Microsoft Access 2010 VBA Programming Inside Out – #bookreview #access #vba #programming

Microsoft Access 2010 VBA Programming Inside Out
By Andrew Couch
(Microsoft Press, $49.99, paperback; $39.99, Kindle)

Critics of Microsoft’s Visual Basic for Applications (VBA) often contend that it is too “simple” a programming language, particularly when stacked up against C++ and C#.

But Andrew Couch, a Microsoft MVP (“Most Valuable Professional”) with extensive experience in Access and VBA programming, is quick to differ with those critics in his new book. “Quite to the contrary,” he states, “the big advantage of VBA is that this simplicity leads to more easily maintainable and reliable code, particularly when developed by people with a more business-focused orientation to programming.”

He concedes that “[i]n the .NET world, the conflict between using VB.NET, which originates from VBA, and C# continues, because even though the objects being manipulated are now common, there are subtle differences between the languages, which means that developers moving from VBA to C# can often feel that they are being led out of their comfort zone, especially when they need to continue to use VBA for other applications.”

He also notes that Access has gotten bad raps regarding “poor performance applications,” IT department support “nightmares,” network bandwidth consumption and low corporate trust for handling “mission-critical applications.”

Couch’s new book asserts that these problems stem more from the “successes” of Access and VBA, as well as “those lacking some direction on how to effectively develop applications.” For example, “[t]he big problem with Access is that the underlying database engine is extremely efficient and can compensate for a design that normally would not scale.” Therefore, “the existing application design techniques for searching and displaying data [may] need to be revised,” if Access database data is converted to be located in Microsoft SQL Server, Microsoft SQL Azure or Microsoft SharePoint.

The author’s two goals for this book are (1) helping create “a better informed community of developers” and (2) showing “how to better develop applications with VBA.” 

Couch also has aimed his work toward two types of readers. The first are those who have worked with Microsoft Access and developed applications and now want to “more fully develop applications with a deeper understanding of what it means to program with VBA.” The second are experienced VBA programmers who want to explore “the more advanced aspects of VBA programming.”

Special attention is paid in the book to helping readers who are “developing with both SQL Server and cloud computing.”

So this not a beginner’s book. Yet it is written well enough and provides enough illustrations and steps that newcomers to Access and VBA may want to add it to their libraries, particularly after reading Microsoft Access 2010 Inside Out, written by Jeff Conrad and John Viescas.

Couch’s 700-page VBA book is divided into seven parts and 18 chapters:

Part 1: VBA Environment and Language

  • Chapter 1: Using the VBA Editor and Debugging Code
  • Chapter 2: Understanding the VBA Language Structure
  • Chapter 3: Understanding the VBA Language Features

Part 2: Access Object Model and Data Access Objects (DAO)

  • Chapter 4: Applying the Access Object Model
  • Chapter 5: Understanding the Data Access Chapter Model

Part 3: Working with Forms and Reports

  • Chapter 6: Using Forms and Events
  • Chapter 7: Using Form Controls and Events
  • Chapter 8: Creating Reports and Events

Part 4: Advanced Programming with VBA Classes

  • Chapter 9: Adding Functionality with Classes
  • Chapter 10: Using Classes and Events
  • Chapter 11: Using Classes and Forms

Part 5: External Data and Office Integration

  • Chapter 12: Linking Access Tables
  • Chapter 13: Integrating Microsoft Office

Part 6: SQL Server and SQL Azure

  • Chapter 14: Using SQL Server
  • Chapter 15: Upsizing Access to SQL Server
  • Chapter 16: Using SQL Azure

Part 7: Application Design

  • Chapter 17: Building Applications
  • Chapter 18: Using ADO and ADOX

The book also has a well-detailed, 25-page index.

Couch emphasizes that “[a] significant strength of VBA is that it is universal to the Microsoft Office suite of programs; all the techniques we describe in this book can be applied to varying degrees within the other Office products.”

He maintains: “To successfully work with VBA, you need an understanding of the language, the programming environment, and the objects that are manipulated by the code.”

His book can get you going on that track, starting with a detailed look at the VBA Editor, which “is more than a simple editing tool for writing programming code. It is an environment in which you can test, debug, and develop your programs.”

The VBA editor, he points out, allows you to change application code on the fly, while the code’s execution is paused. You also can switch to the Access 2010 application window while the code is paused. There, you can “create a query, run the query, copy the SQL to the clipboard, and then swap back to the programming environment to paste the SQL into your code. It is this flexibility during the development cycle that makes developing applications with VBA a productive and exhilarating experience.”

The book provides a link to sample database files. Meanwhile, the code examples are designed to run with Access 2010 32-bit.

