Privacy and Big Data – #bookreview #nonfiction

Privacy and Big Data
By Terence Craig and Mary E. Ludloff
(O’Reilly Media, $19.99, paperback; $16.99, Kindle)

Worried about the safety of your personal data?

That genie, unfortunately is long out of the bottle—and very likely spread all over the planet now.

In Privacy and Big Data, authors Terence Craig and Mary E. Ludloff provide an eye-opening examination of “how the digital footprints we leave in our daily lives can be easily mashed up and, through expertise and technology, deliver startling accurate pictures of our behavior as well as increasingly accurate predictions of our future actions.”

Those digital pictures of who we are, who we vote for, what we buy and where we go can be worth a great deal of money and/or power to those who collect them. Indeed, they constitute “big data” and can be worth much more than gold, Craig and Ludloff contend.

“Far more is known today about us as individuals than ever before. How organizations, businesses, and government agencies use this information to track and predict our behavior is becoming one of the fundamental issues of the 21st century,” they state.

Privacy and Big Data is not a lengthy book, just 106 pages. Yet it packs plenty of punch in the form of useful, unsettling and sometimes surprising information, as well as thought-provoking examples, discussions and questions. The two writers – “executives from a growing startup in the big data and analytics industry” – draw upon extensive experience “deal[ing] with the issues of privacy every day as we support industries like financial services, retail, health care, and social media.”

Their well-written work is organized into five chapters and an appendix. Each chapter, meanwhile, has its own bibliography with links to additional materials and information.

Chapter 1, “The Perfect Storm,” looks at what has happened to privacy in the digital age and how we got to this point, starting with ARPANET (the “(Advanced Research Projects Agency Network”) in 1969, which later gave rise to the Internet. In the authors’ view: “There is a perfect storm brewing; a storm fueled by innovations that have altered how we talk and communicate with each other. Who could have predicted 20 years ago that the Internet would have an all-encompassing effect on our lives? Outside of sleeping, we are connected to the Web 24/7, using our laptops, phones, or iPads to check our email, read our favorite blogs, look for restaurants and jobs, read our friends’ Facebook walls, buy books, transfer money, get directions, tweet and foursquare our locations, and organize protests against dictatorships from anywhere in the world. Welcome to the digital age.”

Chapter 2, “The Right to Privacy in the Digital Age,” focuses on “what privacy encompasses, how our privacy norms have been shaped in the U.S. and abroad, the tension between privacy and other freedoms (or lack thereof), and how, for those of us who fully participate in all the digital age has to offer, it may very well be the end of privacy as we know it.”

Chapter 3, “The Regulators,” explores how the world has many geographical boundaries, from national borders down to city limits and even smaller demarcations, including individual agencies, departments and committees. Businesses large and small also operate within specific structural boundaries. Yet the Internet, the authors point out, recognizes no such limits. they examine “how…countries regulate the collection, use, and protection of their citizen’s personal information,” amid countless competing governmental and business agendas.

In Chapter 4, “The Players,” the authors warn: “Wherever you go, whatever you do, anywhere in this world, some ‘thing’ is tracking you. Your laptop, and other personal devices, like an iPad, Smartphone, or Blackberry, all play a role, and contribute to building a very detailed dossier of your likes, concerns, preferred airlines, favorite vacation spots, how much money you spend, political affiliations, who you’re friends with, the magazines you subscribe to, the make and model of the car you drive, the kinds of foods you buy, the list goes on.” The writers identify four broad categories of data grabbers and note that “while the[se] players are playing, consumer privacy continues to erode.” They discuss some specific things you can do to try to reduce your exposure. But, they caution, “What happens on the Internet stays on the Internet forever.”

Finally, in Chapter 5, “Making Sense of It All,” the authors pose several challenging questions and offer their views on possible answers. The questions include: “In the digital world we now inhabit, is privacy outmoded or even possible? Should we just get over it and move on? Should we embrace transparency and its many benefits and disadvantages? And if we do, or have it forced upon us, can we expect the same from our governments, our corporations, and powerful individuals? Will they be held to the same standard? If not, since information is power, what will our world look like?”

