Privacy and Big Data – #bookreview #nonfiction

Privacy and Big Data
By Terence Craig and Mary E. Ludloff
(O’Reilly Media, $19.99, paperback; $16.99, Kindle)

Worried about the safety of your personal data?

That genie, unfortunately is long out of the bottle—and very likely spread all over the planet now.

In Privacy and Big Data, authors Terence Craig and Mary E. Ludloff provide an eye-opening examination of “how the digital footprints we leave in our daily lives can be easily mashed up and, through expertise and technology, deliver startling accurate pictures of our behavior as well as increasingly accurate predictions of our future actions.”

Those digital pictures of who we are, who we vote for, what we buy and where we go can be worth a great deal of money and/or power to those who collect them. Indeed, they constitute “big data” and can be worth much more than gold, Craig and Ludloff contend.

“Far more is known today about us as individuals than ever before. How organizations, businesses, and government agencies use this information to track and predict our behavior is becoming one of the fundamental issues of the 21st century,” they state.

Privacy and Big Data is not a lengthy book, just 106 pages. Yet it packs plenty of punch in the form of useful, unsettling and sometimes surprising information, as well as thought-provoking examples, discussions and questions. The two writers – “executives from a growing startup in the big data and analytics industry” – draw upon extensive experience “deal[ing] with the issues of privacy every day as we support industries like financial services, retail, health care, and social media.”

Their well-written work is organized into five chapters and an appendix. Each chapter, meanwhile, has its own bibliography with links to additional materials and information.

Chapter 1, “The Perfect Storm,” looks at what has happened to privacy in the digital age and how we got to this point, starting with ARPANET (the “(Advanced Research Projects Agency Network”) in 1969, which later gave rise to the Internet. In the authors’ view: “There is a perfect storm brewing; a storm fueled by innovations that have altered how we talk and communicate with each other. Who could have predicted 20 years ago that the Internet would have an all-encompassing effect on our lives? Outside of sleeping, we are connected to the Web 24/7, using our laptops, phones, or iPads to check our email, read our favorite blogs, look for restaurants and jobs, read our friends’ Facebook walls, buy books, transfer money, get directions, tweet and foursquare our locations, and organize protests against dictatorships from anywhere in the world. Welcome to the digital age.”

Chapter 2, “The Right to Privacy in the Digital Age,” focuses on “what privacy encompasses, how our privacy norms have been shaped in the U.S. and abroad, the tension between privacy and other freedoms (or lack thereof), and how, for those of us who fully participate in all the digital age has to offer, it may very well be the end of privacy as we know it.”

Chapter 3, “The Regulators,” explores how the world has many geographical boundaries, from national borders down to city limits and even smaller demarcations, including individual agencies, departments and committees. Businesses large and small also operate within specific structural boundaries. Yet the Internet, the authors point out, recognizes no such limits. they examine “how…countries regulate the collection, use, and protection of their citizen’s personal information,” amid countless competing governmental and business agendas.

In Chapter 4, “The Players,” the authors warn: “Wherever you go, whatever you do, anywhere in this world, some ‘thing’ is tracking you. Your laptop, and other personal devices, like an iPad, Smartphone, or Blackberry, all play a role, and contribute to building a very detailed dossier of your likes, concerns, preferred airlines, favorite vacation spots, how much money you spend, political affiliations, who you’re friends with, the magazines you subscribe to, the make and model of the car you drive, the kinds of foods you buy, the list goes on.” The writers identify four broad categories of data grabbers and note that “while the[se] players are playing, consumer privacy continues to erode.” They discuss some specific things you can do to try to reduce your exposure. But, they caution, “What happens on the Internet stays on the Internet forever.”

Finally, in Chapter 5, “Making Sense of It All,” the authors pose several challenging questions and offer their views on possible answers. The questions include: “In the digital world we now inhabit, is privacy outmoded or even possible? Should we just get over it and move on? Should we embrace transparency and its many benefits and disadvantages? And if we do, or have it forced upon us, can we expect the same from our governments, our corporations, and powerful individuals? Will they be held to the same standard? If not, since information is power, what will our world look like?”

Two writers seldom agree on everything, and that is true in this book. In their Appendix titled “Afterword,” Craig and Ludloff state that they have tried to present a wide range of views on important questions, yet sometimes differ in their personal views regarding privacy and big data. They offer brief summaries of where they came from and how their viewpoints have been shaped by life events.

