May 30, 2008

Harald Mante: The Photograph

Harald Mante's The Photograph (Rocky Nook, 2008) - translated from German by Thomas C Campbell III is my first text on picture composition and design. I've read books about the technologies involved with photography and books that explain why a particular photograph really works.

But Mante's book explains the principles behind good photographs. And the value of this is that it gets you past understanding why a particular picture looks good and into how you can replicate the success of that photograph.

How exactly does Mante go about doing it? He breaks his large book down into the basic elements of interest in a picture. There are five major sections on photo composition in the book dealing with points, lines, shapes, universal contrasts and color contrasts.

Take the first section on points. Mante starts by discussing pictures with a single point of interest and how its position can change the perception of a photograph. Then he introduces additional points, carefully explaining how collections and groups adds perception options to the composition.

All through his text, Mante deploys copious photographs - some almost thumbnail size. I found this to be hugely useful because it gave me lots of data points for each of the principles described by Mante. There are multiple elements at play in each of the pictures, but instead of explaining all of them at once, you tend to focus only on the ones being described. This allows the reader to understand the mechanics contributed to the picture by the immediate principle alone.

In the next section Mante explores the use of lines (real and perceived) in photographs. By the time the next section rolls around on shapes, the book really pops because you can see how the various elements of points, lines and shapes are interacting within a photograph.

What I enjoyed most in the final two sections on contrast is that while the discussion can tend to be obtuse, Mante offers a lot of practical details. In one instance Mante talks about how wide-angle lenses and long-angle lenses contribute to contrast in a picture. We all know that happens but Mante articulates it in a way that it is reusable by photographers.

All wide-angle lenses support the impression of spaciousness on the two-dmensional surface by exaggerating the perspective and the sizes of the objects between the foreground and background. Long focal-length lenses can convey impressions of depth only by contrasting the sharply reproduced detail in the plane of focus with the blurred, out-of-focus background or by showing shapes that overlap ambigously.

This level of practical details is excellent.

I had some minor problems with the book. While I appreciated the photographs in both quality, volume and relevance - I wish they had been captioned exclusively to drive home the underlying principle. Because Mante describes theory, the book tends to be difficult to read in long stretches - so I would recommend keeping aside enough time to absorb the information in it.

April 07, 2008

Book Review: The Digital Photography Companion

Derrick Story's book - The Digital Photography Companion - is sized conveniently enough, like a slightly oversize mass market paperback. And the intent is obvious. Story wants to create a manual that is easy to take along with you pretty much wherever you go (hint: vacations). He follows it up by writing in a conversational style and includes lots of bright color pictures that further increases the reader's engagement.

Story covers both digital SLRs and compact cameras. And in an excellent opening chapter, he explains the major differences between the two. Some part of the audience for this book might find the information on image sensors to be too technical - and for them there is enough practical advice to help choose a camera. But for those looking for a more in-depth explanation, this chapter is a great hook.

Right after that Story lays out the features and functionalities of digital cameras in alphabetical order. This I felt put the book in camera manual territory. I own an old Canon Powershot G3 and while Story was describing the features (somewhat mechanically) I felt his book offered no more value than my manual (which is very well written by the way and a text that this book squarely competes with).

Once we are past this alphabetical cataloging, the book really starts to shine. How does it do that? By offering lots of practical advice on how to create take great pictures, sometimes by replicating studio settings with low-tech contraptions. For example, Story shows you how to devise your own light meter, shoot in rain, bounce light off household reflective surfaces and trick your camera's white balance.

Besides being very useful, these tips also offer terrific insights into how the digital camera works. It enhances your understanding of the instrument you are working with.

Later the book also contains a useful chapter on how to post-process your pictures using software. Story covers a number of popular packages such as Apple iPhoto, Adobe Photoshop and Lightroom and Microsoft Expression Media. I would have really liked to see Story cover some web based image editing applications in order to get in touch with Web 2.0 technologies. There is also coverage of printing your pictures - a detail in the book that I really appreciated. And instead of trying to cover printer features and explain how to choose a printer in depth, Story keeps the focus on the camera by creating a short table with specific printer recommendations for different types of users.

April 01, 2008

LinkedIn RSS Feeds

LinkedIn - which has been rolling out features of late - has just announced RSS feeds for network updates. If you are a LinkedIn user I recommend you try it out to stay informed of what is going in your network.