Two writers seldom agree on everything, and that is true in this book. In their Appendix titled “Afterword,” Craig and Ludloff state that they have tried to present a wide range of views on important questions, yet sometimes differ in their personal views regarding privacy and big data. They offer brief summaries of where they came from and how their viewpoints have been shaped by life events.

In a world where computers, phones, cars, cameras and many other household, work and public devices gather, store and disseminate data about us, this book can help readers think harder about what information — and freedoms — we may be giving up, willingly and unwittingly, in the name of convenience and connectivity.

Si Dunn

#

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler – #bookreview

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
By Chris Eagle
(No Starch Press, $69.95, paperback; $55.95, Kindle)

The popular interactive disassembler IDA Pro helps reverse engineers, malware analysts, vulnerability testers and others dissect computer programs when source code is not available.

Unfortunately, IDA Pro is updated so frequently, it’s impossible for writers to keep up and present complete guides to this “complex piece of software with more features than can even be mentioned, let alone detailed in a book of reasonable size….”

Chris Eagle, author of The IDA Pro Book, adds in the introduction to this second edition that he was inspired to update his well-respected guidebook when “a new, Qt-based graphical user interface” was added to IDA Pro 6.0. Yet, true to form, before his new edition could hit the shelves, IDA Pro version 6.1 was released, he notes.

To his credit, his book does not try to be an up-to-the-dot-release user manual. Instead: “My goal…remains to help others get started with IDA and perhaps develop an interest in reverse engineering in general. For anyone looking to get into the reverse engineering field, I can’t stress how important it is that you develop competent programming skills. Ideally, you should love code, perhaps going to far as to eat, sleep, and breathe code. If programming intimidates you, then reverse engineering is probably not for you.”

This updated edition of The IDA Pro Book is well-organized, smoothly written, and nicely illustrated. Eagle avoids the use of long code sequences. He zeroes in, instead, on “short sequences that demonstrate specific points.”

His 646-page book is heavily indexed and is divided into six parts, with 26 chapters and two appendices.

In Part I, “Introduction to IDA,” the focus is on the whats, whys and hows of software disassembly, reversing and disassembly tools, and some background on IDA Pro.

Part II covers “Basic IDA Usage,” including getting started, IDA data displays, disassembly navigation and manipulation, datatypes and data structures, cross-references and graphing, and “the many faces of IDA,” which covers common features of console mode, plus console specifics for Windows, Linux and OS X.

Part III takes the reader into “Advanced IDA Usage.” These chapters examine IDA customization, library recognition using Fast Library Acquisition for Identification and Recognition (FLIRT) signatures, “augmenting IDA’s knowledge” and “patching binaries and other IDA limitations.”

Part IV is devoted to “Extending IDA’s Capabilities.” The topics covered include IDA scripting, the IDA software development kit, IDA’s plug-in architecture, binary files and IDA loader modules, and IDA processor modules.

Part V’s focus is “Real-World Applications.”The chapter subjects include: compiler “personalities”; “obfuscated” code analysis; vulnerability analysis; and real-world plug-ins for IDA.

In Part VI, Eagle looks at the IDA debugger. Chapter subjects include the debugger, disassemble/debugger integration, and additional debugger features.

Appendix A is an overview of IDA Freeware 5.0, “a significant upgrade” from the 4.9 release of the free version of IDA, yet still “a reduced capability application that typically lags behind the latest available version of IDA by several generations and contains substantially fewer capabilities than the commercial version of IDA version 5.0,” Eagle notes.

Appendix B provides a table that maps “IDC scripting functions to their SDK implementation. The intent of this table is to help programmers familiar with IDC understand how similar actions are carried out using SDK functions.”

IDA Pro software’s creator, Ilfak Guilfanov, has hailed this book as “profound, comprehensive, and accurate.” It’s hard to do much better than that with an “unofficial guide” to a powerful and complex software package.

 — Si Dunn

#

Designed for Use: Create Usable Interfaces for Applications and the Web – #bookreview

Designed for Use: Create Usable Interfaces for Applications and the Web
By Lukas Mathis
(Pragmatic Bookshelf, $35.00 paperback)

There’s no code inside this well-written book for programmers and visual designers. Instead, the focus is on usability — how people use things — and how you can make big, modest or subtle improvements to their experiences with digital interfaces.

