Computer underground Digest Mon July 5 1999 Volume 11 : Issue 30

Computer underground Digest    Mon  5 July, 1999   Volume 11 : Issue 30
                           ISSN  1004-042X

       Editor: Jim Thomas (
       News Editor: Gordon Meyer (
       Archivist: Brendan Kehoe
       Croupy Editor:       Etaion Shrdlu, III
       Shadow-Archivists: Dan Carosone / Paul Southworth
                          Ralph Sims / Jyrki Kuoppala
                          Ian Dickinson
       Cu Digest Homepage:

CONTENTS, #11.30 (Mon, 5 July, 1999)

File 1--REVIEW: "Corporate Espionage", Ira Winkler
File 2--REVIEW: "Moonfall", Jack McDevitt
File 3--REVIEW: "Intrusion Detection", Edward G. Amoroso
File 4--REVIEW: "Telecommunications: Glossary of Telecommunication Terms
File 5--REVIEW: "Securing Java", Gary McGraw/Edward W. Felten
File 6--REVIEW: "Computer Security", Dieter Gollmann
File 7--REVIEW: "Information Ecologies", Bonnie A. Nardi/Vicki L. O'Day
File 8--REVIEW: "Ripper", Michael Slade
File 9--REVIEW: "Using TACT with Electronic Texts", Ian Lancashire
File 10--REVIEW: "The Human Equation", Jeffrey Pfeffer
File 11--REVIEW: "GIS Standards and Standardization: A Handbook", UNESCAP
File 12--Cu Digest Header Info (unchanged since 10 Jan, 1999)



Date: Tue, 15 Jun 1999 08:39:25 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 1--REVIEW: "Corporate Espionage", Ira Winkler


"Corporate Espionage", Ira Winkler, 1997, 0-7615-0840-6,
%A   Ira Winkler
%C   3875 Atherton Road, Rocklin, CA   95765-3716
%D   1997
%G   0-7615-0840-6
%I   Prima Publishing
%O   U$26.00/C$34.95 800-632-8676 916-632-4400 fax: 916-632-1232
%P   365 p.
%T   "Corporate Espionage"

This readable and realistic guide to becoming professionally paranoid
has a special emphasis on data security and high tech companies, but
can be very useful to pretty much anyone.

Part one looks at espionage concepts.  Chapter one, and the
introduction that precedes it, points out that information is one of
the primary sources of value in any business.  Chapters two through
five look at the basic ideas for any examination of data security,
those of risk, value, threat, and vulnerability.  Presented in terms,
and with examples, that anyone can understand, they nevertheless form
the foundation for examining security and protection for computer and
communications systems as well as the sales "red book" for next

Part two presents a variety of case studies.  Winkler concentrates on
the non-technical, relatively simple, and devastatingly effective
"social engineering" aspect of break-ins.  Chapter six is a
compilation of tactics used in various penetration tests.  One
particular test is outlined in chapter seven.  Chapters eight to
eleven detail actual espionage cases carried out by foreign companies.
A different penetration test is presented in chapter twelve.  A third
party account of a "crack" is discussed in chapter thirteen.

Part three outlines what you can do to protect yourself.  Chapter
fourteen describes a significant list of countermeasures to take,
starting with an effective education program.  Finally, chapter
fifteen presents a large scale program for overall security.

This book is very down to earth, and very real.  Unlike any number of
"hacker" books, it doesn't attempt to impress the reader with displays
of arcane knowledge: it doesn't have to.  Technical details are almost
non-existent, making the text an excellent choice for use in educating
any level or type of employee on the need for security.

copyright Robert M. Slade, 1999   BKCRPESP.RVW   990424


Date: Wed, 16 Jun 1999 08:32:23 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 2--REVIEW: "Moonfall", Jack McDevitt


"Moonfall", Jack McDevitt, 1998, 0-06-105112-8, U$6.50/C$8.50
%A   Jack McDevitt
%C   10 East 53rd Street, New York, NY  10022-5299
%D   1998
%G   0-06-105112-8
%I   HarperCollins/Basic Books
%O   U$6.50/C$8.50 fax: 212-207-7433 fax: 212-207-7222
%P   544 p.
%T   "Moonfall"

Watch out!  It's a comet, come to wipe out ... no, not the earth.
Just the moon.  Then bits of the *moon* wipe out the earth.

Wonderfully sympathetic characters.  Interesting twist on an old
premise.  A bit *too* much tension: by the time the hero survives the
cataclysm you begin to wonder why half the book is left, and by the
end you are almost willing for everyone to die, just so long as the
darn thing finishes!  (Along the way a few too many of the plot twists
are telegraphed well in advance: not a lot come as any surprise when
they do show up.)