Most examples also can be used with Access 2010 64-bit. But there are some required changes and exceptions noted in the front of the book.

Just in case you don’t want to lug around a paperback copy of Microsoft Access 2010 VBA Programming Inside Out, it is available on Kindle, too. But the paperback edition also comes with access to a fully searchable Web edition, through Safari Books Online.

Si Dunn

Windows Sysinternals Administrator’s Reference – #bookreview #software #techsupport

Windows Sysinternals Administrator’s Reference
By Mark Russinovich and Aaron Margosis
(Microsoft Press, $49.99, paperback; $39.99, Kindle)

To the uninitiated, the title may sound a bit ultra-geeky and scary. Particularly the “Huh?” word “Sysinternals.”

But this book may benefit you “whether you manage the systems of a large enterprise, a small business, or the PCs of your family and friends,” Mark Russinovich and Aaron Margosis contend.

The Sysinternals Suite, it turns out, “is a set of over 70 advanced diagnostic and troubleshooting utilities for the Microsoft Windows platform” written by one of the book’s authors, Mark Russinovich, plus Bryce Cogswell.

The 70+  Sysinternals tools can be downloaded free from Microsoft TechNet at

The book’s goals are to make you more familiar with the Sysinternals Suite and learn how to use the Sysinternals to “solve real problems on Windows systems.”

Russinovich’s and Margosis’s Windows Sysinternals Administrator’s Reference is well written and has a good number of illustrations that provide amplifying “how-to” information. The book has a hefty 25-page index, as well, to  help you find your way through the Sysinternals’ maze of available features, capabilities, verifications, files, drivers, states, fixes and more.

The Sysinternal tools work with the following versions of Windows:  Windows XP (with Service Pack 3); Windows Vista; Windows 7; Windows Server 2003 (with Service Pack 2); Windows Server 2003 R2; Windows Server 2008; and Windows Server 2008 R2. The authors note: “Some tools require administrative rights to run, and others implement specific features that require administrative rights.”

Following its introduction, the book is divided into three parts, containing a total of 18 chapters:

Part I: Getting Started

  • 1. Getting Started with the Sysinternals Utilities
  • 2. Windows Core Concepts

Part II: Usage Guide

  • 3. Process Explorer
  • 4. Process Monitor
  • 5. Autoruns
  • 6. PsTools
  • 7. Process and Diagnostic Utilities
  • 8. Security Utilities
  • 9. Active Directory Utilities
  • 10. Desktop Utilities
  • 11. File Utilities
  • 12. Disk Utilities
  • 13. Network and Communications Utilities
  • 14. System Information Utilities
  • 15. Miscellaneous Utilities

Part III: Troubleshooting – “The Case of the Unexplained”

  • 16. Error Messages
  • 17. Hangs and Sluggish Performance
  • 18. Malware

The book is aimed mainly at “Windows IT professionals and power users who want to make the most of the Sysinternals tools.” And it includes real-world case studies to illustrate several tough problems.

If you are not yet a power user, but wrestle with Windows on a frequent basis (as many of us do) and are ready to tear into it, the Windows Sysinternals Administrator’s Reference can help you learn how to diagnose and troubleshoot your system and also optimize it.

If you work in a small business where there is little or no tech support, or if you are tech support in your small business, add this book to your library. You’ll likely put it to good use.

Si Dunn

Gamification by Design – Implementing Game Mechanics in Web and Mobile Apps – #bookreview

Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps
By Gabe Zichermann and Christopher Cunningham
(O’Reilly, $24.99, paperback; $9.99, Kindle)

Many companies which sell us products and services are rushing to try to adapt successful videogame strategies to their sales techniques.

This well-written and adequately illustrated book encourages companies to view consumers as “players” rather than “customers” or “users.” In the co-authors’ view: “By thinking of our clients as players, we shift our frame of mind toward their engagement with our products and services. Rather than looking at the immediacy of a single financial transaction, we are considering a long-term and symbiotic union wrapped in a ribbon of fun.”

“Gamification,” the writers emphasize, “…is the marketing buzzword of our time,” and it “can mean different things to different people.”

In their book, it means “the design strategy and tactics you need to integrate game mechanics into any kind of consumer-facing website or mobile app.”

The co-authors also state that their overall goal is “to help demystify some of the core concepts of game design as they apply to business” and that they have structured their book from “the perspective of what a marketer, product manager, or strategist would want to know.”

They define game mechanics as “the tools used to create games,” and game dynamics as “how players interact with game experiences.”

The two writers, both gamification experts, stress that gamification cannot fix core problems within a business. And bad products or products that don’t fit well into a particular market will not get a sales boost if game mechanics and game design are applied to sales campaigns. One hypothetical example they cite is trying to create “a world where your consumer’s avatar is chasing gremlins with an AK-47 in order to save the spaghetti sauce your company is trying to sell in outer space.”

