are exposed.

Wrapping up, I feel left alone in the twilight and I think I saw a tiger over there.
Comment Comments (2) | Permalink | Most recent comment: Jul 18, 2009 7:21 AM PDT


Expert C Programming: Deep C Secrets
Expert C Programming: Deep C Secrets
by Peter van der Linden
Edition: Paperback
Price: $30.75
45 used & new from $25.20

7 of 10 people found the following review helpful
3.0 out of 5 stars Expert on C, not expert on programming in C, August 27, 2008
This book helps you on the way of becoming an expert on the C programming language, it is not much help for the purpose of becoming an expert on programming in C.

What's the difference? Well, on the dimension from language lawyer to poet, this book falls more on the lawyerish side. In the same way that grammatically correct sentences in a natural language are rarely great poetry, so correct C programs are not necessarily great programs. Correctness is necessary, yes, but hardly sufficient.

Van der Linden has little to say (or if he has, he doesn't tell) about topics such as good style at a small scale and doesn't at all touch how to structure programs at the large scale. Things like how to avoid name clashes, structure header files, handle errors, avoid resource leaks.

The C programming language is still very much alive, and as far as I can tell, the place on the shelf for a book on C Patterns & Idioms is still vacant, waiting to be filled.


No Title Available

58 of 64 people found the following review helpful
4.0 out of 5 stars Good for public sites, lacking coverage of web-based applications, May 22, 2008
The book is almost exclusively focussed on forms on public websites, such as eCommerce or social networking sites. As a result, the studies cited and undertaken by Wroblewski investigate how users interact with forms they are not accustomed to.

In other words, the goal of the book is to optimize forms for novices, not necessarily for proficient users. In itself, this goal is laudable, however, it ought to have been made explicit. As things stand, it is uncertain if all or which parts of the advice applies to forms whose users interact with them regularly and know them well.

By the standard of this book, complex forms are a mistake. And this may well be true for public facing sites. The situation is different for in-house applications that incidentally have a browser-based user interface. On these, unfortunately, the book remains silent.

I'd like to have seen a discussion of interactive controls beyond the native HTML text fields, drop downs, check and radio boxes. I'd like to have read how to make the best of fluid or elastic page layouts, as it is, all examples assume fixed-width layouts. A chapter on the construction of forms using semantic HTML and CSS wouldn't have been out of place either.

What's missing most of all is an extended case study that goes through all the stages of designing a realistically complex form.

After all this criticism, I'd like to point out that what is there in the book is very solid. As things stand, though, there remains much to be said.
Comment Comments (6) | Permalink | Most recent comment: Feb 22, 2011 8:53 AM PST


Database in Depth: Relational Theory for Practitioners
Database in Depth: Relational Theory for Practitioners
by C. J. Date
Edition: Paperback
Price: $30.07
78 used & new from $1.37

13 of 14 people found the following review helpful
2.0 out of 5 stars Theory without practice, May 13, 2008
Despite the sometimes critical earlier reviews I was hoping for an informative read. I was disappointed. There is theory in this book, no doubt, but where is the practice? Date goes on and on about the many failings of SQL, or to say it more in style, he pontificates on the sins of SQL against the one true relational model as, incidentally, incarnated in his own Tutorial D.

The writing is tedious as Date constantly refers to what he will say, what he has said, and what he won't say. The list of suggested readings may be an indication of the status of Date's views in the wider database (research) community: on three pages he almost exclusively refers to publications by himself or his close buddies.

I'd be willing to forgive all these shortcomings if I had learned one great practical idea in the book, just one thing that makes me a better software developer. Alas, no. For the theory alone it's hardly worth slogging through this volume, slim as it is. Instead, I recommend a solid academic textbook, such as Database Systems, The Complete Book by Garcia-Molina et al. It's dry book, but without the preaching.


Joe Celko's Thinking in Sets: Auxiliary, Temporal, and Virtual Tables in SQL (The Morgan Kaufmann Series in Data Management Systems)
Joe Celko's Thinking in Sets: Auxiliary, Temporal, and Virtual Tables in SQL (The Morgan Kaufmann Series in Data Management Systems)
by Joe Celko
Edition: Paperback
Price: $26.89
63 used & new from $4.55

45 of 60 people found the following review helpful
3.0 out of 5 stars Emperor Ming strikes back, May 3, 2008
I have (read) copies of five earlier of Celko's books on my shelf, still I am again amazed by the cultural distance. Most of my programming life I have spent with object-oriented programming languages and associated technologies. Thus, when Celko starts the present book with a discussion of the differences between flat files and relational databases, it could hardly be more distant than if he had extolled the virtues of the gasoline engine over its steam predecessor.

