Volume 5, Issue 3, April 1998

ter - telecommunications electronic reviews

Volume 5, Issue 3, April 1998

Telecommunications Electronic Reviews (TER) is a publication of the Library and Information Technology Association.

Telecommunications Electronic Reviews (ISSN: 1075-9972) is a periodical copyright © 1998 by the American Library Association. Documents in this issue, subject to copyright by the American Library Association or by the authors of the documents, may be reproduced for noncommercial, educational, or scientific purposes granted by Sections 107 and 108 of the Copyright Revision Act of 1976, provided that the copyright statement and source for that material are clearly acknowledged and that the material is reproduced without alteration. None of these documents may be reproduced or adapted for commercial distribution without the prior written permission of the designated copyright holder for the specific documents.


REVIEW OF: Pete Loshin. TCP/IP Clearly Explained (2nd edition). Boston: AP Professional, 1997.

by Steve Hardin

Anyone who works with computers connected to the Internet will sooner or later run into TCP/IP (Transmission Control Protocol/Internet Protocol). While someone with a good technical background in computer science will be able to give a precise definition of the protocols, most casual computer users probably know only that this has something to do with the Internet or maybe the World Wide Web. It is for these users, who lack a rigorous background but want to know how things work, that Loshin prepared this work.

Consider the analogy of the automobile. It is possible to be a very good driver and have no idea what is happening under the hood of the car. However, the driver can add to his or her skill by acquiring some of the knowledge of the mechanic, who understands how to maintain the car and can tell the driver the meaning of the mysterious noise heard when the brakes are applied. The mechanic can fix the problem. A driver who knows something about mechanics can often fix minor problems or give the mechanic useful guidance in servicing more difficult problems.

In the same way, it is possible to be quite skillful in operating a computer--processing documents, surfing the Web, and so forth--without really understanding how the computer completes these tasks. However, knowing something about what is happening behind the screen can make a good computer user a better one. The knowledge tends to lessen the anxiety which arises when the system returns an error message. It may even make it possible for the casual user to solve a minor problem without troubling the people in Systems.

Loshin states in his introduction, "This book introduces TCP/IP networking to anyone interested, from the curious end user to the prospective TCP/IP network engineer." (p. xvii) This reviewer believes Loshin has accomplished his goal. Anyone who reads this book will finish it with a good introductory understanding of the principles behind TCP/IP. This book is not intended for the practicing systems engineer, who will find it too elementary. It does, however, give nontechnical users some insight into how computers are networked over the Internet. It provides context for many of the acronyms and terms casual Internet users have seen but not necessarily understood.

Although this book is aimed at someone without a lot of technical background, Loshin assumes familiarity with terms such as "byte," "network interrupts," and "checksum." This reviewer (and probably Loshin) suspects all but the most casual computer user will have at least a nodding acquaintance with these terms. A glossary which forms the book's Appendix C proves helpful.

Loshin begins with the basic steps of constructing a very simple hypothetical network. He then builds upon this foundation to take the reader into the real world. Along the way, scores of concepts are introduced, explained and provided with context.

In part one, "Introduction to TCP/IP Internetworking," Loshin describes the several layers of TCP/IP networks, and considers various Internet protocols (with a handy chart of them on pp. 19-20). He then describes how network names, addresses, and other parts of internetwork architecture work. He concludes the section with a look at various TCP/IP applications.

Part two, "TCP/IP Networking Protocols," explains concepts such as SLIP(Serial Line Internet Protocol), PPP (Point-to-Point Protocol), IP, and TCP. Various routing protocols are discussed as well. Of special interest is a chapter dealing with Internet Protocol, Version 6 (IPv6). Loshin describes IPv6, discusses why it is necessary, and outlines some of its improvements over the more widespread IPv4.

In part three, "TCP/IP Applications," Loshin takes up some of the old standbys such as FTP (File Transfer Protocol). A chapter devoted to Gopher and the World Wide Web will be of particular interest to those whose networking experience is confined to those two applications. Similarly, a chapter on email and network news describes how these two ubiquitous network applications are set up. Loshin provides a valuable context for mail, news, Gopher, the Web and the other applications he tackles. Part Three concludes with a chapter on Internet commerce and some of the issues it raises.

Part four, "Network Implementation and Management," includes a chapter on using TCP/IP with Windows 95. Chapters on network management and troubleshooting will prove valuable for casual users who have suddenly been designated "network managers." Loshin discusses some of the diagnostic tools available, as well as their strengths and limitations. Chapters on security and intranets round out the section.

