Category Archives: Reviews

Book Review: 21st Century C

I recently got back into C programming as part of my day job, and I decided to pick up a few books to refresh my memory. 21st Century C by Ben Klemens wasn’t quite what I was looking for, but it caught my eye due to the unusual title, if nothing else. People assume that C is an ossified language from an earlier time, but the author’s bold contention is that much has changed in the last decade or so (primarily with the 1999 ISO standard update) and that there is plenty new to learn. It’s an intriguing idea, but does it live up to reality?

Klemens is certainly right that most people haven’t kept up to date with the changes to the C standards. However, there’s a very good reason for that: most people who are using C professionally are doing it in environments where there isn’t a choice. The only new projects for which C is an appealing choice are cases where the code needs to compile on legacy platforms. Perhaps some projects that are using C for historical reasons could update, but there’s usually a lot of resistance to changing idioms while maintaining legacy code. Perhaps more awareness of what people are missing out on could swing more projects in favour of using C99 (or even the updated 2011 standard), but I’m not holding my breath.

So if we put aside the idea that C is a much-improved language due for a renaissance, how does the book stack up? Overall I’d say not that bad, although it doesn’t seem all that clear on who its target audience is. People who use C on a daily basis will find something of value in the big picture, but too much time is spent re-treading familiar ground. People who don’t know C but want to learn (if there are any) will find it lacking in introductory material. Though it covers new standards, it’s definitely not a book for language lawyers. Perhaps it will work best for someone like me, who used to use C but haven’t picked it up for a while, although even there the usefulness is patchy.

The book is framed using a device that is all too common in technical books, and that I hate: the author takes a preferred hobby of theirs (in this case, punk rock) and proceeds to apply aspects of it to the material presented (often just as a way of setting the scene for chapters, but sometimes as direct analogies to technical concepts). This rarely works all that well. For a start, authors tend to choose things that they care about (and that they want the world to know they care about) rather than things that make for good exposition. Secondly, it tends to strike a discordant note with the rest of the content of the book. A good technical book can have personality, but rarely is it good because of the personality it presents. In this case the references to music don’t add anything of value.

The first half of the book is spent on material that has nothing to do with C as such: how to install libraries, how to use version control, and how to package code using Autotools. This works better than you might expect, but a lot of it feels like filler. Once again, the author seems vague about his target audience: some attention is paid to options for compiling code on Windows, but not enough for anyone to fully adapt the techniques shown. It would be better to abandon Windows and declare this a UNIX book, or to give comprehensive guidance for Windows best practices.

The second half settles down into the material where the book has something unique to offer: best practices for writing C, with particular reference to the 1999 and 2011 revisions to the standard. Even this part of the book I found to be patchy. There are some sensible idioms making use of variadic macros, anonymous structs and the _Generic operator that have some potential. On the other hand, the author’s attempts to make C look like Python seem to be missing the point, and his descriptions betray confusion on one or two technical points.

As one example, the author provides the following code for freeing several pointers in one line:

#define Fn_apply(type, fn, ...) {                                      \
    void *stopper_for_apply = (int[]){0};                              \  
    type **list_for_apply = (type*[]){__VA_ARGS__, stopper_for_apply}; \
    for (int i=0; list_for_apply[i] != stopper_for_apply; i++)         \
         fn(list_for_apply[i]);                                        \
#define Free_all(...) Fn_apply(void, free, __VA_ARGS__);
int main(){
    double *x= malloc(10);
    double *y= malloc(100);
    double *z= malloc(1000);
    Free_all(x, y, z);

The only advantage this gives is that you save yourself a couple of lines when you have a list of pointers to be freed all in one place. However, it has a significant drawback: NULL is used to terminate the variable-length list, so if any of the pointers in the list is NULL you will leak memory. This is an important change to the semantics of free() (which is deliberately defined such that free(NULL) is a no-op) and turns a safe function into a dangerous one. This kind of C-Python hybrid is cute but doesn’t solve any of the problems of C in the real world.

Edit: The paragraph above is completely wrong, as Ben points out in the comments. Mea culpa.

Probably the best way to look at a book like this is to treat it like Alexandrescu’s Modern C++ Design (which is admittedly a far better book): as a source of inspiration and ideas, without applying any of the techniques directly. It’s great to keep abreast of the changes in the world of C, even if few people can use that knowledge just now. And although this book has its weak points and a lot of padding, it might be the only game in town.

Book review: You Are Not a Gadget

You Are Not A Gadget: A Manifesto

Technologists who wish to talk about the big picture can sometimes find themselves in a difficult situation: In order to be taken seriously, they have to express a bold vision of the future. But predictions aren’t made in a vacuum, and the opinions of the twittering classes have gathered enough momentum that it’s dangerous to be seen contradicting them. Criticisms of the social web are terribly vulnerable to the rejoinder that the critic just doesn’t get it.

