I have heard good things about O'Reilly's Head First series, and have an interest in advanced learning techniques myself. This was my first Head First book so I cracked it open with high expectations.
I liked the style, an entertaining, easy read. The humour is more zany than funny, but that is fine. I am hopeful the Head First series will have a big impact on instructional computer books and magazines. Annotated source code alone is 10 years overdue.
However I found the repetition irritating: I got the concept the first time and did not need to be told it again and again. To be fair, as someone who can read an 800 page computer tomb cover to cover and not get bored, perhaps I am not in the target market.
The content was good, the examples realistic enough but still short enough to see the ajax. But I have complaints, brace yourselves: there were technical inaccuracies, i18n was spelt U.S.A., spelling errors in the hand-written text and the book is fluffy. By fluffy I mean this is a 400 page book that has less than 100 pages of content in typical computer book terms, not that you can cuddle up to it in bed while sucking your thumb.
Technical inaccuracies? My big complaint here is GET vs. POST. The author advocates GET and spends many pages trying to justify this. The reasoning seems to be that POST is more complex, but as we discover you make the data the same way and it is just one more line to add. His key argument is "POST is only slightly more secure". That argument in itself is lame: no security is perfect and your aim is just to avoid being low-hanging fruit so that the hackers will go elsewhere. Every little helps.
Another argument was the browser decides the GET limit and "IE allows 2000 characters for GET, which should be enough". But servers can set a limit as well. For instance a few years back I used a web server which had a GET limit of 255 characters.
Worse of all he missed some key security arguments in favour of POST. How about log files? All the GET data gets written to the log files, POST data does not. So your user's name and address are ending up in the log file. This is then getting automatically analyzed and posted on a web site that marketing use. And they will throw those reports around not realizing there is user data embedded in them. (Well, marketing will throw them around even if they have been told the report contains customer credit card numbers, but let's not go there...)
And GET makes a wider range of security attacks possible. For one example of what I am talking about see PHP Architect's ( http://www.phparch.com ) security column in Volume 5 Issue 5 (aka May 2006). Incidentally I highly recommend that magazine and suggest you get a year's worth of back issues if only to read Security Corner. This book is aimed at people who are not expected to be reading heavy articles on how to hack web sites. So, instead of the dangerously misleading: "POST is only slightly more secure, why bother?", this book should be advising: "Always use POST unless you know exactly what you are doing."
Internationalization? Not a mention and some examples are poorly designed in this respect (e.g. hard-coded comparisons with button label text). But much worse is that the sample code simply does not work for anything but ascii. I set my HTML, PHP and database to all use UTF-8, but German umlauts failed to arrive properly, as did Japanese text. After some study it seems you should use encodeURIComponent() instead of escape(). See http://blog.openboxsoftware.com/2006/04/javascript-escape-vs-encodeuricomponent/
In summary this book taught me most of what I needed to know about Ajax, but the technical accuracy is not up to O'Reilly's usual standards. And use POST.
Buy this book at Amazon Japan, or at Amazon UK.
Showing posts with label computer books. Show all posts
Showing posts with label computer books. Show all posts
11 Jan 2007
5 Jan 2007
ActionScript 3.0 Cookbook
The ActionScript Cookbook (covering ActionScript 1) has been an essential aid for my Flash development: usually the first book I reach for when I have a question. This new book is thinner, and the reason it is thinner is that "Part III Applications" is not there. That section showed seven complete applications that brought everything together. It was a useful read, a chance to see code in context. However I have not looked at those sections much since the first read. I guess O'Reilly thought the same and that it would be okay to drop them.
At the current time this is the only ActionScript 3 book I have read, and I have not done any serious coding in ActionScript 3, so I cannot say how useful it is when troubleshooting. But it is well written, seems to cover all the important topics, and left me itching to get started on some AS3 coding. It pointed out differences between AS2 and AS3, but I think it will still be readable by someone with no experience of earlier versions of Actionscript.
The first three recipes are specific to using Adobe's FlexBuilder 2. There are no instructions on setting up the free compiler on linux for instance. There is also no coverage of open source libraries (for instance asunit has had an AS3 version for at least six months before this book was published). For that matter unit testing gets no coverage at all.
But those are minor complaints. Overall this is just what you would expect from O'Reilly: a good solid book that every AS3 programmer will want to have to hand.
Buy from Amazon UK here, or Amazon JP here.
At the current time this is the only ActionScript 3 book I have read, and I have not done any serious coding in ActionScript 3, so I cannot say how useful it is when troubleshooting. But it is well written, seems to cover all the important topics, and left me itching to get started on some AS3 coding. It pointed out differences between AS2 and AS3, but I think it will still be readable by someone with no experience of earlier versions of Actionscript.
The first three recipes are specific to using Adobe's FlexBuilder 2. There are no instructions on setting up the free compiler on linux for instance. There is also no coverage of open source libraries (for instance asunit has had an AS3 version for at least six months before this book was published). For that matter unit testing gets no coverage at all.
But those are minor complaints. Overall this is just what you would expect from O'Reilly: a good solid book that every AS3 programmer will want to have to hand.
Buy from Amazon UK here, or Amazon JP here.
29 Dec 2006
Effective C++, More Effective C++, Effective STL
I will give you the conclusion first: if you are serious about C++, buy these books. Then read them cover to cover. Then keep them close by.
Scott Meyers is a wonderful author, both entertaining and informative. He can take a complex topic - some obscure and irrational behaviour of the C++ language - and tell you why it is the way it is, what to watch out for, and what code to write. And it will not even feel like hard work.
The items are written in cookbook style, reasonably well self-contained, though I highly recommend reading all of them - I am sure you will discover something you did not realize.
The first book, Effective C++ contains 50 items. The second book has only 35 items, yet is thicker. The topics here are a bit more advanced, though still things you need to know if you are coding C++ professionally.
The third book, Effective STL has 50 items. Though not quite as good as the first two books it is the best STL book I know of. You should certainly not try and use the STL unless you have read this book. In particular the discussion of equality versus equivalence is enlightening.
Why do I say not quite as good? Tricky. I suspect it is to do with the nature of the STL: I wanted there to be an even easier way, an even simpler explanation.
Note: this review is based on the 2nd edition of Effective C++; there is now a 3rd edition.
Buy this book at Amazon UK here or at Amazon Japan here.
Scott Meyers is a wonderful author, both entertaining and informative. He can take a complex topic - some obscure and irrational behaviour of the C++ language - and tell you why it is the way it is, what to watch out for, and what code to write. And it will not even feel like hard work.
The items are written in cookbook style, reasonably well self-contained, though I highly recommend reading all of them - I am sure you will discover something you did not realize.
The first book, Effective C++ contains 50 items. The second book has only 35 items, yet is thicker. The topics here are a bit more advanced, though still things you need to know if you are coding C++ professionally.
The third book, Effective STL has 50 items. Though not quite as good as the first two books it is the best STL book I know of. You should certainly not try and use the STL unless you have read this book. In particular the discussion of equality versus equivalence is enlightening.
Why do I say not quite as good? Tricky. I suspect it is to do with the nature of the STL: I wanted there to be an even easier way, an even simpler explanation.
Note: this review is based on the 2nd edition of Effective C++; there is now a 3rd edition.
Buy this book at Amazon UK here or at Amazon Japan here.
Subscribe to:
Posts (Atom)