First time accepted submitter sobczakt writes We live in a world flooded by data and information and all realize that if we can't find what we're looking for (e.g. a specific document), there's no benefit from all these data stores. When your data sets become enormous or your systems need to process thousands of messages a second, you need to an environment that is efficient, tunable and ready for scaling. We all need well-designed search technology. A few days ago, a book called Scaling Apache Solr landed on my desk. The author, Hrishikesh Vijay Karambelkar, has written an extremely useful guide to one of the most popular open-source search platforms, Apache Solr. Solr is a full-text, standalone, Java search engine based on Lucene, another successful Apache project. For people working with Solr, like myself, this book should be on their Christmas shopping list. It's one of the best on this subject. Read below for the rest of sobczakt's review.

benrothke writes Most books about cloud computing are either extremely high-level quasi-marketing tomes about the myriad benefits of the cloud without any understanding of how to practically implement the technology under discussion. The other type of cloud books are highly technical references guides, that provide technical details, but for a limited audience. In Architecting the Cloud: Design Decisions for Cloud Computing Service Models, author Michael Kavis has written perhaps the most honest book about the cloud. Make no doubt about it; Kavis is a huge fan of the cloud. But more importantly, he knows what the limits of the cloud are, and how cloud computing is not a panacea. That type of candor makes this book an invaluable guide to anyone looking to understand how to effective deploy cloud technologies. Keep reading below for the rest of Ben's review.

benrothke writes When I got a copy of Social Engineering in IT Security Tools, Tactics, and Techniques by Sharon Conheady, my first thought was that it likely could not have much that Christopher Hadnagy didn't already detail in the definitive text on the topic: Social Engineering: The Art of Human Hacking. Obviously Hadnagy thought differently, as he wrote the forward to the book; which he found to be a valuable resource. While there is overlap between the two books; Hadnagy's book takes a somewhat more aggressive tool-based approach, while Conheady take a somewhat more passive, purely social approach to the topic. There are many more software tools in Hadnagy; while Conheady doesn't reference software tools until nearly half-way through the book. This book provides an extensive introduction to the topic and details how social engineering has evolved through the centuries. Conheady writes how the overall tactics and goals have stayed the same; while the tools and techniques have been modified to suit the times. Keep reading for the rest of Ben's review.

benrothke writes Cyberwarfare is a controversial topic. At the 2014 Infosec World Conference, Marcus Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again. Whether it was the topic or just Marcus being Marcus, about a third of the participants left within the first 15 minutes. They should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic. In Introduction to Cyber-Warfare: A Multidisciplinary Approach, authors Paulo Shakarian, Jana Shakarian and Andrew Ruef provide an excellent overview of the topic. The book takes a holistic, or as they call it multidisciplinary, approach. It looks at the information security aspect of cyberwarfare, as well the military, sociological and other aspects. Keep reading for the rest of Ben's review.

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review.

benrothke (2577567) writes Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. Keep reading for the rest of Ben's review.

benrothke (2577567) writes "The only negative thing to say about Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions is its title. A cursory look at it may lead the reader that this is a book for a script kiddie, when it is in fact a necessary read for anyone involved with payment systems. The book provides a wealth of information that is completely pragmatic and actionable. The problem is, as the book notes in many places, that one is constantly patching a system that is inherently flawed and broken." Keep reading for the rest of Ben's review.

First time accepted submitter ericnishio (3641743) writes "Extending Bootstrap is a concise, step by step manual that introduces some of the best practices on how to customize Twitter Bootstrap for your projects. As the title suggests, you will be learning how to extract the good parts of Bootstrap to create a fully customized package. But be advised: the book is not for beginners." Read below for ericnishio's review.

benrothke (2577567) writes "Neurologists and brain scientists are in agreement that in truth, we know very little about how the brain works. With that, in the just released second edition of Designing with the Mind in Mind, a Simple Guide to Understanding User Interface Design Guidelines, author Jeff Johnson provides a fascinating introduction on the fundamentals of perceptual and cognitive psychology for effective user interface (UI) design and creation." Keep reading for the rest of Ben's review.

Michael Ross (599789) writes "Web designers and developers nowadays are familiar with the critical decision they face each time before building an application intended for mobile devices: whether to target a particular device operating system (e.g., iOS) and create the app using the language dictated by the OS (e.g., Objective-C), or try to build an operating system-agnostic app that runs on any device equipped with a modern web browser (primarily using HTML5, CSS3, and JavaScript), or try to do a combination of both (using a library such as PhoneGap). The second option offers many advantages, and is the approach explored in the book Mobile HTML5, authored by Estelle Weyl, an experienced front-end developer." Keep reading for the rest of Michael's review.

benrothke (2577567) writes "When it comes to documenting the history of cryptography, David Kahn is singularly one of the finest, if not the finest writers in that domain. For anyone with an interest in the topic, Kahn's works are read in detail and anticipated. His first book was written almost 50 years ago: The Codebreakers – The Story of Secret Writing; which was a comprehensive overview on the history of cryptography. Other titles of his include Seizing the Enigma: The Race to Break the German U-Boats Codes, 1939-1943. The Codebreakers was so good and so groundbreaking, that some in the US intelligence community wanted the book banned. They did not bear a grudge, as Kahn became an NSA scholar-in-residence in the mid 1990's. With such a pedigree, many were looking forward, including myself, to his latest book How I Discovered World War IIs Greatest Spy and Other Stories of Intelligence and Code. While the entire book is fascinating, it is somewhat disingenuous, in that there is no new material in it. Many of the articles are decades old, and some go back to the late 1970's. From the book description and cover, one would get the impression that this is an all new work. But it is not until ones reads the preface, that it is detailed that the book is simple an assemblage of collected articles." Keep reading for the rest of Ben's review.