You may be designing a software product that you think will be user friendly. Yet how good, really, is your knowledge of efficient and effective design? And what do you really know about how users will respond to what you create? Are you relying on formal focus groups to tell you what your users supposedly will want?

If you are, you are not doing nearly enough research, insists the author, Lukas Mathis, a developer and user interface designer for Numcom Software. “[P]eople often aren’t able to tell us how we can solve their problems. Worse, people may not even be able to tell us what their problems are. And worst of all, people are pretty bad at predicting whether and how they would use a product if we proposed to build it for them,” he writes.

Instead of depending on focus groups, you should spend some time doing “job shadowing” and “contextual interviews” to help you shape a better interface.

“Since people don’t know what they want, a good approach is to simply observe what they do. The idea of [job] shadowing is to visit users in our target audience at the place where they will use our product. The goal is to find out how our product will help them achieve their goals.”

He adds: “With usability testing, the goal is to find issues with the user interface. When you are shadowing someone, the goal is to figure out what kind of product to create or how to change your product on a more fundamental level.”

In contextual interviews, you interview a user after doing some job shadowing. And: “What you see is more important than what people say. Still, by asking the right questions, you can often get some useful information out of people….The kinds of things you’re looking for are areas where improvements seem possible. Don’t ask for opinions, and avoid questions that force the person to play product designer.”

Mathis has structured his 322-page book into three parts – research, design and implementation – and 36 short, nicely focused chapters that deal with everything from “[c]reating documentation as soon as possible” to “learning from video games” to doing “guerilla usability testing,” overcoming common testing mistakes and dealing with bad user feedback.

Designed for Use has numerous illustrations that highlight common interface design mistakes. The book also shows major, minor and subtle ways to improve customers’ understanding, acceptance and appreciation of what happens when they use product interfaces on their computer screens or phones.

The author also emphasizes the importance of keeping in mind “that you don’t have to own 100 percent of your market. It’s true that adding more features to your product allows you to target more users, but doing so comes at a cost. Your product becomes more desirable to the people who would not be able to use it if it didn’t offer a specific feature. However, it also makes your product less desirable to the people who have no use for that specific feature.”

In his view: “It’s OK to let some people go to your competitors to get what they need; you can’t be everything to everybody.”

Si Dunn

Gamification by Design – Implementing Game Mechanics in Web and Mobile Apps – #bookreview

Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps
By Gabe Zichermann and Christopher Cunningham
(O’Reilly, $24.99, paperback; $9.99, Kindle)

Many companies which sell us products and services are rushing to try to adapt successful videogame strategies to their sales techniques.

This well-written and adequately illustrated book encourages companies to view consumers as “players” rather than “customers” or “users.” In the co-authors’ view: “By thinking of our clients as players, we shift our frame of mind toward their engagement with our products and services. Rather than looking at the immediacy of a single financial transaction, we are considering a long-term and symbiotic union wrapped in a ribbon of fun.”

“Gamification,” the writers emphasize, “…is the marketing buzzword of our time,” and it “can mean different things to different people.”

In their book, it means “the design strategy and tactics you need to integrate game mechanics into any kind of consumer-facing website or mobile app.”

The co-authors also state that their overall goal is “to help demystify some of the core concepts of game design as they apply to business” and that they have structured their book from “the perspective of what a marketer, product manager, or strategist would want to know.”

They define game mechanics as “the tools used to create games,” and game dynamics as “how players interact with game experiences.”

The two writers, both gamification experts, stress that gamification cannot fix core problems within a business. And bad products or products that don’t fit well into a particular market will not get a sales boost if game mechanics and game design are applied to sales campaigns. One hypothetical example they cite is trying to create “a world where your consumer’s avatar is chasing gremlins with an AK-47 in order to save the spaghetti sauce your company is trying to sell in outer space.”

Gamification by Design is not about showing you how to create actual games. Instead, it is more about using gamification to enhance customer engagement and loyalty to your products or services.