You can check your network updates using a on-site page generated by LinkedIn (try clicking on this link to see yours). You can subscribe to LinkedIn RSS feeds by clicking on this link.

March 21, 2008

New Blogger resources for pictures

If you're a blogger like me and looking for pictures to brighten up your posts, there are a couple of new resources I've found in the last week that look really promising.

First there is compfight. Its a search tool that will take your keywords and dig through all the tags, file names and relevant information on Flickr and return the results to you. There are several things that are cool about this search compared to others I've seen that mine the Flickr repository.

compfight does a good, fast job at searching. It returns results in the form of a set of thumbnails - which makes selecting the right result to view much easier. This is along the lines of some search tools like Exalead that return thumbnails in a results set. In addition you have the option of searching through images that are under a Creative Commons license, thus reducing your exposure to unwanted usage of images.

The other tool is picapp which lets you search their own repository. You can use any image returned through picapp's search in your blogs freely. They have a lot of high quality stock images and also a number of more popular pictures as well. For example, if you did a search on Aishwarya (Rai), you'd get a number of images that you can plug into your posts without worrying about copyright violation.

March 08, 2008

A command based program launcher

If you have a Start Menu that is full of programs, you're probably just as frustrated as I am when it comes to starting them. You have to click on the button, then scroll up and down trying to find the group folder you want.

This need to hunt programs down from weeds of stuff results in all kinds of program launchers being devised for quick starts. However, if you want to launch something which you use only occasionally and isn't in the launcher (because they are constrained by real-estate), then you are stuck with the old problem.

Recently I started using Enso Launcher from Humanized. This utility in essence indexes the program names in your Start folder and makes them available for recall via typing instead of clicking.

The way you use it is pretty simple: you keep the Caps Lock key pressed down and start typing the name of a program you want to launch. Say I want to launch Adobe Illustrator, I hold the Caps Lock key down and type in Adobe. At this point the Enso Launcher will start suggesting names based on keyword matches with the programs in your Start folder.

You can either type out the full name or type in enough characters to narrow down your choice to a few and then scroll and pick the right one. The only awkward thing about this is that you have to keep the Caps Lock key depressed all the time you are doing this. This can lead to some funny accidents. But the only other option would be to launch the Enso Launcher first (or give it focus - thus requiring it to run somewhere on the desktop).

With a key recall, it can run invisibly and pop up only when called on. The choice of the Caps Lock key is a good one once you get past the idea that you have to keep a key down during its operation. For those of us who know have learned to type via instruction - this works very well although I would think hunt and peckers might have a rougher time with it.

In any case, I'm glad I found the utility and I'm only too happy to use it.

March 02, 2008

A brief glossary from Hacking: The Art of Exploitation

In his introduction to spelunking for system hacks, Hacking: The Art of Exploitation, author Jon Erikson outlines a number of techniques for the readers. While his treatment is thorough and essential reading to understand how the hack works, I've outlined the majority of techniques listed in his book in glossary form.


Buffer Overflows
Inject a piece of code in a program buffer, causing it to overflow and transfer control to the injected code. When the corrupted piece of memory is a variable on the stack, this is called a Stack-based Overflow. Buffers allocated on the heap can also be subjected to the same corruption. So can the BSS segment by overflowing function pointers.

Format String Vulnerability
This particular exploit is related to using a function like printf in an unprescribed way such as printf(text) instead of printf ("%s", text). When text contains a format parameter, printf will add to the frame pointer to reference memory in the preceding stack frame. Thus, %s can be used to read from arbitrary memory addresses and %n can be used to write to the same. Code injection is now possible.

In addition two techniques: Direct Parameter Access using the $d feature of printfs and Short Writes using the %h feature can be used to simplify reading and writing memory addresses with this exploit.

Overwriting .dtors
This technique involves overwriting memory reserved for destructor functions (the .dtors section which is writeable) to spawn a root shell.

Overwriting the Global Offset Table
The GOT contains a jump entry for the exit() function. Overwriting this function in memory can be used to spawn a shell.


Network Sniffing

A network device can be set in promiscious mode to sniff packets sent to other computers on an unswitched network. Useful information (say a username and password from someone logging on) can be obtained in this way.