Gamification by Design is not about showing you how to create actual games. Instead, it is more about using gamification to enhance customer engagement and loyalty to your products or services.

The chapter line-up shows the scope of this 182-page book:

  • Introduction
  • Chapter 1: Foundations
  • Chapter 2: Player Motivation
  • Chapter 3: Game Mechanics: Designing for Engagement (Part I)
  • Chapter 4: Game Mechanics: Designing for Engagement (Part II)
  • Chapter 5: Game Mechanics and Dynamics in Greater Depth
  • Chapter 6: Gamification Case Studies
  • Chapter 7: Tutorial: Coding Basic Game Mechanics
  • Chapter 8: Tutorial: Using an Instant Gamification Platform
  • Index (12 pages)

Once the basic game mechanics and structures are introduced, the reader is presented with more information on how “[p]oints, badges, levels, leader-boards, challenges, and rewards can be remixed in limitless ways to create a spectrum of experiences.” And the book moves into deeper discussions of game mechanics and game dynamics.

Feedback, for example, is the process of “returning information to players and informing them of where they are at the present time, ideally against a continuum of progress.” In the toolbox of game mechanics, “[f]eedback loops are essential parts of all games, and they are seen most frequently in the interplay between scores and levels. As scores increase during an experience, they provide clear and unambiguous feedback to the player that she is heading in the ‘right’ direction.”

The book includes case studies focusing successful use of gamification by Yahoo!, Nike and Quora. It also offers up some examples of bad efforts at gamifying a website.

While Gamification by Design keeps its focus away from actually designing and creating games, it does give the reader the architecture and code needed to gamify a basic consumer site. It also shows how to use “mainstream APIs [application programming interfaces] from Badgeville,”

Noting that badges have motivated military warriors and Boy Scouts for hundreds of years, the co-authors contend that offering electronic badges as rewards and status symbols on websites “are [for game designers] an excellent way to encourage social promotion of their products and services. Badges also mark the completion of goals and the steady progress of play within the system.”

This is a fine standalone book, but it also can be used in conjunction with O’Reilley’s Gamification Master Class and with “the supplemental videos, exercises, challenges, and resources available at”

Si Dunn


The Book of Ruby: A Hands-On Guide for the Adventurous – #ruby #programming #software #bookreview

The Book of Ruby: A Hands-On Guide for the Adventurous
By Huw Collingbourne
(No Starch Press, $39.95, paperback; $31.95, Kindle) 

Ruby, first introduced in 1995, is “a cross-platform interpreted language that has many features in common with other ‘scripting’ languages such as Perl and Python,” says Huw Collingbourne,  who is director of technology for SapphireSteel Software and has 30 years’ experience in computer programming.

“Many people are attracted to Ruby by its simple syntax and ease of use. They are wrong,” he cautions in his new book. “Ruby’s syntax may look simple at first sight, but the more you get to know the language, the more you will realize that it is, on the contrary, extremely complex. The plain fact of the matter is that Ruby has a number of pitfalls just waiting for unwary programmers to drop into.”

Collingbourne  has written The Book of Ruby to help those new to the programming language successfully jump over the hazards. Ruby, he notes, can look a bit like Pascal at first glance. But: “It is thoroughly object-oriented and has a great deal in common with the granddaddy of ‘pure’ object-oriented languages, Smalltalk.”  

He cautions programmers to get a good handle on Ruby by itself before rushing ahead to use the popular web development framework known as Ruby on Rails.”Understanding Ruby is a necessary prerequisite for understanding Rails,” he warns.

“Indeed, if you were to leap right into Rails development without first mastering Ruby, you might find that you end up creating applications that you don’t even understand. (This is all too common among Ruby on Rails novices.)”

Collingbourne’s well-written 373-page book covers Ruby 1.8 and 1.9. He takes a “bite-sized chunks” approach, so that each chapter “introduces a theme that is subdivided into subtopics.” And: “Each programming topic is accompanied by one or more small, self-contained, ready-to-run Ruby program.”

 The chapter line-up shows the book’s structure:

  •  Introduction
  • 1: Strings, Numbers, Classes, and Objects
  • 2: Class Hierarchies, Attributes, and Class Variables
  • 3: Strings and Ranges
  • 4: Arrays and Hashes
  • 5: Loops and Iterators
  • 6: Conditional Statements
  • 7: Methods
  • 8: Passing Arguments and Returning Values
  • 9: Exception Handling
  • 10: Blocks, Procs, and Lambdas
  • 11: Symbols
  • 12: Modules and Mixins
  • 13: Files and IO
  • 14: YAML
  • 15: Marshal
  • 16: Regular Expressions
  • 17: Threads
  • 18: Debugging and Testing
  • 19: Ruby on Rails
  • 20: Dynamic Programming
  • Appendix A: Documenting Ruby with RDOC
  • Appendix B: Installing MySQL for Ruby on Rails
  • Appendix C: Further Reading
  • Appendix D: Ruby and Rails Development Software
  • Index

The author gives links for downloading the latest version of Ruby, plus the source code for all of the programs used in this book.

