Computer underground Digest Mon 5 July, 1999 Volume 11 : Issue 30 ISSN 1004-042X Editor: Jim Thomas (email@example.com) News Editor: Gordon Meyer (firstname.lastname@example.org) Archivist: Brendan Kehoe Croupy Editor: Etaion Shrdlu, III Shadow-Archivists: Dan Carosone / Paul Southworth Ralph Sims / Jyrki Kuoppala Ian Dickinson Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #11.30 (Mon, 5 July, 1999) File 1--REVIEW: "Corporate Espionage", Ira Winkler File 2--REVIEW: "Moonfall", Jack McDevitt File 3--REVIEW: "Intrusion Detection", Edward G. Amoroso File 4--REVIEW: "Telecommunications: Glossary of Telecommunication Terms File 5--REVIEW: "Securing Java", Gary McGraw/Edward W. Felten File 6--REVIEW: "Computer Security", Dieter Gollmann File 7--REVIEW: "Information Ecologies", Bonnie A. Nardi/Vicki L. O'Day File 8--REVIEW: "Ripper", Michael Slade File 9--REVIEW: "Using TACT with Electronic Texts", Ian Lancashire File 10--REVIEW: "The Human Equation", Jeffrey Pfeffer File 11--REVIEW: "GIS Standards and Standardization: A Handbook", UNESCAP File 12--Cu Digest Header Info (unchanged since 10 Jan, 1999) CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION APPEARS IN THE CONCLUDING FILE AT THE END OF EACH ISSUE. TO UNSUB OR CHANGE ADDRESS, SEE ADMINISTRAVIA IN CONCLUDING FILE --------------------------------------------------------------------- Date: Tue, 15 Jun 1999 08:39:25 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor"
Subject: File 1--REVIEW: "Corporate Espionage", Ira Winkler BKCRPESP.RVW 990424 "Corporate Espionage", Ira Winkler, 1997, 0-7615-0840-6, U$26.00/C$34.95 %A Ira Winkler %C 3875 Atherton Road, Rocklin, CA 95765-3716 %D 1997 %G 0-7615-0840-6 %I Prima Publishing %O U$26.00/C$34.95 800-632-8676 916-632-4400 fax: 916-632-1232 %P 365 p. %T "Corporate Espionage" This readable and realistic guide to becoming professionally paranoid has a special emphasis on data security and high tech companies, but can be very useful to pretty much anyone. Part one looks at espionage concepts. Chapter one, and the introduction that precedes it, points out that information is one of the primary sources of value in any business. Chapters two through five look at the basic ideas for any examination of data security, those of risk, value, threat, and vulnerability. Presented in terms, and with examples, that anyone can understand, they nevertheless form the foundation for examining security and protection for computer and communications systems as well as the sales "red book" for next quarter. Part two presents a variety of case studies. Winkler concentrates on the non-technical, relatively simple, and devastatingly effective "social engineering" aspect of break-ins. Chapter six is a compilation of tactics used in various penetration tests. One particular test is outlined in chapter seven. Chapters eight to eleven detail actual espionage cases carried out by foreign companies. A different penetration test is presented in chapter twelve. A third party account of a "crack" is discussed in chapter thirteen. Part three outlines what you can do to protect yourself. Chapter fourteen describes a significant list of countermeasures to take, starting with an effective education program. Finally, chapter fifteen presents a large scale program for overall security. This book is very down to earth, and very real. Unlike any number of "hacker" books, it doesn't attempt to impress the reader with displays of arcane knowledge: it doesn't have to. Technical details are almost non-existent, making the text an excellent choice for use in educating any level or type of employee on the need for security. copyright Robert M. Slade, 1999 BKCRPESP.RVW 990424 ------------------------------ Date: Wed, 16 Jun 1999 08:32:23 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 2--REVIEW: "Moonfall", Jack McDevitt BKMONFAL.RVW 990612 "Moonfall", Jack McDevitt, 1998, 0-06-105112-8, U$6.50/C$8.50 %A Jack McDevitt %C 10 East 53rd Street, New York, NY 10022-5299 %D 1998 %G 0-06-105112-8 %I HarperCollins/Basic Books %O U$6.50/C$8.50 fax: 212-207-7433 fax: 212-207-7222 %P 544 p. %T "Moonfall" Watch out! It's a comet, come to wipe out ... no, not the earth. Just the moon. Then bits of the *moon* wipe out the earth. Wonderfully sympathetic characters. Interesting twist on an old premise. A bit *too* much tension: by the time the hero survives the cataclysm you begin to wonder why half the book is left, and by the end you are almost willing for everyone to die, just so long as the darn thing finishes! (Along the way a few too many of the plot twists are telegraphed well in advance: not a lot come as any surprise when they do show up.) An awful lot of people from NASA and other space institutions get thanked. In many areas careful research is evident. A number of astronomical, astrophysical, and cosmological facts are presented correctly. Readers of the RISKS-FORUM Digest would be quite happy with the fact that it is small errors, in combination, that create the biggest problems. However, when the plot action starts happening, all the careful research goes out the window. A major factor in the plot are a number of "single stage to orbit" spaceplanes. The space station seems to have an inexhaustible supply of fuel for them. However, the idea behind an SSTO is that while it