Configuring Microsoft SharePoint 2010 – Self-Study Guide for MCTS exam 70-667 – #microsoft #bookreview

Configuring Microsoft SharePoint 2010
By Dan Holme and Alistair Matthews
(Microsoft Press, list price $69.99, paperback)

If one of your goals in life is to deploy and manage Microsoft SharePoint Server 2010 farms, here’s your book.

You definitely need it if you are already involved in configuring, customizing and supporting SharePoint and want to take the Microsoft Certified Technology Specialist (MCTS) exam 70-667.

This “2-in-1 Self-Paced Training Kit” follows the successful formula used in many other Microsoft certification test preparation guides.

First, you work through a series of lessons and reviews covering each objective in the exam. Then you apply what you have learned to some real-world case scenarios, and you do some practice exercises. Finally, you plug in the CD that accompanies the book and try your hand at the practice tests.

“You can work through hundreds of questions using multiple testing modes to meet your specific learning needs,” Microsoft promises.

In other words, the material is there if you’re willing to push yourself to learn it. And there is a lot to learn when you work with SharePoint.

One small example: one of the book’s “Best Practices” entries points out that “[y]ou might imagine that the best practice to scale out a farm is simply to add more servers and to continue adding all services to each server. In fact, in larger and more complex environments[,] performance is optimized by dedicating servers to specific tasks.” And the entry briefly explains why.

Another short example: the book describes how “[a]fter you complete your SharePoint installation and the SharePoint Products Configuration Wizard, you often run the Initial Farm Configuration Wizard.” But then it explains why you should not use this tool to configure My Sites, “because the resulting configuration is not considered secure.”

Indeed, the co-authors add, that combination can set up a situation where, conceivably, a My Site owner could use scripting attacks “to get Farm Administrator privileges.”

The book has 821 pages and is divided into 12 chapters:

  1. Creating a SharePoint 2010 Intranet
  2. Administering and Automating SharePoint
  3. Managing Web Applications
  4. Administering and Securing SharePoint Content
  5. Service Applications and the Managed Metadata Service
  6. Configuring User Profiles and Social Networking
  7. Administering SharePoint Search
  8. Implementing Enterprise Service Applications
  9. Deploying and Upgrading to SharePoint 2010
  10. Administering SharePoint Customization
  11. Implementing Business Continuity
  12. Monitoring and Optimizing SharePoint Performance

As an added inducement to buy the book, it includes a discount voucher good for 15 percent off the price of one Microsoft Certification exam.

Again, Configuring Microsoft SharePoint 2010 is not a book for SharePoint beginners.

 The co-authors note: “The MCTS exam and this book assume that you have at least one year of experience configuring SharePoint and related technologies, including Internet Information Services (IIS), Windows Server 2008, Active Directory, DNS, SQL Server, and networking infrastructure services.”

The writers recommend using virtual machines to do the training exercises in their book. And they assume you will “use virtualization software that supports snapshots, so that you can roll back to a previous state after performing an exercise.”

They also give information and limitations on using multiple virtual machines on a single host. And their book providess download links to evaluation versions of the software needed to do the exercises.

The book’s accompanying CD offers one other learning convenience: an e-book version of the hefty text.

Si Dunn

Two New Microsoft Books for Visual Basic & Visual Studio – #programming #bookreview

The two new books are Microsoft Visual Basic 2010 Developer’s Handbook by Klaus Löffelmann and Sarika Calla Purohoit ($59.99, paperback;  $47.99, Kindle ), and Coding Faster: Getting More Productive with Microsoft Visual Studio by Zain Naboulsi and Sara Ford (list price $39.95, paperback;  list price $31.99, Kindle) .

If you don’t yet have some background in object-oriented programming, you may not be ready to have either of these hefty, well-produced books. But if you are gearing up to develop or update programs in Visual Basic, you likely can benefit from both.

Why both? The reason is simple. “These days,” the co-authors of the Developer’s Handbook point out, “programming in Visual Basic means that you are very likely to spend 99.999 percent of your time in Microsoft Visual Studio. The rest of the time you probably spend searching for code files from other projects and binding them into your current project…”

The Developer’s Handbook is divided into six well-written parts and 28 chapters, with plenty of screenshots, code examples and programming tips.

