The Tangled Web: A Guide to Securing Modern Web Applications – #programming #bookreview

The Tangled Web: A Guide to Securing Modern Web Applications
By Michal Zalewski
(No Starch Press, paperback, list price $49.95 ; Kindle edition, list price $31.95)

When Michal Zalewski writes, people listen. And many software programmers pay — or should pay — very close attention to what he recommends.

Zalewski is an internationally respected information security expert who has uncovered hundreds of major Internet security vulnerabilities

“The dream of inventing a brand-new browser security model,” he states in The Tangled Web, “is strong within the community, but it is always followed by the realization that it would require rebuilding the entire Web. Therefore, much of the practical work focuses on more humble extensions to the existing approach, necessarily increasing the complexity of the security-critical sections of the browser codebase.”

Today’s Web indeed is a mess, a complex morass of “design flaws and implementation shortcomings” within a technology “that never aspired to its current status and never had a chance to pause and look back at previous mistakes,” he says. And: “The resulting issues have emerged as some of the most significant and prevalent threats to data security today….”

In his well-written new “Guide to Securing Modern Web Applications,” Zalewski states that “a substantial dose of patience, creativity, and real technical expertise is required from all the information security staff.”

Anyone who works with the Web application stack needs to clearly understand its built-in security vulnerabilities and the consequences that can occur when unwanted penetrations occur.

Zalewski’s 299-page book is structured into three parts – Anatomy of the Web, Browser Security Features, and A Glimpse of Things to Come — and 18 chapters:

  1. Security in the World of Web Applications
  2. It Starts with a URL
  3. Hypertext Transfer Protocol
  4. Hypertext Markup Language
  5. Cascading Style Sheets
  6. Browser-Side Scripts
  7. Non-HTML Document Types
  8. Content Rendering with Browser Plug-ins
  9. Content Isolation Logic
  10. Origin Inheritance
  11. Life Outside Same-Origin Rules
  12. Other Security Boundaries
  13. Content Recognition Mechanisms
  14. Dealing with Rogue Scripts
  15. Extrinsic Site Privileges
  16. New and Upcoming Security Features
  17. Other Browser Mechanisms of Note
  18. Common Web Vulnerabilities

Zalewski’s other published works include Silence on the Wire and Google’s Browser Security Handbook.

Despite the software industry’s many efforts to find security “silver bullets,” Zalewski contends that “[a]ll signs point to security being largely a nonalgorithmic problem for now.” What still works best, he says are three “rudimentary, empirical recipes”:

  1. Learning from (preferably other people’s) mistakes
  2. Developing tools to detect and correct problems
  3. Planning to have everything compromised.

“These recipes are deeply incompatible with many business management models,” he warns, “but they are all that have really worked for us so far.”

Zalewski’s book puts a bright, uncomfortable spotlight on the fundamental insecurities of Web browsers, but it also shows you how to improve the security of Web applications.

Whether you program Web apps, or manage Web app programmers, or are studying to become a Web app programmer, you likely need this book.

Si Dunn‘s latest book is a detective novel, Erwin’s Law. His other published works include Jump, a novella, and a book of poetry, plus several short stories, all available on Kindle. He is a freelance book reviewer for the Dallas Morning News and a former technical writer and software/hardware QA tester.

Advertisements

The Mayor’s Daughter – #fiction #bookreview

The Mayor’s Daughter
By James Hoggard
(Wings Press, paperback, list price $16.95; Kindle edition, list price $9.95)

James Hoggard’s beautifully written family drama, set in the 1920s, begins with a simple and very familiar premise. An artistic, intelligent young woman who is still in high school falls in love with a young man who dropped out to work at an oil refinery. But her parents disapprove of him. They consider him far beneath their daughter.

The young man has no father, and his mother runs a boarding house of questionable repute, the parents point out. Furthermore, local rumormongers have said that men and women both live under its roof, so it might be a whorehouse.

The young woman, Ru-Marie Coleman, tries to expand her independence and continue her relationship with Buster Lopreis. But herr parents respond by escalating their efforts to break them up. Meanwhile, Buster keeps trying to win Ru-Marie’s parents over, even though they call him “the problem” and refuse to speak his name.

From there, the story’s tensions gradually build, until events finally spiral out of control and two families are ripped apart.

Along with love and hate, Hoggard’s engrossing tale delves into “the airs of superiority” that people who grew up in poverty can take on once they become financially successful or at least reasonably well off.