In a world where computers, phones, cars, cameras and many other household, work and public devices gather, store and disseminate data about us, this book can help readers think harder about what information — and freedoms — we may be giving up, willingly and unwittingly, in the name of convenience and connectivity.

Si Dunn

#

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler – #bookreview

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
By Chris Eagle
(No Starch Press, $69.95, paperback; $55.95, Kindle)

The popular interactive disassembler IDA Pro helps reverse engineers, malware analysts, vulnerability testers and others dissect computer programs when source code is not available.

Unfortunately, IDA Pro is updated so frequently, it’s impossible for writers to keep up and present complete guides to this “complex piece of software with more features than can even be mentioned, let alone detailed in a book of reasonable size….”

Chris Eagle, author of The IDA Pro Book, adds in the introduction to this second edition that he was inspired to update his well-respected guidebook when “a new, Qt-based graphical user interface” was added to IDA Pro 6.0. Yet, true to form, before his new edition could hit the shelves, IDA Pro version 6.1 was released, he notes.

To his credit, his book does not try to be an up-to-the-dot-release user manual. Instead: “My goal…remains to help others get started with IDA and perhaps develop an interest in reverse engineering in general. For anyone looking to get into the reverse engineering field, I can’t stress how important it is that you develop competent programming skills. Ideally, you should love code, perhaps going to far as to eat, sleep, and breathe code. If programming intimidates you, then reverse engineering is probably not for you.”

This updated edition of The IDA Pro Book is well-organized, smoothly written, and nicely illustrated. Eagle avoids the use of long code sequences. He zeroes in, instead, on “short sequences that demonstrate specific points.”

His 646-page book is heavily indexed and is divided into six parts, with 26 chapters and two appendices.

In Part I, “Introduction to IDA,” the focus is on the whats, whys and hows of software disassembly, reversing and disassembly tools, and some background on IDA Pro.

Part II covers “Basic IDA Usage,” including getting started, IDA data displays, disassembly navigation and manipulation, datatypes and data structures, cross-references and graphing, and “the many faces of IDA,” which covers common features of console mode, plus console specifics for Windows, Linux and OS X.

Part III takes the reader into “Advanced IDA Usage.” These chapters examine IDA customization, library recognition using Fast Library Acquisition for Identification and Recognition (FLIRT) signatures, “augmenting IDA’s knowledge” and “patching binaries and other IDA limitations.”

Part IV is devoted to “Extending IDA’s Capabilities.” The topics covered include IDA scripting, the IDA software development kit, IDA’s plug-in architecture, binary files and IDA loader modules, and IDA processor modules.

Part V’s focus is “Real-World Applications.”The chapter subjects include: compiler “personalities”; “obfuscated” code analysis; vulnerability analysis; and real-world plug-ins for IDA.

In Part VI, Eagle looks at the IDA debugger. Chapter subjects include the debugger, disassemble/debugger integration, and additional debugger features.

Appendix A is an overview of IDA Freeware 5.0, “a significant upgrade” from the 4.9 release of the free version of IDA, yet still “a reduced capability application that typically lags behind the latest available version of IDA by several generations and contains substantially fewer capabilities than the commercial version of IDA version 5.0,” Eagle notes.

Appendix B provides a table that maps “IDC scripting functions to their SDK implementation. The intent of this table is to help programmers familiar with IDC understand how similar actions are carried out using SDK functions.”

IDA Pro software’s creator, Ilfak Guilfanov, has hailed this book as “profound, comprehensive, and accurate.” It’s hard to do much better than that with an “unofficial guide” to a powerful and complex software package.

 – Si Dunn

#

Designed for Use: Create Usable Interfaces for Applications and the Web – #bookreview

Designed for Use: Create Usable Interfaces for Applications and the Web
By Lukas Mathis
(Pragmatic Bookshelf, $35.00 paperback)

There’s no code inside this well-written book for programmers and visual designers. Instead, the focus is on usability — how people use things — and how you can make big, modest or subtle improvements to their experiences with digital interfaces.

You may be designing a software product that you think will be user friendly. Yet how good, really, is your knowledge of efficient and effective design? And what do you really know about how users will respond to what you create? Are you relying on formal focus groups to tell you what your users supposedly will want?

If you are, you are not doing nearly enough research, insists the author, Lukas Mathis, a developer and user interface designer for Numcom Software. “[P]eople often aren’t able to tell us how we can solve their problems. Worse, people may not even be able to tell us what their problems are. And worst of all, people are pretty bad at predicting whether and how they would use a product if we proposed to build it for them,” he writes.