The parts are:

  1. Beginning with Language and Tools
  2. Object-Oriented Programming
  3. Programming with .NET Framework Data Structures
  4. Development Simplifications in Visual Basic 2010
  5. Language-Integrated Query—LINQ
  6. Parallelizing Applications (programming with the Task Parallel Library, TPL)

Most of the chapters have exercises where you can “interactively try out new material learned in the main text.” All of the code samples can be downloaded from two sites described in the book.

Meanwhile, the main goal of Coding Faster: Getting More Productive with Microsoft Visual Studio is “to arm you with techniques that you can apply immediately to improve productivity,” the book’s co-authors state. “Use the content in this book anywhere, anytime, to dramatically reduce the time required to perform just about any task in Visual Studio.”

They note: “Within these pages are—for the first time ever—the keyboard mapping shortcuts, commands, and menu paths for features, along with detailed descriptions of how to use them.”

Coding Faster covers the 2005, 2008 and 2010 versions of Visual Studio. The 444-page book is divided into two major sections – “Productivity Techniques” and “Extensions for Visual Studio”—and eight chapters, all copiously illustrated with screenshots. The chapters are:

  1. Getting Started
  2. Projects and Items
  3. Getting to Know the Environment
  4. Working with Documents
  5. Finding Things
  6. Writing Code
  7. Debugging
  8. Visual Studio Extensions

Coding Faster is a “fully revised and expanded version” of a previous guidebook: Visual Studio Tips: 251 Ways to Improve Your Productivity, and the new book (more than 365 tips) provides a link to an online appendix for additional tips.

If you have some programming experience but are new to developing or updating Visual Basic programs, Coding Faster could be a very handy guidebook for getting good at Visual Studio in a hurry.

Si Dunn

Many Features Great & Small: Two New Microsoft Windows 7 Books – #bookreview

Here’s the long and the short of it, and the big and the semi-little.

Microsoft Press recently has released two helpful new books focusing on the features of Windows 7. One book, a hardback, weighs nearly five pounds and has 1,323 pages. The other, a paperback that weighs nine ounces and has 194 pages, is supposed to fit in a pocket and does, if it’s a pocket in a big coat.

The books are: Windows 7 Inside Out Deluxe Edition by Ed Bott, Carl Siechert, and Craig Stinson (hardback, list price $59.99; Kindle, list price $47.99) and Optimizing Windows 7 Pocket Consultant by William R. Stanek (paperback, list price $24.99; Kindle, list price $19.99).

If you use Windows 7 in business or at home on an at least semi-serious basis, you may want to consider getting at least one of these books, maybe both. The same goes if you are studying to be a Windows expert or if you have just been saddled with the job of managing a bunch of computers running Windows 7 in a corporate or small-business setting. 

The big book is an excellent desk reference (as well as physical workout accessory), and the small one can be tossed into a laptop bag, briefcase or carry-on travel bag. The cover binding on the big book appears to be underpowered, so be prepared to handle this book with the same care you might give a big dictionary or encyclopedia intended for long-term use. (For the next edition, Microsoft Press may want to consider a tougher binding system for the book and cover.)

Windows 7 Inside Out Deluxe Edition is organized in six parts, 31 chapters and seven appendices. The parts are:

  • 1. Getting Started
  • 2. File Management
  • 3. Digital Media
  • 4. Security and Networking
  • 5. Tuning, Tweaking, and Troubleshooting
  • 6. Windows 7 and PC Hardware

The appendixes are:

  • A.  Windows 7 Editions at a Glance
  • B. Working with the Command Prompt
  • C. Fixes Included in Windows 7 Service Pack 1
  • D. Windows 7 Certifications
  • E. Some Useful Accessory Program

The goal for Windows 7 Inside Out Deluxe Edition is to provide “a well-rounded look at the features most people use in Windows.” As with most other works from Microsoft Press, this book has numerous illustrations, practical tips and how-to descriptions, and it offers a good index.

One Inside Out tip, for example, explains why Windows 7 won’t let you run more than one antivirus program but why you can run more than one anti-spyware package if you really feel you need to.

The book includes a CD that offers Windows PowerShell scripts, a handy (and infinitely lighter) eBook version of the hardback, and additional resources.  