jsuda (822856) writes "Most of us know that making money is difficult and saving it is even harder, but understanding money is easy–it's just coins and folding certificates, a mere medium of exchange. That's wrong! according to Felix Martin, author of Money: The Unauthorized Biography. Not only is that understanding wrong but it's responsible (in large part) for the 2007 Great Recession and the pitiful 'recovery' from it as well as a number of previous financial and credit disasters." Keep reading for the rest of Jsuda's review.

benrothke writes "When it comes to measuring and communicating threats, perhaps the most ineffective example in recent memory was the Homeland Security Advisory System; which was a color-coded terrorism threat advisory scale. The system was rushed into use and its output of colors was not clear or intuitive. What exactly was the difference between levels such as high, guarded and elevated? From a threat perspective, which color was more severe — yellow or orange? Former DHS chairman Janet Napolitano even admitted that the color-coded system presented 'little practical information' to the public. While the DHS has never really provided meaningful threat levels, in Threat Modeling: Designing for Security, author Adam Shostack has done a remarkable job in detailing an approach that is both achievable and functional. More importantly, he details a system where organizations can obtain meaningful and actionable information, rather than vague color charts." Read below for the rest of Ben's review.

Saint Aardvark writes "If you're a Unix or Linux sysadmin, you know sudo: it's that command that lets you run single commands as root from your own account, rather than logging in as root. And if you're like me, here's what you know about configuring sudo:

1.) Run sudoedit and uncomment the line that says "%wheel ALL=(ALL) ALL".
2.) Make sure you're in the wheel group.
3.) Profit!

If you're a sysadmin, you need to stop people from shooting themselves in the foot. There should be some way of restricting use, right? Just gotta check out the man page.... And that's where I stopped, every time. I've yet to truly understand Extended Backus-Naur Form, and my eyes would glaze over. And so I'd go back to putting some small number of people in the 'wheel' group, and letting them run sudo, and cleaning up the occasional mess afterward. Fortunately, Michael W. Lucas has written Sudo Mastery: User Access Control for Real People." Keep reading for the rest of Saint Aardvark's review.

jsuda writes "In a world of intractable wars and conflicts, spiteful and persistent political gridlock dominating (at least) American politics, rampant bare-knuckle capitalist competition and exploitation, and haters everywhere, Stephen Klein tries to convince us why it pays to get along. In Survival of the Nicest he says that we can be, and ought to be, 'nice' for our personal and social benefits." Read below for jsuda's review.

benrothke writes "At first glance, The Art of the Data Center: A Look Inside the Worlds Most Innovative and Compelling Computing Environments appears like a standard coffee table book with some great visuals and photos of various data centers throughout the world. Once you get a few pages into the book, you see it is indeed not a light-read coffee table book, rather a insightful book where some of the brightest minds in the industry share their insights on data center design and construction." Read below for the rest of Ben's review.

benrothke writes "With Adobe Flash, it's possible to quickly get a pretty web site up and running; something that many firms do. But if there is no content behind the flashy web page, it's unlikely anyone will return. In The Digital Crown: Winning at Content on the Web, author Ahava Leibtag does a fantastic job on showing how to ensure that your web site has what it takes to get visitors to return, namely great content." Read below for the rest of Ben's review.

benrothke writes "The book Digital Archaeology: The Art and Science of Digital Forensics starts as yet another text on the topic of digital forensics. But by the time you get to chapter 3, you can truly appreciate how much knowledge author Michael Graves imparts. Archaeology is defined as the study of human activity in the past, primarily through the recovery and analysis of the material culture and environmental data that they have left behind, which includes artifacts, architecture, biofacts and cultural landscapes. The author uses archeology and its associated metaphors as a pervasive theme throughout the book. While most archeology projects require shovels and pickaxes; digital archeology requires an entirely different set of tools and technologies. The materials are not in the ground, rather on hard drives, SD cards, smartphones and other types of digital media." Keep reading for the rest of Ben's review.

benrothke writes "Many of us have experimented with what it means to be disabled, by sitting in a wheelchair for a few minutes or putting a blindfold over our eyes. In Digital Outcasts: Moving Technology Forward without Leaving People Behind, author Kel Smith details the innumerable obstacles disabled people have to deal with in their attempts to use computers and the Internet. The book observes that while 1 in 7 people in the world have some sort of disability, (including the fact that 1 in every 10 U.S. children has been diagnosed with ADHD), software and hardware product designers, content providers and the companies who support these teams often approach accessibility as an add-on, not as a core component. Adding accessibility functionality to support disabled people is often seen as a lowest common denominator feature. With the companies unaware of the universal benefit their solution could potentially bring to a wider audience. " Read below for the rest of Ben's review.

Many of today's adult video gamers grew up with a gaming industry that was still trying to figure itself out. In the early-to-mid 1990s, most of the gaming genres we're familiar with today were still indistinct, half-formed concepts waiting for that one game necessary to define them. Thus, many players sat up and took notice when a relatively unknown company named Blizzard managed to exemplify not one, but two separate types of game in quick succession. Warcraft: Orcs and Humans put real-time strategy on the map, and Diablo set the standard for action RPGs. The two games immediately elevated Blizzard to the top of the industry, and many gamers wondered how one studio could put out two games like these so quickly. As it turns out, it wasn't one studio; it was a blending of two very different but extremely creative groups who had a passion for making video games. In Stay Awhile and Listen, author David Craddock lays out the history of the two groups, from how they first got into the gaming business to their eventual success launching now-legendary games. Read on for our review of the book.