An awful lot of people from NASA and other space institutions get
thanked.  In many areas careful research is evident.  A number of
astronomical, astrophysical, and cosmological facts are presented
correctly.  Readers of the RISKS-FORUM Digest would be quite happy
with the fact that it is small errors, in combination, that create the
biggest problems.  However, when the plot action starts happening, all
the careful research goes out the window.

A major factor in the plot are a number of "single stage to orbit"
spaceplanes.  The space station seems to have an inexhaustible supply
of fuel for them.  However, the idea behind an SSTO is that while it
uses a huge amount of fuel to get up, it needs almost nothing coming
down.  There just wouldn't be any reason to have that much fuel on

Now, despite what "BattleStar Galactica," "Starship Troopers," and
other quality training materials may show you, fireballs do not
billow, nor do clouds roll, in the vacuum of space.  Absent the fairly
minor curvatures imposed by gravity, and the effect of the odd
collision, everything in space moves in pretty straight lines,
including light, hot gases, and rocks of whatever size.  Shockwave
"fronts" do not exist in space.  Dodging debris would be a zero sum
game, since unless every piece had the same velocity, in which case
matching speed once would take care of everything, decreasing your
delta-V with respect to one chunk would tend to increase it with
respect to something else.

Also, having achieved the relative safety of earth orbit in concert
with some of the bits that were going your way would give scant
relief: shortly you would round the earth and start heading into a
bunch of stuff going the other direction.  Orbital dynamics is not a
real strong point in this book.  The biggest error, though, is granted
to the biggest piece of rock.  POSsible IMpactor number 38, dubbed
Possum in the book, makes two very exciting passes on an elliptic
orbit around the earth.  The first one is definitely east to west,
while orbit two is west to east ...

copyright Robert M. Slade, 1999   BKMONFAL.RVW   990612


Date: Thu, 17 Jun 1999 08:43:56 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 3--REVIEW: "Intrusion Detection", Edward G. Amoroso


"Intrusion Detection", Edward G. Amoroso, 1999, 0-9666700-7-8, U$49.95
%A   Edward G. Amoroso
%C   P. O. Box 78, Sparta, NJ   07871
%D   1999
%G   0-9666700-7-8
%I   Intrusion.Net Books
%O   U$49.95 973-448-1866 fax: 973-448-1868
%P   218 p.
%T   "Intrusion Detection"

This is not (very much not) to be confused with the identically named,
and almost equally recent, book by Escamilla (cf. BKINTRDT.RVW).
Where Escamilla's is basically a large brochure for various commercial
systems, Amoroso has specifically chosen to avoid products,
concentrating on concepts, and not a few technical details.  The text
is based on material for an advanced course in intrusion detection,
but is intended for administrators and system designers with a
security job to do.

Chapter one, after demonstrating that the term means different things
to different people, gives us an excellent, practical, real world
definition of intrusion detection.  This is used as the basis for an
examination of essential components and issues to be dealt with as the
book proceeds.  Five different processes for detecting intrusions are
discussed in chapter two.  Each method spawns a number of "case
studies," which, for Amoroso, means looking at how specific tools can
be used.  (This style is far more useful than the normal business case
studies that are long on who did what and very short on how.)
Intrusion detection architecture is reviewed in chapter three,
enlarging the conceptual model to produce an overall system.  Chapter
four defines intrusions in a way that may seem strange, until you
realize that it is a very functional description for building
detection rules.  The problem of determining identity on a TCP/IP
internetwork is discussed in chapter five, but while the topic is
relevant to intrusion detection, few answers are presented.
Correlating events is examined in chapter six.  Chapter seven looks at
setting traps, primarily from and information gathering perspective.
The book ends with a look at response in chapter eight.

The bibliography is, for once, annotated.  While I do not always agree
with Amoroso's assessments; I think he tends to give the benefit of
the doubt to some who primarily deliver sensation; the materials are
generally high quality resources from the field.  Books and online
texts are included, although the emphasis is on journal articles and
conference papers.

The content is readable and, although it seems odd to use the word in
relation to a security work, even fun.  I suppose, though, that I must
point out that your humble "worst copy editor in the entire world"
reviewer found a significant number of typographic errors.  (And some
that can't be put down to typos: I think you'll find that it's
"berferd" rather than "berford.")