Loshin's ability to provide examples of how thing work without getting overly technical is a major strength of the book. For example, the discussion of exterior routing protocols (pp. 146- 149) explains why some work better than others but does not get down to the technical details of just how information is exchanged. The text is divided throughout the book into small sections, producing easily absorbed information bites quite useful for the reader who suffers from a lot of interruptions.

While this reviewer found the book to be useful and informative overall, a few difficulties with the volume must be pointed out. One is Loshin's confusing habit of introducing exceptions to a principle almost as soon as he introduces the principle itself. For example, he writes on page 28: "Any telephone number, with its associated country and area codes, when dialed, will connect the caller to a particular telephone instrument (except where the calls are taken by a special switch that can route them to different instruments, but in those cases, the calls are always handled by the same telephone switch)." This sentence could have been made clearer by rewriting the first part so as to make the parenthetical clause unnecessary.

A second difficulty comes from the book's lack of careful editing. All too often, terms are mentioned casually in the text without being defined until several pages--or even chapters--later. Deficiencies in the glossary and index aggravate the problem. For example, an extended discussion on the Domain Name System (DNS) on page 177 may prompt a reader to look up "Domain Name System" in the glossary, but "Domain Name System" cannot be found as a term there. The reader must make the translation to "DNS" to find the term in the glossary. Similarly, "Domain Name System" is lacking in the index, although "DNS" is present. Some "see" references would be helpful.

The editing problem also manifests itself in numerous distracting grammatical and stylistic problems. Page 261 actually contains the following sentence: "For example, the author of a long document may not remember the exact formatting for third-level headings, for example." Readers of page 293 are referred to Appendix C for more information when Appendix B is the proper place to look. Lapses like these do not destroy the value of the work, but they are plentiful enough to be annoying.

In spite of these flaws, the book remains a very readable and understandable explanation of the TCP/IP protocols and their applications. Anyone lacking the background to wade through the more technical works on the subject will enjoy Loshin's book. It should prove quite useful for a nontechnical person trying to do a technical job or anyone who just wants to know some of the concepts behind the ways computers are networked. TCP/IP Clearly Explained lives up to its title.

Steve Hardin (LIBHARD@cml.indstate.edu) has worked as a holistic librarian at Indiana State University since 1989. He spends his time split between Electronic Information Services and Technical Services. His publications and presentations cover various aspects of electronic resources and holistic librarianship.

Copyright © 1998 by the American Library Association. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to Office of Rights and Permissions, 50 East Huron Street, Chicago, IL 60611.

REVIEW OF: Richard E. Smith. Internet Cryptography. Reading, MA: Addison-Wesley, 1997.

by Kye Valongo

Richard E. Smith has a doctorate in computer science and is a lecturer on cryptography and computer security; more importantly, he is a security expert with a wealth of practical experience --providing consulting services to commercial and government organizations such as the National Security Agency. In Internet Cryptography he uses many real-life case studies and offers solutions involving commercially available software products.

Internet Cryptography gives an overview of the strengths, weaknesses, and practical application of cryptography. With a noticeable, no-nonsense front cover, Internet Cryptography consists of over 350 pages and is structured with 12 main chapters. Each chapter is broken down into smaller classified sub-sections, all of which are numbered. Internet Cryptography is not only well organized but careful attention has also been paid to the text formatting and layout. Both are pleasing to the eye and are easy to read and follow. Topics covered include: basics of encryption; networking and Internet fundamentals; building blocks of encryption; how cryptography systems fail; types of encryption; legal considerations; setting realistic security objectives; electronic mail; World Wide Web transactions; and Internet firewalls.

Each chapter follows a similar pattern, being broken down into: security objectives, basic issues, technology and a product example, deployment, and suggestions for further reading. Diagrams are liberally sprinkled through the book to add clarity and to explain difficult concepts. Some are monochrome photos of products but most are cartoon-like or flow charts.

Each chapter ends with a list of appropriate references guiding readers wishing to delve deeper into cryptography or related subjects to an appropriate source of information. References also include links to relevant Web sites. There is even a Web site dedicated to the book itself that features the links mentioned in the book and mentions which sites are no longer available. Updates and further information relevant to Internet Cryptography, including pointers to corrections and errata, will also be maintained on this site (http://www.aw.com/cp/rsmith/).