uses a huge amount of fuel to get up, it needs almost nothing coming down. There just wouldn't be any reason to have that much fuel on hand. Now, despite what "BattleStar Galactica," "Starship Troopers," and other quality training materials may show you, fireballs do not billow, nor do clouds roll, in the vacuum of space. Absent the fairly minor curvatures imposed by gravity, and the effect of the odd collision, everything in space moves in pretty straight lines, including light, hot gases, and rocks of whatever size. Shockwave "fronts" do not exist in space. Dodging debris would be a zero sum game, since unless every piece had the same velocity, in which case matching speed once would take care of everything, decreasing your delta-V with respect to one chunk would tend to increase it with respect to something else. Also, having achieved the relative safety of earth orbit in concert with some of the bits that were going your way would give scant relief: shortly you would round the earth and start heading into a bunch of stuff going the other direction. Orbital dynamics is not a real strong point in this book. The biggest error, though, is granted to the biggest piece of rock. POSsible IMpactor number 38, dubbed Possum in the book, makes two very exciting passes on an elliptic orbit around the earth. The first one is definitely east to west, while orbit two is west to east ... copyright Robert M. Slade, 1999 BKMONFAL.RVW 990612 ------------------------------ Date: Thu, 17 Jun 1999 08:43:56 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 3--REVIEW: "Intrusion Detection", Edward G. Amoroso BKINTDET.RVW 990423 "Intrusion Detection", Edward G. Amoroso, 1999, 0-9666700-7-8, U$49.95 %A Edward G. Amoroso email@example.com %C P. O. Box 78, Sparta, NJ 07871 %D 1999 %G 0-9666700-7-8 %I Intrusion.Net Books %O U$49.95 973-448-1866 fax: 973-448-1868 firstname.lastname@example.org %P 218 p. %T "Intrusion Detection" This is not (very much not) to be confused with the identically named, and almost equally recent, book by Escamilla (cf. BKINTRDT.RVW). Where Escamilla's is basically a large brochure for various commercial systems, Amoroso has specifically chosen to avoid products, concentrating on concepts, and not a few technical details. The text is based on material for an advanced course in intrusion detection, but is intended for administrators and system designers with a security job to do. Chapter one, after demonstrating that the term means different things to different people, gives us an excellent, practical, real world definition of intrusion detection. This is used as the basis for an examination of essential components and issues to be dealt with as the book proceeds. Five different processes for detecting intrusions are discussed in chapter two. Each method spawns a number of "case studies," which, for Amoroso, means looking at how specific tools can be used. (This style is far more useful than the normal business case studies that are long on who did what and very short on how.) Intrusion detection architecture is reviewed in chapter three, enlarging the conceptual model to produce an overall system. Chapter four defines intrusions in a way that may seem strange, until you realize that it is a very functional description for building detection rules. The problem of determining identity on a TCP/IP internetwork is discussed in chapter five, but while the topic is relevant to intrusion detection, few answers are presented. Correlating events is examined in chapter six. Chapter seven looks at setting traps, primarily from and information gathering perspective. The book ends with a look at response in chapter eight. The bibliography is, for once, annotated. While I do not always agree with Amoroso's assessments; I think he tends to give the benefit of the doubt to some who primarily deliver sensation; the materials are generally high quality resources from the field. Books and online texts are included, although the emphasis is on journal articles and conference papers. The content is readable and, although it seems odd to use the word in relation to a security work, even fun. I suppose, though, that I must point out that your humble "worst copy editor in the entire world" reviewer found a significant number of typographic errors. (And some that can't be put down to typos: I think you'll find that it's "berferd" rather than "berford.") This book works on a great many levels. It provides an overall framework for thinking about security. It thoroughly explains the concepts behind intrusion detection. And it gives you some very practical and useful advice for system protection for a variety of operating systems and using a number of tools. I can recommend this to anyone interested in security, with the only proviso being that you are going to get the most out of it if you are, indeed, responsible for designing network protection. copyright Robert M. Slade, 1999 BKINTDET.RVW 990423 ------------------------------ Date: Fri, 18 Jun 1999 08:43:45 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 4--REVIEW: "Telecommunications: Glossary of Telecommunication Terms BKGLTLTM.RVW 990611 "Telecommunications: Glossary of Telecommunication Terms", National Communications System, 1996, FED-STD-1037C %A National Communications System Technology