TER Volume 5, Issue 11, November 15, 1998

ter - telecommunications electronic reviews

Volume 5, Issue 11, November 15, 1998

Telecommunications Electronic Reviews (TER) is a publication of the Library and Information Technology Association.

Telecommunications Electronic Reviews (ISSN: 1075-9972) is a periodical copyright © 1998 by the American Library Association. Documents in this issue, subject to copyright by the American Library Association or by the authors of the documents, may be reproduced for noncommercial, educational, or scientific purposes granted by Sections 107 and 108 of the Copyright Revision Act of 1976, provided that the copyright statement and source for that material are clearly acknowledged and that the material is reproduced without alteration. None of these documents may be reproduced or adapted for commercial distribution without the prior written permission of the designated copyright holder for the specific documents.


REVIEW OF: Allen C. Benson. Securing PCS and Data in Libraries and Schools. New York: Neal-Schumann, 1997.

by Margaret Sylvia

Any computer is at risk for theft or vandalism of some type and PCS used by the public are at higher risk. Security is a concern that must be dealt with regardless of whether one is responsible for a single PC or a hundred. Having been involved in this area for a number of years, this reviewer thought she knew all the tricks of the trade, but this book introduces a few new ones. The best thing about this book is its specificity. For instance, rather than just recommending the use of crash protection software or menuing software, it specifies particular brands of software and tells where to get them, with approximate prices.

Accompanying the book is a CD-ROM that contains most of the freeware and shareware described in the text along with a number of demonstration versions of commercial software. These include programs related to access control, virus detection, cryptography, digital signatures, hex editors, file backup, file shredding, password management, and other miscellaneous files and utilities. Since software quickly becomes dated, the author also refers the reader to Internet Web sites where more recent versions of the programs may be available.

Beginning with an overview of fundamental PC management procedures, the book is well organized and complete within its scope. It specifically does not include information on securing network operating systems such as Novell Netware or Windows NT, but the information on securing individual PCS can certainly be applied to PCS connected to such systems. Network operating systems usually provide their own security at the file server but not at the individual PC level. That is where this book excels.

Risk assessment and disaster recovery are the focus of the introduction in the book. A sample security policy is included that can be adapted to meet special needs. Hackers and their tactics are explored along with physical security issues for PCS and their peripherals. The section on physical security is excellent, describing and showing photographs of various types of restraining devices. Names and addresses of companies providing the devices are listed.

Front end security for MS-DOS and Windows is systematically covered along with the use of menuing and passwording procedures. Step-by-step instructions are given for securing DOS, Windows 3.1, and Windows 95. Two Windows-based menuing systems, WinU and Everybody's Menu, are described and compared. This software is on the included CD-ROM, and directions are given for downloading later versions from the Internet. This section of the book will be one that is very heavily used by PC administrators. The specific comparisons and step-by-step directions are excellent, particularly for the beginner in PC security.

Viruses are a concern for all PC users. Public PCS and PCS that connect to the Internet are particularly vulnerable to this security risk. A short explanation of what viruses are and how they are spread introduces this section. Next, anti-virus software is covered, with a simple explanation of how it works and what the limitations are. Step-by-step information is given on how to determine whether a computer has been infected with a virus and what to do when a virus is detected. An important aspect of the section on viruses is its warning regarding virus hoaxes such as the "Good Times" hoax. Frequently, inexperienced computer users are flummoxed by these online pranks. The section also points to Web locations where more information on real viruses and virus hoaxes can be found.

One necessary aspect of computer security is privacy. How can computer data and files be kept secure from prying eyes and malicious misuse? How can the user and the system administrator help maintain privacy of email communications? While complete privacy of email and other network communications is not possible, there are some ways to make files somewhat more difficult for outsiders to see. This section of the book contains good simple explanations of how encryption software works and how to use PGP (Pretty Good Privacy) to protect Internet email. Again, the CD-ROM that accompanies the book contains some freeware and shareware encryption, file-shredding, and file-locking software.

Internet-related security issues are discussed in the final section of the book. The security information in this chapter focuses on the use of Netscape Navigator as an Internet browser. Internet cookies are defined, and how they might pose a security risk is explained. Step-by-step instructions are given on how to stop servers from delivering cookies to your PC. Java and JavaScript are examined and the author explains how "hostile applets" or even non-hostile applets could cause security problems. Finally, step-by-step instructions are given on how to lock down Netscape Navigator 3.0 so that only specifically desired functions remain usable.

This is a fabulous overview of PC security: simple to understand and with everything spelled out in detail. It has wonderful step-by-step instructions that beginners can easily take right to their PCS and use. Enough in-depth information, however, is supplied that the book is also useful to more advanced users. This work is highly recommended for "the computer person" in every school and library regardless of the level of knowledge, but it will be particularly helpful for those who are inexperienced in PC security.