This book works on a great many levels.  It provides an overall
framework for thinking about security.  It thoroughly explains the
concepts behind intrusion detection.  And it gives you some very
practical and useful advice for system protection for a variety of
operating systems and using a number of tools.  I can recommend this
to anyone interested in security, with the only proviso being that you
are going to get the most out of it if you are, indeed, responsible
for designing network protection.

copyright Robert M. Slade, 1999   BKINTDET.RVW   990423


Date: Fri, 18 Jun 1999 08:43:45 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 4--REVIEW: "Telecommunications: Glossary of Telecommunication Terms


"Telecommunications: Glossary of Telecommunication Terms", National
Communications System, 1996, FED-STD-1037C
%A   National Communications System Technology and Standards Division
%C   470 East L'Enfant Plaza SW, Suite 8100, Washington, DC   20407
%D   1996
%G   FED-STD-1037C
%I   General Services Administration Information Technology Section
%O   202-755-0325
%T   "Telecommunications: Glossary of Telecommunication Terms"

This is, of course, the standard.  Or, one of the standards, anyway.
Government issue, definition by committee, no frills.

As opposed to works oriented to business or the general public, frills
would seem to include computer terms.  Other than those strictly
related to data communications or networking, computer hardware and
software is noticeable by its absence.  There is a solid presence for
radio technology, and telephony gets good coverage as well.  Military
jargon spawns a number of entries, including some initially surprising
expressions like "air portable."  There is fair representation from
the engineering and scientific side of things.

The definitions are generally sound, although not necessarily easy.
It's very hard to find outright errors, although awkward constructions
are common.  This is more of a reference for professionals than a
guide for newcomers: if you didn't know what the technology meant
coming in, the definitions here aren't likely to give you much help.

(The listing for virus isn't great, but it isn't too bad.)

This glossary does share one great advantage with Shnier's "Computer
Dictionary" (cf. BKCMPDCT.RVW): it's available online at  The user interface is a bit
idiosyncratic, but it does work.

copyright Robert M. Slade, 1999   BKGLTLTM.RVW   990611


Date: Tue, 22 Jun 1999 08:37:10 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 5--REVIEW: "Securing Java", Gary McGraw/Edward W. Felten


"Securing Java", Gary McGraw/Edward W. Felten, 1999, 0-471-31952-X,
%A   Gary McGraw
%A   Edward W. Felten
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   1999
%G   0-471-31952-X
%I   John Wiley & Sons, Inc.
%O   U$34.99/C$54.50 416-236-4433 fax: 416-236-4448
%P   324 p.
%T   "Securing Java: Getting Down to Business with Mobile Code"

Unlike Oaks "Java Security" (cf. BKJAVASC.RVW), this book concentrates
on Java in the popular perception: as a means of providing active code
on the Web.  As such it is intended not simply for techies, but also
for dedicated users.

Chapter one provides a readily accessible backgrounder, covering
portability, the Internet, the Web, active content, security risks,
other active content systems, and a rough outline of the Java security
model with particular regard to applets.  The original Java applet
security model, or "sandbox," is covered in chapter two.  The security
model is now complicated by signed code, and chapter three points out
the changes made.  Chapter four outlines a number of malicious
applets, but also gives clear directions for disabling Java on both
the Netscape and Internet Explorer browsers.  The authors outline a
second class of hostile applets, in chapter five, that are intended to
breach system security and allow an attack to bypass normal security
mechanisms.  There are suggestions for improving the security model,
as well as a review of third party attempts to enhance it, in chapter
six.  (I was amused to see the slight lifting of the skirts of ICSA
[International Computer Security Association]: the history of the
outfit is a lot more interesting and convoluted even than is portrayed
here.)  Chapter seven is directed at programmers, but the advice
provided looks at practices and policies rather than APIs
(Applications Programming Interfaces) and chunks of sample code.  A
version of Java specifically designed for Smart Cards is available,
and chapter eight looks at its promises and problems.  A recap and
restatement of the major security issues in mobile code is given in
chapter nine.  Appendices provide a Java security FAQ, security
resource pointers, and directions on Java code signing.