Raw Socket Sniffing
A programmatic technique to sniff packets at layers below 5 (session) in the OSI model. Somewhat unreliable in terms of capturing packets and requires logging in as root, but useful if session layer sniffing is not possible.

libpcap Sniffing
Using the cross-platform libpcap make life easier when sniffing raw sockets.

Active Sniffing
This technique - used on switched networks where packets are only sent to specific MAC addresses - involves inserting a proxy system between two MAC addresses and intercepting packets that go between them. The proxy system sends spoofed ARP replies to each MAC address (ARP cache poisoning).

Denial of Service
This form exploits put the system under attack in a state where it is unable to respond to requests from legitimate users. This can be done in two ways: by crashing a service via program exploits or by flooding a service with so many requests that it runs out of resource to handle them all.

Denial of Service - SYN Flooding
This technique exhausts the "reliable" connection states maintained by TCP/IP by flooding the system with SYN packets from a spoofed nonexistent source address.

Denial of Service - The Ping of Death
An ICMP echo message is sent with a payload that exceeds the permitted 65k of data. Although this is an old vulnerability that has been fixed it tends to show up in newer protocol implementations such as Bluetooth.

Denial of Service - Teardrop
This attack sends fragmented IP packets with no overlap, which is expected by all systems. However some systems do not check for this error condition and can crash.

Denial of Service - Ping Flooding
A deluge of pings is sent to a system, thus making it too busy to respond to any other requests.

Denial of Service - Amplification Attacks
Ping Flooding can take a lot of resources to maintain. Instead using spoofing and broadcast addressing a single stream of packets can be sent to a number of hosts with a spoofed address of the system under attack.

Denial of Service - Distributed DoS Flooding
A basic ping flood but launched from a large number of compromised systems in order to increase the deluge to the system under attack.

TCP/IP Hijacking
Carried out from the same network as the system under attack, the TCP packet sequence number from the header is spoofed (after discovery via sniffing by the attacker) and sent to gain trust with the system under attack.

TCP/IP Hijacking - RST Hijacking
This form of hijacking involves injecting a Reset packet in the header.

TCP/IP Hijacking - Continued Hijacking
The attacker sends a spoofed data packet to the host with a bogus sequence number. This causes the entire sequence incrementing and acknowledgment to get out of sync, causing a hung connection at the system under attack.

Port Scanning
This technique involves figuring out which ports are open, listening and accepting connections on the system under attack. This is usually a non-destructive way of getting information about where system vulnerabilities can be exploited by determining which network services are available on the system under attack.

Port Scanning - Stealth SYN (or Half Open) Scans
A SYN packet is sent by the attacker and the response (a SYN/ACK packet) from the system under attack is examined for validity. When validated it indicates a port that is open for business. A RST packet is sent to the port for a graceful shutdown of the sequence - thus leaving the system under attack none the wiser.

Port Scanning - FIN, X-mas and Null Scans
Three ways to find out if a port is open for business. A nonsensical packet is sent to every port on the system under attack. If the port is listening, the packet will be ignored and lost. If the port is not listening, the attacker will get back a RST packet.

Port Scanning - Spoofing Decoys
This is a actually a countermeasure to avoid detection. The attacker simply hides attempts at port detection between connections from decoy IP addresses, thus making it harder to pin point the attacking IP.

Port Scanning - Idle Scanning
This involved port scanning technique is also a countermeasure that makes the attacker's IP undetectable. In this technique the attacker uses an idle host machine to perform proxy port scanning on the system under attack.

Port Scanning - Proactive Defense (shroud)
The author presents a number of defensive techniques to prevent accurate port scanning by an attacker.


Shell-Spawning Shellcode
Various techniques to transfer execution to shellcode in a program that spawns a shell.

Port-Binding Shellcode
Once spawned, the shell needs to bind itself to a port and listen for incoming connections.

Connect-back Shellcode
Port-binding shellcode is easily foiled by firewalls. In that case, shellcode that initiates the outbound connection (not filtered by firewalls) and spawns a shell can succeed.


In order to avoid detection after an exploit, a number of different things need to be considered. For example, your IP address can be logged in a file and traces of this must be erased or obfuscated. In addition, the loss of service itself might alert the system administrator of an intrusion - in which case the author shows an example of how to perform an exploit and keep the service running so no one is wiser.