Instead of depending on focus groups, you should spend some time doing “job shadowing” and “contextual interviews” to help you shape a better interface.

“Since people don’t know what they want, a good approach is to simply observe what they do. The idea of [job] shadowing is to visit users in our target audience at the place where they will use our product. The goal is to find out how our product will help them achieve their goals.”

He adds: “With usability testing, the goal is to find issues with the user interface. When you are shadowing someone, the goal is to figure out what kind of product to create or how to change your product on a more fundamental level.”

In contextual interviews, you interview a user after doing some job shadowing. And: “What you see is more important than what people say. Still, by asking the right questions, you can often get some useful information out of people….The kinds of things you’re looking for are areas where improvements seem possible. Don’t ask for opinions, and avoid questions that force the person to play product designer.”

Mathis has structured his 322-page book into three parts – research, design and implementation – and 36 short, nicely focused chapters that deal with everything from “[c]reating documentation as soon as possible” to “learning from video games” to doing “guerilla usability testing,” overcoming common testing mistakes and dealing with bad user feedback.

Designed for Use has numerous illustrations that highlight common interface design mistakes. The book also shows major, minor and subtle ways to improve customers’ understanding, acceptance and appreciation of what happens when they use product interfaces on their computer screens or phones.

The author also emphasizes the importance of keeping in mind “that you don’t have to own 100 percent of your market. It’s true that adding more features to your product allows you to target more users, but doing so comes at a cost. Your product becomes more desirable to the people who would not be able to use it if it didn’t offer a specific feature. However, it also makes your product less desirable to the people who have no use for that specific feature.”

In his view: “It’s OK to let some people go to your competitors to get what they need; you can’t be everything to everybody.”

Si Dunn

Gamification by Design – Implementing Game Mechanics in Web and Mobile Apps – #bookreview

Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps
By Gabe Zichermann and Christopher Cunningham
(O’Reilly, $24.99, paperback; $9.99, Kindle)

Many companies which sell us products and services are rushing to try to adapt successful videogame strategies to their sales techniques.

This well-written and adequately illustrated book encourages companies to view consumers as “players” rather than “customers” or “users.” In the co-authors’ view: “By thinking of our clients as players, we shift our frame of mind toward their engagement with our products and services. Rather than looking at the immediacy of a single financial transaction, we are considering a long-term and symbiotic union wrapped in a ribbon of fun.”

“Gamification,” the writers emphasize, “…is the marketing buzzword of our time,” and it “can mean different things to different people.”

In their book, it means “the design strategy and tactics you need to integrate game mechanics into any kind of consumer-facing website or mobile app.”

The co-authors also state that their overall goal is “to help demystify some of the core concepts of game design as they apply to business” and that they have structured their book from “the perspective of what a marketer, product manager, or strategist would want to know.”

They define game mechanics as “the tools used to create games,” and game dynamics as “how players interact with game experiences.”

The two writers, both gamification experts, stress that gamification cannot fix core problems within a business. And bad products or products that don’t fit well into a particular market will not get a sales boost if game mechanics and game design are applied to sales campaigns. One hypothetical example they cite is trying to create “a world where your consumer’s avatar is chasing gremlins with an AK-47 in order to save the spaghetti sauce your company is trying to sell in outer space.”

Gamification by Design is not about showing you how to create actual games. Instead, it is more about using gamification to enhance customer engagement and loyalty to your products or services.

The chapter line-up shows the scope of this 182-page book:

  • Introduction
  • Chapter 1: Foundations
  • Chapter 2: Player Motivation
  • Chapter 3: Game Mechanics: Designing for Engagement (Part I)
  • Chapter 4: Game Mechanics: Designing for Engagement (Part II)
  • Chapter 5: Game Mechanics and Dynamics in Greater Depth
  • Chapter 6: Gamification Case Studies
  • Chapter 7: Tutorial: Coding Basic Game Mechanics
  • Chapter 8: Tutorial: Using an Instant Gamification Platform
  • Index (12 pages)

Once the basic game mechanics and structures are introduced, the reader is presented with more information on how “[p]oints, badges, levels, leader-boards, challenges, and rewards can be remixed in limitless ways to create a spectrum of experiences.” And the book moves into deeper discussions of game mechanics and game dynamics.