and Standards Division %C 470 East L'Enfant Plaza SW, Suite 8100, Washington, DC 20407 %D 1996 %G FED-STD-1037C %I General Services Administration Information Technology Section %O 202-755-0325 %T "Telecommunications: Glossary of Telecommunication Terms" This is, of course, the standard. Or, one of the standards, anyway. Government issue, definition by committee, no frills. As opposed to works oriented to business or the general public, frills would seem to include computer terms. Other than those strictly related to data communications or networking, computer hardware and software is noticeable by its absence. There is a solid presence for radio technology, and telephony gets good coverage as well. Military jargon spawns a number of entries, including some initially surprising expressions like "air portable." There is fair representation from the engineering and scientific side of things. The definitions are generally sound, although not necessarily easy. It's very hard to find outright errors, although awkward constructions are common. This is more of a reference for professionals than a guide for newcomers: if you didn't know what the technology meant coming in, the definitions here aren't likely to give you much help. (The listing for virus isn't great, but it isn't too bad.) This glossary does share one great advantage with Shnier's "Computer Dictionary" (cf. BKCMPDCT.RVW): it's available online at http://ntia.its.bldrdoc.gov/fs-1037/. The user interface is a bit idiosyncratic, but it does work. copyright Robert M. Slade, 1999 BKGLTLTM.RVW 990611 ------------------------------ Date: Tue, 22 Jun 1999 08:37:10 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 5--REVIEW: "Securing Java", Gary McGraw/Edward W. Felten BKSECJAV.RVW 990501 "Securing Java", Gary McGraw/Edward W. Felten, 1999, 0-471-31952-X, U$34.99/C$54.50 %A Gary McGraw email@example.com %A Edward W. Felten firstname.lastname@example.org %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 1999 %G 0-471-31952-X %I John Wiley & Sons, Inc. %O U$34.99/C$54.50 416-236-4433 fax: 416-236-4448 email@example.com %P 324 p. %T "Securing Java: Getting Down to Business with Mobile Code" Unlike Oaks "Java Security" (cf. BKJAVASC.RVW), this book concentrates on Java in the popular perception: as a means of providing active code on the Web. As such it is intended not simply for techies, but also for dedicated users. Chapter one provides a readily accessible backgrounder, covering portability, the Internet, the Web, active content, security risks, other active content systems, and a rough outline of the Java security model with particular regard to applets. The original Java applet security model, or "sandbox," is covered in chapter two. The security model is now complicated by signed code, and chapter three points out the changes made. Chapter four outlines a number of malicious applets, but also gives clear directions for disabling Java on both the Netscape and Internet Explorer browsers. The authors outline a second class of hostile applets, in chapter five, that are intended to breach system security and allow an attack to bypass normal security mechanisms. There are suggestions for improving the security model, as well as a review of third party attempts to enhance it, in chapter six. (I was amused to see the slight lifting of the skirts of ICSA [International Computer Security Association]: the history of the outfit is a lot more interesting and convoluted even than is portrayed here.) Chapter seven is directed at programmers, but the advice provided looks at practices and policies rather than APIs (Applications Programming Interfaces) and chunks of sample code. A version of Java specifically designed for Smart Cards is available, and chapter eight looks at its promises and problems. A recap and restatement of the major security issues in mobile code is given in chapter nine. Appendices provide a Java security FAQ, security resource pointers, and directions on Java code signing. The text is quite readable. The authors have made a very serious attempt to ensure that the book does not depend upon previous technical background. For the most part, they have succeeded. The diligent reader would be able to understand most of the concepts as presented, even without having worked with computers or computer security. However, the key word is "diligent:" it *feels* like a technical book, and newcomers to the topic may be put off by the style. In addition, McGraw and Felten are careful to avoid any bias. They obviously feel that Java has some worthwhile security measures, but admit to its faults and point out its shortcomings. This makes the book extremely useful: much more so than an uncritical paean of praise. An effective book on an important subject with a wide audience. But you don't have to take my word for it. You can try before you buy. The www.securingjava.com site does not simply contain a few press releases and the errata, but has the whole text of the book online. A bold step. (You can help justify it by then buying the book.) copyright Robert M. Slade, 1999 BKSECJAV.RVW 990501 ------------------------------ Date: Mon, 21 Jun 1999 08:31:15 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 6--REVIEW: "Computer Security", Dieter Gollmann BKCOMPSC.RVW 990430 "Computer