Man-in-the-middle Attacks
The attacker sits between two systems both of whom believe they are communicating with the other. The attacker maintains two separate encrypted communication channels with two encyrption keys with each system under attack. This form an attack starts by redirecting traffic with a known technique like ARP cache poisoning.

Password Cracking
User passwords are hashed one-way, it is mathematically impossible to reverse the hash. When a user enters their passwords, the value is hashed again and compared to the pre-hashed stored value for authentication.

Password Cracking: Dictionary Attacks
In this technique, every word in the dictionary (potentially) is run through a one-way hash and compared with the user's password. User passwords are stored somewhere and must be available to the user in encrypted form first. If a match is found, the word hashed from the dictionary is the user's password. Custom dictionaries can be made using different languages, standard word modifications and appending numbers to words.

Password Cracking: Exhaustive Brute-Force Attacks
This is an academic technique in which every possible combination of words in a dictionary are used to compare with a hashed password in order to find a match. The sheer number of possible permutations makes this technique an unrealistic one in terms of yielding a result in a reasonable amount of time.

Password Cracking: Hash Lookup Table
A variation of the exhaustive brute force attack but all the hash values for words in a dictionary are precomputed and stored in a lookup table. This technique requires gobs of storage and only works for one salt value.

Password Cracking: Password Probability Matrix
In an effort to balance storage space required beforehand and computational power required at the time of the hack, a lossy form of compression can be used to create an inexact hash table. In this technique, each password hash will map to several thousand precomputed values which are then converged in real-time.

Wired Equivalent Privacy (WEP) Attacks

WEP Attacks: Offline Brute-Force Attacks
First a few packets are captured over wireless and then an attempt is made to decrypt them using every possible key. A practical cracking method has been devised that reduces a 40-bit keyspace down to 21 bits.

WEP Attacks: Keystream Reuse
A keystream is an encrypted seed that is used to produce encrypted packets. It consists of a WEP key and an Initialization Vector (IV). The encrypted packet is produced by XORing the plain text message with the keystream. If two packets have been encrypted with the same keystream, then XORing these two packets will yield the two plaintexts XORed with each other. If one plaintext is known, the other can be recovered.

WEP Attacks: IV-based Decryption Dictionary Tables
Once the keystream is known (using the technique above) it can be used to decrypt other packets with the same IV (IVs are 24bit). A table of keystreams can be saved for each IV and all subsequent packets can be easily decrypted.

WEP Attacks: IP Redirection
In this technique, an attacker will receive an encrypted packet from the access point and send it right back after modifying it to ensure the checksum remains the same. The attacker must know the destination IP address (which can be determined via keystream reuse due to IV collisions). The access point will decrypt this packet and send it back to the attacker's IP.

WEP Attacks: Fluhrer, Mantin, and Shamir (FMS) Attack
This commony used attack against WEP takes advantage of weak IV values that leak information about the secret key in the first byte of the keystream. Erikson's book contains a detailed explanation of how this attack works.

March 01, 2008

Book Review: Hacking: The Art of Exploitation

In the preface to his book Hacking: The Art of Exploitation, author Jon Erikson does a crisp job laying out the counter argument to letting the art of hacking flourish unfettered by artificial legalities. "There's nothing good or bad about knowledge itself; morality lies in the application of knowledge". Being unfamiliar with actual hacking techniques (beyond what I chuckled at in Die Hard 4), this happened to be a really good way to begin the book.

Its important to understand what this book tries to cover. Erikson covers specific hacking techniques. He stays close to Linux and C to illustrate the techniques and he exploits a lot of open source software. The goal is to familiarize the reader with the different modes of exploitations.

Later in the book (Chapter 6), he explains: "The state of computer security is a constantly changing landscape...if you understand the concepts of the core hacking techniques explained in this book, you can apply them in new and inventive ways to solve the problem du jour. Like LEGO bricks, these techniques can be used in millions nof different combinations and configurations. As with art, the more you practice these techniques, the better you'll understand them." Clearly, Erickson is passionate about the subject matter he covers in his book.

Any ability to exploit vulnerabilities requires a thorough understanding of the underlying subject. Here Erikson's book offers a number of quick primers on topics such as C programming and network protocols. These introductions are valuable because they introduce the subject and give you deep dives into specifics. They give you some sense of how hacking can lead to a greater understanding of the system under exploit. For example in Chapter 4, Erikson goes from introducing us to the OSI model to socket programming in four pages. But because of a very engaging writing style, it doesn't feel like a hurried course.