Feedback, for example, is the process of “returning information to players and informing them of where they are at the present time, ideally against a continuum of progress.” In the toolbox of game mechanics, “[f]eedback loops are essential parts of all games, and they are seen most frequently in the interplay between scores and levels. As scores increase during an experience, they provide clear and unambiguous feedback to the player that she is heading in the ‘right’ direction.”

The book includes case studies focusing successful use of gamification by Yahoo!, Nike and Quora. It also offers up some examples of bad efforts at gamifying a website.

While Gamification by Design keeps its focus away from actually designing and creating games, it does give the reader the architecture and code needed to gamify a basic consumer site. It also shows how to use “mainstream APIs [application programming interfaces] from Badgeville,”

Noting that badges have motivated military warriors and Boy Scouts for hundreds of years, the co-authors contend that offering electronic badges as rewards and status symbols on websites “are [for game designers] an excellent way to encourage social promotion of their products and services. Badges also mark the completion of goals and the steady progress of play within the system.”

This is a fine standalone book, but it also can be used in conjunction with O’Reilley’s Gamification Master Class and with “the supplemental videos, exercises, challenges, and resources available at http://www.GamificationU.com.”

Si Dunn

#

The Book of Ruby: A Hands-On Guide for the Adventurous – #ruby #programming #software #bookreview

The Book of Ruby: A Hands-On Guide for the Adventurous
By Huw Collingbourne
(No Starch Press, $39.95, paperback; $31.95, Kindle) 

Ruby, first introduced in 1995, is “a cross-platform interpreted language that has many features in common with other ‘scripting’ languages such as Perl and Python,” says Huw Collingbourne,  who is director of technology for SapphireSteel Software and has 30 years’ experience in computer programming.

“Many people are attracted to Ruby by its simple syntax and ease of use. They are wrong,” he cautions in his new book. “Ruby’s syntax may look simple at first sight, but the more you get to know the language, the more you will realize that it is, on the contrary, extremely complex. The plain fact of the matter is that Ruby has a number of pitfalls just waiting for unwary programmers to drop into.”

Collingbourne  has written The Book of Ruby to help those new to the programming language successfully jump over the hazards. Ruby, he notes, can look a bit like Pascal at first glance. But: “It is thoroughly object-oriented and has a great deal in common with the granddaddy of ‘pure’ object-oriented languages, Smalltalk.”  

He cautions programmers to get a good handle on Ruby by itself before rushing ahead to use the popular web development framework known as Ruby on Rails.”Understanding Ruby is a necessary prerequisite for understanding Rails,” he warns.

“Indeed, if you were to leap right into Rails development without first mastering Ruby, you might find that you end up creating applications that you don’t even understand. (This is all too common among Ruby on Rails novices.)”

Collingbourne’s well-written 373-page book covers Ruby 1.8 and 1.9. He takes a “bite-sized chunks” approach, so that each chapter “introduces a theme that is subdivided into subtopics.” And: “Each programming topic is accompanied by one or more small, self-contained, ready-to-run Ruby program.”

 The chapter line-up shows the book’s structure:

  •  Introduction
  • 1: Strings, Numbers, Classes, and Objects
  • 2: Class Hierarchies, Attributes, and Class Variables
  • 3: Strings and Ranges
  • 4: Arrays and Hashes
  • 5: Loops and Iterators
  • 6: Conditional Statements
  • 7: Methods
  • 8: Passing Arguments and Returning Values
  • 9: Exception Handling
  • 10: Blocks, Procs, and Lambdas
  • 11: Symbols
  • 12: Modules and Mixins
  • 13: Files and IO
  • 14: YAML
  • 15: Marshal
  • 16: Regular Expressions
  • 17: Threads
  • 18: Debugging and Testing
  • 19: Ruby on Rails
  • 20: Dynamic Programming
  • Appendix A: Documenting Ruby with RDOC
  • Appendix B: Installing MySQL for Ruby on Rails
  • Appendix C: Further Reading
  • Appendix D: Ruby and Rails Development Software
  • Index

The author gives links for downloading the latest version of Ruby, plus the source code for all of the programs used in this book.

Collingbourne notes that The Book of Ruby “covers many of the classes and methods in the standard Ruby library – but by no means all of them! At some stage, therefore, you will need to refer to documentation on the full range of classes used by Ruby.” He provides links to the online documentation for both Ruby 1.8 and Ruby 1.9.

