The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler – #bookreview

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
By Chris Eagle
(No Starch Press, $69.95, paperback; $55.95, Kindle)

The popular interactive disassembler IDA Pro helps reverse engineers, malware analysts, vulnerability testers and others dissect computer programs when source code is not available.

Unfortunately, IDA Pro is updated so frequently, it’s impossible for writers to keep up and present complete guides to this “complex piece of software with more features than can even be mentioned, let alone detailed in a book of reasonable size….”

Chris Eagle, author of The IDA Pro Book, adds in the introduction to this second edition that he was inspired to update his well-respected guidebook when “a new, Qt-based graphical user interface” was added to IDA Pro 6.0. Yet, true to form, before his new edition could hit the shelves, IDA Pro version 6.1 was released, he notes.

To his credit, his book does not try to be an up-to-the-dot-release user manual. Instead: “My goal…remains to help others get started with IDA and perhaps develop an interest in reverse engineering in general. For anyone looking to get into the reverse engineering field, I can’t stress how important it is that you develop competent programming skills. Ideally, you should love code, perhaps going to far as to eat, sleep, and breathe code. If programming intimidates you, then reverse engineering is probably not for you.”

This updated edition of The IDA Pro Book is well-organized, smoothly written, and nicely illustrated. Eagle avoids the use of long code sequences. He zeroes in, instead, on “short sequences that demonstrate specific points.”

His 646-page book is heavily indexed and is divided into six parts, with 26 chapters and two appendices.

In Part I, “Introduction to IDA,” the focus is on the whats, whys and hows of software disassembly, reversing and disassembly tools, and some background on IDA Pro.

Part II covers “Basic IDA Usage,” including getting started, IDA data displays, disassembly navigation and manipulation, datatypes and data structures, cross-references and graphing, and “the many faces of IDA,” which covers common features of console mode, plus console specifics for Windows, Linux and OS X.

Part III takes the reader into “Advanced IDA Usage.” These chapters examine IDA customization, library recognition using Fast Library Acquisition for Identification and Recognition (FLIRT) signatures, “augmenting IDA’s knowledge” and “patching binaries and other IDA limitations.”

Part IV is devoted to “Extending IDA’s Capabilities.” The topics covered include IDA scripting, the IDA software development kit, IDA’s plug-in architecture, binary files and IDA loader modules, and IDA processor modules.

Part V’s focus is “Real-World Applications.”The chapter subjects include: compiler “personalities”; “obfuscated” code analysis; vulnerability analysis; and real-world plug-ins for IDA.

In Part VI, Eagle looks at the IDA debugger. Chapter subjects include the debugger, disassemble/debugger integration, and additional debugger features.

Appendix A is an overview of IDA Freeware 5.0, “a significant upgrade” from the 4.9 release of the free version of IDA, yet still “a reduced capability application that typically lags behind the latest available version of IDA by several generations and contains substantially fewer capabilities than the commercial version of IDA version 5.0,” Eagle notes.

Appendix B provides a table that maps “IDC scripting functions to their SDK implementation. The intent of this table is to help programmers familiar with IDC understand how similar actions are carried out using SDK functions.”

IDA Pro software’s creator, Ilfak Guilfanov, has hailed this book as “profound, comprehensive, and accurate.” It’s hard to do much better than that with an “unofficial guide” to a powerful and complex software package.

 – Si Dunn

#

Designed for Use: Create Usable Interfaces for Applications and the Web – #bookreview

Designed for Use: Create Usable Interfaces for Applications and the Web
By Lukas Mathis
(Pragmatic Bookshelf, $35.00 paperback)

There’s no code inside this well-written book for programmers and visual designers. Instead, the focus is on usability — how people use things — and how you can make big, modest or subtle improvements to their experiences with digital interfaces.

You may be designing a software product that you think will be user friendly. Yet how good, really, is your knowledge of efficient and effective design? And what do you really know about how users will respond to what you create? Are you relying on formal focus groups to tell you what your users supposedly will want?

If you are, you are not doing nearly enough research, insists the author, Lukas Mathis, a developer and user interface designer for Numcom Software. “[P]eople often aren’t able to tell us how we can solve their problems. Worse, people may not even be able to tell us what their problems are. And worst of all, people are pretty bad at predicting whether and how they would use a product if we proposed to build it for them,” he writes.

Instead of depending on focus groups, you should spend some time doing “job shadowing” and “contextual interviews” to help you shape a better interface.