Collingbourne notes that The Book of Ruby “covers many of the classes and methods in the standard Ruby library – but by no means all of them! At some stage, therefore, you will need to refer to documentation on the full range of classes used by Ruby.” He provides links to the online documentation for both Ruby 1.8 and Ruby 1.9.

True to his word, he begins at the “hello world” level of Ruby:

puts 'hello world'

From there, he keeps surging forward in small, careful steps, offering good examples to illustrate each new topic. In each chapter except the Introduction, he also includes a subsection known as “Digging Deeper.”

“In many cases, you could skip the ‘Digging Deeper’ sections and still learn all the Ruby you will ever need,” he states. “On the other hand, it is in these sections that you will often get closest to the inner workings of Ruby, so if you skip them, you are going to miss out on some pretty interesting stuff.”

Collingbourne previously has released two free ebooks on Ruby: The Little Book of Ruby and The Book of Ruby.

He knows his Ruby – and he wants you to know this elegant and unique programming language, too.

Si Dunn


Build Mobile Websites and Apps for Smart Devices – #bookreview

Build Mobile Websites and Apps for Smart Devices
By Earle Castledine, Myles Eftos & Max Wheeler
(SitePoint, $39.95, paperback; $27.99, Kindle)

By 2013, in some estimates, mobile devices such as smartphones and “other browser-equipped phones” will outnumber the world’s 1.78 billion PCs.

Meanwhile, the “mobile share of overall web browsing” is now growing rapidly. And: “We’re never going to spend less time on our phones and other mobile devices than we do now,” contend the authors of Build Mobile Websites and Apps for Smart Devices.

“Inevitiably, more powerful mobile devices and ubiquitous internet access will become the norm. And the context in which those devices are used will change rapidly. The likelihood of our potential customers being on mobile devices is higher and higher. We ignore the mobile web at our peril.”

The authors’ new guidebook from SharePoint is aimed at front-end web designers and developers, with emphasis on mobile websites and apps that are accessed via touch-screen smartphones.

Their well-illustrated, 256-page book is written in a smooth, accessible style that moves quickly to the point of  each chapter and example. They recommend that you read the chapters in sequence the first time, rather than skipping around, particularly if you are new to mobile web design and web development.

The chapter line-up gives a good look at the book’s structure and coverage:

  •  Preface
  • Chapter 1: Introduction to Mobile Web Design
  • Chapter 2: Design for Mobile
  • Chapter 3: Markup for Mobile
  • Chapter 4: Mobile Web Apps
  • Chapter 5: Using Device Features from Web Apps
  • Chapter 6: Polishing Up Our App
  • Chapter 7: Introducting PhoneGap
  • Chapter 8: Making Our Application Native
  • Appendix A: Running a Server for Testing

The book includes a link to “a downloadable ZIP archive that contains every line of example source code printed in this book.” And the writers emphasize that readers should have “intermediate knowledge” of HTML, CSS, and JavaScript. They skip the absolute basics and move right into “what’s relevant for the mobile context.” 

They emphasize that “[t]he inevitable decision when designing for the mobile space is the choice between building a native application or a web application….A web application is one that’s accessed on the Web via the device’s browser–a website that offers app-like functionality, in other words.” Meanwhile, “[a] so-called native application is built specifically for a given platform–Android or iOS, for example–and is installed on the device much like a desktop application.”

They contend that “native apps offer a superior experience when compared to web applications,” and they note that “the difference is even more pronounced on slower devices.” However, building a native application can leave you vulnerable to market fragmentation and unsure which platforms you should target. Meanwhile,  it can be cheaper and faster to develop a Web application. So several important design and business decisions have to be made before you offer a new app to the marketplace. 

Build Mobile Websites and Apps for Smart Devices focuses first on making design decisions, selecting a feature set and using HTML, CSS and JavaScript to build a Web application. Later, it shows how to use PhoneGap to turn a web app into a native app for iOS, Android, BlackBerry and other platforms.

In the authors’ view, “mobile design is about context, but it’s also about speed. We’re aiming to give our users what they want, as fast as possible.” And, in many cases, “[p]roviding a version of our site to mobile users is going to be important regardless of whether or not we have a native application.”