The book is aimed at anyone involved in decisions involving security issues on the Internet, but the focus is larger organizations. As is noted in the preface, though, "Simple, commercially available solutions are given preference over more sophisticated techniques that require extensive vendor support or custom engineering." ( http://cseng.aw.com/bookdetail.qry?ISBN=0-201-92480-3&ptype=1289) While primarily aimed at corporations, Internet Cryptography is essential reading for anyone involved in protecting data when it is being transmitted over the Internet. Computer programmers will not find a detailed description of the techniques, but they can gain a good overview of the context and applications of cryptography. To learn how to write encryption programs, the programmer must go elsewhere.

Make no mistake, though, this is not just a vague introduction to cryptography; it needs to be studied if the principles contained in it are to be understood and, therefore, is not always an easy read. Addison-Wesley themselves admit, "...it is best if readers already have a general familiarity with computers, networking, and the Internet. In particular, it helps if readers already understand the notion of message and packet formatting...." ( http://cseng.aw.com/bookdetail.qry?ISBN=0-201-92480-3&ptype=1289)

In trying to follow the section on encryption basics, I found myself having to read some sections very carefully and indeed re-read whole sections while making notes and referring to the glossary to help my understanding. Acronyms hinder the speed of understanding but seem to be unavoidable in the theory of cryptography, which by its very nature is hard to follow. Those readers of a mathematical bent may not have any trouble in absorbing the information, but a nontechnical executive would have to spend a lot of energy grappling with some of the concepts contained in the text.

The glossary is comprehensive and helps immensely with acronyms and new terms. It defines all specialized language used in the book--from "Bailey the Switcher" to "Password Sniffing" and "ARPA" to "X.509." If you have little knowledge of cryptography or Internet theory, you will be working closely with the glossary.

Once you have forced your way through the book, however, you should easily be able to assess your security needs from a practical and informed standpoint, if not an entirely jargon free one. And Richard Smith's reputation is a formidable negotiating tool with which to sway senior management should that be necessary.

Another key business concept, practicality, is stressed throughout the book--Internet Cryptography does not pretend that mathematical techniques will provide complete security, especially in circumstances where sloppiness and carelessness are to blame. In such cases, a business might as well publish its secrets in the local paper; Richard E. Smith notes that technical strength in a system will not protect against carelessness or incompetence.

Cryptographic products rely on an algorithm to encrypt data. Some products are software-based; others are hardware "bolt-on" devices. Whichever method you are considering, this book will make you aware of the advantages and limitations of each method and the underlying theory. Reading these explanations makes you painfully aware of just how vulnerable your data could be to a dedicated attacker.

Indeed, it is made clear in the book that if someone is determined enough, no matter how much protection you invest in, they will be able to attack your encrypted data. Several frightening examples are quoted in the book. There is sometimes a fine balance between the cost of effective protection and the value of the data. Internet Cryptography, however, gives readers the inside knowledge to safely assess and apply cryptographic products to their own vulnerable data with financial considerations in the forefront.

In looking at the format of the book itself, I am slightly disappointed by it's being perfect-bound. Once opened flat, the book "remembers" the places where it has been opened. Perfect-bound books tend to fall to pieces eventually. Unfortunately, a book of this kind is likely to require a great deal of page turning to master so pages are likely to come loose sooner than other books where the subject matter is of a lighter nature.

Kye Valongo (kye@valon.demon.co.uk) is a freelance photojournalist in the UK and Technology Correspondent for "Writers News" and "Writing Magazine."

Copyright © 1998 by Kye Valongo. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at kye@valon.demon.co.uk.

REVIEW OF: Randal L. Schwartz, Erik Olson, and Tom Christiansen. Learning Perl on Win32 Systems. Sebastopol, CA: O'Reilly, 1997.

by Kris Veldheer

Calling itself the "official" guide for both formal and informal learning of Perl (Practical Extraction and Report Language) on Win32 Systems, this book is not for the faint of heart. Do not think you will learn Perl from scratch in this volume, another member of the challenging titles series from O'Reilly & Associates. Rather, the book's intended audience should be people already familiar with Perl from a UNIX environment. In fact the author recommends the reader obtain the companion volume, Programming Perl, 2nd edition, also from O'Reilly. Additionally if you want to take full advantage of this volume, you must have ready access to an NT workstation in order to complete the exercises at the end of each chapter. The authors point out that some of the exercises and examples just won't work in Windows 95. It is also helpful to have access to a Perl guru should you become stuck.