The chapter line-up shows the scope of this 182-page book:

  • Introduction
  • Chapter 1: Foundations
  • Chapter 2: Player Motivation
  • Chapter 3: Game Mechanics: Designing for Engagement (Part I)
  • Chapter 4: Game Mechanics: Designing for Engagement (Part II)
  • Chapter 5: Game Mechanics and Dynamics in Greater Depth
  • Chapter 6: Gamification Case Studies
  • Chapter 7: Tutorial: Coding Basic Game Mechanics
  • Chapter 8: Tutorial: Using an Instant Gamification Platform
  • Index (12 pages)

Once the basic game mechanics and structures are introduced, the reader is presented with more information on how “[p]oints, badges, levels, leader-boards, challenges, and rewards can be remixed in limitless ways to create a spectrum of experiences.” And the book moves into deeper discussions of game mechanics and game dynamics.

Feedback, for example, is the process of “returning information to players and informing them of where they are at the present time, ideally against a continuum of progress.” In the toolbox of game mechanics, “[f]eedback loops are essential parts of all games, and they are seen most frequently in the interplay between scores and levels. As scores increase during an experience, they provide clear and unambiguous feedback to the player that she is heading in the ‘right’ direction.”

The book includes case studies focusing successful use of gamification by Yahoo!, Nike and Quora. It also offers up some examples of bad efforts at gamifying a website.

While Gamification by Design keeps its focus away from actually designing and creating games, it does give the reader the architecture and code needed to gamify a basic consumer site. It also shows how to use “mainstream APIs [application programming interfaces] from Badgeville,”

Noting that badges have motivated military warriors and Boy Scouts for hundreds of years, the co-authors contend that offering electronic badges as rewards and status symbols on websites “are [for game designers] an excellent way to encourage social promotion of their products and services. Badges also mark the completion of goals and the steady progress of play within the system.”

This is a fine standalone book, but it also can be used in conjunction with O’Reilley’s Gamification Master Class and with “the supplemental videos, exercises, challenges, and resources available at http://www.GamificationU.com.”

Si Dunn

#

The Book of Ruby: A Hands-On Guide for the Adventurous – #ruby #programming #software #bookreview

The Book of Ruby: A Hands-On Guide for the Adventurous
By Huw Collingbourne
(No Starch Press, $39.95, paperback; $31.95, Kindle) 

Ruby, first introduced in 1995, is “a cross-platform interpreted language that has many features in common with other ‘scripting’ languages such as Perl and Python,” says Huw Collingbourne,  who is director of technology for SapphireSteel Software and has 30 years’ experience in computer programming.

“Many people are attracted to Ruby by its simple syntax and ease of use. They are wrong,” he cautions in his new book. “Ruby’s syntax may look simple at first sight, but the more you get to know the language, the more you will realize that it is, on the contrary, extremely complex. The plain fact of the matter is that Ruby has a number of pitfalls just waiting for unwary programmers to drop into.”

Collingbourne  has written The Book of Ruby to help those new to the programming language successfully jump over the hazards. Ruby, he notes, can look a bit like Pascal at first glance. But: “It is thoroughly object-oriented and has a great deal in common with the granddaddy of ‘pure’ object-oriented languages, Smalltalk.”  

He cautions programmers to get a good handle on Ruby by itself before rushing ahead to use the popular web development framework known as Ruby on Rails.”Understanding Ruby is a necessary prerequisite for understanding Rails,” he warns.

“Indeed, if you were to leap right into Rails development without first mastering Ruby, you might find that you end up creating applications that you don’t even understand. (This is all too common among Ruby on Rails novices.)”

Collingbourne’s well-written 373-page book covers Ruby 1.8 and 1.9. He takes a “bite-sized chunks” approach, so that each chapter “introduces a theme that is subdivided into subtopics.” And: “Each programming topic is accompanied by one or more small, self-contained, ready-to-run Ruby program.”

 The chapter line-up shows the book’s structure:

  •  Introduction
  • 1: Strings, Numbers, Classes, and Objects
  • 2: Class Hierarchies, Attributes, and Class Variables
  • 3: Strings and Ranges
  • 4: Arrays and Hashes
  • 5: Loops and Iterators
  • 6: Conditional Statements
  • 7: Methods
  • 8: Passing Arguments and Returning Values
  • 9: Exception Handling
  • 10: Blocks, Procs, and Lambdas
  • 11: Symbols
  • 12: Modules and Mixins
  • 13: Files and IO
  • 14: YAML
  • 15: Marshal
  • 16: Regular Expressions
  • 17: Threads
  • 18: Debugging and Testing
  • 19: Ruby on Rails
  • 20: Dynamic Programming
  • Appendix A: Documenting Ruby with RDOC
  • Appendix B: Installing MySQL for Ruby on Rails
  • Appendix C: Further Reading
  • Appendix D: Ruby and Rails Development Software
  • Index

The author gives links for downloading the latest version of Ruby, plus the source code for all of the programs used in this book.