The text is quite readable.  The authors have made a very serious
attempt to ensure that the book does not depend upon previous
technical background.  For the most part, they have succeeded.  The
diligent reader would be able to understand most of the concepts as
presented, even without having worked with computers or computer
security.  However, the key word is "diligent:" it *feels* like a
technical book, and newcomers to the topic may be put off by the

In addition, McGraw and Felten are careful to avoid any bias.  They
obviously feel that Java has some worthwhile security measures, but
admit to its faults and point out its shortcomings.  This makes the
book extremely useful: much more so than an uncritical paean of

An effective book on an important subject with a wide audience.  But
you don't have to take my word for it.  You can try before you buy.
The site does not simply contain a few press
releases and the errata, but has the whole text of the book online.  A
bold step.  (You can help justify it by then buying the book.)

copyright Robert M. Slade, 1999   BKSECJAV.RVW   990501


Date: Mon, 21 Jun 1999 08:31:15 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 6--REVIEW: "Computer Security", Dieter Gollmann


"Computer Security", Dieter Gollmann, 1999, 0-471-97844-2
%A   Dieter Gollmann
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   1999
%G   0-471-97844-2
%I   John Wiley & Sons, Inc.
%O   416-236-4433 fax: 416-236-4448
%P   320 p.
%T   "Computer Security"

Gollmann is fairly explicit in stating the intention and audience for
the book.  It is to be a text for a course, rather than a handbook,
encyclopedia, or history.  It is about computer security, rather than
information security in general, although there are sections on
computer network security and database security.  The objective of the
course for which it was prepared is to give students a sufficient
background to evaluate security products, rather than to address
issues of policy or risk analysis.  Thus the emphasis is on technical,
rather than managerial, aspects.

Part one lays the basic foundation for computer security.  Chapter one
outlines the fundamental vocabulary and concepts.  Authentication is
reviewed in chapter two.  Examples from both UNIX and NT are used, in
chapter three, to explain access control.  Chapter four's discussion
of security models requires a significant background in set theory,
but for a course this can be assumed as a prerequisite.
Considerations for hardware or operating system level security are
looked at in chapter five.

Part two examines security in the real world.  Chapter six provides a
good review of the UNIX security functions.  Security aspects of NT
are described in chapter seven, but the effective interaction of
rights and permissions is not clear (a failing shared by most NT
security texts).  A variety of ways in which security has failed are
detailed in chapter eight.  This concludes with a section on computer
viruses in quite different format and level of detail.  The reason for
this is not made clear, but I am willing to grant that most security
texts do not treat the subject as well.  Chapter nine talks about the
evaluation of security products, but concentrates on the formal
criteria laid down by governmental agencies.

Part three looks at distributed systems.  Chapter ten reviews specific
systems, such as Kerberos and CORBA (Common Object Request Broker
Architecture) security.  Specific known Web vulnerabilities are
effectively used to illustrate classes of threats in chapter eleven.
The explanation of cryptography in chapter twelve is nicely balanced
for mechanics; a full description without a morass of detail; but is
somewhat weaker on key management and cryptographic strength.  Network
security, in chapter thirteen, deals with implementation level topics
such as the IPSec (Internet Prototcol Security) protocols and

Part four deals with other aspects of security theory, primarily
related to databases.  Chapter fourteen and fifteen, respectively,
discuss basic and advanced database security concepts.  Problems of
concurrent access, with applications in transaction processing, are
examined in chapter sixteen.  Security concerns of the object-oriented
paradigm are raised in chapter seventeen.

In terms of readability, Gollmann's writing is not always fluid, but
it is always clear.  While intended as a class text, the book is, in
most parts, accessible to any intelligent reader.  The exercises
provided at the end of each chapter are not mere buzzword tests,
although most are more suitable for discussion starters than checks
for understanding.

The bibliography is not annotated, but the "Further Reading" section
at the end of each chapter helps make up for this shortcoming.  Having
to flip between two sections to find the referenced work is a bit
awkward, but not unduly so.

This is a very welcome addition to the general computer security


Date: Wed, 23 Jun 1999 08:17:56 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 7--REVIEW: "Information Ecologies", Bonnie A. Nardi/Vicki L. O'Day


"Information Ecologies", Bonnie A. Nardi/Vicki L. O'Day, 1999,
0-262-14066-7, U$27.50
%A   Bonnie A. Nardi
%A   Vicki L. O'Day
%C   55 Hayward Street, Cambridge, MA   02142-1399
%D   1999
%G   0-262-14066-7
%I   MIT Press
%O   U$27.50 800-356-0343 fax: 617-625-6660
%P   232 p.
%T   "Information Ecologies: Using Technology with Heart"

I have only the greatest sympathy for any attempt to ensure that
technology serves people, rather than the other way around.  This
book, however, adds almost nothing to the ongoing debate and work on
the subject.  And it is ongoing.  One of the more surprising features
of this text is the repeated implication that nobody else has ever
considered that there might be a middle path between uncritical
technophilia and rabid Neo-Luddism.