Margaret Sylvia (acadmarg@stmarytx.edu) is an Associate Professor and the Assistant Director for Technical Services at St. Mary's University Academic Library in San Antonio, Texas.

Copyright © 1998 by Margaret Sylvia. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at acadmarg@stmarytx.edu.

REVIEW OF: Alan Schwartz. Managing Mailing Lists. Sebastopol, CA: O'Reilly, 1998.

by Elizabeth Yakel

Many readers are or have been subscribers to an electronic mailing list at one time or another. Few of us, however, have had the privilege or the headaches associated with managing a mailing list. This book provides a clear, concise, and easily readable introduction to the administration of mailing lists for anyone who is contemplating becoming involved with a mailing list as the list owner, server administrator, or assuming both roles at once.

Managing Mailing Lists examines and compares four free mailing list management (MLM) software packages. These are Listproc 6.0c, Majordomo 1.94.4, Smartlist 3.10, and LISTSERV Lite 1.8d. All of these run on Unix operating systems and, like all the software covered, the Unix mailing list servers discussed in the book are established, tested, powerful, and free. The book also briefly covers sendmail, a common Unix mail transport agent that has some of the functions of mailing lists and the operation of other general tools that make electronic mail possible.

Readers should not get the notion that this book is simply a technical introduction to mailing list software. It is also a guide to both the organizational and social aspects of mailing lists and their management. Early on, Schwartz describes the different roles that need to be filled by one or usually more people in order to manage a mailing list. These roles include list owner or maintainer, list moderator (optional), server administrator, and system administrator.

With this in mind, the book is divided into three sections: an introductory section, a section for list maintainers or owners, and a section for server administrators. Schwartz's design here is that all the people involved in managing a mailing list will read each section so that they will have a clearer understanding of all the roles and can make the best decisions regarding dividing the responsibilities among themselves after reading the book.

The initial section (chapters one and two) is a general overview of electronic mail, mailing lists, and mailing list software. This section gives everyone basic definitions, explanations concerning how email works, and tools for understanding the ensuing chapters, particularly the final chapters in the third section.

The second section (chapters three through eight) is directed toward list maintainers and covers such topics as mailing list design and implementation decisions, management roles, policy development, and troubleshooting. This section goes over basic choices for list maintainers or owners that must be decided upon, such as naming, purpose, guidelines, moderation, and subscription methods and/or requirements. Some basic definitions are also provided, such as the difference between open versus closed lists (that is, whether subscriptions are automatic or whether there is some screening) and public versus private lists (namely, the decision to accept posts by non-subscribers).

Consequences and considerations that should come into play when making these decisions are discussed. For example, the practicalities and realities of moderating a high traffic list are noted. There is also a long discussion of problems encountered by most lists at one time or another, as well as an introduction to issues that incipient list owners may not have imagined, such as accepting third party subscriptions.

Technical (e.g., mail loops) as well as social problems, such as address harvesting (whereby companies can get large lists of valid email addresses) and spamming (sending junk mail to lists) are noted. In the case of address harvesting, tips on how to avoid this type of abuse are provided. In summation, this section serves as a good orientation for new list maintainers regardless of which MLM package is selected. It also provides list owners with a good idea of their role and responsibilities as well as what to expect from list management and the server administrator.

The final section (chapters nine through twelve) is for server administrators. Each chapter is devoted to one of the MLM packages under consideration. A typical chapter in this section provides technical details concerning the preconditions (server and network requirements) necessary for installation, a detailed account of how to install the MLM software, notes on the actual creation of the mailing list(s), information concerning how to configure the server to interact properly with the MLM package, a list of the requisite files and where they need to be located, the setting of defaults for subscribing, digests, and archives, and finally a test protocol for each MLM package.

Common problems associated with each MLM package as well as diagnosis and potential fixes are noted. In these chapters, the author also implicitly discusses the interaction between the list maintainer and the server administrator and the joint decision-making that should characterize this installation and list implementation stage.

Managing Mailing Lists concludes with four appendices that provide ready reference and troubleshooting information on each of the MLM packages.

Schwartz does not recommend one MLM package over another. Rather, he presents the strengths and weaknesses of each one and discusses how projected list features or implementation decisions are realized more easily in one particular MLM package than in another. This comparative information is interspersed throughout the book in different depths of detail, which is a bit frustrating. The most concise comparison among the packages is a chart at the end of the second chapter.