True to his word, he begins at the “hello world” level of Ruby:

puts 'hello world'

From there, he keeps surging forward in small, careful steps, offering good examples to illustrate each new topic. In each chapter except the Introduction, he also includes a subsection known as “Digging Deeper.”

“In many cases, you could skip the ‘Digging Deeper’ sections and still learn all the Ruby you will ever need,” he states. “On the other hand, it is in these sections that you will often get closest to the inner workings of Ruby, so if you skip them, you are going to miss out on some pretty interesting stuff.”

Collingbourne previously has released two free ebooks on Ruby: The Little Book of Ruby and The Book of Ruby.

He knows his Ruby – and he wants you to know this elegant and unique programming language, too.

Si Dunn

#

Build Mobile Websites and Apps for Smart Devices – #bookreview

Build Mobile Websites and Apps for Smart Devices
By Earle Castledine, Myles Eftos & Max Wheeler
(SitePoint, $39.95, paperback; $27.99, Kindle)

By 2013, in some estimates, mobile devices such as smartphones and “other browser-equipped phones” will outnumber the world’s 1.78 billion PCs.

Meanwhile, the “mobile share of overall web browsing” is now growing rapidly. And: “We’re never going to spend less time on our phones and other mobile devices than we do now,” contend the authors of Build Mobile Websites and Apps for Smart Devices.

“Inevitiably, more powerful mobile devices and ubiquitous internet access will become the norm. And the context in which those devices are used will change rapidly. The likelihood of our potential customers being on mobile devices is higher and higher. We ignore the mobile web at our peril.”

The authors’ new guidebook from SharePoint is aimed at front-end web designers and developers, with emphasis on mobile websites and apps that are accessed via touch-screen smartphones.

Their well-illustrated, 256-page book is written in a smooth, accessible style that moves quickly to the point of  each chapter and example. They recommend that you read the chapters in sequence the first time, rather than skipping around, particularly if you are new to mobile web design and web development.

The chapter line-up gives a good look at the book’s structure and coverage:

  •  Preface
  • Chapter 1: Introduction to Mobile Web Design
  • Chapter 2: Design for Mobile
  • Chapter 3: Markup for Mobile
  • Chapter 4: Mobile Web Apps
  • Chapter 5: Using Device Features from Web Apps
  • Chapter 6: Polishing Up Our App
  • Chapter 7: Introducting PhoneGap
  • Chapter 8: Making Our Application Native
  • Appendix A: Running a Server for Testing

The book includes a link to “a downloadable ZIP archive that contains every line of example source code printed in this book.” And the writers emphasize that readers should have “intermediate knowledge” of HTML, CSS, and JavaScript. They skip the absolute basics and move right into “what’s relevant for the mobile context.” 

They emphasize that “[t]he inevitable decision when designing for the mobile space is the choice between building a native application or a web application….A web application is one that’s accessed on the Web via the device’s browser–a website that offers app-like functionality, in other words.” Meanwhile, “[a] so-called native application is built specifically for a given platform–Android or iOS, for example–and is installed on the device much like a desktop application.”

They contend that “native apps offer a superior experience when compared to web applications,” and they note that “the difference is even more pronounced on slower devices.” However, building a native application can leave you vulnerable to market fragmentation and unsure which platforms you should target. Meanwhile,  it can be cheaper and faster to develop a Web application. So several important design and business decisions have to be made before you offer a new app to the marketplace. 

Build Mobile Websites and Apps for Smart Devices focuses first on making design decisions, selecting a feature set and using HTML, CSS and JavaScript to build a Web application. Later, it shows how to use PhoneGap to turn a web app into a native app for iOS, Android, BlackBerry and other platforms.

In the authors’ view, “mobile design is about context, but it’s also about speed. We’re aiming to give our users what they want, as fast as possible.” And, in many cases, “[p]roviding a version of our site to mobile users is going to be important regardless of whether or not we have a native application.”

In other words, be ready and able to go native and web when creating mobile websites and apps for smart devices

Si Dunn

#

Continuous Testing with Ruby, Rails, and JavaScript – #bookreview

Continuous Testing with Ruby, Rails, and JavaScript
By Ben Rady and Rod Coffin
(Pragmatic Bookshelf, $33.00, paperback)

I used to test software for a living. It was seldom a pretty sight.

Patches to customized software sometimes would be released to particular customers on an emergency basis. Then I would be asked to test what had just been shipped.