Part one of the work is entitled "Concepts and Reflections."  The
promised ideation is rather sparse, while the opining takes up the
bulk of the space.  Chapter one is a rather error filled (the book
actually contradicts itself on some points) description of Fritz
Lang's silent classic "Metropolis."  The main point of a rather
meandering chapter two seems to be the assertion that technology is
not "inevitable."  The metaphors of technology as a tool, text, and
system are examined in chapter three.  Unfortunately, while the models
do provide differing ways of looking at practices, the analysis is so
orthogonal that almost no useful comparisons can be made.  Chapter
four finally brings us to "information ecologies," but not in any
defining way.  The discussion feels like all too many discussions of
the "free market" system: new products influence the market, and the
market influences new products, and it all just sorta works, you know?
Deliberation about values, in chapter five, is undercut by the
immediate jump into the relativist camp.  Which makes the subsequent
insistence on "core" values rather ironic.  Chapter six does not,
therefore, provide any useful guidance on how to evolve an information

The "case studies" of part two does not help in any attempt to
understand what an information ecology might be.  While all of the
communities involved; libraries, MUDs (Multiple User Domains),
informal "help" networks, school courses, and teaching hospitals; use
technology, the descriptions provided deal strictly with social
interactions.  While some of these behaviours may be affected by
computers and new forms of communications (and, in some cases, may
require them), the analysis does *not* deal with differences between
traditional and "computer-aided" dialogues.  Indeed, in most cases the
fact of technology could be removed entirely from the essays, and it
wouldn't make any difference.  "Odd man out" in this section is a
chapter on the Internet.  This may be because of the demand that
information ecologies be somehow "local," which the net decidedly is
not.  A concluding chapter recapitulates the episodes of the book, but
does not help to clarify whatever concepts the authors intended to

copyright Robert M. Slade, 1999   BKINFECO.RVW   990512


Date: Thu, 24 Jun 1999 08:37:37 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 8--REVIEW: "Ripper", Michael Slade


"Ripper", Michael Slade, 1994, 0-451-17702-9, U$6.99
%A   Michael Slade
%C   10 Alcorn Ave, Suite 300, Toronto, Ontario, M4V 3B2
%D   1994
%G   0-451-17702-9
%I   Penguin/Signet
%O   U$6.99 416-925-2249 Fax: 416-925-0068
%P   416 p.
%T   "Ripper"

I did not expect Michael Slade to make it into this series.  Despite
the fact that "he" shares two of my names and my home town, I feel no
real kinship with what is, after all, the pseudonym of two Vancouver
lawyers.  There is also the fact that "Michael Slade" specializes in
horror, which has never been high on my "must read" list.

I must admit that, having read one of "his" books out of random
curiosity, I quite enjoyed it.  While the criminal activities are not
merely gruesome but positively twisted, at least there is some
research and not a little imagination involved.  The characterizations
are full and realistic, even down to the details of petty rivalries.
The plots are delightfully convoluted, with entire shoals of scarlet
herring, but almost scrupulously fair to the reader.

What gets the book into this series, as with most fictional entries,
is a mistake.  The plot hinges on the belief of a modern satanist
group that the murders of Jack the Ripper were part of an occult
ritual.  Plotting the four "canonical" murders; those which were,
without doubt, committed by the same person; it is determined that
they form a cross shape.  With some quick calculations, detailed in
the text, we find that the odds against this happening are 15,249,024
to one.  Obviously, this can't be random!

Unfortunately, innumeracy is common enough in our society for a lot of
people to believe this explanation.  In fact, the odds are that any
four randomly chosen points *will* form something of a cross shape.

In the book, it is suggested that you can determine the odds by
forming an eight by eight grid over the area you are examining.
However, the number of divisions in your grid depends upon how precise
you want to make it.  If you are simply looking for a cross shape, any
cross shape, then a two by two grid is more than ample.  Again, the
book advises that the odds of each murder happening in the "right"
place are one divided by the number of squares in the grid, and that
each successive approximation reduces the number of squares by one.
Thus, the odds are sixty four to one times sixty three to one times
sixty two to one times sixty one to one, giving the number above.

In fact, the first murder can take place anywhere.  Using a reasonably
sized scale, but demanding a fairly definitive cross shape, the second
murder can occur anywhere except in the first square.  (Actually, the
possibilities are slightly better than that, but for simplicity of
calculation we will forego some precision.)  Using the book's own
eight by eight grid would complicate the estimate, so we will reduce
it to the two by two.  The first murder can take place in any of the
four squares.  The second can occur in any of the three remaining, the
third in two of the four, and the last in only one.  Therefore the
odds reduce to four to four times four to three times four to two
times four to one, or odds of about ten to one for a very clear
example.  Well within the bounds of chance, and even more probable
when other directing factors are taken into account.