Celko likes to refer to his informers as "Mr. So-and-so, working for company X" this again moves the cultural differences to the front, and I can't avoid a slight chuckle when he reverently cites "Dr. E.F. Codd" for the umpteenth time. It all decidedly feels like a tale from an imaginary 1950s. I certainly envision people in lab coats.

The tone moves from enjoyably quaint to annoying, when Celko (again and again) ridicules the many failings of database novices and sophomores. He might not realize that those who share in the joke have no need to read his book -- and that those who bought the book to learn something from it may feel a wee bit offended. After all, we are already aware that there's something we don't know yet and want to learn, there's really no need to rub it in.

So much for the atmospheric stuff. But, of course, I didn't buy this book to make me feel good, but to learn something, come rain or shine. And, yes, there is a lot useful stuff in this book. More in the bits and pieces than in some generalized approach. And by far more in line with the subtitle, "Auxiliary, Temporal and Virtual Tables in SQL" than with "Thinking in Sets", the main title. Regarding the latter, I found the most worthwhile part of the book to be the discussion of why boolean flags are bad (ch. 11, Thinking in SQL).

Celko's effort to distance the relational, set-based approach from earlier practices crops up all over the book. I had expected -- and hoped! -- that Celko would put considerably energy into comparing, contrasting, and hopefully complementing set-based thinking with current object-oriented approaches. Alas, he's completely preoccupied with his own tradition and doesn't wander into OO-land at all.

I would have been very interested in reading a knowledgable discussion of where to draw the line between procedural and set-based approaches. And, as most practical programs will employ both of these approaches, how to interface the respective parts. On the latter issue, there's not a single word in this book. The treatment of the former issue is interesting, in a twisted sense. Celko demonstrates some string processing in SQL and concedes that this would be much easier in languages such as ICON or SNOBOL, those stalwarts of 1970s era dataprocessing (does he even know Perl?). Well, why then try to abuse SQL to do something for which it is ill-suited and results in bloated code? Why anyone would want to solve Sudoku puzzles in SQL I cannot fathom, either. Celko doesn't tell, and neither does he present the whole (repetitive) code, nor explain how the set-based approach works in any sufficient detail.

The overarching mindset exemplified in this book is to push as much into the database as possible, even if it hurts at times. I don't mean to denigrade the intention, namely application-independent, consistent data storage. However, the reality in current software engineering is that a shared database is but one solution among others. For instance, SOA (Service Oriented Architecture) is specifically about connecting applications through services they provide, not by tying them to a shared database.

Celko likes to style himself in the image of Ming the Merciless. The semblance is indeed uncanny and as I hinted already, he tries to live up to the role as his author persona. Unfortunately, he doesn't seem to realize that there's one thing that can't be tolerated in an arch-villain (as well as in his henchmen and henchwomen): sloppiness. The book has more than its fair share of typos and grammatical accidents. A particularly amusing case in point -- due to his belligerent character, a deeper insight, or simply search-and-replace gone awry -- is an example that consistently refers to "martial status".

For the good parts I'd doled out 4 stars. For The many detractions I deduct 1 star.
Comment Comments (6) | Permalink | Most recent comment: Jun 6, 2012 6:47 AM PDT


The Principles of Beautiful Web Design
The Principles of Beautiful Web Design
by Jason Beaird
Edition: Paperback
118 used & new from $0.01

24 of 31 people found the following review helpful
3.0 out of 5 stars Who is the intended audience again?, April 21, 2007
One of the dedications of this book reads

"To ..., 'The Programmers' at Acceleration. Your random color choices and offbeat design decisions are the inspiration for this book."

In the Preface (p. x) the author says it even more explicitly

"While the content is directed toward programmers and developers, it provides a design primer that will benefit readers at any level."

That sounded good, like something I've long been looking for. I am a software developer, that's what I'm good at, and I don't even want to be a graphic artist. Nonetheless, I have to make aesthetic decisions in my work. Unfortunately, this book doesn't help me much there.

Jason Beaird is not talking to me with this book. Contrary to the above quotes, he doesn't specifically address programmers, he doesn't take into account what skills they do and don't have. So, while I surely appreciate the principles expounded in the book, I'm pretty much overburdened with putting them into practice.

For instance, when it comes to creating and manipulating images, he takes familiarity with Photoshop for granted. In one place (p. 92) there's even a warning

"Advanced Photoshop Ahead. As this isn't really a book on Photoshop, I've assumed that you already know about many of its features in this section."

No, I don't. In fact, Photoshop isn't even available for my development platform of choice, although there are alternatives. But please, dear author, I'm a programmer, don't assume that I'm familiar with that kind of tool; I even may not have anything like that installed on my machine. When I'm talking to graphic designers, I don't assume that they have my IDE of choice installed on their computer and are able to use it either.