Security", Dieter Gollmann, 1999, 0-471-97844-2 %A Dieter Gollmann %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 1999 %G 0-471-97844-2 %I John Wiley & Sons, Inc. %O 416-236-4433 fax: 416-236-4448 firstname.lastname@example.org %P 320 p. %T "Computer Security" Gollmann is fairly explicit in stating the intention and audience for the book. It is to be a text for a course, rather than a handbook, encyclopedia, or history. It is about computer security, rather than information security in general, although there are sections on computer network security and database security. The objective of the course for which it was prepared is to give students a sufficient background to evaluate security products, rather than to address issues of policy or risk analysis. Thus the emphasis is on technical, rather than managerial, aspects. Part one lays the basic foundation for computer security. Chapter one outlines the fundamental vocabulary and concepts. Authentication is reviewed in chapter two. Examples from both UNIX and NT are used, in chapter three, to explain access control. Chapter four's discussion of security models requires a significant background in set theory, but for a course this can be assumed as a prerequisite. Considerations for hardware or operating system level security are looked at in chapter five. Part two examines security in the real world. Chapter six provides a good review of the UNIX security functions. Security aspects of NT are described in chapter seven, but the effective interaction of rights and permissions is not clear (a failing shared by most NT security texts). A variety of ways in which security has failed are detailed in chapter eight. This concludes with a section on computer viruses in quite different format and level of detail. The reason for this is not made clear, but I am willing to grant that most security texts do not treat the subject as well. Chapter nine talks about the evaluation of security products, but concentrates on the formal criteria laid down by governmental agencies. Part three looks at distributed systems. Chapter ten reviews specific systems, such as Kerberos and CORBA (Common Object Request Broker Architecture) security. Specific known Web vulnerabilities are effectively used to illustrate classes of threats in chapter eleven. The explanation of cryptography in chapter twelve is nicely balanced for mechanics; a full description without a morass of detail; but is somewhat weaker on key management and cryptographic strength. Network security, in chapter thirteen, deals with implementation level topics such as the IPSec (Internet Prototcol Security) protocols and firewalls. Part four deals with other aspects of security theory, primarily related to databases. Chapter fourteen and fifteen, respectively, discuss basic and advanced database security concepts. Problems of concurrent access, with applications in transaction processing, are examined in chapter sixteen. Security concerns of the object-oriented paradigm are raised in chapter seventeen. In terms of readability, Gollmann's writing is not always fluid, but it is always clear. While intended as a class text, the book is, in most parts, accessible to any intelligent reader. The exercises provided at the end of each chapter are not mere buzzword tests, although most are more suitable for discussion starters than checks for understanding. The bibliography is not annotated, but the "Further Reading" section at the end of each chapter helps make up for this shortcoming. Having to flip between two sections to find the referenced work is a bit awkward, but not unduly so. This is a very welcome addition to the general computer security bookshelf. ------------------------------ Date: Wed, 23 Jun 1999 08:17:56 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 7--REVIEW: "Information Ecologies", Bonnie A. Nardi/Vicki L. O'Day BKINFECO.RVW 990512 "Information Ecologies", Bonnie A. Nardi/Vicki L. O'Day, 1999, 0-262-14066-7, U$27.50 %A Bonnie A. Nardi %A Vicki L. O'Day %C 55 Hayward Street, Cambridge, MA 02142-1399 %D 1999 %G 0-262-14066-7 %I MIT Press %O U$27.50 800-356-0343 fax: 617-625-6660 www-mitpress.mit.edu %P 232 p. %T "Information Ecologies: Using Technology with Heart" I have only the greatest sympathy for any attempt to ensure that technology serves people, rather than the other way around. This book, however, adds almost nothing to the ongoing debate and work on the subject. And it is ongoing. One of the more surprising features of this text is the repeated implication that nobody else has ever considered that there might be a middle path between uncritical technophilia and rabid Neo-Luddism. Part one of the work is entitled "Concepts and Reflections." The promised ideation is rather sparse, while the opining takes up the bulk of the space. Chapter one is a rather error filled (the book actually contradicts itself on some points) description of Fritz Lang's silent classic "Metropolis." The main point of a rather meandering chapter two seems to be the assertion that technology is not "inevitable." The metaphors of technology as a tool, text, and system are examined in chapter three. Unfortunately, while the models do provide differing ways of looking at practices, the analysis is so orthogonal that almost no useful comparisons