MeanwhileOptimizing Windows 7 Pocket Consultant, also assumes that you have a little experience with Windows. It is aimed at users, information managers, administrators, help desk personnel “and others who support the operating system,” as well as application developers.

The book’s focus is centered on showing you how to tune and optimize Windows 7 for best performance in your setting and usage.

Optimizing Windows 7 Pocket Consultant has eight chapters, plus one appendix titled “Firmware Interface Options.” The chapters are:

  • 1. Customizing the Windows Interface
  • 2. Personalizing the Appearance of Windows 7
  • 3. Customizing Boot, Startup, and Power Options
  • 4. Organizing, Searching, and Indexing
  • 5. Optimizing Your Computer’s Software
  • 6. Tracking System Performance and Health
  • 7. Analyzing and Logging Performance
  • 8. Optimizing Performance Tips and Techniques

Stanek’s book delivers numerous helpful hints that range from making better use of your start menu to fine-tuning automatic updates, fine-tuning virtual memory and enhancing performance.

For example: “To reduce the performance impact related to reading and writing the system cache from virtual memory, you can configure your computer to uses Windows ReadyBoost.” That feature, Stanek notes, “lets you extend the disk-caching capabilities of the computer’s main memory to a USB flash device that has at least 256 MB of high-speed flash memory.”

Many new Windows 7 users — and many experienced ones, as well — likely will rate these two books as “keepers” for their technical libraries. 

Si Dunn

#

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler – #bookreview

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
By Chris Eagle
(No Starch Press, $69.95, paperback; $55.95, Kindle)

The popular interactive disassembler IDA Pro helps reverse engineers, malware analysts, vulnerability testers and others dissect computer programs when source code is not available.

Unfortunately, IDA Pro is updated so frequently, it’s impossible for writers to keep up and present complete guides to this “complex piece of software with more features than can even be mentioned, let alone detailed in a book of reasonable size….”

Chris Eagle, author of The IDA Pro Book, adds in the introduction to this second edition that he was inspired to update his well-respected guidebook when “a new, Qt-based graphical user interface” was added to IDA Pro 6.0. Yet, true to form, before his new edition could hit the shelves, IDA Pro version 6.1 was released, he notes.

To his credit, his book does not try to be an up-to-the-dot-release user manual. Instead: “My goal…remains to help others get started with IDA and perhaps develop an interest in reverse engineering in general. For anyone looking to get into the reverse engineering field, I can’t stress how important it is that you develop competent programming skills. Ideally, you should love code, perhaps going to far as to eat, sleep, and breathe code. If programming intimidates you, then reverse engineering is probably not for you.”

This updated edition of The IDA Pro Book is well-organized, smoothly written, and nicely illustrated. Eagle avoids the use of long code sequences. He zeroes in, instead, on “short sequences that demonstrate specific points.”

His 646-page book is heavily indexed and is divided into six parts, with 26 chapters and two appendices.

In Part I, “Introduction to IDA,” the focus is on the whats, whys and hows of software disassembly, reversing and disassembly tools, and some background on IDA Pro.

Part II covers “Basic IDA Usage,” including getting started, IDA data displays, disassembly navigation and manipulation, datatypes and data structures, cross-references and graphing, and “the many faces of IDA,” which covers common features of console mode, plus console specifics for Windows, Linux and OS X.

Part III takes the reader into “Advanced IDA Usage.” These chapters examine IDA customization, library recognition using Fast Library Acquisition for Identification and Recognition (FLIRT) signatures, “augmenting IDA’s knowledge” and “patching binaries and other IDA limitations.”

Part IV is devoted to “Extending IDA’s Capabilities.” The topics covered include IDA scripting, the IDA software development kit, IDA’s plug-in architecture, binary files and IDA loader modules, and IDA processor modules.

Part V’s focus is “Real-World Applications.”The chapter subjects include: compiler “personalities”; “obfuscated” code analysis; vulnerability analysis; and real-world plug-ins for IDA.

In Part VI, Eagle looks at the IDA debugger. Chapter subjects include the debugger, disassemble/debugger integration, and additional debugger features.

Appendix A is an overview of IDA Freeware 5.0, “a significant upgrade” from the 4.9 release of the free version of IDA, yet still “a reduced capability application that typically lags behind the latest available version of IDA by several generations and contains substantially fewer capabilities than the commercial version of IDA version 5.0,” Eagle notes.