In other words, be ready and able to go native and web when creating mobile websites and apps for smart devices

Si Dunn


Three Windows Server 2008 Training Kit Updates – #bookreview

Microsoft Press recently has updated three of its self-paced training kits for Windows Server 2008.  These 2nd Edition books each cover Windows Server 2008 R2. Below are short reviews of the books.


Configuring Windows Server 2008 Active Directory (MCTS Exam 70-640)
By Dan Holme, Nelson Ruest, Danielle Ruest and Jason Kellington
(Microsoft Press, $69.99, paperback)

Configuring Windows Server 2008 Active Directory (2nd Edition) is a hefty, well-illustrated, 1000-page preparation guide for Microsoft Core Technical Certification (MCTS) exam 70-640.

The book focuses on learning how to:

  • Deploy or upgrade domain controllers, domains, and forests with Windows Server 2008 R2.
  • Use Windows PowerShell to manage user accounts and groups.
  • Configure domain name system (DNS) settings and zones.
  • Manage authentication.
  • Plan and manage Active Directory replication.
  • Monitor and ensure the availability of directory services.

Numerous real-world scenarios, exam tips and suggested practices are included in the book. And the accompanying CD (positioned inside the back cover) presents more than 200 practice questions. One key feature of the CD is that it provides detailed explanations for correct and incorrect answers.

The book also contains a discount coupon for 15% off the cost of one exam in the Microsoft Certified Professional Program.

To perform the practice exercises in this book, you will need at least one computer (and sometimes two computers) able to run Windows Server 2008 R2 with SP1. The book explains how to download evaluation versions of the software that will remain usable for up to 180 days.


Configuring Windows Server 2008 Applications Infrastructure (MCTS Exam 70-643)
By J.C. Mackin
(Microsoft Press, $59.99, paperback)

To help you prepare for MCTS Exam 70-643, this well-structured 595-page training kit focuses on showing you how to:

  • Deploy Windows-based clients and servers across networks.
  • Configure virtrual machines and virtual networks by using Hyper-V.
  • Configure storage and high availability solutions.
  • Learn how to manage the web server role — IIS 7.5 — in Windows Server 2008 R2.
  • Configure SMTP and FTP services.
  • Configure Streaming Media services, as well as Microsoft SharePoint Foundation 2010.

Configuring Windows Server 2008 Applications Infrastructure (2nd Edition)
includes a variety of real-world case scenarios, plus quick checks (with answers), lesson reviews and lesson questions and answers. The accompanying CD (positioned inside the back cover) presents more than 200 practice questions. As with other MCTS practice test CDs, detailed explanations are offered for correct, as well as incorrect, answers. And customized learning recommendations are generated, based on your results.

The book also contains a discount coupon for 15% off the cost of one exam in the Microsoft Certified Professional Program.

Only one physical computer is needed to perform the exercises in the book. However, it must be able to run Windows Server 2008 R2 and the software’s Hyper-V virtualization platform. The author cautions that you must have a copy of Windows Server 2008 R2 either on DVD or as a .iso file. You also must have the Windows Automated Installation Kit, either on DVD or as a .iso file.

One other caution: “The default network adapter assigned in Hyper-V is incompatible with network-based applications. For this reason, you must replace the default adapter with  the Legacy Network Adapter.” Instructions are provided for how to do this.


Windows Server 2008 Server Administration (MCITP Exam 70-646)
By Orin Thomas and Ian McLean
(Microsoft Press, $69.99, paperback)

This 715-page self-paced training kit is for readers preparing to take the Microsoft Certified IT Professional (MCITP) certification exam 70-646.  Windows Server 2008 System Administrator (2nd Edition) is designed to show you how to:

  • Plan Windows Server 2008 R2 installations or upgrades.
  • Configure DNS and IPv6 connectivity.
  • Plan Active Directory, application and certificate services.
  • Plan server-management strategies, including Group Policy, RDS and delegation.
  • Provision applications, data and file and print servers.
  • Implement high-availability, storage, backup and recovery solutions.
  • Monitor and manage security services and updates.
  • Monitor and optimize server performance.

The book has many screen shots and step-by-step procedures, as well as lesson summaries, lesson reviews, practice exercises and other learning features. Its accompanying CD has a large pool of practice test questions “similar to those that appear on the 70-646 certification exam.” 

“It is possible,” the authors state, ” to complete almost all of the practice exercises in this book using virtual machines rather than real server hardware.” They note that “[i]f you intend to implement several virtual machines on the same computer (which is recommended),” you should have “a computer with 8 GB of RAM and 150 GB of free disk space….”