Ru-Marie’s father, Jeff Coleman, owns a sporting goods store in a growing Texas town known as Kiowa Falls. (It bears some slight resemblance to an early-20th century Wichita Falls, where the book’s author is an English professor at Midwestern State University.) Coleman also has become Kiowa Falls’ mayor, with help from wealthy backers to whom he now owes allegiance.

There is irony in Jeff Coleman’s and his wife Eileen’s expanding hatred of Buster. “The problem” is almost a mirror image of who they used to be. The mayor grew up poor, living in a boarding house without a father. His wife grew up in a boarding house, as well.

Now that they have been accepted into their town’s society, one of their greatest concerns is what other people will say about them. Indeed, Ru-Marie’s mother has become obsessed with what’s “acceptable” and “not acceptable” for her daughter.

“He’s trash, Ru-Marie, just trash, and what will people think?” Eileen says during one of her many arguments with her daughter over Buster.

At one point, Ru-Marie complains to Buster about her father: “He won’t ever say it—I don’t even think he dares think it—but it crazes him to no end to think if I keep going around with you, I’ll end up p.g.—their damn silly term—and me somehow his surrogate, back in the same, impossible poverty he thinks he grew up in.”

Buster, ever the peacemaker, responds by urging her not to be hard on her parents. He remains hopeful that he can somehow change their opinions of him.

The Mayor’s Daughter takes on increasingly darker tones as it delves into secret marriage and one other aspect of early 20th-century North Texas life: a lingering tolerance for “frontier justice” in a city that is now modernizing and growing rapidly.

With this book, James Hoggard, author of 19 other works including novels, short-story collections, poetry and translations, demonstrates once again that he is a masterful storyteller worthy of his many writing awards.

Si Dunn‘s latest book is a novel, Erwin’s Law. His other published works include Jump, a novella, and a book of poetry, plus several short stories, all available on Kindle.

Eight recent books of fiction, nonfiction & poetry – #bookreview

Here are eight recent books to consider, whether you prefer fiction, nonfiction or poetry.  

Midnight Movie
By Tobe Hooper, with Alan Goldsher
(Three Rivers, paperback, list price $14.00 ; Kindle edition $0.99) 

Fans of Tobe Hooper’s horror movies, including The Texas Chainsaw Massacre, likely will relish this experimental first novel. It is written in a fake documentary style that also blends in some fictional blog postings, fake tweets, fake news articles and fake testimonies.

In the book’s bizarre plot, a movie that Tobe Hooper made as a teenager and lost is somehow rediscovered and shown in Austin, Texas. That event unleashes a killer virus on the world that only the filmmaker himself can stop — if he can just figure out how. (This book is not recommended for readers who faint easily at the sight of blood, zombies…and over-the-top literary excess.)

Rawhide Ranger, Ira Aten: Enforcing Law on the Texas Frontier
By Bob Alexander
(University of North Texas Press, list price $32.95)

After lawmen gunned down the notorious outlaw Sam Bass at Round Rock, Texas, a young man who lived nearby, Austin Ira Aten, decided to change his career aspirations, from cowboy to Texas Ranger.

Aten joined the Rangers in 1883, soon after he turned 20. He then became, over time, “a courageously competent lawman…favorably known statewide…a high-profile Ranger,” according to the author of this well-researched biography.

While performing his Ranger duties, Ira Aten also became “directly linked to several episodes of Texas’ colorful past that scholars and grassroots historians have penned thousands—maybe millions—of words about.” And Aten’s well-regarded law-enforcement career continued long after his Ranger years, Alexander’s excellent book shows. 

Ciento: 100 100-word Love Poems
By Lorna Dee Cervantes
(Wings Press, paperback, list price $16.00) 

This handsome, enjoyable volume from San Antonio, Texas-based Wings Press keeps its subtitle’s promise. A widely published poet has accepted a difficult challenge and penned a hundred 100-word poems focused on love.

The poems deal with love at direct levels. So you’ll find no easy hearts and flowers here. The images include “steamy matinees”, “sensuous leanings” and “exquisite private views,” to mention just a few. 

Battle Surface!: Lawson P. “Red” Ramage and the War Patrols of the USS Parche
By Stephen L. Moore
(Naval Institute Press, hardback, list price $34.95 ; Kindle edition, list price $34.95)

Stephen L. Moore has written several books on submarine warfare. Battle Surface! blends superb research with a writing style that rivals good fiction. Moore recounts the true story of a U.S. Navy commander who defiantly charged his submarine into the midst of a huge Japanese convoy and stayed on the surface, dodging enemy fire and sinking several ships with torpedoes.