After the introduction in which he covers C programming language basics, Erikson introduces us to exploitation via a buffer overflow example. He covers network hacking techniques such as denial of service, TCP/IP hijacking and port scanning. He delves into the more involved topic of spawning shell code to gain control of a system. And in a very entertaining Chapter 6, he shows you how to bypass security measures that detect and track hackers. In the final chapter, he covers hacking techniques for cryptography.

Given its structure, Hacking is part introduction, part handbook. If there is one recommendation I would make, it would be to embellish the source code with figures. The issue here is that you have to read through reams of code to understand how the hack works. Which is as it should be, but when you are reading about a particular hack, it breaks the flow of thought considerably.

Instead if the code could have been explained with a flowchart or pseudocode and the hack shown with a diagram, the reader would get a quick understanding of how the hack worked and would be better positioned to work through the code. In addition, the book could address a wider audience - especially those that are interested in learning more about hacking without necessarily being hackers themselves.

February 28, 2008

Google Health (and Marissa Mayer)

Marissa Mayer who, besides being one of the early Google employees and now VP of Search & User Products, released a first look at Google Health on the official Google blog today. Its got some rudimentary screen shots that, coupled with Marissa's description of the service, tells us a little about it.

(More on the curiosity generating, high profile Marissa Mayer in GoooGirl from San Francisco magazine).

Basically its a way for users to manage their own health records and history. Based on the menu selections on one screenshot, Google Health provides for a way for you to track your medical conditions, prescriptions, medications, allergies, procedures, test results and immunizations.

You can import medical health records from participating health professionals and organizations. This is where Google will need to set up agreements with health care providers. But given their clout, there is not a daunting task.

There are several things that are neat about this.

  1. The service seems to be coming at a time where satisfaction with health care in North America is reaching new lows. And since health is a highly private matter, most users will want to be in control of their records themselves. Besides, lets face it, with doctors specializing and the only good doctors around being specialists, the best doctor to piece your health together is you.

  2. The service will address the fastest growing age segment in the US, which is senior citizens. Most people in the 50+ age group tend to be value shoppers but given value, which this service would provide, they are willing to spend money.

  3. The potential for advertising and cross-selling is huge and allows Google to deliver targeted advertising in a special market segments like pharmaceuticals and medical services.

February 14, 2008

OneCAT: The 120 mpg air-powered car

BBC reports that India could soon see a car that runs on compressed air and runs an impressive 120 miles per gallon. The car is called OneCAT, the inventor is frenchman Guy Negre and the development deal is being backed by Tata, makers of the recent and highly newsworthy Nano.

The car will be driven by compressed air stored in carbon-fibre tanks.

The tanks, built into the chassis, can be filled with air from a compressor in just three minutes - much quicker than a battery car.

Alternatively, it can be plugged into the mains for four hours and an on-board compressor will do the job.

For long journeys the compressed air driving the pistons can be boosted by a fuel burner which heats the air so it expands and increases the pressure on the pistons. The burner will use all kinds of liquid fuel.

If the car becomes reality, Tata will have exclusive distribution rights.

February 12, 2008

Mikkel Aaland's Photoshop CS3 RAW

The outstanding thing to note about Mikkel Aaland's book Photoshop CS3 Raw: Get the Most Out of the Raw Format with Adobe Photoshop, Camera Raw, and Bridge is that is organized very systematically. Instead of providing a breathless description of everything you can do with the software, Aaland focuses on why you would do something and how to do it. Its an effort that is fun to read and easy to reference.

Each page in the book has two-thirds of its horizontal are dedicated to screen shots and pictures. Often, menus and tabs are broken out and overlaid on the images to explain procedural instructions. A third of the same page is devoted to text. The text and pictures are lined up really well so that you don't have to endure a lot of flipping back and forth.

Sometimes this layout leaves little space for some detail that would be enlightening. But in keeping with the spirit of the book, Aaland applies the same level of consistency to the amount of information he provides - which focuses on the digital photography instead of digital processing or photography itself.