Evaluation versions of Windows Server 2008 R2 Enterprise edition and Windows 7 Enterprise or Ultimate edition can be downloaded from the Microsoft Download Center, they add. A link is provided.

The authors emphasize that Windows Server 2008 R2 has several standard editions, ranging from editions targeted at small to medium-sized businesses to an enterprise edition, a web server edition and several others others. Their book provides a Microsoft link where features can be compared by edition and help you “determine which edition of Windows Server 2008 R2 best meets a particular set of needs.”

The book, like the others, comes with a CD inside the back cover and a coupon for %15 off the price of a Microsoft Certification exam fee.


The three updated training kits are well-illustrated and well-designed for self-paced learning. All of the books also provide convenient access to “fully searchable eBook” versions, so you don’t always have to lug around the hefty paperbacks after you’ve bought them.

Si Dunn

Metasploit: The Penetration Tester’s Guide – #bookreview

Metasploit: The Penetration Tester’s Guide
By David Kennedy, Jim O’Gorman, Devon Kearns and Mati Aharoni
(No Starch Press, $49.95, paperback; $27.99, Kindle)

Penetration testing is the process of testing enterprise networks to discover their weaknesses, so they can be made more secure, according to HD Moore, founder of The Metasploit Project.

As a penetration tester, Moore states in the foreword to this book, “[y]ou are paid to think like a criminal, to use guerilla tactics to your advantage, and to find the weakest links in a highly intricate net of defenses. The things you find can be both surprising and disturbing; penetration tests have uncovered everything from rogue pornography to large-scale fraud and criminal activity.”

Indeed, penetration testing is about probing an organization’s systems for weaknesses in their security, so better and stronger safeguards can be erected to keep hackers and data thieves at bay. And the tests may be overt or covert.

Metasploit: The Penetration Tester’s Guide is largely — but not fully — a comprehensive guide to learning “the ins and outs of Metasploit and how to use the Framework to its fullest.” The book is “selective” and does not cover “every single flag or exploit,” the four co-authors concede, “but we give you the foundation you’ll need to understand and use Metasploit now and in future versions.” 

 The 299-page book’s 17 chapters cover “everything from the fundamentals of the Framework to advanced techniques in exploitation.” While penetration testers do not have to be programmers, the writers recommend that readers have at least some understanding of Ruby or Python, since many examples in Metasploit: The Penetration Tester’s Guide are written in those programming languages.

The Metasploit Framework is not an easy tool to learn. Nor is it easy to master the often-complex process of penetration testing. Fortunately, the four co-authors are well aware of this. They have rolled out their combined knowledge and experience in a smooth flow of chapters written in a straightforward, accessible style.

Here is the chapter line-up:

  • Introduction
  • Chapter 1: The Absolute Baisics of Penetration Testing
  • Chapter 2: Metasploit Basics
  • Chapter 3: Intelligence Gathering
  • Chapter 4: Vulnerability Scanning
  • Chapter 5: The Joy of Exploitation
  • Chapter 6: Meterpeter
  • Chapter 7: Avoiding Detection
  • Chapter 8: Exploitation Using Client-Side Attacks
  • Chapter 9: Metasploit Auxiliary Modules
  • Chapter 10: The Social-Engineer Toolkit
  • Chapter 11: Fast-Track
  • Chapter 12: Karmetasploit
  • Chapter 13: Building Your Own Module
  • Chaper 14: Creating Your Own Exploits
  • Chapter 15: Porting Exploits to the Metasploit Framework
  • Chapter 16: Meterpeter Scripting
  • Chapter 17: Simulated Penetration Test

The book also has two appendices. Appendix A covers “Configuring Your Target Machines.”  As the four co-authors point out: “The best way to learn to use the Metasploit Framework is by practicing–repeating a task until you fully understand how it is accomplished.” This appendix explains how to set up a test environment to use with the book’s examples. Appendix B, meanwhile, provides a “Cheat Sheet” listing frequently used commands and syntax “within Metasploit’s various interfaces and utilities.”

Once you become comfortable with the basics of penetration testing, the book then can introduce you to an array of advanced techniques. Metasploit: The Penetration Tester’s Guide is an expanded outgrowth of  an online course, “Metasploit Unleashed,” developed by Offensive-Security.

Si Dunn


Windows Azure Step by Step – #bookreview

Windows Azure Step by Step
By Roberto Brunetti
(Microsoft Press, $34.99, paperback; $27.99, Kindle)

Windows Azure Step by Step, a new book from Microsoft Press, bills itself as a “hands-on, step-by-step guide to the programming fundamentals for Windows Azure.”

And it is, indeed, a good handbook for getting started with Windows Azure.

