Download PDF version of this article PDF

Pro J2ME Polish:

Open Source Wireless Java Tools Suite

Robert Virkus, Apress, 2005, $39.99, ISBN: 1590595033

It is easy for a book to be good when its topic is enthralling. Such is the case here. Few developers could resist the temptation to delve deeper after reading just a few pages. The book describes, and explains how to use, what I would best describe as a toolkit for Java development on cellphones.

What makes it enthralling is how accessible the technology is. Using preprocessing and a database of device capabilities, the toolkit will preprocess your code and recompile it for every target device that supports the capabilities your application needs. In addition, numerous utilities, classes, and developer tools make up J2ME (Java 2 Platform, Micro Edition) Polish.

After taking the reader through a step-by-step guide to getting the sample code running on a cellphone, author Robert Virkus digs into the components that make up J2ME Polish. The first is the database of device capabilities, an XML file that identifies the features, libraries, and hardware capabilities of a few hundred Java-enabled models. This is the key to building applications for multiple handsets.

Next, the author discusses the build process, including obfuscation, packaging, localization, and debugging. This is followed by a chapter on preprocessing. The two chapters on game programming and the GUI are by far the weakest in the book. They read too much like a reference guide. The chapter on extending J2ME Polish is also dry.

The final three chapters discuss the wireless market, how to work around device limitations, and how to optimize applications. The first of these is interesting, although prone to becoming inaccurate very rapidly. The second is very good at giving a quick overview of the available technology. The final chapter is of critical importance to developers, given the severe processing and storage limitations of current devices.

Overall, I heartily recommend this book. Although intended for intermediate to advanced developers, it should be accessible to anyone who has done a bit of Java programming. The target group is wireless application developers who are either struggling with cross-platform development or are considering using the J2ME Polish platform. My guess is that the largest group of readers will be ordinary developers who just cannot help themselves and want to tinker with their cellphones in the evenings.—Bernard Kuc

Protect your Windows Network: From Perimeter to Data

Jesper Johansson and Steve Riley, Addison-Wesley Professional, 2005, $49.99, ISBN: 0321336437

Most of us are just roadkill—viruses, worms, and script kiddies go for the low-hanging fruit. This book is about hitting a harder target: improving the level of security and changing the view on some key concepts in security.

Steve Riley and Jesper Johansson from Microsoft have developed a best practice guide for Windows security. Whether it is the placement of the VPN server alongside the firewall (instead of behind or before), the protection of the data itself and not the perimeter, or the education of users, their ideas are fresh, logical, and comprehensive. Some of these technologies have been around for years, yet nearly no one uses them in the Windows environments. People still use insecure passwords, put their servers in closets, and administer them with clear text protocols.

After presenting what network protection is about and a possible attack scenario, the authors start with the most important topic there is in security today: patch management. Next they cover the user and management view with policies, enforcement of policies, and social engineering. They then address perimeter security and physical security, before moving to the internal protection of the network. The chapters on passwords and authentication mechanisms and rogue network access give readers new insights and strategies. From this point on, the book becomes more technical, discussing the protection of servers, clients, applications, services, and data.

Although this book contains a lot of deep technical information, it is an excellent resource for everyone who operates and manages a Windows network. You don’t need to be a Microsoft certified systems engineer to understand the basic concepts, and the funny writing style makes the book an enjoyable read. — Andreas Tomek

Securing Storage: A Practical Guide to SAN and NAS Security

Himanshu Dwivedi, Addison-Wesley Professional, 2005, $49.99, ISBN: 0321349954

Information technology systems are moving forward inexorably in every area of our daily lives. This affects our relations with administration and companies, as well as our leisure time. We no longer find it strange to handle bureaucratic matters automatically instead of manually.

Those of us who are IT professionals, however, know that, parallel to this forward movement, there is a constant, growing threat posed by failures in security, whether accidental or intentional. This results in a loss of faith in IT systems, which can somehow produce a reduction in growth. We can affirm, without a doubt, that this is the reason why e-commerce is not increasing as much as expected.

One field that is experiencing significant growth is data storage. This is partly because of a desire to store more data, so we can subsequently perform intelligent searches and inquiries. Traditional file servers have been replaced by the modern SAN (storage area network) and NAS (network-attached storage).

The problem of security affects these networks, and this is the subject of this book. Author Himanshu Dwivedi briefly introduces these networks before addressing the issue. This is, perhaps, the weakest part of the book. The topic needs a longer introduction.

In Parts 2 and 3 (“NAS Security” and “iSCSI Security”), the author deals with threats to the security of these systems in great detail. He provides plenty of examples, allowing readers to see the security failures in these systems. In Part 4, “Storage Defenses,” the author offers solutions for creating safe and reliable SAN and NAS systems. In the last part of the book, “SAN/NAS Policies, Trends, and Case Studies,” Dwivedi reviews the legislation relevant to these systems. This discussion is limited to North America, which is of little use to readers from other parts of the world.

This book was written for a varied audience: mainly specialists in security and administrators of SANs and NAS systems. It will, however, also appeal to those interested in implementing these networks and help them to learn about their pros and cons.

The work contains all that a demanding reader could want: a carefully prepared edition, clear examples and explanations, many graphs and diagrams, exercises, and finally, several practical case studies. To take full advantage of the material in this excellent book, readers must be highly knowledgeable about hardware and security.—Jose Lloret

High-Assurance Design: Architecting Secure and Reliable Enterprise Applications

Clifford Berg, Addison-Wesley Professional, 2005, $54.99, ISBN: 0321375777

This book is just what my doctor ordered for job-related stress relief. The subject, high-assurance design, was the initial attractor, but it is (in nonhierarchical order) the book’s level of abstraction, layout, style, clarity, and content that make it useful, especially to techies and applied “formal methodists” like me, who have been dragged kicking and screaming into development—and acquisition—management.

Clifford Berg characterizes his work as a “crossover book [that] addresses several topics that are traditionally treated distinctly.” The two main topics this book successfully synthesizes are security and reliability. “Achieving both at the same time is even more difficult [than attaining them separately],” states Peter Neumann, principal scientist of the SRI International Computer Science Laboratory, in the book’s foreword. I can, in the case of safety and reliability, attest to the truth of Neumann’s statement. Though the author’s stated target domain is a “business application design and programming environment,” the book’s value to the “practicing software application architect” in any venue is much broader. The precepts apply to almost any large-scale, nontrivial design that has multiple aspects.

The book’s format, with important principles and ideas repeated in a large font, design patterns rendered clearly throughout, and exhaustively crafted summary appendices, makes reading it as easy as could be for such a complete and rigorous (“but not formal”) work. The list of references is complete and contains nothing superfluous. The beginning-of-chapter quotations are relevant and are useful in showing that computing truths transcend computing and are really derived from more universal wisdom. The case studies presented from chapter 20 onward serve to bring the information together and to show a way forward in ameliorating chapter 19’s Tower of Babel with respect to methodologies. This book can serve as a textbook, a handbook, or an excellent reference book for some time to come. —George Hacken



Originally published in Queue vol. 4, no. 4
see this item in the ACM Digital Library


© ACM, Inc. All Rights Reserved.