There is at least one other scientific error.  In a remake of
Christie's "And Then There Were None" (and the use of that plot does
rather give the game away), a vacuum equipped toilet is used as a
death trap.  Let us merely say that, a) most people don't sit on the
john in such a way as to create a vacuum seal, b) toilets have seats,
and thus airgaps, c) you'd need an awfully big vacuum tank, d) "Total
Recall" to the contrary, explosive decompression doesn't work that
fast, and e) by that point, everybody would be spooked enough to use a
chamber pot.

copyright Robert M. Slade, 1999   BKRIPPER.RVW   990612


Date: Fri, 25 Jun 1999 08:35:12 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 9--REVIEW: "Using TACT with Electronic Texts", Ian Lancashire


"Using TACT with Electronic Texts", Ian Lancashire, 1996,
0-87352-569-8, U$50.00
%A   Ian Lancashire
%C   10 Astor Place, New York, NY   10003-6981
%D   1996
%G   0-87352-569-8
%I   The Modern Language Association of America
%O   U$50.00 fax: 212-477-9863
%P   361 p. + CD-ROM
%T   "Using TACT with Electronic Texts"

TACT (Text-Analysis Computing Tools) is a suite of programs used to
produce data about literature for criticism and interpretation in
humanities studies.  This book is a manual for the programs, which
were developed by the Centre for Computing in the Humanities at the
University of Toronto, and appear to be distributed as freeware.  The
tools are based on the activity of concordancing, or finding all
occurrences of a term in a given piece of text.  The standard UNIX
tools of grep, sed, and awk will do the same thing.  How TACT differs
is very difficult to say.  The manual is not very forthcoming, seeming
to imply, by its lack of explanation, that if you don't know what the
tools do, you don't deserve to know.  Computer specific terms are
described and explained, but those to do with literature or technical
criticism are defined, if at all, in a circular and tautological

Chapter one outlines the different programs and what part of the
process they perform, but since the outcome isn't illustrated this
material is less than helpful to the newcomer.  The largest, and most
important, part of chapter two deals with the insertion of tags into a
text, but this section is incomplete, and no reference seems to exist
for the full set of tags that can be used.  The operation of Makebase
and Mergebas, used to create text databases in the proper format, is
described in chapter three.  The interactive analysis tool, Usebase,
is outlined in chapters four through seven.  Chapter eight reviews the
batch analysis programs.  Preprocessing programs are explained in
chapter nine, and postprocessing in chapter ten.  Chapter eleven
probably should have started the book, since it finally attempts to
talk about what TACT actually does, and even gives examples of use for
the UNIX tools mentioned earlier.  However, the material relies too
heavily on large works that have been accomplished by computerized
methods, without suggesting smaller questions and how they might be
approached.  A reference to the suite, explanation of the texts
included on the CD-ROM, and some other appendices are included.


Date: Mon, 28 Jun 1999 08:43:17 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 10--REVIEW: "The Human Equation", Jeffrey Pfeffer


"The Human Equation", Jeffrey Pfeffer, 1998, 0-87584-841-9, U$24.95
%A   Jeffrey Pfeffer
%C   60 Harvard Way, Boston MA   02163
%D   1998
%G   0-87584-841-9
%I   Harvard Business School Press
%O   U$24.95 800-545-7685 fax 617-496-8866
%P   345 p.
%T   "The Human Equation: Building Profits by Putting People First"

Management is hard.  It involves balancing a bewildering variety of
conflicting, or, at best, orthogonal factors.  The tenets resist
codification.  It has to deal with the least tractable objects in the
known universe: human beings.  And, management is important.  Good
management can make a business with the most mundane and
undifferentiated of products thrive: bad management can kill the most
desperately needed service.  With these two elements of consequence
and challenge, then, it is almost axiomatic that there will be a
market, and a large one, for books on management.

Given demand, of course, a supply rushes in to take advantage of it.
Therefore, we have a plethora of books on management, but, since
management is hard; and writing is hard; most of these books have
value only in the eyes of publicists and marketers.