Often, I found bugs – serious bugs. And often, it was Friday afternoon, and the programmers had gone home. Frequently, I had no idea which customer had received the buggy patches, and I had no way to fix the code myself and issue a new release.

So the customers installed bad software over the weekend and quickly called in to complain. But the software development manager had my report. So the programmers then were lashed until morale improved, as the old saying goes. A new load was created — and this time tested before it was shipped to the customer, along with profuse apologies (and who knows what else) by the sales department.

To murder an old saying, this was no way to run a software railroad.

Continuous Testing with Ruby, Rails, and JavaScript shows how programmers can set up and run automated tests continuously while they are writing code.

The book, illustrated with code examples and screen shots, shows how to set up and maintain a quick and powerful test suite and also how to use inline assertions and other continuous-testing (CT) techniques, rather than old-fashioned debugging or printing out piles of paper so you can search frantically for that missing semicolon or extra parenthesis.

Rady’s and Coffin’s 139-page work is divided into three parts. Part I covers Ruby and Autotest. Part II focuses on Rails, JavaScript and Watchr. Part III contains three appendices.

The chapter line-up shows the topic focus in each part.

  • Chapter 1: Why Test Continuously?

Part 1 — Ruby and Autotest

  • Chapter 2: Creating Your Environment
  • Chapter 3: Extending Your Environment
  • Chapter 4: Interacting with Your Code

Part II — Rails, JavaScript, and Watchr

  • Chapter 5: Testing Rails Apps Continuously
  • Chapter 6: Creating a JavaScript CT Environment
  • Chapter 7: Writing Effective JavaScript Tests

Part III — Appendices

  •  Appendix 1: Making the Case for Functional JavaScript
  • Appendix 2: Gem Listing (This is a listing of all the gems installed while testing the book’s examples.)
  • Appendix 3: Bibliography

The goal of the book is to show you how to use a combination of techniques, tests and tools to catch software problems while  you are initially coding, not later in the process when you’re up against the wall of develpment and delivery deadlines.

“A continuous testing environment validates decisions as soon as we make them,” the authors state. “In this environment, every action has an opposite, automatic, and instantaneous reaction that tells if what we just did was a bad idea. This means that making certain mistakes becomes impossible and making others is more difficult. The majority of the bugs that we introduce into our code have a very short lifespan. They never make their way into source control. They never break the build. They never sneak out into the production environment. Nobody ever sees them but us.”

Sounds good to this ex-software tester! (Although I do remain suspicious of the word “never” in anything related to software.) Sure wish the programmers in my groups had had these tools.

“Continuous testing is our first line of defense,” the authors point out. “Failure is extremely cheap here, so this is where we want things to break down most frequently.”

They also describe some drawbacks and limitations to continuous testing and ways to blend CT with continuous integration, before moving into the coding and testing examples.

The authors “suggest” using the follow to run the examples in this book:

  • A *nix operating system (such as Linux or MacOS)
  • Ruby 1.9.2
  • Rails 3.0.4

The book provides a link to online source for the coding examples. 

“The examples may work in other environments (such as Windows) and with other versions of these tools,” they add, “but this is the configuration that we used while writing the book.”

Si Dunn

#

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd Ed. – #bookreview

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems – 2nd Edition
By Chris Sanders
(No Starch  Press, $49.95, paperback)

“A million different things can go wrong with a computer network on any given day – from a simple spyware infection to a complex router configuration error – and it’s impossible to solve every problem immediately,” notes the author of this well-written and nicely structured guidebook, Practical Packet Analysis.

“To better understand and solve network problems, we go to the packet level. Here, nothing is hidden from us — nothing is obscured by misleading menu structures, eye-catching graphics, or untrustworthy employees,” Chris Sanders writes.

His how-to manual for Wireshark is aimed not only at expert packet analysts but also newcomers to the process of using “packet sniffing” to solve common network problems such as malware infections, loss of connectivity, slow performance, printers running amok, and other issues.

This new second edition “contains almost all new content, with completely new capture files and scenarios,” the author states.  Mastering the scenarios is particularly important, he adds, because the concepts they cover can apply to many real-world packet analysis situations.

The popular packet sniffing software known as Wireshark has its roots in Ethereal, which gives it a “rich history,” he points out. “Gerald Combs, a computer science graduate of the University of Missouri at Kansas City, originally developed it out of necessity. The very first version of Combs’ application, called Ethereal, was released in 1998 under the GNU Public License (GPL).”