“Since people don’t know what they want, a good approach is to simply observe what they do. The idea of [job] shadowing is to visit users in our target audience at the place where they will use our product. The goal is to find out how our product will help them achieve their goals.”

He adds: “With usability testing, the goal is to find issues with the user interface. When you are shadowing someone, the goal is to figure out what kind of product to create or how to change your product on a more fundamental level.”

In contextual interviews, you interview a user after doing some job shadowing. And: “What you see is more important than what people say. Still, by asking the right questions, you can often get some useful information out of people….The kinds of things you’re looking for are areas where improvements seem possible. Don’t ask for opinions, and avoid questions that force the person to play product designer.”

Mathis has structured his 322-page book into three parts – research, design and implementation – and 36 short, nicely focused chapters that deal with everything from “[c]reating documentation as soon as possible” to “learning from video games” to doing “guerilla usability testing,” overcoming common testing mistakes and dealing with bad user feedback.

Designed for Use has numerous illustrations that highlight common interface design mistakes. The book also shows major, minor and subtle ways to improve customers’ understanding, acceptance and appreciation of what happens when they use product interfaces on their computer screens or phones.

The author also emphasizes the importance of keeping in mind “that you don’t have to own 100 percent of your market. It’s true that adding more features to your product allows you to target more users, but doing so comes at a cost. Your product becomes more desirable to the people who would not be able to use it if it didn’t offer a specific feature. However, it also makes your product less desirable to the people who have no use for that specific feature.”

In his view: “It’s OK to let some people go to your competitors to get what they need; you can’t be everything to everybody.”

– Si Dunn

Microsoft Access 2010 VBA Programming Inside Out – #bookreview #access #vba #programming

Microsoft Access 2010 VBA Programming Inside Out
By Andrew Couch
(Microsoft Press, $49.99, paperback; $39.99, Kindle)

Critics of Microsoft’s Visual Basic for Applications (VBA) often contend that it is too “simple” a programming language, particularly when stacked up against C++ and C#.

But Andrew Couch, a Microsoft MVP (“Most Valuable Professional”) with extensive experience in Access and VBA programming, is quick to differ with those critics in his new book. “Quite to the contrary,” he states, “the big advantage of VBA is that this simplicity leads to more easily maintainable and reliable code, particularly when developed by people with a more business-focused orientation to programming.”

He concedes that “[i]n the .NET world, the conflict between using VB.NET, which originates from VBA, and C# continues, because even though the objects being manipulated are now common, there are subtle differences between the languages, which means that developers moving from VBA to C# can often feel that they are being led out of their comfort zone, especially when they need to continue to use VBA for other applications.”

He also notes that Access has gotten bad raps regarding “poor performance applications,” IT department support “nightmares,” network bandwidth consumption and low corporate trust for handling “mission-critical applications.”

Couch’s new book asserts that these problems stem more from the “successes” of Access and VBA, as well as “those lacking some direction on how to effectively develop applications.” For example, “[t]he big problem with Access is that the underlying database engine is extremely efficient and can compensate for a design that normally would not scale.” Therefore, “the existing application design techniques for searching and displaying data [may] need to be revised,” if Access database data is converted to be located in Microsoft SQL Server, Microsoft SQL Azure or Microsoft SharePoint.

The author’s two goals for this book are (1) helping create “a better informed community of developers” and (2) showing “how to better develop applications with VBA.” 

Couch also has aimed his work toward two types of readers. The first are those who have worked with Microsoft Access and developed applications and now want to “more fully develop applications with a deeper understanding of what it means to program with VBA.” The second are experienced VBA programmers who want to explore “the more advanced aspects of VBA programming.”

Special attention is paid in the book to helping readers who are “developing with both SQL Server and cloud computing.”

So this not a beginner’s book. Yet it is written well enough and provides enough illustrations and steps that newcomers to Access and VBA may want to add it to their libraries, particularly after reading Microsoft Access 2010 Inside Out, written by Jeff Conrad and John Viescas.