A few stand out.  About forty years ago there was an article, rather
than a book, that rocked the business establishment.  It posited that
the traditional "Brand X" style of "show 'em who's boss" management
might be less effective than paying attention to your people.  Twenty
years later, a book tried to pursue the components of excellence, and
zeroed in on the rather neglected aspect of paying attention to
people.  Now, Pfeffer asserts that we can best build the bottom line
by paying attention to our people.  It's often been said that we
require much more reminding than we ever need teaching.

This book will be a classic.  Get it, read it, and implement it now,
in order to take the greatest advantage over the longest time.

With respect to those of us who do actual reviews, rather than merely
reprinting recycled press releases, it is often felt that we somehow
enjoy ripping a book (or other item) to shreds.  The plain fact is
that it is a lot easier to review a bad product than a good one.
Identifying and pointing out flaws is fairly easy, and so a bad
product gives you a lot more material to write about.  But, while we
can all spot a goof, how do you explain greatness?  What do you say,
beyond, "This is a good book.  Buy it."

Interestingly, Pfeffer writes something to this effect in chapter
four, while pointing out some of the tragically flawed beliefs and
practices of modern business.  He notes that the formal evaluation
process, so beloved of management, requires that experts explain their
conclusions to non-experts.  However, experts make decisions based on
accumulated experience and an almost intuitive level of knowledge.
This reasoning generally cannot be explained to novices, who can only
rely on common knowledge.  The explanation, therefore, must proceed at
the novice level.  As the old saw has it, if you can tell the
difference between good advice and bad advice, you don't need any
advice.  If an institution has need of expert advice, then the
organization obviously does not command the expertise to fully
evaluate that advice.  The requirement to have the expert explain
conclusions means that easy, and therefore unimportant, decisions can
be easily explained, while more complicated, and significant,
resolutions will be much harder to explain, and thus have less chance
of survival.

Those, then, who have been kind enough to grant me "expert" status in
this reviewing game will probably have already left for the bookstore,
and I rather suspect that they will be the ones to benefit most from
Pfeffer's book.  For the audience now remaining, I will attempt to
convince you, as well.

The author's attitude to his own book is very interesting.  While
Pfeffer believes in what he is saying, he is well aware that what he
writes is not going to make for actual organizational change, in most
cases.  Only half will believe in what he says; of the half that
believe, only half will make more than a token effort at change; of
the quarter who believe and try to make significant changes, only half
will let the experiment run long enough to see results.  (However, his
admission of this reality doesn't appear until the end of chapter one,
and a note that many managers may not be in a position even to try the
program is almost the last point in the entire book.)  Nevertheless,
the author's mildly gloomy perception forms the structure of the book:
part one outlines people-centred management, while part two examines
all the barriers arrayed against those who would try it.

Chapter one looks at the received business wisdom about "going
global," becoming "lean and mean," and "re-inventing" the corporation-
-and, through citation of extensive business studies, shows that the
common body of knowledge is all wrong.  (It's a bit like "Four Days
with Dr. Deming" [cf. BKDEMING.RVW] with somewhat more authority.)
The real heart of part one is probably the business case, supported by
studies, for managing people properly, in chapter two.  The outline
for people-centred, high performance, or high commitment management is
given in chapter three.  While training, team organization, job
security, and elimination of status distinctions all play a part in
the practice, the material is more of a series of examples since
people-orientation, almost by definition, resists definition.  Chapter
four notes that it is not good enough to talk the talk: you also have
to walk the walk.

Chapter five is almost chapter one in more detail, showing how modern
(and particularly American) management training has concentrated on
financial metrics to the detriment of overall regulation, and often to
the disadvantage of business.  The lack of job security is clearly
shown, in chapter six,  to be behind the loss of employee loyalty.
Common mistakes in pay rate considerations are reviewed in chapter
seven.  Unions are not bashed in chapter eight.  Perhaps the most
startling material is that in chapter nine, noting a place for public
policy.  The final chapter is a summary.

What differentiates Pfeffer's tome from a number of texts with similar
theses is that he moves out of the rationalistic realm; analyzing why
doing good should make you do well; and into the area of empirical
facts.  The work relies very heavily on great volumes of hard, cold
business studies that show first, how traditional management practices
fail, and then, how humane methods improve the bottom line.  In most
cases the studies are not merely cited for results; enough of the
method is given for the intelligent reader to determine whether the
study should be accepted as valid or not.  Anecdotal examples are
given as well, but they serve merely to illustrate points already well
supported.  Logical models are not abandoned, but they are used to
explain already established facts, instead of attempting to prove

Another aspect that makes a good book more difficult to review is that
there is more to it, and therefore, it takes more time to read.  There
is a lot more "meat" to this work as compared to a great many
management tomes--much greater conceptual and informational density.
This is what a book should be.  The fact that we are surprised at the
richness and weight of Pfeffer's text is rather disturbing.  We
should, rather, be astonished at the fluff and lightness of so many of
its rivals.  (Although, truth to tell, it hasn't much competition.)