The first chapter contains a really neat, concise explanation of what RAW files. A highlight of this is that Aaland dissects the pros and cons of using RAW files in a very practical way - concluding that both RAW and JPEG has a place in the lives of a professional photographer (and even provides some nifty examples). This really drew me into the book. I also liked Aaland's segue on how to use a color target in a quick and dirty way to level set your camera's color processing.

Chapter two shows you how to use Adobe Downloader to grab pictures from camera to computer. Chapter three shows you to organize them using Adobe Bridge. This chapter also contains a nice explanation of picture metadata and why it is important (for example for checking exposure which Photoshop doesn't have a tool for). Aaland then shows you how the basic workflow of editing a photoshoot in RAW.

Aaland also quickly runs through the options (space, depth, size, resolution) and tools (navigation, zoom, hand, white balance, color sampler, crop, straighten, retouch, image orientation) in Photoshop for processing RAW files. This is mainly a feature walkthrough, but Aaland does digress occasionally to offer insights (such as using the crop tool to create a panorama).

Later you learn how to distribute tone across a picture. Aaland explains how to interpret the color histogram, pick a suitable color space, map tone and how to adjust clarity, saturation and hue. Each topic covered contains material on why each setting is important. Although it doesn't dig into the details of how Photoshop applies the effects to each picture, there is just enough explanation to make you savvy about using these settings.

My favorite chapter was Chapter 8 on Sharpening where Aaland starts off with an excellent discussion of how Photoshop sharpens images. (A lot of the textual material here is reused from the Lightroom Adventure book.)

Finally there is a really useful chapter on how to convert RAW files to black and white. Aaland shows the simple conversion process from color to grayscale but then adds a number of useful lessons, among them: how to use the color sliders to darken or lighten certain areas of the grayscale image, how to add special effects like grainy film and cross-processing.

February 11, 2008

Live Mobile Cricket Scores

There are several ways to stay in touch with cricket if you are on the move and have a mobile handy. I'll list the services I've used mostly (and they work pretty well).

This is a non-interactive SMS service. SMS the keyword "cri" to 58243 and you will receive an SMS with scores from all international matches being currently played.

The SMS cricket service itself is free although you will incur regular SMS charges from your operator.

This service doesn't work in the US.

If you are stateside and want to check scores on yahoo, you should hit their UK sports sites for cricket scores on: This is not optimized for a mobile screen but if you can scroll past the headers, you get a pretty good snapshot of all recent international matches. (Note: you'll need an operator data plan for this).

Cricket Companion
To download this application to your phone, point your mobile browser to Then click on the "Quick Download" link. Enter 22776 in the code and click Next. You'll be directed to a link to download the application to the Mobile.

Cricket Companion is a Java application. For a full list of phones that are supported, check this site - basically any phone with Java support. (Note: you'll need an operator data plan for this).

Cricinfo provides a free wap site for scores at: You can look at both live scores and previous results. (Note: you'll need an operator data plan for this).

This Plusmo application is my personal favorite. It allows you to look at scores and ball-by-ball commentary all from within an easy to use Java application. Download from (Note: you'll need an operator data plan for this).

Point your mobile browser to Then click on Cricket and then Latest scores or Results depending on what you want to check.
Scores link:
Results link:
Not well optimized for mobile use but pretty decent.
(Note: you'll need an operator data plan for this).

January 29, 2008

Book Review: Mikkel Aaland's Photoshop Lightroom Adventure

Mikkel Aaland's tutorial of Adobe's next generation digital photography application is called Photoshop Lightroom Adventure, and its a high-concept spin on a photography expedition to Iceland that resulted in a book.

The idea behind the expedition - Aaland's brainchild and sponsored primarily by Adobe - resulted in a team of photographers spending time in Iceland during summer. The idea was to shoot pictures and then bring them back for processing in Lightroom, thus unlocking its potential. The project also served as a test bed for the application - resulting in a number of tweaks and features that were incorporated into Lightroom eventually.

Aaland starts the book by introducing his team with pictures and thumbnail bios - this is a nice touch and allows you to get a feel for the virtual team of authors who provided material that went into the book.

As far as the book goes, its a fairly conventional tutorial - but the layout makes it stand out. Filled with colorful pictures on glossy paper, Lightroom Adventure is part coffee-table book, part technology tutorial. Its pages are divided horizontally into thirds: a third is devoted to text while the other two thirds are reserved for screen caps and photographs.