One superior decried the action as “dangerous, foolhardy, and of too much risk.” Others higher up, however, thought differently, Moore notes. They awarded Cmdr. “Red” Ramage the Congressional Medal of Honor. 

Elmer Kelton: Essays and Memories
Edited by Judy Alter and James Ward Lee
(TCU Press, paperback, list price $19.95)

 “Walrus hunter.” That was one of the civilian jobs the U.S. Army recommended to Elmer Kelton when he was discharged as a “rifleman, infantry” following World War II. Kelton became a journalist, instead, and a prolific writer of fiction and nonfiction books before his death in 2009.

This engaging, warm collection of essays and remembrances celebrates Kelton’s life, his personality, his love for the American West and his “straightforward and clean” writing style. In the words of one of his friends, Felton Cochran: “I tell people Elmer Kelton didn’t write ‘westerns’—he wrote western literature.”

Rudder: From Leader to Legend
By Thomas M. Hatfield
(Texas A&M Press, hardback, list price $30.00 ; Kindle edition, list price $30.00)

Earl Rudder could have kept working in a small-town Texas drugstore after high school. He exhibited little ambition and had no money for college. But this excellent biography shows how a chance encounter soon led him to college athletics, coaching and the Army Reserve, and then to D-day heroics, Texas state politics and, finally, the presidency of Texas A&M University’s statewide system.

This excellent biography shows how Gen. Rudder guided A&M through major upheavals that included desegregation, admitting women, and making the Corps of Cadets voluntary.

Working the Land: The Stories of Ranch and Farm Women in the Modern American West
By Sandra K. Schackel
(University Press of Kansas, hardback, list price $24.95)

Women do not just “keep house” on a ranch or farm in the modern American West. This well-written book shows that they have long been doing virtually anything they can to help keep their rural lifestyles viable and afloat in tough economic times.

Sandra K. Schackel interviewed more than 40 women in New Mexico, Texas and other states and found them actively wrangling animals, running machinery, creating summer camps and bed-and-breakfasts on their land, and even holding jobs in town to help support their spreads and their families.

The Road to Roma
By Dave Kuhne
(Ink Brush, paperback, list price $15.95)

This book’s seven well-written short stories are mostly set in Dallas, Fort Worth and Austin, Texas, and they reflect the writer’s strong sense of place and character. The stories previously have been published in a variety of literary journals, and their focus is on the deeper, sometimes transformative moments that occur in ordinary people’s lives.

 Si Dunn‘s latest book is a novel, Erwin’s Law. His other published works include Jump, a novella, and a book of poetry, plus several short stories, all available on Kindle.

New Programmer’s Survival Manual – #programming #bookreview

New Programmer’s Survival Manual: Navigate Your Workplace, Cube Farm, or Startup
By Josh Carter
(Pragmatic Bookshelf, paperback, list price $29.00)

“It’s day one on the job. You have programming chops, you’ve landed the job, you’re sitting at your workstation…now what?”

In the New Programmer’s Survival Manual, veteran coder Josh Carter lays out the possibilities in informative and entertaining ways. And he quickly gets to his book’s key message: “Your programming skills are only one part of what you’ll need in these first years on the job.”

In your long efforts to learn programming, you likely have accumulated stacks of books focusing on several hot languages.

Carter’s manual moves straight to the heart of what you likely don’t know yet and what you’ll need to master very quickly once you sit down at your first professional workstation and get your first assignment.

The 237-page book has seven chapters:

  1. Program for Production – This chapter starts you “close to the code” and emphasizes the importance of writing code that is “production-ready.” You may find yourself assigned to a huge project that is full of bugs. You must learn how to do a range of tests on your code and on the overall product and find as many bugs as you can before angry customers start finding them for you. You also must write code with “good style.” Carter shows how.
  2. Get Your Tools in Order – “The right tools multiply the productivity of a great programmer,” Carter emphasizes. This chapter covers the importance of many tools, ranging from simple text editors to debuggers to using open source code. You also must become fluent in the programming languages you are using and learn how to manage version control and coordinate with other programmers.
  3. Manage Thyself – The corporate world expects you to be a team player. But you have to know how to take care of yourself and your needs, too. Carter offers sage advice on finding a mentor, projecting a professional image, doing well in performance reviews, coping with stress, and taking care of your body with ergonomics.
  4. Teamwork – “Much of what you’ll so in the professional world requires interacting regularly with others,” Carter emphasizes. He acknowledges that many programmers tend to be introverts, so he offers some good tips on overcoming this and working together, as well as surviving “the much-dreaded corporate meeting.”
  5. Inside the Company – You may want to just hunker down in your cube and write code. But you will have to understand how the company that employs you is organized. Along understanding the business and  knowing what each department does, you will need to know how to find and retain allies and locate resources.
  6. Mind Your Business – As much as you may want to avoid the arcane details of corporate finance and operations, “the master programmer has to know a thing or two about business,” the author insists. He notes that “it pays to understand the context of your work: When is my product going to ship? Who’s going to buy it? How does the company make money from it?”
  7. Kaizen – This chapter focuses on applying the Japanese philosophy of continuous improvement. It is imperative that you keep developing new skills and new knowledge. Believe it or not, you someday may want to advance from programming to product management or other positions.