Couch’s 700-page VBA book is divided into seven parts and 18 chapters:

Part 1: VBA Environment and Language

• Chapter 1: Using the VBA Editor and Debugging Code
• Chapter 2: Understanding the VBA Language Structure
• Chapter 3: Understanding the VBA Language Features

Part 2: Access Object Model and Data Access Objects (DAO)

• Chapter 4: Applying the Access Object Model
• Chapter 5: Understanding the Data Access Chapter Model

Part 3: Working with Forms and Reports

• Chapter 6: Using Forms and Events
• Chapter 7: Using Form Controls and Events
• Chapter 8: Creating Reports and Events

Part 4: Advanced Programming with VBA Classes

• Chapter 9: Adding Functionality with Classes
• Chapter 10: Using Classes and Events
• Chapter 11: Using Classes and Forms

Part 5: External Data and Office Integration

• Chapter 12: Linking Access Tables
• Chapter 13: Integrating Microsoft Office

Part 6: SQL Server and SQL Azure

• Chapter 14: Using SQL Server
• Chapter 15: Upsizing Access to SQL Server
• Chapter 16: Using SQL Azure

Part 7: Application Design

• Chapter 17: Building Applications
• Chapter 18: Using ADO and ADOX

The book also has a well-detailed, 25-page index.

Couch emphasizes that “[a] significant strength of VBA is that it is universal to the Microsoft Office suite of programs; all the techniques we describe in this book can be applied to varying degrees within the other Office products.”

He maintains: “To successfully work with VBA, you need an understanding of the language, the programming environment, and the objects that are manipulated by the code.”

His book can get you going on that track, starting with a detailed look at the VBA Editor, which “is more than a simple editing tool for writing programming code. It is an environment in which you can test, debug, and develop your programs.”

The VBA editor, he points out, allows you to change application code on the fly, while the code’s execution is paused. You also can switch to the Access 2010 application window while the code is paused. There, you can “create a query, run the query, copy the SQL to the clipboard, and then swap back to the programming environment to paste the SQL into your code. It is this flexibility during the development cycle that makes developing applications with VBA a productive and exhilarating experience.”

The book provides a link to sample database files. Meanwhile, the code examples are designed to run with Access 2010 32-bit.

Most examples also can be used with Access 2010 64-bit. But there are some required changes and exceptions noted in the front of the book.

Just in case you don’t want to lug around a paperback copy of Microsoft Access 2010 VBA Programming Inside Out, it is available on Kindle, too. But the paperback edition also comes with access to a fully searchable Web edition, through Safari Books Online.

– Si Dunn

Windows Sysinternals Administrator’s Reference – #bookreview #software #techsupport

Windows Sysinternals Administrator’s Reference
By Mark Russinovich and Aaron Margosis
(Microsoft Press, $49.99, paperback; $39.99, Kindle)

To the uninitiated, the title may sound a bit ultra-geeky and scary. Particularly the “Huh?” word “Sysinternals.”

But this book may benefit you “whether you manage the systems of a large enterprise, a small business, or the PCs of your family and friends,” Mark Russinovich and Aaron Margosis contend.

The Sysinternals Suite, it turns out, “is a set of over 70 advanced diagnostic and troubleshooting utilities for the Microsoft Windows platform” written by one of the book’s authors, Mark Russinovich, plus Bryce Cogswell.

The 70+  Sysinternals tools can be downloaded free from Microsoft TechNet at http://www.sysinternals.com.

The book’s goals are to make you more familiar with the Sysinternals Suite and learn how to use the Sysinternals to “solve real problems on Windows systems.”

Russinovich’s and Margosis’s Windows Sysinternals Administrator’s Reference is well written and has a good number of illustrations that provide amplifying “how-to” information. The book has a hefty 25-page index, as well, to  help you find your way through the Sysinternals’ maze of available features, capabilities, verifications, files, drivers, states, fixes and more.

The Sysinternal tools work with the following versions of Windows:  Windows XP (with Service Pack 3); Windows Vista; Windows 7; Windows Server 2003 (with Service Pack 2); Windows Server 2003 R2; Windows Server 2008; and Windows Server 2008 R2. The authors note: “Some tools require administrative rights to run, and others implement specific features that require administrative rights.”

Following its introduction, the book is divided into three parts, containing a total of 18 chapters:

Part I: Getting Started

• 1. Getting Started with the Sysinternals Utilities
• 2. Windows Core Concepts

Part II: Usage Guide

• 3. Process Explorer
• 4. Process Monitor
• 5. Autoruns
• 6. PsTools
• 7. Process and Diagnostic Utilities
• 8. Security Utilities
• 9. Active Directory Utilities
• 10. Desktop Utilities
• 11. File Utilities
• 12. Disk Utilities
• 13. Network and Communications Utilities
• 14. System Information Utilities
• 15. Miscellaneous Utilities

Part III: Troubleshooting – “The Case of the Unexplained”

• 16. Error Messages
• 17. Hangs and Sluggish Performance
• 18. Malware

The book is aimed mainly at “Windows IT professionals and power users who want to make the most of the Sysinternals tools.” And it includes real-world case studies to illustrate several tough problems.