None of this seems to bother Jaron Lanier, whose 2010 book You Are Not a Gadget is a timely and much-needed analysis of the downsides to the Web 2.0 movement. Lanier, though he has form as a technological pioneer of Virtual Reality, is vulnerable to the claim that he is a hippie throwback who belongs in an earlier age. His dreadlocked appearance, humanistic philosophy and love of obscure musical instruments may seem a poor fit for the brave new world of Facebook and Google, but I believe we ignore his insights at our peril.

The book covers a lot of angles, but the overarching theme is a reaction against cybernetic totalism, the view that computer software can and should become at least as important to the world as humans, at its most extreme reducing us to components that serve a hive mind. The most approachable manifestation of this in today’s world is the way that user-generated content (in the form of blog posts, tweets, images, videos, Wikipedia edits and the like) is stripped of context and personal relevance and digested into a stream of data to be fed through algorithms, ultimately making billions for the “lords of the cloud” with zero return to the humans who produced the content in the first place. Genuine creativity is stifled in favour of endless regurgitation and mash-ups.

There’s a more fundamental point behind his argument, and one that’s more tightly bound to the nature of technology: People have forgotten, or never properly understood in the first place, that this is not the only way technology can be. As a technology evolves, choices are made that are hard to reverse, leading to a sense of inevitability where there oughtn’t to be. People have come to believe that computers are the social web, and that the social web is Facebook, or at least something not too dissimilar. This adds a note of pathos to the argument: it’s one thing to desire the hive mind as your future, quite another to believe that it’s inescapable.

To my mind, closer analysis of the argument about technological lock-in threatens to unseat Lanier’s claim that cybernetic totalism is the cause behind the problems he discusses. Where he sees a Silicon Valley elite who are prepared to sacrifice human values to speed the inevitable singularity, I see merely an unplanned marketplace that has hit upon local maxima in the field of methods to extract money from the web. It seems to me that the problems are economic, not political.

Even if cybernetic totalism is something of a straw man, the book overall remains a cogent critique, raising thought-provoking issues that are rarely seen elsewhere. This is definitely not to be missed.

Book review: Modern Cryptanalysis

Modern Cryptanalysis: Techniques for Advanced Code Breaking

The lack of the market for books on cryptography might be viewed as surprising. Given that the market can sustain over 200 books about PHP, how has a topic as sexy as cryptography not got more than a dozen or so books? It’s like the world saw Schneier’s Applied Cryptography and figured there wasn’t any point trying.

This isn’t actually that unreasonable. Schneier’s book might be showing its age these days, but trying to keep up with the leading edge of research is a game for mugs and crypto researchers, and neither one is in need of a textbook. The rest of us just need a primer on the principles of cryptography that covers the major protocols and widely-used algorithms without dumbing down, and if that’s what you’re after then Applied Cryptography is still the first and last book that need be on your list.

It does have one major hole, and that’s in the coverage of cryptanalysis. Admittedly, cryptanalysis is even further from the everyday reality of most developers than cryptograpy is: attempting to implement crypto algorithms yourself is risky and requires care, but attempting your own cryptanalysis of any non-trivial algorithm is a pointless exercise best reserved for a really rainy day, or just left to the experts. But I can’t have been the only one who feels very dissatisfied at knowing that something can be done, but not knowing how.

On the face of it, Modern Cryptanalysis is pretty much exactly the book I’ve been looking for all these years. It starts from modest assumptions about background knowledge, but covers real military-grade algorithms. It has good step-by-step tutorials and illustrates it with usable source code in Python. It’s reasonably priced (though certainly not cheap), and picks a good range of topics to get a reasonable overview of the field while still being a manageable length overall.

However, it left me feeling frustrated. A little too much time is spent on toy algorithms that are only of historical interest and are well covered by other books. It then attempts to teach the most basic mathematical background before ploughing into weighty topics in number theory such as factorisation and elliptic curves. In general I feel that the information on public-key systems was too much and too soon in the book: you can’t analyse RSA without postgraduate-level number theory. By the same token, not enough time was spent on symmetric block ciphers for my liking, as to me they strike a nice balance of being a rich topic that doesn’t require too much mathematical background for the casual reader to benefit from it.

Perhaps it was my relatively hurried reading of it, but I didn’t feel the explanations were quite clear enough, particularly in explaining linear and differential cryptanalysis. This was exacerbated by an extremely large number of typos, some of which occurred in mathematical expressions and obscured the meaning of the text.

Despite my reservations, this book actually does the job you most likely require of a book on cryptanalysis, which is to demystify it and give enough of a flavour that you know whether you want to read further. It’s not a classic, but it’s a fair starting point.