can be made. Chapter four finally brings us to "information ecologies," but not in any defining way. The discussion feels like all too many discussions of the "free market" system: new products influence the market, and the market influences new products, and it all just sorta works, you know? Deliberation about values, in chapter five, is undercut by the immediate jump into the relativist camp. Which makes the subsequent insistence on "core" values rather ironic. Chapter six does not, therefore, provide any useful guidance on how to evolve an information ecology. The "case studies" of part two does not help in any attempt to understand what an information ecology might be. While all of the communities involved; libraries, MUDs (Multiple User Domains), informal "help" networks, school courses, and teaching hospitals; use technology, the descriptions provided deal strictly with social interactions. While some of these behaviours may be affected by computers and new forms of communications (and, in some cases, may require them), the analysis does *not* deal with differences between traditional and "computer-aided" dialogues. Indeed, in most cases the fact of technology could be removed entirely from the essays, and it wouldn't make any difference. "Odd man out" in this section is a chapter on the Internet. This may be because of the demand that information ecologies be somehow "local," which the net decidedly is not. A concluding chapter recapitulates the episodes of the book, but does not help to clarify whatever concepts the authors intended to present. copyright Robert M. Slade, 1999 BKINFECO.RVW 990512 ------------------------------ Date: Thu, 24 Jun 1999 08:37:37 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 8--REVIEW: "Ripper", Michael Slade BKRIPPER.RVW 990612 "Ripper", Michael Slade, 1994, 0-451-17702-9, U$6.99 %A Michael Slade %C 10 Alcorn Ave, Suite 300, Toronto, Ontario, M4V 3B2 %D 1994 %G 0-451-17702-9 %I Penguin/Signet %O U$6.99 416-925-2249 Fax: 416-925-0068 email@example.com %P 416 p. %T "Ripper" I did not expect Michael Slade to make it into this series. Despite the fact that "he" shares two of my names and my home town, I feel no real kinship with what is, after all, the pseudonym of two Vancouver lawyers. There is also the fact that "Michael Slade" specializes in horror, which has never been high on my "must read" list. I must admit that, having read one of "his" books out of random curiosity, I quite enjoyed it. While the criminal activities are not merely gruesome but positively twisted, at least there is some research and not a little imagination involved. The characterizations are full and realistic, even down to the details of petty rivalries. The plots are delightfully convoluted, with entire shoals of scarlet herring, but almost scrupulously fair to the reader. What gets the book into this series, as with most fictional entries, is a mistake. The plot hinges on the belief of a modern satanist group that the murders of Jack the Ripper were part of an occult ritual. Plotting the four "canonical" murders; those which were, without doubt, committed by the same person; it is determined that they form a cross shape. With some quick calculations, detailed in the text, we find that the odds against this happening are 15,249,024 to one. Obviously, this can't be random! Unfortunately, innumeracy is common enough in our society for a lot of people to believe this explanation. In fact, the odds are that any four randomly chosen points *will* form something of a cross shape. In the book, it is suggested that you can determine the odds by forming an eight by eight grid over the area you are examining. However, the number of divisions in your grid depends upon how precise you want to make it. If you are simply looking for a cross shape, any cross shape, then a two by two grid is more than ample. Again, the book advises that the odds of each murder happening in the "right" place are one divided by the number of squares in the grid, and that each successive approximation reduces the number of squares by one. Thus, the odds are sixty four to one times sixty three to one times sixty two to one times sixty one to one, giving the number above. In fact, the first murder can take place anywhere. Using a reasonably sized scale, but demanding a fairly definitive cross shape, the second murder can occur anywhere except in the first square. (Actually, the possibilities are slightly better than that, but for simplicity of calculation we will forego some precision.) Using the book's own eight by eight grid would complicate the estimate, so we will reduce it to the two by two. The first murder can take place in any of the four squares. The second can occur in any of the three remaining, the third in two of the four, and the last in only one. Therefore the odds reduce to four to four times four to three times four to two times four to one, or odds of about ten to one for a very clear example. Well within the bounds of chance, and even more probable when other directing factors are taken into account. There is at least one other scientific error. In a remake of Christie's "And Then There Were None" (and the use of that plot does rather give the game away), a vacuum equipped toilet is used as a death trap. Let us merely say that, a) most