If you are not yet a power user, but wrestle with Windows on a frequent basis (as many of us do) and are ready to tear into it, the Windows Sysinternals Administrator’s Reference can help you learn how to diagnose and troubleshoot your system and also optimize it.

If you work in a small business where there is little or no tech support, or if you are tech support in your small business, add this book to your library. You’ll likely put it to good use.

– Si Dunn

New MOS 2010 Study Guide for 4 Microsoft Office Certification Exams – #bookreview

MOS 2010 Study Guide for Microsoft Word Expert, Excel Expert, Access, and SharePoint Exams
By John Pierce and Geoff Evelyn
(Microsoft Press, $44.99, paperback;  $35.99, Kindle )

In today’s depressed job market, employers have the upper hand. So, many companies now demand that job candidates and current workers have a wide range of computer skills and training certifications – gained mostly on their own and at their own expense, of course.

This new MOS 2010 Study Guide from Microsoft Press can help you prepare to take four different Microsoft Office Expert and Specialist certification exams: Word Expert (Exam 77-887), Excel Expert (Exam 77-888), Access Specialist (Exam 77-885) and SharePoint Specialist (Exam 77-886).

To benefit from this book, you must have – or have access to – Word 2010, Excel 2010, Access 2010 and SharePoint 2010.

You should download book’s practice files, which are organized by chapter and sometimes by section number, when necessary, and do the book’s exercises. No practice files, however, are provided for the SharePoint section.

“To work through the SharePoint section,” the authors emphasize, “you need full access to a SharePoint 2010 team site, and because SharePoint 2010 is a server-based platform rather than a desktop application, you need access to a server or an online application where SharePoint 2010 is installed or hosted. You can find information about SharePoint hosting services and the SharePoint trial edition at the start of that section of the book.”

The chapters for each of the four Microsoft products focus on preparing you to “demonstrate that you can complete certain tasks rather than simply answering questions about program features,” the authors note.

Indeed, the certification exams have been designed from studies of “how the Office 2010 programs or SharePoint are used in the workplace.”

Even if you do not plan to pursue Microsoft Office certifications, this 691-page book can help you better master an Office program or SharePoint. It is well-written and nicely illustrated, and it offers clearly defined steps and expert advice for completing specific tasks within the software.

In Word 2010, the areas covered are: (1) sharing and maintaining documents; (2) formatting content; (3) tracking and referencing documents; (4) performing mail merge operations; and (5) managing macros and forms.

The four chapters devoted to Excel cover: (1) sharing and maintaining workbooks; (2) applying formulas and functions; (3) presenting data visually; and (4) working with macros and forms.

The five chapters focusing on Access examine: (1) using the Access workspace; (2) building tables; (3) building forms; (4) creating and managing queries; and (5) designing reports.

The book’s four SharePoint chapters focus on “the general skills required to create, edit, and manage content on a Microsoft SharePoint team site,” the authors state.

The book includes a Certiport coupon good for a 25% discount on an MOS exam fee. Also, you get access to a free PDF version of the book that you can download from O’Reilly Media.

– Si Dunn

Gamification by Design – Implementing Game Mechanics in Web and Mobile Apps – #bookreview

Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps
By Gabe Zichermann and Christopher Cunningham
(O’Reilly, $24.99, paperback; $9.99, Kindle)

Many companies which sell us products and services are rushing to try to adapt successful videogame strategies to their sales techniques.

This well-written and adequately illustrated book encourages companies to view consumers as “players” rather than “customers” or “users.” In the co-authors’ view: “By thinking of our clients as players, we shift our frame of mind toward their engagement with our products and services. Rather than looking at the immediacy of a single financial transaction, we are considering a long-term and symbiotic union wrapped in a ribbon of fun.”

“Gamification,” the writers emphasize, “…is the marketing buzzword of our time,” and it “can mean different things to different people.”

In their book, it means “the design strategy and tactics you need to integrate game mechanics into any kind of consumer-facing website or mobile app.”

The co-authors also state that their overall goal is “to help demystify some of the core concepts of game design as they apply to business” and that they have structured their book from “the perspective of what a marketer, product manager, or strategist would want to know.”

They define game mechanics as “the tools used to create games,” and game dynamics as “how players interact with game experiences.”

The two writers, both gamification experts, stress that gamification cannot fix core problems within a business. And bad products or products that don’t fit well into a particular market will not get a sales boost if game mechanics and game design are applied to sales campaigns. One hypothetical example they cite is trying to create “a world where your consumer’s avatar is chasing gremlins with an AK-47 in order to save the spaghetti sauce your company is trying to sell in outer space.”