Cloud computing is still a new field for many programmers, so the book begins with a 14-page overview of how businesses big and small are approaching “the cloud.” According to the author, “The idea behind any cloud computing proposal is for you to pay only for what you use, scaling up or down according to business needs.” And there are three major approaches to cloud computing: Infrastructure as a Service, Software as a Service and Platform as a Service.”

From there, Roberto Brunetti’s well-written and well-organized, 315-page book moves into a short introduction to the Windows Azure platform. By Chapter 3, it has the reader beginning a Windows Azure project using Software Development Kits (SDKs) and the Platform as a Service model.

The chapter line-up gives a good picture of the book’s range and coverage:

  • Chapter 1: Introduction to Cloud Computing
  • Chapter 2: Introduction to the Windows Azure Platform
  • Chapter 3: Creating a Web Role Project
  • Chapter 4: Windows Azure Storage
  • Chapter 5: Tables, Queues, and Worker Roles
  • Chapter 6: Windows Azure Operating System Details
  • Chapter 7: Building an AppFabric Solution
  • Chapter 8: WCF Data Services and OData
  • Chapter 9: Using SQL Azure
  • Chapter 10: Accessing Azure Services from Everywhere
  • Chapter 11: Application Architecture

Roberto Brunetti, a consultant, trainer and author, is cofounder of DevLeap, a company that focuses on educating and mentoring professional software developers. His book’s goal, he says, is “to aid .NET developers who want to start working with the components of the Windows Azure platform–from the operating system to SQL Azure and Windows Azure AppFabric.”

For best results, a “solid knowledge of the .NET Framework” will prove helpful toward “fully understanding the code examples and following the exercises using Visual Studio.”

Readers should note that all code examples in the book are written in C#. If you are not yet familiar with that programming language, the author recommends that you read Microsoft Visual C# 2010 Step by Step, written by John Sharp, before diving into this book.

The practice files in Windows Azure Step by Step can be downloaded from Microsoft, and a link is provided to get a fully searchable online edition of the paperback book.

To do the exercises in the book, the hardware and software requirements are:

  • A computer that can run Visual Studio 2010.
  • Internet connection.
  • One of the Windows 7 editions, Windows Server 2008 with Service Pack 2, or Windows Server 2008 R2.
  • Visual Studio 2010, any edition.
  • SQL Server 2005 Express Edition or higher (2008 or R2 release), with SQL Server Management Studio 2005 or higher (included with Visual Studio; Express Editions require separate download.)
  • To work with SQL Azure, SQL Server Management Studio 2008 R2 is required.

If you already have some experience with Windows Azure, this book may prove a bit too basic. But if you are new to the product and new to programming in the cloud computing universe, Windows Azure Step by Step definitely can show you how to get moving in the right direction, one key step at a time.

Si Dunn

Continuous Testing with Ruby, Rails, and JavaScript – #bookreview

Continuous Testing with Ruby, Rails, and JavaScript
By Ben Rady and Rod Coffin
(Pragmatic Bookshelf, $33.00, paperback)

I used to test software for a living. It was seldom a pretty sight.

Patches to customized software sometimes would be released to particular customers on an emergency basis. Then I would be asked to test what had just been shipped.

Often, I found bugs — serious bugs. And often, it was Friday afternoon, and the programmers had gone home. Frequently, I had no idea which customer had received the buggy patches, and I had no way to fix the code myself and issue a new release.

So the customers installed bad software over the weekend and quickly called in to complain. But the software development manager had my report. So the programmers then were lashed until morale improved, as the old saying goes. A new load was created — and this time tested before it was shipped to the customer, along with profuse apologies (and who knows what else) by the sales department.

To murder an old saying, this was no way to run a software railroad.

Continuous Testing with Ruby, Rails, and JavaScript shows how programmers can set up and run automated tests continuously while they are writing code.

The book, illustrated with code examples and screen shots, shows how to set up and maintain a quick and powerful test suite and also how to use inline assertions and other continuous-testing (CT) techniques, rather than old-fashioned debugging or printing out piles of paper so you can search frantically for that missing semicolon or extra parenthesis.

Rady’s and Coffin’s 139-page work is divided into three parts. Part I covers Ruby and Autotest. Part II focuses on Rails, JavaScript and Watchr. Part III contains three appendices.

The chapter line-up shows the topic focus in each part.

  • Chapter 1: Why Test Continuously?