Appendix B provides a table that maps “IDC scripting functions to their SDK implementation. The intent of this table is to help programmers familiar with IDC understand how similar actions are carried out using SDK functions.”

IDA Pro software’s creator, Ilfak Guilfanov, has hailed this book as “profound, comprehensive, and accurate.” It’s hard to do much better than that with an “unofficial guide” to a powerful and complex software package.

 – Si Dunn

#

Designed for Use: Create Usable Interfaces for Applications and the Web – #bookreview

Designed for Use: Create Usable Interfaces for Applications and the Web
By Lukas Mathis
(Pragmatic Bookshelf, $35.00 paperback)

There’s no code inside this well-written book for programmers and visual designers. Instead, the focus is on usability — how people use things — and how you can make big, modest or subtle improvements to their experiences with digital interfaces.

You may be designing a software product that you think will be user friendly. Yet how good, really, is your knowledge of efficient and effective design? And what do you really know about how users will respond to what you create? Are you relying on formal focus groups to tell you what your users supposedly will want?

If you are, you are not doing nearly enough research, insists the author, Lukas Mathis, a developer and user interface designer for Numcom Software. “[P]eople often aren’t able to tell us how we can solve their problems. Worse, people may not even be able to tell us what their problems are. And worst of all, people are pretty bad at predicting whether and how they would use a product if we proposed to build it for them,” he writes.

Instead of depending on focus groups, you should spend some time doing “job shadowing” and “contextual interviews” to help you shape a better interface.

“Since people don’t know what they want, a good approach is to simply observe what they do. The idea of [job] shadowing is to visit users in our target audience at the place where they will use our product. The goal is to find out how our product will help them achieve their goals.”

He adds: “With usability testing, the goal is to find issues with the user interface. When you are shadowing someone, the goal is to figure out what kind of product to create or how to change your product on a more fundamental level.”

In contextual interviews, you interview a user after doing some job shadowing. And: “What you see is more important than what people say. Still, by asking the right questions, you can often get some useful information out of people….The kinds of things you’re looking for are areas where improvements seem possible. Don’t ask for opinions, and avoid questions that force the person to play product designer.”

Mathis has structured his 322-page book into three parts – research, design and implementation – and 36 short, nicely focused chapters that deal with everything from “[c]reating documentation as soon as possible” to “learning from video games” to doing “guerilla usability testing,” overcoming common testing mistakes and dealing with bad user feedback.

Designed for Use has numerous illustrations that highlight common interface design mistakes. The book also shows major, minor and subtle ways to improve customers’ understanding, acceptance and appreciation of what happens when they use product interfaces on their computer screens or phones.

The author also emphasizes the importance of keeping in mind “that you don’t have to own 100 percent of your market. It’s true that adding more features to your product allows you to target more users, but doing so comes at a cost. Your product becomes more desirable to the people who would not be able to use it if it didn’t offer a specific feature. However, it also makes your product less desirable to the people who have no use for that specific feature.”

In his view: “It’s OK to let some people go to your competitors to get what they need; you can’t be everything to everybody.”

Si Dunn

Windows Sysinternals Administrator’s Reference – #bookreview #software #techsupport

Windows Sysinternals Administrator’s Reference
By Mark Russinovich and Aaron Margosis
(Microsoft Press, $49.99, paperback; $39.99, Kindle)

To the uninitiated, the title may sound a bit ultra-geeky and scary. Particularly the “Huh?” word “Sysinternals.”

But this book may benefit you “whether you manage the systems of a large enterprise, a small business, or the PCs of your family and friends,” Mark Russinovich and Aaron Margosis contend.

The Sysinternals Suite, it turns out, “is a set of over 70 advanced diagnostic and troubleshooting utilities for the Microsoft Windows platform” written by one of the book’s authors, Mark Russinovich, plus Bryce Cogswell.

The 70+  Sysinternals tools can be downloaded free from Microsoft TechNet at http://www.sysinternals.com.

The book’s goals are to make you more familiar with the Sysinternals Suite and learn how to use the Sysinternals to “solve real problems on Windows systems.”

Russinovich’s and Margosis’s Windows Sysinternals Administrator’s Reference is well written and has a good number of illustrations that provide amplifying “how-to” information. The book has a hefty 25-page index, as well, to  help you find your way through the Sysinternals’ maze of available features, capabilities, verifications, files, drivers, states, fixes and more.