Gamification by Design is not about showing you how to create actual games. Instead, it is more about using gamification to enhance customer engagement and loyalty to your products or services.

The chapter line-up shows the scope of this 182-page book:

• Introduction
• Chapter 1: Foundations
• Chapter 2: Player Motivation
• Chapter 3: Game Mechanics: Designing for Engagement (Part I)
• Chapter 4: Game Mechanics: Designing for Engagement (Part II)
• Chapter 5: Game Mechanics and Dynamics in Greater Depth
• Chapter 6: Gamification Case Studies
• Chapter 7: Tutorial: Coding Basic Game Mechanics
• Chapter 8: Tutorial: Using an Instant Gamification Platform
• Index (12 pages)

Once the basic game mechanics and structures are introduced, the reader is presented with more information on how “[p]oints, badges, levels, leader-boards, challenges, and rewards can be remixed in limitless ways to create a spectrum of experiences.” And the book moves into deeper discussions of game mechanics and game dynamics.

Feedback, for example, is the process of “returning information to players and informing them of where they are at the present time, ideally against a continuum of progress.” In the toolbox of game mechanics, “[f]eedback loops are essential parts of all games, and they are seen most frequently in the interplay between scores and levels. As scores increase during an experience, they provide clear and unambiguous feedback to the player that she is heading in the ‘right’ direction.”

The book includes case studies focusing successful use of gamification by Yahoo!, Nike and Quora. It also offers up some examples of bad efforts at gamifying a website.

While Gamification by Design keeps its focus away from actually designing and creating games, it does give the reader the architecture and code needed to gamify a basic consumer site. It also shows how to use “mainstream APIs [application programming interfaces] from Badgeville,”

Noting that badges have motivated military warriors and Boy Scouts for hundreds of years, the co-authors contend that offering electronic badges as rewards and status symbols on websites “are [for game designers] an excellent way to encourage social promotion of their products and services. Badges also mark the completion of goals and the steady progress of play within the system.”

This is a fine standalone book, but it also can be used in conjunction with O’Reilley’s Gamification Master Class and with “the supplemental videos, exercises, challenges, and resources available at http://www.GamificationU.com.”

–Si Dunn

#

The Book of Ruby: A Hands-On Guide for the Adventurous – #ruby #programming #software #bookreview

The Book of Ruby: A Hands-On Guide for the Adventurous
By Huw Collingbourne
(No Starch Press, $39.95, paperback; $31.95, Kindle) 

Ruby, first introduced in 1995, is “a cross-platform interpreted language that has many features in common with other ‘scripting’ languages such as Perl and Python,” says Huw Collingbourne,  who is director of technology for SapphireSteel Software and has 30 years’ experience in computer programming.

“Many people are attracted to Ruby by its simple syntax and ease of use. They are wrong,” he cautions in his new book. “Ruby’s syntax may look simple at first sight, but the more you get to know the language, the more you will realize that it is, on the contrary, extremely complex. The plain fact of the matter is that Ruby has a number of pitfalls just waiting for unwary programmers to drop into.”

Collingbourne  has written The Book of Ruby to help those new to the programming language successfully jump over the hazards. Ruby, he notes, can look a bit like Pascal at first glance. But: “It is thoroughly object-oriented and has a great deal in common with the granddaddy of ’pure’ object-oriented languages, Smalltalk.”  

He cautions programmers to get a good handle on Ruby by itself before rushing ahead to use the popular web development framework known as Ruby on Rails.”Understanding Ruby is a necessary prerequisite for understanding Rails,” he warns.

“Indeed, if you were to leap right into Rails development without first mastering Ruby, you might find that you end up creating applications that you don’t even understand. (This is all too common among Ruby on Rails novices.)”

Collingbourne’s well-written 373-page book covers Ruby 1.8 and 1.9. He takes a “bite-sized chunks” approach, so that each chapter “introduces a theme that is subdivided into subtopics.” And: “Each programming topic is accompanied by one or more small, self-contained, ready-to-run Ruby program.”

