Saturday, November 01, 2003

Reviews of C Primer Plus, 4th Ed, The Myth of Homeland Security, and Beyond Fear Posted

Amazon.com just publishes three new reviews. First, from the five star review of C Primer Plus, 4th Ed by Stephen Prata:

"Stephen Prata's C Primer Plus, 4th Ed (CPP4E) is an excellent book. I took a close look at the competition and even started reading O'Reilly's Practical C Programming before realizing CPP4E was the book for me. I had no C programming background, but had the knowledge of C-64 BASIC, Pascal, and other languages shared by many kids born in the 1970s. If you're looking for a well-conceived introduction to C, Prata's book is for you."

I plan to read books on secure coding and socket programming next, as these are my real interests. I also have books on C++, Java, and C# waiting. I'm reading these to gain familiarity with these languages for purposes of security, not contributing code to FreeBSD (yet).

Next are two more controversial reviews. Although I gave each book four stars, I make specific critiques of each book. From my four star review of The Myth of Homeland Security by Marcus Ranum:

"Let's set the record straight. This book is a 231 page political rant, regardless of the author's claim on p. 31 to be 'nonideological.' I have the slightly odd benefit of reading this book with a master's degree in public policy on the wall, but I work as a hands-on, FreeBSD-running computer security consultant. I imagine many readers are also members of the technical community, yet are unaware of books addressing similar topics. "The Myth of Homeland Security" cannot compare to a serious book like James Q. Wilson's Bureaucracy: What Government Agencies Do and Why They Do It. I'll tell you why and conclude with my rationale for 4 stars, nonetheless...

So why do I give The Myth 4 stars? At least somebody is raising important issues. Ranum may be the crazy guy yelling crude remarks at a quiet moment during a political rally, but thank goodness he's there. It's great to see someone realize what a mess our appropriations process has become, and decide to join the fray. Political scientists spend their entire lives chipping away at the same problems. Welcome to the party, Mr. Ranum, and thanks for your work. "

Finally, from my four star review of Beyond Fear by Bruce Schneier:

"Beyond Fear is a good book, but don't turn to it for proper definitions of security terms. Steer clear of this book's misuse of the words 'threat' and 'risk.' While I appreciate Schneier's overall discussion of security issues, I expect a book aimed at the layman to be more accurate...

I loved Secrets and Lies, and every time I see the author speak I learn something new. Am I off base with this review? You be the judge. I still gave it 4 stars, since the book's vignettes are informative and its scope impressive. Given the large number of reviewers I expected someone to challenge the author's terminology. Yes, this is semantics, but shouldn't a book by an expert set the record straight? I don't think my expectations are unrealistic, either; Schneier is a previously published 'thought leader,' and he deserves to be held to the highest possible standards."

Reading the full text of each review, especially those on Ranum and Schneier, will make these points clearer. As of the time of writing this report, Amazon.com has published an incorrectly edited version of the Schneier review missing the word "a" in the first sentence. I expect that to be fixed soon.

I'm sure I'm opening myself up to criticism by publishing these reviews, especially for Schneier's book. All the other reviews rave about it, so anything less than five stars will single me out. Nevertheless, I believe it's important to take a close look at Schneier's work in the interest of improving whatever comes next. Since so many people in the community pay attention to what he says, I want to make sure his message is clear.

2 comments:

Lesly said...
This comment has been removed by a blog administrator.
Nenny Derex said...
This comment has been removed by a blog administrator.