Collingbourne notes that The Book of Ruby “covers many of the classes and methods in the standard Ruby library – but by no means all of them! At some stage, therefore, you will need to refer to documentation on the full range of classes used by Ruby.” He provides links to the online documentation for both Ruby 1.8 and Ruby 1.9.

True to his word, he begins at the “hello world” level of Ruby:

puts 'hello world'

From there, he keeps surging forward in small, careful steps, offering good examples to illustrate each new topic. In each chapter except the Introduction, he also includes a subsection known as “Digging Deeper.”

“In many cases, you could skip the ‘Digging Deeper’ sections and still learn all the Ruby you will ever need,” he states. “On the other hand, it is in these sections that you will often get closest to the inner workings of Ruby, so if you skip them, you are going to miss out on some pretty interesting stuff.”

Collingbourne previously has released two free ebooks on Ruby: The Little Book of Ruby and The Book of Ruby.

He knows his Ruby – and he wants you to know this elegant and unique programming language, too.

Si Dunn

#

Build Mobile Websites and Apps for Smart Devices – #bookreview

Build Mobile Websites and Apps for Smart Devices
By Earle Castledine, Myles Eftos & Max Wheeler
(SitePoint, $39.95, paperback; $27.99, Kindle)

By 2013, in some estimates, mobile devices such as smartphones and “other browser-equipped phones” will outnumber the world’s 1.78 billion PCs.

Meanwhile, the “mobile share of overall web browsing” is now growing rapidly. And: “We’re never going to spend less time on our phones and other mobile devices than we do now,” contend the authors of Build Mobile Websites and Apps for Smart Devices.

“Inevitiably, more powerful mobile devices and ubiquitous internet access will become the norm. And the context in which those devices are used will change rapidly. The likelihood of our potential customers being on mobile devices is higher and higher. We ignore the mobile web at our peril.”

The authors’ new guidebook from SharePoint is aimed at front-end web designers and developers, with emphasis on mobile websites and apps that are accessed via touch-screen smartphones.

Their well-illustrated, 256-page book is written in a smooth, accessible style that moves quickly to the point of  each chapter and example. They recommend that you read the chapters in sequence the first time, rather than skipping around, particularly if you are new to mobile web design and web development.

The chapter line-up gives a good look at the book’s structure and coverage:

  •  Preface
  • Chapter 1: Introduction to Mobile Web Design
  • Chapter 2: Design for Mobile
  • Chapter 3: Markup for Mobile
  • Chapter 4: Mobile Web Apps
  • Chapter 5: Using Device Features from Web Apps
  • Chapter 6: Polishing Up Our App
  • Chapter 7: Introducting PhoneGap
  • Chapter 8: Making Our Application Native
  • Appendix A: Running a Server for Testing

The book includes a link to “a downloadable ZIP archive that contains every line of example source code printed in this book.” And the writers emphasize that readers should have “intermediate knowledge” of HTML, CSS, and JavaScript. They skip the absolute basics and move right into “what’s relevant for the mobile context.” 

They emphasize that “[t]he inevitable decision when designing for the mobile space is the choice between building a native application or a web application….A web application is one that’s accessed on the Web via the device’s browser–a website that offers app-like functionality, in other words.” Meanwhile, “[a] so-called native application is built specifically for a given platform–Android or iOS, for example–and is installed on the device much like a desktop application.”

They contend that “native apps offer a superior experience when compared to web applications,” and they note that “the difference is even more pronounced on slower devices.” However, building a native application can leave you vulnerable to market fragmentation and unsure which platforms you should target. Meanwhile,  it can be cheaper and faster to develop a Web application. So several important design and business decisions have to be made before you offer a new app to the marketplace. 