 The chapter line-up shows the book’s structure:

•  Introduction
• 1: Strings, Numbers, Classes, and Objects
• 2: Class Hierarchies, Attributes, and Class Variables
• 3: Strings and Ranges
• 4: Arrays and Hashes
• 5: Loops and Iterators
• 6: Conditional Statements
• 7: Methods
• 8: Passing Arguments and Returning Values
• 9: Exception Handling
• 10: Blocks, Procs, and Lambdas
• 11: Symbols
• 12: Modules and Mixins
• 13: Files and IO
• 14: YAML
• 15: Marshal
• 16: Regular Expressions
• 17: Threads
• 18: Debugging and Testing
• 19: Ruby on Rails
• 20: Dynamic Programming
• Appendix A: Documenting Ruby with RDOC
• Appendix B: Installing MySQL for Ruby on Rails
• Appendix C: Further Reading
• Appendix D: Ruby and Rails Development Software
• Index

The author gives links for downloading the latest version of Ruby, plus the source code for all of the programs used in this book.

Collingbourne notes that The Book of Ruby “covers many of the classes and methods in the standard Ruby library – but by no means all of them! At some stage, therefore, you will need to refer to documentation on the full range of classes used by Ruby.” He provides links to the online documentation for both Ruby 1.8 and Ruby 1.9.

True to his word, he begins at the “hello world” level of Ruby:

puts 'hello world'

From there, he keeps surging forward in small, careful steps, offering good examples to illustrate each new topic. In each chapter except the Introduction, he also includes a subsection known as “Digging Deeper.”

“In many cases, you could skip the ‘Digging Deeper’ sections and still learn all the Ruby you will ever need,” he states. “On the other hand, it is in these sections that you will often get closest to the inner workings of Ruby, so if you skip them, you are going to miss out on some pretty interesting stuff.”

Collingbourne previously has released two free ebooks on Ruby: The Little Book of Ruby and The Book of Ruby.

He knows his Ruby – and he wants you to know this elegant and unique programming language, too.

– Si Dunn

#

Build Mobile Websites and Apps for Smart Devices – #bookreview

Build Mobile Websites and Apps for Smart Devices
By Earle Castledine, Myles Eftos & Max Wheeler
(SitePoint, $39.95, paperback; $27.99, Kindle)

By 2013, in some estimates, mobile devices such as smartphones and “other browser-equipped phones” will outnumber the world’s 1.78 billion PCs.

Meanwhile, the “mobile share of overall web browsing” is now growing rapidly. And: “We’re never going to spend less time on our phones and other mobile devices than we do now,” contend the authors of Build Mobile Websites and Apps for Smart Devices.

“Inevitiably, more powerful mobile devices and ubiquitous internet access will become the norm. And the context in which those devices are used will change rapidly. The likelihood of our potential customers being on mobile devices is higher and higher. We ignore the mobile web at our peril.”

The authors’ new guidebook from SharePoint is aimed at front-end web designers and developers, with emphasis on mobile websites and apps that are accessed via touch-screen smartphones.

Their well-illustrated, 256-page book is written in a smooth, accessible style that moves quickly to the point of  each chapter and example. They recommend that you read the chapters in sequence the first time, rather than skipping around, particularly if you are new to mobile web design and web development.

The chapter line-up gives a good look at the book’s structure and coverage:

•  Preface
• Chapter 1: Introduction to Mobile Web Design
• Chapter 2: Design for Mobile
• Chapter 3: Markup for Mobile
• Chapter 4: Mobile Web Apps
• Chapter 5: Using Device Features from Web Apps
• Chapter 6: Polishing Up Our App
• Chapter 7: Introducting PhoneGap
• Chapter 8: Making Our Application Native
• Appendix A: Running a Server for Testing

The book includes a link to “a downloadable ZIP archive that contains every line of example source code printed in this book.” And the writers emphasize that readers should have “intermediate knowledge” of HTML, CSS, and JavaScript. They skip the absolute basics and move right into “what’s relevant for the mobile context.” 

They emphasize that “[t]he inevitable decision when designing for the mobile space is the choice between building a native application or a web application….A web application is one that’s accessed on the Web via the device’s browser–a website that offers app-like functionality, in other words.” Meanwhile, “[a] so-called native application is built specifically for a given platform–Android or iOS, for example–and is installed on the device much like a desktop application.”

They contend that “native apps offer a superior experience when compared to web applications,” and they note that “the difference is even more pronounced on slower devices.” However, building a native application can leave you vulnerable to market fragmentation and unsure which platforms you should target. Meanwhile,  it can be cheaper and faster to develop a Web application. So several important design and business decisions have to be made before you offer a new app to the marketplace. 

Build Mobile Websites and Apps for Smart Devices focuses first on making design decisions, selecting a feature set and using HTML, CSS and JavaScript to build a Web application. Later, it shows how to use PhoneGap to turn a web app into a native app for iOS, Android, BlackBerry and other platforms.