Organized so that each chapter can build on previous chapters, the authors begin with a brief history of Perl, how Perl functions, and how to make Perl work. Each following chapter explores another aspect of Perl such as arrays, regular expressions, filehandles, and formats. Even though the authors give a fairly good definition for the terms from each chapter, this reviewer also used other reference works for NT and Perl because the book lacks a glossary. By the time you are finished with the book, you should have touched on the majority of the most common language idioms and operations found in Perl programs.

There are three main reasons to work your way through this book. First of all, the authors have taken great pains to make the book as comprehensive as possible. Knowing they couldn't cover everything, there is a section at the end of the book which lists what wasn't covered and tells how to find out the information you may also need. The authors recommend a number of other books and Web resources to help readers move beyond this volume or supplement concepts readers may not know before they read this book. The second reason to tackle this book is the footnotes and index. Repeatedly, the authors use footnotes to link the book to other resources and to enhance their discussion. This is crucial to the budding Perl programmer. The index is also comprehensive and would allow the more experienced Perl programmer to move to sections of the book quickly. Finally, you will want to work through this book because of the exercises provided at the end of each chapter. As mentioned earlier, this book builds on concepts, and so do the exercises.

A quick note about the exercises is in order. All answers for the exercises are supplied in an appendix. That way, if you do get stuck along the way, there is an easy out. The exercises are also available electronically via FTP (File Transfer Protocol) from O'Reilly. If you do work through all of the exercises, the authors tell you to plan on spending two to three hours per chapter, for a total of 40 to 50 hours just to finish the book. Hence, this book becomes more of a carefully constructed course in Perl programming than simply a reference book.

With the explosion of NT as the operating system of choice, knowing how to program in Perl can be an invaluable aid to any systems librarian. It seems Perl is headed toward being the scripting language of choice on NT, and this volume is a timely introduction and instructional guide to making Perl work on Win 32 systems. Despite its daunting appearance, it is definitely worth the effort to complete this book.

Kris Veldheer (veldheer.kris@epamail.epa.gov) works for Garcia Consulting as the Web Content Librarian for Region 2 of the Environmental Protection Agency in New York.

Copyright © 1998 by Kris Veldheer. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at veldheer.kris@epamail.epa.gov.

REVIEW OF: Pratik Patel and Karl Moss. Java Database Programming with JDBC (2nd edition). Scottsdale, AZ: Coriolis Group, 1997.

by William S. Williams

The second edition of Java Database Programming with JDBC, just recently published, is a superior introduction to Java Database Connectivity as a whole and to writing JDBC drivers in particular. [ 1] The authors presume the reader has at least a working knowledge of Java class structures, coding techniques and syntax, and programming basics. The beginning Java programmer with a strong background in database design may still benefit from the overview of the Java Beans Application Programmer Interface as well as the mapping of Structured Query Language data types to Java data types.

As an introductory work, Java Database Programming with JDBC provides a thorough overview of the basics of this increasingly import aspect of Internet and intranet development. However, the reader searching for more than just an aerial view of JDBC programming will not be disappointed, except perhaps by the cursory look at security and the advantages and disadvantages of middleware. Overall, though, Patel and Moss provide the intermediate programmer with more than enough tools to create and manipulate JDBC-aware applets and miles of JDBC code. They create an environment where learning the intricacies of JDBC programming is much less daunting than it seems. In fact, the projects included on the CD-ROM (with accompanying code) are an excellent addition to the book and provide a valuable learning tool.

The authors begin with a brief introduction to JDBC and its current uses in the industry. They also provide the Web addresses for all the tools needed to participate and work through the examples provided in the book. This is essential, for even though the CD-ROM contains code samples and even the mySQL database server, it does not include a Java Development Kit (JDK) necessary to compile the code samples locally (the compiled classes are provided as well). In addition, those students of JDBC operating in the UNIX environment may find it frustrating extracting the code from the CD-ROM provided, so the reader may prefer to download the code samples from the book's Web site.

The second chapter of the work provides a welcome refresher (or introduction, depending on your experience level) to the world of SQL (Structured Query Language). Patel and Moss give an exceptional overview of the relational model, Data Definition Language, Data Maintenance Language, and Data Query Language. "SQL 101: An Introduction to SQL" is succinct and well-written. The authors also provide the Web address for their SQL bibliography for more references to the language.