Build Mobile Websites and Apps for Smart Devices focuses first on making design decisions, selecting a feature set and using HTML, CSS and JavaScript to build a Web application. Later, it shows how to use PhoneGap to turn a web app into a native app for iOS, Android, BlackBerry and other platforms.

In the authors’ view, “mobile design is about context, but it’s also about speed. We’re aiming to give our users what they want, as fast as possible.” And, in many cases, “[p]roviding a version of our site to mobile users is going to be important regardless of whether or not we have a native application.”

In other words, be ready and able to go native and web when creating mobile websites and apps for smart devices

Si Dunn

#

Continuous Testing with Ruby, Rails, and JavaScript – #bookreview

Continuous Testing with Ruby, Rails, and JavaScript
By Ben Rady and Rod Coffin
(Pragmatic Bookshelf, $33.00, paperback)

I used to test software for a living. It was seldom a pretty sight.

Patches to customized software sometimes would be released to particular customers on an emergency basis. Then I would be asked to test what had just been shipped.

Often, I found bugs — serious bugs. And often, it was Friday afternoon, and the programmers had gone home. Frequently, I had no idea which customer had received the buggy patches, and I had no way to fix the code myself and issue a new release.

So the customers installed bad software over the weekend and quickly called in to complain. But the software development manager had my report. So the programmers then were lashed until morale improved, as the old saying goes. A new load was created — and this time tested before it was shipped to the customer, along with profuse apologies (and who knows what else) by the sales department.

To murder an old saying, this was no way to run a software railroad.

Continuous Testing with Ruby, Rails, and JavaScript shows how programmers can set up and run automated tests continuously while they are writing code.

The book, illustrated with code examples and screen shots, shows how to set up and maintain a quick and powerful test suite and also how to use inline assertions and other continuous-testing (CT) techniques, rather than old-fashioned debugging or printing out piles of paper so you can search frantically for that missing semicolon or extra parenthesis.

Rady’s and Coffin’s 139-page work is divided into three parts. Part I covers Ruby and Autotest. Part II focuses on Rails, JavaScript and Watchr. Part III contains three appendices.

The chapter line-up shows the topic focus in each part.

  • Chapter 1: Why Test Continuously?

Part 1 — Ruby and Autotest

  • Chapter 2: Creating Your Environment
  • Chapter 3: Extending Your Environment
  • Chapter 4: Interacting with Your Code

Part II — Rails, JavaScript, and Watchr

  • Chapter 5: Testing Rails Apps Continuously
  • Chapter 6: Creating a JavaScript CT Environment
  • Chapter 7: Writing Effective JavaScript Tests

Part III — Appendices

  •  Appendix 1: Making the Case for Functional JavaScript
  • Appendix 2: Gem Listing (This is a listing of all the gems installed while testing the book’s examples.)
  • Appendix 3: Bibliography

The goal of the book is to show you how to use a combination of techniques, tests and tools to catch software problems while  you are initially coding, not later in the process when you’re up against the wall of develpment and delivery deadlines.

“A continuous testing environment validates decisions as soon as we make them,” the authors state. “In this environment, every action has an opposite, automatic, and instantaneous reaction that tells if what we just did was a bad idea. This means that making certain mistakes becomes impossible and making others is more difficult. The majority of the bugs that we introduce into our code have a very short lifespan. They never make their way into source control. They never break the build. They never sneak out into the production environment. Nobody ever sees them but us.”

Sounds good to this ex-software tester! (Although I do remain suspicious of the word “never” in anything related to software.) Sure wish the programmers in my groups had had these tools.

“Continuous testing is our first line of defense,” the authors point out. “Failure is extremely cheap here, so this is where we want things to break down most frequently.”

They also describe some drawbacks and limitations to continuous testing and ways to blend CT with continuous integration, before moving into the coding and testing examples.

The authors “suggest” using the follow to run the examples in this book:

  • A *nix operating system (such as Linux or MacOS)
  • Ruby 1.9.2
  • Rails 3.0.4

The book provides a link to online source for the coding examples. 

“The examples may work in other environments (such as Windows) and with other versions of these tools,” they add, “but this is the configuration that we used while writing the book.”

Si Dunn

#