In the authors’ view, “mobile design is about context, but it’s also about speed. We’re aiming to give our users what they want, as fast as possible.” And, in many cases, “[p]roviding a version of our site to mobile users is going to be important regardless of whether or not we have a native application.”

In other words, be ready and able to go native and web when creating mobile websites and apps for smart devices. 

– Si Dunn

#

Three Windows Server 2008 Training Kit Updates – #bookreview

Microsoft Press recently has updated three of its self-paced training kits for Windows Server 2008.  These 2nd Edition books each cover Windows Server 2008 R2. Below are short reviews of the books.

***

Configuring Windows Server 2008 Active Directory (MCTS Exam 70-640)
By Dan Holme, Nelson Ruest, Danielle Ruest and Jason Kellington
(Microsoft Press, $69.99, paperback)

Configuring Windows Server 2008 Active Directory (2nd Edition) is a hefty, well-illustrated, 1000-page preparation guide for Microsoft Core Technical Certification (MCTS) exam 70-640.

The book focuses on learning how to:

• Deploy or upgrade domain controllers, domains, and forests with Windows Server 2008 R2.
• Use Windows PowerShell to manage user accounts and groups.
• Configure domain name system (DNS) settings and zones.
• Manage authentication.
• Plan and manage Active Directory replication.
• Monitor and ensure the availability of directory services.

Numerous real-world scenarios, exam tips and suggested practices are included in the book. And the accompanying CD (positioned inside the back cover) presents more than 200 practice questions. One key feature of the CD is that it provides detailed explanations for correct and incorrect answers.

The book also contains a discount coupon for 15% off the cost of one exam in the Microsoft Certified Professional Program.

To perform the practice exercises in this book, you will need at least one computer (and sometimes two computers) able to run Windows Server 2008 R2 with SP1. The book explains how to download evaluation versions of the software that will remain usable for up to 180 days.

***

Configuring Windows Server 2008 Applications Infrastructure (MCTS Exam 70-643)
By J.C. Mackin
(Microsoft Press, $59.99, paperback)

To help you prepare for MCTS Exam 70-643, this well-structured 595-page training kit focuses on showing you how to:

• Deploy Windows-based clients and servers across networks.
• Configure virtrual machines and virtual networks by using Hyper-V.
• Configure storage and high availability solutions.
• Learn how to manage the web server role — IIS 7.5 — in Windows Server 2008 R2.
• Configure SMTP and FTP services.
• Configure Streaming Media services, as well as Microsoft SharePoint Foundation 2010.

Configuring Windows Server 2008 Applications Infrastructure (2nd Edition)
includes a variety of real-world case scenarios, plus quick checks (with answers), lesson reviews and lesson questions and answers. The accompanying CD (positioned inside the back cover) presents more than 200 practice questions. As with other MCTS practice test CDs, detailed explanations are offered for correct, as well as incorrect, answers. And customized learning recommendations are generated, based on your results.

The book also contains a discount coupon for 15% off the cost of one exam in the Microsoft Certified Professional Program.

Only one physical computer is needed to perform the exercises in the book. However, it must be able to run Windows Server 2008 R2 and the software’s Hyper-V virtualization platform. The author cautions that you must have a copy of Windows Server 2008 R2 either on DVD or as a .iso file. You also must have the Windows Automated Installation Kit, either on DVD or as a .iso file.

One other caution: “The default network adapter assigned in Hyper-V is incompatible with network-based applications. For this reason, you must replace the default adapter with  the Legacy Network Adapter.” Instructions are provided for how to do this.

***

Windows Server 2008 Server Administration (MCITP Exam 70-646)
By Orin Thomas and Ian McLean
(Microsoft Press, $69.99, paperback)

This 715-page self-paced training kit is for readers preparing to take the Microsoft Certified IT Professional (MCITP) certification exam 70-646.  Windows Server 2008 System Administrator (2nd Edition) is designed to show you how to:

• Plan Windows Server 2008 R2 installations or upgrades.
• Configure DNS and IPv6 connectivity.
• Plan Active Directory, application and certificate services.
• Plan server-management strategies, including Group Policy, RDS and delegation.
• Provision applications, data and file and print servers.
• Implement high-availability, storage, backup and recovery solutions.
• Monitor and manage security services and updates.
• Monitor and optimize server performance.

The book has many screen shots and step-by-step procedures, as well as lesson summaries, lesson reviews, practice exercises and other learning features. Its accompanying CD has a large pool of practice test questions “similar to those that appear on the 70-646 certification exam.” 