Part 1 — Ruby and Autotest

  • Chapter 2: Creating Your Environment
  • Chapter 3: Extending Your Environment
  • Chapter 4: Interacting with Your Code

Part II — Rails, JavaScript, and Watchr

  • Chapter 5: Testing Rails Apps Continuously
  • Chapter 6: Creating a JavaScript CT Environment
  • Chapter 7: Writing Effective JavaScript Tests

Part III — Appendices

  •  Appendix 1: Making the Case for Functional JavaScript
  • Appendix 2: Gem Listing (This is a listing of all the gems installed while testing the book’s examples.)
  • Appendix 3: Bibliography

The goal of the book is to show you how to use a combination of techniques, tests and tools to catch software problems while  you are initially coding, not later in the process when you’re up against the wall of develpment and delivery deadlines.

“A continuous testing environment validates decisions as soon as we make them,” the authors state. “In this environment, every action has an opposite, automatic, and instantaneous reaction that tells if what we just did was a bad idea. This means that making certain mistakes becomes impossible and making others is more difficult. The majority of the bugs that we introduce into our code have a very short lifespan. They never make their way into source control. They never break the build. They never sneak out into the production environment. Nobody ever sees them but us.”

Sounds good to this ex-software tester! (Although I do remain suspicious of the word “never” in anything related to software.) Sure wish the programmers in my groups had had these tools.

“Continuous testing is our first line of defense,” the authors point out. “Failure is extremely cheap here, so this is where we want things to break down most frequently.”

They also describe some drawbacks and limitations to continuous testing and ways to blend CT with continuous integration, before moving into the coding and testing examples.

The authors “suggest” using the follow to run the examples in this book:

  • A *nix operating system (such as Linux or MacOS)
  • Ruby 1.9.2
  • Rails 3.0.4

The book provides a link to online source for the coding examples. 

“The examples may work in other environments (such as Windows) and with other versions of these tools,” they add, “but this is the configuration that we used while writing the book.”

Si Dunn


Microsoft Project 2010 Inside Out – #bookreview

Microsoft Project 2010 Inside Out
By Teresa S. Stover, with Bonnie Biafore and Andreea  Marinescu
(Microsoft Press, $54.99, paperback)

Project management is not quickly mastered, and neither is feature-rich Microsoft Project 2010.

A new book from Microsoft Press, Microsoft Project 2010 Inside Out, bills itself as the software package’s “ultimate, in-depth reference.”

Indeed, there is a lot of information packed within this 4.5-lb., 1,307-page behemoth paperback, including step-by-step procedures, screen shots, time-saving and effort-saving software tips, plus some how-tos for project management.

An online link from Microsoft provides access to the book’s sample files in Project, PowerPoint and Word formats.

Microsoft Project 2010 Inside Out likely will deserve some bookshelf space in your office, but don’t try to lug it around in your computer bag. Instead, use the online copy that is accessible free via Safari Books Online once you’ve purchased the paperback. (A Safari Books Online coupon is located inside the rear cover flap of a new copy.) The book also is available in a Kindle edition.

On the back cover, Microsoft rates the book specifically for “Intermediate/Advanced” computer users who manage projects. Yet, inside, the book states: “If you are completely new to project management and Project 2010, this book will give you a solid grounding in the use of Project 2010 as well as basic project management practices and methodologies.”

Meanwhile, if you’re experienced in project management but new to Microsoft Project 2010, “this book integrates common project management practices with the use of the software tool” and shows you “how you can use Project 2010 to carry out the project management functions you’re accustomed to.”

If you already use Project 2010, you likely aren’t using all of it and may want some help in learning how to use several features.  This book can help you plunge in, step by step, with illustrative examples.

One hallmark of good project management is good organization abilities. This book is well-organized and is split into nine parts, with 32 chapters, three appendices, an index to troubleshooting tips, and a 48-page book index.

The structure is as follows:

  • Part 1: Project Fundamentals (Chapters 1-2)
  • Part 2: Developing the Project Plan (Chapters 3-10)
  • Part 3: Tracking Progress (Chapters 11-12)
  • Part 4: Reporting and Analyzing Project Information (Chapters 13-14)
  • Part 5: Managing Multiple Projects (Chapters 15-16)
  • Part 6: Integrating Project 2010 with Other Programs (Chapter 17-21) – (including Microsoft’s Excel, Visio, Outlook and SharePoint).
  • Part 7: Managing Projects Across Your Enterprise (Chapters 22-27
  • Part 8: Customizing and Managing Project Files (Chapters 28-32)
  • Part 9: Appendixes – Installing Project 2010, Online Resources, and Keyboard Shortcuts

Two of the book’s authors are certified Project Management Professionals (PMPs). The lead writer, Teresa S. Stover,  is a Microsoft Certified Technical Specialist (MCTS) who is a long-time consultant to the Microsoft Project Team.

Despite potential confusion over whether this book is or is not for project management beginners, get it even if you are just beginning to contemplate Project 2010. In the sink-or-swim world of contemporary business, you won’t have time to remain a beginner for long.

Si Dunn