people don't sit on the john in such a way as to create a vacuum seal, b) toilets have seats, and thus airgaps, c) you'd need an awfully big vacuum tank, d) "Total Recall" to the contrary, explosive decompression doesn't work that fast, and e) by that point, everybody would be spooked enough to use a chamber pot. copyright Robert M. Slade, 1999 BKRIPPER.RVW 990612 ------------------------------ Date: Fri, 25 Jun 1999 08:35:12 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 9--REVIEW: "Using TACT with Electronic Texts", Ian Lancashire BKUTACTE.RVW 990613 "Using TACT with Electronic Texts", Ian Lancashire, 1996, 0-87352-569-8, U$50.00 %A Ian Lancashire %C 10 Astor Place, New York, NY 10003-6981 %D 1996 %G 0-87352-569-8 %I The Modern Language Association of America %O U$50.00 fax: 212-477-9863 firstname.lastname@example.org %P 361 p. + CD-ROM %T "Using TACT with Electronic Texts" TACT (Text-Analysis Computing Tools) is a suite of programs used to produce data about literature for criticism and interpretation in humanities studies. This book is a manual for the programs, which were developed by the Centre for Computing in the Humanities at the University of Toronto, and appear to be distributed as freeware. The tools are based on the activity of concordancing, or finding all occurrences of a term in a given piece of text. The standard UNIX tools of grep, sed, and awk will do the same thing. How TACT differs is very difficult to say. The manual is not very forthcoming, seeming to imply, by its lack of explanation, that if you don't know what the tools do, you don't deserve to know. Computer specific terms are described and explained, but those to do with literature or technical criticism are defined, if at all, in a circular and tautological manner. Chapter one outlines the different programs and what part of the process they perform, but since the outcome isn't illustrated this material is less than helpful to the newcomer. The largest, and most important, part of chapter two deals with the insertion of tags into a text, but this section is incomplete, and no reference seems to exist for the full set of tags that can be used. The operation of Makebase and Mergebas, used to create text databases in the proper format, is described in chapter three. The interactive analysis tool, Usebase, is outlined in chapters four through seven. Chapter eight reviews the batch analysis programs. Preprocessing programs are explained in chapter nine, and postprocessing in chapter ten. Chapter eleven probably should have started the book, since it finally attempts to talk about what TACT actually does, and even gives examples of use for the UNIX tools mentioned earlier. However, the material relies too heavily on large works that have been accomplished by computerized methods, without suggesting smaller questions and how they might be approached. A reference to the suite, explanation of the texts included on the CD-ROM, and some other appendices are included. ------------------------------ Date: Mon, 28 Jun 1999 08:43:17 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 10--REVIEW: "The Human Equation", Jeffrey Pfeffer BKHUMEQU.RVW 990530 "The Human Equation", Jeffrey Pfeffer, 1998, 0-87584-841-9, U$24.95 %A Jeffrey Pfeffer %C 60 Harvard Way, Boston MA 02163 %D 1998 %G 0-87584-841-9 %I Harvard Business School Press %O U$24.95 800-545-7685 fax 617-496-8866 http://www.hbsp.harvard.edu %P 345 p. %T "The Human Equation: Building Profits by Putting People First" Management is hard. It involves balancing a bewildering variety of conflicting, or, at best, orthogonal factors. The tenets resist codification. It has to deal with the least tractable objects in the known universe: human beings. And, management is important. Good management can make a business with the most mundane and undifferentiated of products thrive: bad management can kill the most desperately needed service. With these two elements of consequence and challenge, then, it is almost axiomatic that there will be a market, and a large one, for books on management. Given demand, of course, a supply rushes in to take advantage of it. Therefore, we have a plethora of books on management, but, since management is hard; and writing is hard; most of these books have value only in the eyes of publicists and marketers. A few stand out. About forty years ago there was an article, rather than a book, that rocked the business establishment. It posited that the traditional "Brand X" style of "show 'em who's boss" management might be less effective than paying attention to your people. Twenty years later, a book tried to pursue the components of excellence, and zeroed in on the rather neglected aspect of paying attention to people. Now, Pfeffer asserts that we can best build the bottom line by paying attention to our people. It's often been said that we require much more reminding than we ever need teaching. This book will be a classic. Get it, read it, and implement it now, in order to take the greatest advantage over the longest time. With respect to those of us who do actual reviews, rather than merely reprinting recycled press releases, it is often felt that we somehow enjoy ripping a book (or other item) to shreds. The plain fact is that it is a lot easier to review a bad product than a good