“It is possible,” the authors state, ” to complete almost all of the practice exercises in this book using virtual machines rather than real server hardware.” They note that “[i]f you intend to implement several virtual machines on the same computer (which is recommended),” you should have “a computer with 8 GB of RAM and 150 GB of free disk space….”

Evaluation versions of Windows Server 2008 R2 Enterprise edition and Windows 7 Enterprise or Ultimate edition can be downloaded from the Microsoft Download Center, they add. A link is provided.

The authors emphasize that Windows Server 2008 R2 has several standard editions, ranging from editions targeted at small to medium-sized businesses to an enterprise edition, a web server edition and several others others. Their book provides a Microsoft link where features can be compared by edition and help you “determine which edition of Windows Server 2008 R2 best meets a particular set of needs.”

The book, like the others, comes with a CD inside the back cover and a coupon for %15 off the price of a Microsoft Certification exam fee.

***

The three updated training kits are well-illustrated and well-designed for self-paced learning. All of the books also provide convenient access to “fully searchable eBook” versions, so you don’t always have to lug around the hefty paperbacks after you’ve bought them.

– Si Dunn

Metasploit: The Penetration Tester’s Guide – #bookreview

Metasploit: The Penetration Tester’s Guide
By David Kennedy, Jim O’Gorman, Devon Kearns and Mati Aharoni
(No Starch Press, $49.95, paperback; $27.99, Kindle)

Penetration testing is the process of testing enterprise networks to discover their weaknesses, so they can be made more secure, according to HD Moore, founder of The Metasploit Project.

As a penetration tester, Moore states in the foreword to this book, “[y]ou are paid to think like a criminal, to use guerilla tactics to your advantage, and to find the weakest links in a highly intricate net of defenses. The things you find can be both surprising and disturbing; penetration tests have uncovered everything from rogue pornography to large-scale fraud and criminal activity.”

Indeed, penetration testing is about probing an organization’s systems for weaknesses in their security, so better and stronger safeguards can be erected to keep hackers and data thieves at bay. And the tests may be overt or covert.

Metasploit: The Penetration Tester’s Guide is largely — but not fully — a comprehensive guide to learning ”the ins and outs of Metasploit and how to use the Framework to its fullest.” The book is “selective” and does not cover “every single flag or exploit,” the four co-authors concede, “but we give you the foundation you’ll need to understand and use Metasploit now and in future versions.” 

 The 299-page book’s 17 chapters cover “everything from the fundamentals of the Framework to advanced techniques in exploitation.” While penetration testers do not have to be programmers, the writers recommend that readers have at least some understanding of Ruby or Python, since many examples in Metasploit: The Penetration Tester’s Guide are written in those programming languages.

The Metasploit Framework is not an easy tool to learn. Nor is it easy to master the often-complex process of penetration testing. Fortunately, the four co-authors are well aware of this. They have rolled out their combined knowledge and experience in a smooth flow of chapters written in a straightforward, accessible style.

Here is the chapter line-up:

• Introduction
• Chapter 1: The Absolute Baisics of Penetration Testing
• Chapter 2: Metasploit Basics
• Chapter 3: Intelligence Gathering
• Chapter 4: Vulnerability Scanning
• Chapter 5: The Joy of Exploitation
• Chapter 6: Meterpeter
• Chapter 7: Avoiding Detection
• Chapter 8: Exploitation Using Client-Side Attacks
• Chapter 9: Metasploit Auxiliary Modules
• Chapter 10: The Social-Engineer Toolkit
• Chapter 11: Fast-Track
• Chapter 12: Karmetasploit
• Chapter 13: Building Your Own Module
• Chaper 14: Creating Your Own Exploits
• Chapter 15: Porting Exploits to the Metasploit Framework
• Chapter 16: Meterpeter Scripting
• Chapter 17: Simulated Penetration Test

The book also has two appendices. Appendix A covers “Configuring Your Target Machines.”  As the four co-authors point out: “The best way to learn to use the Metasploit Framework is by practicing–repeating a task until you fully understand how it is accomplished.” This appendix explains how to set up a test environment to use with the book’s examples. Appendix B, meanwhile, provides a “Cheat Sheet” listing frequently used commands and syntax “within Metasploit’s various interfaces and utilities.”

Once you become comfortable with the basics of penetration testing, the book then can introduce you to an array of advanced techniques. Metasploit: The Penetration Tester’s Guide is an expanded outgrowth of  an online course, “Metasploit Unleashed,” developed by Offensive-Security.

– Si Dunn

#