The chapter entitled "Using JDBC Drivers" covers the basic processes involved in connecting to a database, executing queries, and retrieving data; additionally, it covers installation of the Java.sql.* package for developers using the JDK 1.0.2. "Using JDBC Drivers" also includes information on installing the JDBC-ODBC (Open Database Connectivity) bridge for the JDK 1.0.2 contingency, but it is heavily weighted towards developers working on the Windows 95/NT platform, as well as Access 95 developers.

Chapter four, "The Interactive SQL Query Applet," provides a superb "applet analysis", a succinct explanation of the applet life-cycle ("The Applet Four-Step"), and a brief overview of event handling in Java. This chapter also includes the full source code of the first JDBC applet and a brief discussion of one of the Java layout managers, GridBagLayout.

A cursory glance at the code provided and a brief look at the final product on the CD should be enough to prepare the enterprising Java guru to jump headfirst into creating JDBC applets for his or her own shop. Moss and Patel continue, however, in "Writing Database Drivers" to provide a high-level tutorial on writing database drivers, which covers all the methods and classes needed to connect to a database.

Their discussion of SQL Warnings, SQL Exceptions, and Java DataTruncation, as well as their overview of JDBC data types is extremely clear, as is their handling of tracing and debugging features included in the JDBC API (Application Programming Interface). Using the Driver Manager, a Java programmer can use java.io.PrintStream, java.io.OutputStream, and java.io.FileOutputStream to flush out all trace information to a file. Also covered in this chapter is the AcceptsURL method which allows the Driver Manager to process the JDBC URL (in the format: jdbc:subprotocol:subname). There is far too much information in this chapter to provide more than an elementary summary of the numerous classes and methods discussed, but Patel and Moss do a fine job of making difficult information easy to understand and implement.

Many programmers will find the chapter "Accessing ODBC Services" extremely useful. The "Roadmap" for JDBC to ODBC calls, which maps each JDBC interface method to the corresponding ODBC call, is heavily annotated and is a fine learning tool for those well versed in ODBC. In a similar fashion, the chapter "SQL Data Types in Java" is a guide to understanding the Object Relation Model which tries to map object orientation with the RDBM (Relational Database Manager) model.

Certainly the most intriguing chapter in the work covers JDBC, Servlet architecture, and the Servlet API which promise to supplant CGI (Common Gateway Interface) programming as the lingua franca of dynamic Web publishing. Patel and Moss give the complete code and instructions for creating a JDBC/Servlet-based news server. Surprisingly straightforward, this exercise shows the reader the necessary steps (and code) for handling authentication and posting to the server, as well as creating the user interface.

The final tutorial chapter is an introduction to the modular world of Java Beans and the Java Beans API. The Beans API provides for a "component model" for Java so that anyone can design and assemble portable "beans" that can be used to create applications for numerous uses. Also covered is use of the Beans Development Kit, available from Sun Microsystems, Inc., which provides a builder tool for creating "beans."

There is a copious amount of reference material available in Java Database Programming with JDBC. There is a summary of the class interfaces and exceptions available in the JDBC API as well as a reprint of "Java Language Fundamentals" from David H. Friedels' and Anthony Potts' book Java Programming Language (Coriolis Group, 1996). This chapter alone should be enough to assist an experienced C or C++ programmer in mastering the intricacies of JDBC programming. There is also a bonus chapter, a sample from Jalal Feghhis' Web Developers Guide to Java Beans (Coriolis Group, 1997) which focuses on the event model in JDK 1.1.

Overall, Java Database Programming with JDBC is a worthy enterprise that will allow for quick digestion of the material provided and immediate implementation of the code samples in an application with "real world" business uses. Readers and students who like learning-by-doing will find this work a useful addition to their bookshelf.


[1] A review of the first edition appeared in TER, Volume 4, Issue 11 ( http://www.lita.org/ala/lita/litapublications/ter/terv4n11december1.htm#patel).

William S. Williams (bill.williams@netsco.com) is a Systems Engineer for Netsco, Inc., a Java development firm that specializes in Java-based network computing solutions.

Copyright © 1998 by William S. Williams. This document may be reproduced in whole or in part for noncommercial, educational, or scientific purposes, provided that the preceding copyright statement and source are clearly acknowledged. All other rights are reserved. For permission to reproduce or adapt this document or any part of it for commercial distribution, address requests to the author at bill.williams@netsco.com.

About TER