Download PDF version of this article PDF

RailSpaceRailsSpace: Building a Social Networking Website with Ruby on Rails
(Addison-Wesley Professional Ruby Series) Michael Hartl, Aurelius Prochazka,
Addison-Wesley Professional, 2007,
$44.99, ISBN: 0321480791.

Ruby on Rails is an open source Web framework to support programming in Ruby. RailsSpace uses the development of an imaginary social networking Web site of the same name to introduce the reader to Ruby on Rails. This networking Web site serves as a vehicle for explaining the concepts of the Ruby language and the Ruby on Rails framework. The book is written as a tutorial presenting all of the steps needed to get a Web site going.

It is best suited for beginning and intermediate programmers with some knowledge of other programming languages. It comes to the topic not from the theory side, but from the viewpoint of a practitioner. It would be a good companion to a more theoretical book about Ruby on Rails.

The book has two main parts: “Foundations” teaches how to model users, connect to databases, perform testing, login and logout, and update information; “Building a Social Network” focuses on creating a working social network site. The Web application is built up step by step. The complete source code is available on the book’s Web site (http://www.railsspace.com). This makes it easier to follow the build-up of the Web page by trying it out without having to retype everything. The authors encourage readers to explore and find out things for themselves. They explain in an easy-to-follow way how to look for further information by using the Rails API.

The book has a clear layout and font, and the code examples work well and can be used as is. The authors present output examples after each code listing, which makes it easy for readers to check their own programming. Some of the explanations are rather offhand, however, and are not helpful if you want to know precisely what is going on. Concepts that a reader may be familiar with are often first used in the text and then explained in a separate paragraph or section. This works well, as it allows the reader to skip the explanations if they are not required. On the downside, the book has a number of annoying typographical errors. —Annika Hinze



Botnet Detection: Countering the Largest Security Threat
(Advances in Information Security)
Wenke Lee, Cliff Wang, David Dagon,
Springer-Verlag New York Inc., 2007,
$99.00, ISBN: 0387687661.

Bots are computers that have been manipulated to perform tasks, usually malicious, without the owner’s knowledge. Botnets are distributed networks of bots, coordinated by botmasters, generally for illegal activities such as fraud. Large organized networks of these compromised machines present a serious threat to the Internet community, by virtue of their ability to deliver significant processing power into the hands of those with nefarious intent.

Botnet Detection is a collection of papers from a 2006 workshop, sponsored by several U.S. government agencies, on botnets and techniques for detecting them. The book contains eight chapters—one for each of the papers presented at the workshop. In some cases, the authors augmented the papers with more recent work.

Several chapters are devoted to various aspects of botnet structure and operation. One chapter discusses how botnets can be used to compromise online commerce. Others describe potential methods for detecting botnets using network traffic analysis. Particularly interesting is the chapter that discusses the management techniques that botmasters typically use to control their bots and how the network trail left by them can be used to detect the presence of bots. The main themes of the book are the analysis of typical network traffic patterns of botnets and how traffic characteristics can be used in detection. Each chapter ends with a thorough bibliography.

The book will be useful to people involved in network security, particularly those developing defenses against botnets. It is one of the few books in print that covers this facet of the Internet. Unfortunately, the index is less than complete, and some of the papers could have benefited from a more thorough review. —David B. Henderson

acmqueue

Originally published in Queue vol. 6, no. 4
Comment on this article in the ACM Digital Library








© ACM, Inc. All Rights Reserved.