Comparative information is crucial in the selection of an MLM package. Although the author addresses many features in comparing the packages, the most important criteria cited by the author are: the amount of traffic projected, the division of responsibility and roles of the list maintainer and the server administrator, the degree of moderation and control over administrative messages sent to the list, how messages will be archived and retrieved, and Web interfaces. The amount of traffic appears to be a major factor in selecting a mailing list management package. However, what constitutes "heavy," "medium," and "light" traffic is never quantified.

These minor criticisms aside, Managing Mailing Lists is a clearly written and readable introduction to the behind-the-scenes activities involved in the selection of a MLM package; installation of the software; and the creation, maintenance, and troubleshooting required in list management. While the book covers issues that any participant in a mailing list could predict, it does more than scratch the surface and provides the depth and detail of the realities and practicalities involved in list management and maintenance. Furthermore, the book presents a broad view of what the management and maintenance of a list entails by considering technical as well as organizational and social issues surrounding email lists.

Elizabeth Yakel (eyakel@sis.pitt.edu) is an assistant professor at the University of Pittsburgh, School of Information Sciences. Her specialization is in the areas of electronic records management and archival administration.

Copyright © 1998 by the American Library Association. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to Office of Rights and Permissions, 50 East Huron Street, Chicago, IL 60611.

REVIEW OF: David Flanagan. Java Examples in a Nutshell: A Tutorial Companion to Java in a Nutshell. Sebastopol, CA: O'Reilly, 1997.

by Brian K. Yost

If you've been to a well-stocked bookstore recently and browsed in the computer section, you have likely seen the proliferation of Java books. On the one hand this is great--you have plenty of titles to choose from--but on the other hand, it can make it difficult to decide which title is most suitable for you. Which ones are well written? Toward what level are they geared? Contrary to the back-cover bragging of many publishers, a single title will not fit the needs of all users.

Java Examples in a Nutshell, a recent addition to the Java collection, does give a fair assessment of its scope and intentions in its publisher's blurb: "This book doesn't hold your hand or supply detailed explanations of Java syntax or method calls; it simply delivers well-commented working examples that help you explore the wide range of what is possible with Java 1.1." As the title and description suggest, this work offers a wide range of example Java code with explanations geared towards the experienced user.

Java Examples in a Nutshell is intended as a companion volume to Java in a Nutshell, 2nd ed. While it is not absolutely necessary to use it in conjunction with its companion, it does provide additional examples, and for the most part, follows Java in a Nutshell's subject coverage. Java Examples in a Nutshell could also be useful for a student of Java looking for coding examples with extensive documentation.

Each chapter in the book covers a particular topic of Java programming: Java basics; objects, classes, and interfaces; applets; graphics; events; graphical user interfaces; data transfer; input/output; networking; threads, Java beans; reflection; object serialization; internationalization; remote method invocation; database access with SQL; and security and cryptography. Practice exercises are included at the end of the chapters. The table of contents includes subtopics and example code for each of these topics. This format is especially useful. For instance, if I wanted to examine sample code for creating a dialog box, I could look in the contents under Graphical User Interfaces, find the listing for Dialogs, and quickly find the pages with example code in the book.

The examples range in length from a few lines to several pages of code. Fortunately, the code is available for downloading at http://www.oreilly.com/catalog/jenut/.

Who would benefit most from this book? If you are looking for a comprehensive introduction to Java programming, this title would not be the best choice. Users looking for a Java tutorial would be better served by titles such as:

  • Niemeyer, P. (1997). Exploring Java (2nd ed.). Sebastopol, CA: O'Reilly.
  • Lemay, L., Perkins, C.L., and Morrison, M. (1996). Teach Yourself Java in 21 Days: Professional Reference Edition. Indianapolis, IN: Sams.Net.
  • Campione, M. and Walrath, K. (1996). The Java Tutorial: Object-Oriented Programming for the Internet. Reading, MA: Addison Wesley.

It should be noted that these titles, although more comprehensive and tutorial-based, still assume some programming experience and are not intended for the absolute beginner.

As with other O'Reilly titles, Java Examples in a Nutshell is an attractive and durable book. The animal featured on the cover is the American alligator. Upon seeing new O'Reilly titles, I have often wondered if there is some significance to the animals chosen for the covers. This title's companion volume, Java in a Nutshell, features a Javanese tiger--an obvious connection. I would love to eavesdrop on an O'Reilly editorial session at which cover designs were being discussed.

Although limited in scope, Java Examples in a Nutshell serves its intended purpose very well. It is not a comprehensive Java tutorial, nor is it intended for complete Java beginners. It is, however, a very useful tool to be used in addition to other Java training materials. Java programmers and programming students will find this title valuable for its example code and excellent explanatory notes.

Brian K. Yost (yostb@hope.edu) is Library Technology Coordinator at Hope College in Holland. MI.

Copyright © 1998 by Brian K. Yost. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at yostb@hope.edu.

About TER