Several years later, however, Combs was unable to obtain Ethereal’s trademark, so  he spun off another product, Wireshark, which has “grown dramatically in popularity, and its development team now boasts over 500 contributors.”

The introduction and first two chapters of Practical Packet Analysis help the reader get up to speed on the basics of packet analysis. Routers, switches and hubs, the three main devices on a modern network, “each handle traffic differently, [so] you must be very aware of the physical setup of the network you are analyzing,” Chris Sanders cautions.

Indeed, he adds, “it is sometimes more difficult to place a packet sniffer on a network’s cabling system than it is to actually analyze the packets.” Fortunately, he presents some clear illustrations of where and how to position packet sniffers and how to use capabilities such as Address Resolution Protocol (ARP) cache poisoning (or “ARP spoofing”) to intercept traffic and get help from the popular security software package Cain & Abel.

An important goal in packet analysis, he contends, is the ability “to see every packet sent across the wire so that we don’t risk missing some crucial piece of information.”

Practical Packet Analysis is 255 pages long and has the following structure:

    • Introduction
    • Chapter 1: Packet Analysis and Network Basics
    • Chapter 2: Tapping into the Wire
    • Chapter 3: Introduction to Wireshark
    • Chapter 4: Working with Captured Packets
    • Chapter 5: Advanced Wireshark Features
    • Chapter 6: Common Lower-Layer Protocols
    • Chapter 7: Common Upper-Layer Protocols
    • Chapter 8: Basic Real-World Scenarios
    • Chapter 9: Fighting a Slow Network
    • Chapter 10: Packet Analysis for Security
    • Chapter 11: Wireless Packet Analysis
    • Appendix: Further Reading
    • Index (15 pages)

The appendix provides a brief introduction to a number of other packet analysis tools and resources.

The book’s index is expanded by 50% over the 1st edition and is nicely detailed by topic.

Along with packet analysis basics, some of the other major topics covered in the text are: (1) building customized capture and display filters; (2) monitoring and tapping into live network communications; (3) generating and using traffic pattern graphs to visualize network data flow; (4) creating reports and statistics that help non-technical users better understand a network’s technical information; and (5) using Wireshark’s advanced features to analyze confusing packet captures.

According to the author’s statements in the Introduction and on the back cover: “All of the author’s royalties from this book will be donated to the Rural Technology Fund (http://ruraltechfund.org).” The fund provides scholarships to “students living in rural communities who have a passion for computer technology and intend to pursue further education in that field.”

The author notes that Wireshark can be downloaded for free and used “for any purpose, whether personal or commercial.” The software “supports all major modern operating systems, including Windows, Mac OS X, and Linux-based platforms.”

Wireshark’s system requirements are: (1) a 400 MHz (or faster) processor; (2) at least 128 MB RAM; (3) at least 75 MB of available disk storage space; (4) a network interface card (NIC) that supports “promiscuous mode”; and (4) WinPcap capture driver. Promiscuous mode allows a network card to “listen for all network traffic on its particular network segment.”

The book’s author is a computer security consultant, author, and researcher. He writes regularly for WindowSecurity.com and his blog, ChrisSanders.org.

If you need or want to know what happens at the packet level in a computer network and how to identify and fix network problems, definitely consider getting this compact, thorough and well-illustrated how-to guide.

Si Dunn

Dreamweaver CS5.5: The Missing Manual – #bookreview

Dreamweaver CS5.5: The Missing Manual
By David Sawyer McFarland
(O’Reilly, $49.99, paperback)

Huge. That’s the first impression of this 1,179-page guidebook focusing on how to use Dreamweaver CS5.5 to develop websites.

Indeed, the paperback weighs almost four pounds and is two and a quarter inches thick.

But after all, Dreamweaver has been around a long time, almost 14 years, evolving, improving and adding features and capabilities with each new release.

The book’s author, David Sawyer McFarland, has been using Dreamweaver since 1998 to develop websites. He also has written every Dreamweaver book in O’Reilly’s “The Missing Manual” series. And he is president of a web development and training company, Sawyer McFarland Media, Inc.

Thus, he knows a lot about Dreamweaver, and there is a lot to be said about using this powerful and popular program. Hence, the big, heavy book.

“Get used to the acronym CSS, which you’ll encounter frequently in this book,” McFarland states in the Introduction. “It stands for Cascading Style Sheets, a set of rules you write that dictate the look of your pages. Dreamweaver includes advanced CSS creation, testing, and editing tools.”