Summing up, I keep my eyes open for a book that lives up to a title like "The Practices of Solid Web Design". I'll happily leave beauty to the respective professionals and settle for bread and butter -- as long as the book actually teaches me how to bake my own bread instead of admiring fancy cakes.


Living Next Door to the God of Love
Living Next Door to the God of Love
by Justina Robson
Edition: Paperback
Price: $11.58
76 used & new from $0.01

18 of 18 people found the following review helpful
2.0 out of 5 stars Give me constraints, not wonders, May 10, 2006
The title is great, unfortunately, as it happens, the title is the best thing about this novel. The plot meanders along and touches upon one sub-story after another. There's ample supply of sex and violence. Then, suddenly, everything is over--it must be as there are no more pages in the book. Otherwise, I wouldn't have noticed.

One of the minor problems is that Robson appears to be determined to tell too many stories at once and doesn't get around to do any of them justice. A deadly problem is that these stories are mostly bad fantasy clich?s.

What kills the whole thing for me is lack of understandability. Why are the characters acting in the way they do? What are their motivations? What are their ranges of possible behavior? What are the laws of nature in the narrative universe they inhabit? To the reader these are mostly unfathomable. Don't even try to speculate about what one or another of the characters does next. No chance. As there are no constraints on what can and cannot happen you have to wait until the author comes around and tells you. The effect is not very exciting. Bare facts and wonders are boring.

If anything, read Robson's Natural History before this book. Then, at least you get a glimpse of what Stuff and Engines are about. Alas, it doesn't help much.


Essential Business Process Modeling
Essential Business Process Modeling
by Michael Havey
Edition: Paperback
Price: $40.16
69 used & new from $0.01

22 of 23 people found the following review helpful
2.0 out of 5 stars Ephemera, not essentials, November 12, 2005
If you go by this book, the essentials of Business Process Modeling consist of knowing a bewildering multitude of languages and (industry) standards. Process theory is covered on the surface. There's a chapter on patterns whose presentation has very little in common with the established patterns form and where it is at least questionable if they really live up to pattern status beyond simply being modeling idioms. The biggest drawback, however, is that this book hardly teaches anything about actually modeling business processes. By comparison, imagine a book on software design that introduces the various UML diagrams and the tools of the day -- but stops short of saying a thing about actually doing software design. No doubt, there's a place for books on notations, standards, and tools. But don't confuse those with the essentials of a field. When modeling business processes, analyzing and understanding them comes first, expressing them in some notation comes much latter. Unfortunately, Havey doesn't touch the first part at all.


AspectJ Cookbook
AspectJ Cookbook
by Russ Miles
Edition: Paperback
Price: $38.44
46 used & new from $2.15

2 of 3 people found the following review helpful
3.0 out of 5 stars Neither tasty nor filling, January 29, 2005
This review is from: AspectJ Cookbook (Paperback)
The largest part of the book covers AspectJ language elements. The chapters have titles such as "Capturing Join Points on <Something>", "Defining Advice", and "Enhancing Classes and the Compiler". Yet this is something that one very rarely wants to do. All these tasks are just means in the service of an end. To use the title's metaphor, these tasks are not recipes in themselves, they are only intermediate steps on the way to a meal. And at that they're not well captured by the format -- for my taste Laddad's "AspectJ in Action" does a much better job.

The three chapters on implementing the GOF patterns using AOP could have been interesting had the author just once strayed from the boring routine of presenting nothing but the mechanics of the respective pattern. Does he ever touch the question why anyone would want to use AOP to implement these patterns? If he does, it must have been well-hidden. Also, there are a lot of similarities which are more than superficial in the AOP implementations. As it stands, the original work by Jan Hannemann, on which these chapters are based, is a much more relishable read.

Then, at the end of the book, there are three chapters on applying AOP/AspectJ at the component, application, and enterprise level as well as one on AO design patterns. These chapters are the model for what the whole book should have been like, in my opinion. They finally deal with real-world problems and how AOP/AspectJ helps in solving them better than earlier approaches do.


Daniel Dennett: Reconciling Science and Our Self-Conception
Daniel Dennett: Reconciling Science and Our Self-Conception
by Matthew Elton
Edition: Paperback
Price: $22.81
42 used & new from $11.99

10 of 10 people found the following review helpful
5.0 out of 5 stars Excellent overview, September 12, 2003
Matthew Elton provides an excellent account of Dennett's work. The book goes beyond being an introduction. In his presentation of Dennett's view on intentionality and consciousness, Elton systematizes were Dennett is eclectic, points out flaws in arguments and at times improves on them (no, not on the flaws).
I'm less enthusiastic about his appraisal of Dennett on Darwin and on free will and responsibility. Still Elton's account is sound and fair.
For more specialized treatments of Dennett's philosophical perspective, there are collections by Bo Dahlbom and (two) by Andrew Brook and Don Ross et al.


Page: 1 | 2