Its a format that is hugely engaging to read. Periodically Aaland will break with a two page splash of a particulary striking photograph shot by someone on the team. It is embellished with something personal about the photographer and the circumstances under which the picture was taken. The pictures may interrupt the flow but actually do a stellar job of integrating the book under the Icelandic Expedition theme.

Because all the pictures used by Aaland also have the same theme, they hold the tutorials together really well. Of course, it helps that the pictures themselves are gorgeous, taken by a highly competent and creative team of photographers.

This brings us to the intended audience of the book. In his forward Aaland identifies his audience as " they an amateur photographer or a professional". And here lies one of the problems with the book. There is coverage of a lot of complex photography (and digital photography) concepts. But they are skimmed over assuming the reader understands them.

In a section on digital sharpening, Aaland explains why the number 25 is the default for the sharpening amount. "Every RAW file is subject to a demosaicing algorithm that includes purposeful blurring. This blurring helps prevent color fringing by slightly blending adjacent pixels." Huh?

For the most part the sections are pretty crisp and engaging although there were times when a little more explanation would have clarified the picture, so to say. The section on sharpening, mentioned above, is outstanding in its balance of "how to" and "how does it work". But several other sections aren't as fortunate in their treatment.

The book also covers impressive ground in terms of exploring and explaining the features of a complex application. There is coverage of virtually everything you'd like to know about Lightroom - which pretty much encompasses all the recent advances in PC-based digital picture processing. Thus the book is also a really good tutorial of the subject as well.

The second half of the book contains a chapter called "Develop Recipes from Iceland" in which Aaland takes one cool treatment of a photograph and breaks it down step by step. This is the closest the book comes to in terms of helping you understand when to use the many slick features provided by Lightroom.

I closed the book having thoroughly enjoyed it, but also wishing the collective experience of the talented team had been harnessed to provide some invaluable tips on digital photography along with its processing in Lightroom.

You can try Adobe Lightroom for 30 days by downloading a copy from this location.

January 11, 2008

Book Review: Learning ASP.NET with Ajax

Built on top of the .NET framework, ASP.NET is Microsoft's flagship technology for building web applications. By tightly integrating it with Visual Studio, which remains the premier development IDE across all platforms, Microsoft has made ASP.NET a compelling technology.

The important thing to understand about O'Reilly's Learning ASP.NET 2.0 with AJAX is its guiding purpose. As stated in the preface: "What is the quickest way for me to build real web applications with the least handcoding?" In essence its a beginner's guide to ASP.NET and in that, it remains true to its purpose throughout the book.

Aligned to the purpose, the authors (Jess Liberty, Dan Hurwitz and Brian MacDonald) focus heavily on the tool used to build ASP.NET applications - Microsoft Visual Studio (or Visual Web Developer). All the code is in VB.NET. This bothered me a bit initially because I program primarily in C#, but while going through the book, I realized that this barely slowed me down in terms of understanding the code. In fact, translating some of the examples into C# was not only a breeze but kept my eyes from glazing over.

I'll get one more issue with the book out of the way: its treatment of Ajax is cursory, primarily coming in Chapter 3. And its tightly bound to its usability within Visual Studio. Given the goal of the book, this is fairly consistent because the authors resist digressing into a discourse of Ajax and instead stick to integrating Ajax into the overall ASP.NET tutorial.

This singularity of vision is the strength of this book and makes it a pleasure to read. It comes with some really good samples and code discussions, and it guides you through the major features of ASP.NET as exposed by Visual Studio. At some points I did long for some real-world discussions (what are the cons of using Master Pages, for example).

The book covers useful ground for beginners: there is a chapter on maintaining state, one on interacting with a database, another on errors and exceptions, yet another rather useful one on security and personalization. Again, because the book is a starter course in ASP.NET, the authors keep it light, expecting you to fill in the gaps yourself. Everything you learn in the book is tied together in the end in the final chapter where you read about building a basic commerce application. (The author's don't cross-reference material from individual chapters, however).

Learning ASP.NET with Ajax is an excellent text on table stakes ASP.NET. Its very well organized and contains a good balance of text, pop out tips and source code.

You can download ASP.NET here and the AJAX extensions here. Visual Web Developer, which is a web-centric version of Visual Studio, along with the .NET 2.0 framework is available for a free download here.