The Sysinternal tools work with the following versions of Windows:  Windows XP (with Service Pack 3); Windows Vista; Windows 7; Windows Server 2003 (with Service Pack 2); Windows Server 2003 R2; Windows Server 2008; and Windows Server 2008 R2. The authors note: “Some tools require administrative rights to run, and others implement specific features that require administrative rights.”

Following its introduction, the book is divided into three parts, containing a total of 18 chapters:

Part I: Getting Started

  • 1. Getting Started with the Sysinternals Utilities
  • 2. Windows Core Concepts

Part II: Usage Guide

  • 3. Process Explorer
  • 4. Process Monitor
  • 5. Autoruns
  • 6. PsTools
  • 7. Process and Diagnostic Utilities
  • 8. Security Utilities
  • 9. Active Directory Utilities
  • 10. Desktop Utilities
  • 11. File Utilities
  • 12. Disk Utilities
  • 13. Network and Communications Utilities
  • 14. System Information Utilities
  • 15. Miscellaneous Utilities

Part III: Troubleshooting – “The Case of the Unexplained”

  • 16. Error Messages
  • 17. Hangs and Sluggish Performance
  • 18. Malware

The book is aimed mainly at “Windows IT professionals and power users who want to make the most of the Sysinternals tools.” And it includes real-world case studies to illustrate several tough problems.

If you are not yet a power user, but wrestle with Windows on a frequent basis (as many of us do) and are ready to tear into it, the Windows Sysinternals Administrator’s Reference can help you learn how to diagnose and troubleshoot your system and also optimize it.

If you work in a small business where there is little or no tech support, or if you are tech support in your small business, add this book to your library. You’ll likely put it to good use.

Si Dunn

Build Mobile Websites and Apps for Smart Devices – #bookreview

Build Mobile Websites and Apps for Smart Devices
By Earle Castledine, Myles Eftos & Max Wheeler
(SitePoint, $39.95, paperback; $27.99, Kindle)

By 2013, in some estimates, mobile devices such as smartphones and “other browser-equipped phones” will outnumber the world’s 1.78 billion PCs.

Meanwhile, the “mobile share of overall web browsing” is now growing rapidly. And: “We’re never going to spend less time on our phones and other mobile devices than we do now,” contend the authors of Build Mobile Websites and Apps for Smart Devices.

“Inevitiably, more powerful mobile devices and ubiquitous internet access will become the norm. And the context in which those devices are used will change rapidly. The likelihood of our potential customers being on mobile devices is higher and higher. We ignore the mobile web at our peril.”

The authors’ new guidebook from SharePoint is aimed at front-end web designers and developers, with emphasis on mobile websites and apps that are accessed via touch-screen smartphones.

Their well-illustrated, 256-page book is written in a smooth, accessible style that moves quickly to the point of  each chapter and example. They recommend that you read the chapters in sequence the first time, rather than skipping around, particularly if you are new to mobile web design and web development.

The chapter line-up gives a good look at the book’s structure and coverage:

  •  Preface
  • Chapter 1: Introduction to Mobile Web Design
  • Chapter 2: Design for Mobile
  • Chapter 3: Markup for Mobile
  • Chapter 4: Mobile Web Apps
  • Chapter 5: Using Device Features from Web Apps
  • Chapter 6: Polishing Up Our App
  • Chapter 7: Introducting PhoneGap
  • Chapter 8: Making Our Application Native
  • Appendix A: Running a Server for Testing

The book includes a link to “a downloadable ZIP archive that contains every line of example source code printed in this book.” And the writers emphasize that readers should have “intermediate knowledge” of HTML, CSS, and JavaScript. They skip the absolute basics and move right into “what’s relevant for the mobile context.” 

They emphasize that “[t]he inevitable decision when designing for the mobile space is the choice between building a native application or a web application….A web application is one that’s accessed on the Web via the device’s browser–a website that offers app-like functionality, in other words.” Meanwhile, “[a] so-called native application is built specifically for a given platform–Android or iOS, for example–and is installed on the device much like a desktop application.”