Dreamweaver has long been well-regarded for its visual approach to web page design. And in CS5.5, its JavaScript-based technology known as Spry Framework allows you “easily create interactive, drop-down menus, add advanced layout elements liked tabbed panels, and add sophisticated form validation to prevent site visitors from submitting forms without the proper information,” he points out.

He also praises Adobe for realizing that many web developers do a lot of work in which they must directly type in HTML, CSS, and JavaScript code. “In Dreamweaver,” he notes, “you can edit its raw HTML to your heart’s content. Switching back and forth between the visual view — called Design view – and Code view is seamless, and best of all, nondestructive.”

Dreamweaver likewise has well-regarded site management tools and tools for building and managing database-driven websites.

The new features in Dreamweaver CS5.5 include:

  • Basic support for HTML5, which is still evolving.
  • Support for CSS3, which is still evolving but will bring “many new formatting controls to make HTML look beautiful….”
  • Tools that support web design for mobile browsers.
  • Built-in support for jQuery Mobile and Phonegap—“two programming technologies that let you build mobile phone applications using just HTML, CSS, and JavaScript.”
  • W3C Validator for validating HTML code.
  •  jQuery code hinting, which simplifies writing JavaScript programs.

McFarland’s new book in “The Missing Manual” series follows a gradual learning-curve approach as it illustrates how to use Dreamweaver CS5.5’s many features and tools. The reader first is shown the very basics of creating a web page. Then features are introduced, explained and demonstrated in a logical order that helps the reader gain experience and confidence.

Dreamweaver CS5.5: The Missing Manual is organized as follows:

  • Introduction
  • Part One: Building a Web Page
  • Chapter 1: Dreamweaver CS5.5 Guided Tour
  • Chapter 2: Adding Text to Your Web Pages
  • Chapter 3: Text Formatting
  • Chapter 4: Introducing Cascading Style Sheets
  • Chapter 5: Links
  • Chapter 6: Images
  • Chapter 7: Tables
  • Part Two: Building a Better Web Page
  • Chapter 8: Advanced CSS
  • Chapter 9: Page Layout
  • Chapter 10: Troubleshooting CSS
  • Chapter 11: Under the Hood: HTML
  • Chapter 12: Designing Websites for Mobile Devices
  • Part Three: Bringing Your Pages to Life
  • Chapter 13: Forms
  • Chapter 14: Spry: Creating Interactive Web Pages
  • Chapter 15: Dreamweaver Behaviors
  • Chapter 16: Add Flash and Other Multimedia
  • Part Four: Building a Website
  • Chapter 17: Introducing Site Management
  • Chapter 18: Testing Your Site
  • Chapter 19: Moving Your Site to the Internet
  • Part Five: Dreamweaver CS5.5 Power
  • Chapter 20: Snippets and Libraries
  • Chapter 21: Templates
  • Chapter 22: Find and Replace
  • Chapter 23: Customizing Dreamweaver
  • Part Six: Dynamic Dreamweaver
  • Chapter 24: Getting Started with Dynamic Websites
  • Chapter 25: Adding Dynamic Data to Your Pages
  • Chapter 26: Web Pages that Manipulate Database Records
  • Chapter 27: Advanced Dynamic Site Features
  • Chapter 28: Server-Side XML and XSLT
  • Appendix A: Getting Help
  • Appendix B: Dreamweaver CS5.5, Menu by Menu
  • Index (26 pages

The author assures readers that “Dreamweaver CS5.5 works almost precisely the same way on the Macintosh as it does in Windows,” yet the book does not make clear the minimum system requirements for running Dreamweaver CS5.5 on a PC or a Mac. However, they can be found here on Adobe’s support site for Dreamweaver CS5.5. This is, of course, only a minor ding against an otherwise very good, very thorough and nicely illustrated how-to manual.

A CD is not included with this book. But “every single Web address, practice file, and piece of downloadable software mention in this book is available at www.missingmanual.com (click the Missing CD icon.)”

Dreamweaver is a bit old by software standards, yet it is well-supported and stable, and it keeps improving and growing to stay up with changes and new needs. For these reasons and many more, it remains one of the most popular and widely used packages for designing and managing high-quality websites.

Whether you are an absolute newcomer or an old hand at using Dreamweaver, you definitely can benefit from having and using this huge and hefty book.

Si Dunn