one. Identifying and pointing out flaws is fairly easy, and so a bad product gives you a lot more material to write about. But, while we can all spot a goof, how do you explain greatness? What do you say, beyond, "This is a good book. Buy it." Interestingly, Pfeffer writes something to this effect in chapter four, while pointing out some of the tragically flawed beliefs and practices of modern business. He notes that the formal evaluation process, so beloved of management, requires that experts explain their conclusions to non-experts. However, experts make decisions based on accumulated experience and an almost intuitive level of knowledge. This reasoning generally cannot be explained to novices, who can only rely on common knowledge. The explanation, therefore, must proceed at the novice level. As the old saw has it, if you can tell the difference between good advice and bad advice, you don't need any advice. If an institution has need of expert advice, then the organization obviously does not command the expertise to fully evaluate that advice. The requirement to have the expert explain conclusions means that easy, and therefore unimportant, decisions can be easily explained, while more complicated, and significant, resolutions will be much harder to explain, and thus have less chance of survival. Those, then, who have been kind enough to grant me "expert" status in this reviewing game will probably have already left for the bookstore, and I rather suspect that they will be the ones to benefit most from Pfeffer's book. For the audience now remaining, I will attempt to convince you, as well. The author's attitude to his own book is very interesting. While Pfeffer believes in what he is saying, he is well aware that what he writes is not going to make for actual organizational change, in most cases. Only half will believe in what he says; of the half that believe, only half will make more than a token effort at change; of the quarter who believe and try to make significant changes, only half will let the experiment run long enough to see results. (However, his admission of this reality doesn't appear until the end of chapter one, and a note that many managers may not be in a position even to try the program is almost the last point in the entire book.) Nevertheless, the author's mildly gloomy perception forms the structure of the book: part one outlines people-centred management, while part two examines all the barriers arrayed against those who would try it. Chapter one looks at the received business wisdom about "going global," becoming "lean and mean," and "re-inventing" the corporation- -and, through citation of extensive business studies, shows that the common body of knowledge is all wrong. (It's a bit like "Four Days with Dr. Deming" [cf. BKDEMING.RVW] with somewhat more authority.) The real heart of part one is probably the business case, supported by studies, for managing people properly, in chapter two. The outline for people-centred, high performance, or high commitment management is given in chapter three. While training, team organization, job security, and elimination of status distinctions all play a part in the practice, the material is more of a series of examples since people-orientation, almost by definition, resists definition. Chapter four notes that it is not good enough to talk the talk: you also have to walk the walk. Chapter five is almost chapter one in more detail, showing how modern (and particularly American) management training has concentrated on financial metrics to the detriment of overall regulation, and often to the disadvantage of business. The lack of job security is clearly shown, in chapter six, to be behind the loss of employee loyalty. Common mistakes in pay rate considerations are reviewed in chapter seven. Unions are not bashed in chapter eight. Perhaps the most startling material is that in chapter nine, noting a place for public policy. The final chapter is a summary. What differentiates Pfeffer's tome from a number of texts with similar theses is that he moves out of the rationalistic realm; analyzing why doing good should make you do well; and into the area of empirical facts. The work relies very heavily on great volumes of hard, cold business studies that show first, how traditional management practices fail, and then, how humane methods improve the bottom line. In most cases the studies are not merely cited for results; enough of the method is given for the intelligent reader to determine whether the study should be accepted as valid or not. Anecdotal examples are given as well, but they serve merely to illustrate points already well supported. Logical models are not abandoned, but they are used to explain already established facts, instead of attempting to prove speculation. Another aspect that makes a good book more difficult to review is that there is more to it, and therefore, it takes more time to read. There is a lot more "meat" to this work as compared to a great many management tomes--much greater conceptual and informational density. This is what a book should be. The fact that we are surprised at the richness and weight of Pfeffer's text is rather disturbing. We should, rather, be astonished at the fluff and lightness of so many of its rivals. (Although, truth to tell, it hasn't