They contend that “native apps offer a superior experience when compared to web applications,” and they note that “the difference is even more pronounced on slower devices.” However, building a native application can leave you vulnerable to market fragmentation and unsure which platforms you should target. Meanwhile,  it can be cheaper and faster to develop a Web application. So several important design and business decisions have to be made before you offer a new app to the marketplace. 

Build Mobile Websites and Apps for Smart Devices focuses first on making design decisions, selecting a feature set and using HTML, CSS and JavaScript to build a Web application. Later, it shows how to use PhoneGap to turn a web app into a native app for iOS, Android, BlackBerry and other platforms.

In the authors’ view, “mobile design is about context, but it’s also about speed. We’re aiming to give our users what they want, as fast as possible.” And, in many cases, “[p]roviding a version of our site to mobile users is going to be important regardless of whether or not we have a native application.”

In other words, be ready and able to go native and web when creating mobile websites and apps for smart devices

Si Dunn

#

Metasploit: The Penetration Tester’s Guide – #bookreview

Metasploit: The Penetration Tester’s Guide
By David Kennedy, Jim O’Gorman, Devon Kearns and Mati Aharoni
(No Starch Press, $49.95, paperback; $27.99, Kindle)

Penetration testing is the process of testing enterprise networks to discover their weaknesses, so they can be made more secure, according to HD Moore, founder of The Metasploit Project.

As a penetration tester, Moore states in the foreword to this book, “[y]ou are paid to think like a criminal, to use guerilla tactics to your advantage, and to find the weakest links in a highly intricate net of defenses. The things you find can be both surprising and disturbing; penetration tests have uncovered everything from rogue pornography to large-scale fraud and criminal activity.”

Indeed, penetration testing is about probing an organization’s systems for weaknesses in their security, so better and stronger safeguards can be erected to keep hackers and data thieves at bay. And the tests may be overt or covert.

Metasploit: The Penetration Tester’s Guide is largely — but not fully — a comprehensive guide to learning “the ins and outs of Metasploit and how to use the Framework to its fullest.” The book is “selective” and does not cover “every single flag or exploit,” the four co-authors concede, “but we give you the foundation you’ll need to understand and use Metasploit now and in future versions.” 

 The 299-page book’s 17 chapters cover “everything from the fundamentals of the Framework to advanced techniques in exploitation.” While penetration testers do not have to be programmers, the writers recommend that readers have at least some understanding of Ruby or Python, since many examples in Metasploit: The Penetration Tester’s Guide are written in those programming languages.

The Metasploit Framework is not an easy tool to learn. Nor is it easy to master the often-complex process of penetration testing. Fortunately, the four co-authors are well aware of this. They have rolled out their combined knowledge and experience in a smooth flow of chapters written in a straightforward, accessible style.

Here is the chapter line-up:

  • Introduction
  • Chapter 1: The Absolute Baisics of Penetration Testing
  • Chapter 2: Metasploit Basics
  • Chapter 3: Intelligence Gathering
  • Chapter 4: Vulnerability Scanning
  • Chapter 5: The Joy of Exploitation
  • Chapter 6: Meterpeter
  • Chapter 7: Avoiding Detection
  • Chapter 8: Exploitation Using Client-Side Attacks
  • Chapter 9: Metasploit Auxiliary Modules
  • Chapter 10: The Social-Engineer Toolkit
  • Chapter 11: Fast-Track
  • Chapter 12: Karmetasploit
  • Chapter 13: Building Your Own Module
  • Chaper 14: Creating Your Own Exploits
  • Chapter 15: Porting Exploits to the Metasploit Framework
  • Chapter 16: Meterpeter Scripting
  • Chapter 17: Simulated Penetration Test

The book also has two appendices. Appendix A covers “Configuring Your Target Machines.”  As the four co-authors point out: “The best way to learn to use the Metasploit Framework is by practicing–repeating a task until you fully understand how it is accomplished.” This appendix explains how to set up a test environment to use with the book’s examples. Appendix B, meanwhile, provides a “Cheat Sheet” listing frequently used commands and syntax “within Metasploit’s various interfaces and utilities.”

Once you become comfortable with the basics of penetration testing, the book then can introduce you to an array of advanced techniques. Metasploit: The Penetration Tester’s Guide is an expanded outgrowth of  an online course, “Metasploit Unleashed,” developed by Offensive-Security.

Si Dunn

#