This book is not about quick fixes: Pfeffer frequently points out that
changing to a people-centred approach will not necessarily show
results even within one or two years.  This is not a management
cookbook: the material keeps repeating that proper management is a
hard task, and the benefit lies in your competition's unwillingness to
do it.  Decades of rapacious, short term, profit-taking mismanagement
have sadly damaged not just individual companies, but an entire
industrial and business base, with results as far reaching as the
current mythical technology labour shortage.  This volume is a
blueprint for the long, hard job of rebuilding needed to get back on
track--and an indication of the rewards for those willing to do the

copyright Robert M. Slade, 1999   BKHUMEQU.RVW   990530


Date: Tue, 29 Jun 1999 10:54:09 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" 
Subject: File 11--REVIEW: "GIS Standards and Standardization: A Handbook", UNESCAP


"GIS Standards and Standardization: A Handbook", UNESCAP, 1998,
%A   United Nations Economic and Social Commission for Asia and the
%C   New York
%D   1998
%G   92-1-119830-5
%I   United Nations
%P   124 p.
%T   "GIS Standards and Standardization: A Handbook"

The preface was written by an executive bureaucrat, so it doesn't say
much.  In fact, the entire book seems to have a rather high verbiage
to concept ratio.

Chapter one looks at the (very short) history and (very vague) theory
of geographic information systems (GIS).  Beyond the idea that it
involves information with some spatial component, not much is said.
Toward the end of the chapter there is a brief discussion of the
purpose of the book, but the stated purpose is simply to aid readers
in understanding GIS standards.  An examination of the notion of
standards is contained in chapter two, which gets very abstruse in
places.  The GIS "infrastructure," referred to in chapter three,
lists, without much overall structure, a variety of standards bodies.
More detailed descriptions of specific GIS standards bodies and groups
are given in chapter four.  While this begins to examine the
geographic information system topic, there is still no technical
material at all.  Finally, chapter five does start to look at
standards, and even here, half the chapter is spent on hardware
platforms, with the remaining material given over to a listing, with
little description, of a variety of mapping program formats.  We are
basically told to educate ourselves in chapter six.

Aside from the list of working groups in chapter four, and the list of
programs in the latter part of chapter five, I see very little content
in this book to be of use to anyone.  (For the first time, it appears
that both Amazon and Chapters agree with me: neither of them lists the
book at all.  Barnes and Noble does list the volume, but only as a
special order.)

copyright Robert M. Slade, 1999   BKGISSSH.RVW   990506


Date: Sun, 10 Jan 1999 22:51:01 CST
From: CuD Moderators 
Subject: File 12--Cu Digest Header Info (unchanged since 10 Jan, 1999)

Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost electronically.

CuD is available as a Usenet newsgroup:

Or, to subscribe, send post with this in the "Subject:: line:

Send the message to:


The editors may be contacted by voice (815-753-6436), fax (815-753-6302)
or U.S. mail at:  Jim Thomas, Department of Sociology, NIU, DeKalb, IL
60115, USA.

To UNSUB, send a one-line message:   UNSUB CU-DIGEST
(NOTE: The address you unsub must correspond to your From: line)

The mailing list is automated, so no human lies at the other end.

CuD is readily accessible from the Net:
  UNITED STATES: ( in /pub/CuD/CuD
    Web-accessible from:
         ( in /pub/Publications/CuD/
         in /doc/EFF/Publications/CuD/
  EUROPE: in pub/cud/ (United Kingdom)

The most recent issues of CuD can be obtained from the
Cu Digest WWW site at:

Readers wishing to auto-set their browsers to receive the
latest issue of CuD can point to:

COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views.  CuD material may  be reprinted for non-profit as long
as the source is cited. Authors hold a presumptive copyright, and
they should be contacted for reprint permission.  It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified.  Readers are encouraged to submit reasoned articles
relating to computer culture and communication.  Articles are
preferred to short responses.  Please avoid quoting previous posts
unless absolutely necessary.

DISCLAIMER: The views represented herein do not necessarily represent
            the views of the moderators. Digest contributors assume all
            responsibility for ensuring that articles submitted do not
            violate copyright protections.


End of Computer Underground Digest #11.30

<--">Return to the Cu Digest homepage

Page maintained by: Jim Thomas -