much competition.) This book is not about quick fixes: Pfeffer frequently points out that changing to a people-centred approach will not necessarily show results even within one or two years. This is not a management cookbook: the material keeps repeating that proper management is a hard task, and the benefit lies in your competition's unwillingness to do it. Decades of rapacious, short term, profit-taking mismanagement have sadly damaged not just individual companies, but an entire industrial and business base, with results as far reaching as the current mythical technology labour shortage. This volume is a blueprint for the long, hard job of rebuilding needed to get back on track--and an indication of the rewards for those willing to do the work. copyright Robert M. Slade, 1999 BKHUMEQU.RVW 990530 ------------------------------ Date: Tue, 29 Jun 1999 10:54:09 -0800 From: "Rob Slade, doting grandpa of Ryan and Trevor" Subject: File 11--REVIEW: "GIS Standards and Standardization: A Handbook", UNESCAP BKGISSSH.RVW 990506 "GIS Standards and Standardization: A Handbook", UNESCAP, 1998, 92-1-119830-5 %A United Nations Economic and Social Commission for Asia and the Pacific %C New York %D 1998 %G 92-1-119830-5 %I United Nations %P 124 p. %T "GIS Standards and Standardization: A Handbook" The preface was written by an executive bureaucrat, so it doesn't say much. In fact, the entire book seems to have a rather high verbiage to concept ratio. Chapter one looks at the (very short) history and (very vague) theory of geographic information systems (GIS). Beyond the idea that it involves information with some spatial component, not much is said. Toward the end of the chapter there is a brief discussion of the purpose of the book, but the stated purpose is simply to aid readers in understanding GIS standards. An examination of the notion of standards is contained in chapter two, which gets very abstruse in places. The GIS "infrastructure," referred to in chapter three, lists, without much overall structure, a variety of standards bodies. More detailed descriptions of specific GIS standards bodies and groups are given in chapter four. While this begins to examine the geographic information system topic, there is still no technical material at all. Finally, chapter five does start to look at standards, and even here, half the chapter is spent on hardware platforms, with the remaining material given over to a listing, with little description, of a variety of mapping program formats. We are basically told to educate ourselves in chapter six. Aside from the list of working groups in chapter four, and the list of programs in the latter part of chapter five, I see very little content in this book to be of use to anyone. (For the first time, it appears that both Amazon and Chapters agree with me: neither of them lists the book at all. Barnes and Noble does list the volume, but only as a special order.) copyright Robert M. Slade, 1999 BKGISSSH.RVW 990506 ------------------------------ Date: Sun, 10 Jan 1999 22:51:01 CST From: CuD Moderators Subject: File 12--Cu Digest Header Info (unchanged since 10 Jan, 1999) Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are available at no cost electronically. CuD is available as a Usenet newsgroup: comp.society.cu-digest Or, to subscribe, send post with this in the "Subject:: line: SUBSCRIBE CU-DIGEST Send the message to: email@example.com DO NOT SEND SUBSCRIPTIONS TO THE MODERATORS. The editors may be contacted by voice (815-753-6436), fax (815-753-6302) or U.S. mail at: Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115, USA. To UNSUB, send a one-line message: UNSUB CU-DIGEST Send it to CU-DIGEST-REQUEST@WEBER.UCSD.EDU (NOTE: The address you unsub must correspond to your From: line) The mailing list is automated, so no human lies at the other end. CuD is readily accessible from the Net: UNITED STATES: ftp.etext.org (126.96.36.199) in /pub/CuD/CuD Web-accessible from: http://www.etext.org/CuD/CuD/ ftp.eff.org (188.8.131.52) in /pub/Publications/CuD/ wuarchive.wustl.edu in /doc/EFF/Publications/CuD/ EUROPE: ftp.warwick.ac.uk in pub/cud/ (United Kingdom) The most recent issues of CuD can be obtained from the Cu Digest WWW site at: URL: http://www.soci.niu.edu/~cudigest/ Readers wishing to auto-set their browsers to receive the latest issue of CuD can point to: http://www.soci.niu.edu/~cudigest/latest.txt COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. CuD material may be reprinted for non-profit as long as the source is cited. Authors hold a presumptive copyright, and they should be contacted for reprint permission. It is assumed that non-personal mail to the moderators may be reprinted unless otherwise specified. Readers are encouraged to submit reasoned articles relating to computer culture and communication. Articles are preferred to short responses. Please avoid quoting previous posts unless absolutely necessary. DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Digest contributors assume all responsibility for ensuring that articles submitted do not violate copyright protections. ------------------------------ End of Computer Underground Digest #11.30 ************************************
<--">Return to the Cu Digest homepage
Page maintained by: Jim Thomas - firstname.lastname@example.org