By the way, you do not have to be a new programmer to benefit from this book.

Maybe you have been on the job for a while, and now you feel the need to put more professionalism into your efforts. You might be angling to become a team leader or move up into management. Or, maybe you have been pushed into a leadership position by recent layoffs, attrition or changes in business structure, and you want to hang onto your job.

Josh Carter’s well-written, entertaining survival manual can help you mount a better, more focused campaign for long-term success in the increasingly essential world of computer programming.

#

Si Dunn‘s latest book is a novel, Erwin’s Law. His other published works include Jump, a novella, and a book of poetry, plus several short stories, all available on Kindle. He is a freelance book reviewer for the Dallas Morning News and a former technical writer and software QA tester.

Fast Guide to Cubase 6 – Not so fast but packed with good info – #bookreview

Fast Guide to Cubase 6
By Simon Millward
(PC Publishing, paperback, list price $29.95)

I’m not sure a 474-page book should bill itself as a “fast guide.” For Simon Millward’s new work, a better descriptor would be “thorough.”

Steinberg Cubase 6 software is feature-rich and powerful software for music creation and audio recording. And this thick guidebook provides a thorough gathering of details, steps, tips and illustrations that show how to use the software’s many features.

The popular music software package has a reputation for being user-friendly and flexible. And it comes with a manual.

But Simon Millward’s book aims to provide readers with much more, including: (1) “the essential information to get you up and running in the shortest possible time”; and (2) descriptions of “advanced techniques and a wide range of theoretical knowledge which help you get better results.”

The major topics covered are:

  • Installing and setting up Cubase 6
  • Audio and MIDI recording and editing
  • Mixing, mastering and EQ (equalizers)
  • VST (Virtual Studio Technology) instruments and plug-in effects
  • Loop manipulation and beat design
  • Music production tips and tools
  • Media management

That is only a partial list, of course. The author cautions: “Before you can use Cubase you must have some idea of how to record and manipulate MIDI data, how to record and manipulate audio signals, how you are going to get an audio signal into the computer and how you are going to feed it back out into the real world.”

Fortunately, his well-written and helpfully illustrated book includes much of that crucial how-to information. It also provides a macro library, a heavy-duty glossary, and a useful list of Web resources. 

Computer-savvy musicians, music producers, sound recordists and audio professionals — and readers who aspire to be any of those — should consider owning and using Fast Guide to Cubase 6.

Si Dunn‘s latest book is a novel, Erwin’s Law. His other published works include Jump, a novella, and a book of poetry, plus several short stories, all available on Kindle.

Using Microsoft InfoPath 2010 with Microsoft SharePoint 2010: Step by Step – #bookreview

Using Microsoft InfoPath 2010 with Microsoft SharePoint 2010: Step by Step
By Darvish Shadravan and Laura Rogers
(Microsoft Press, paperback, list price $34.99; Kindle edition, list price $31.99)

A 21st century Shakespeare might write: “All the world’s a form, and we are just filling it in.”

One of this book’s authors contends (not completely in jest) that “forms run the world. Imagine modern life without forms, both paper and digital–it’s not possible! Everything that is known and recorded about you, from your birth city to your magazine subscriptions, to  your preference of aisle or window seats–yes, all of this information was entered in a form at some point in time.”

Microsoft InfoPath 2010 is used to design and build electronic forms, as well as gather data, without writing code. Meanwhile, SharePoint Server 2010 “offers a robust architecture for managing access to data connections and external systems.” SharePoint is Microsoft’s suite of software tools aimed at making it “easier for people work together,” whether in the same office or scattered around the planet.

This well-written and nicely illustrated book shows how to bring the two products together in powerful ways that (1) enable InfoPath forms to be created and formatted and (2) integrate data from SharePoint and other company systems. InfoPath forms also can be hosted on SharePoint.

The book is aimed at “any information worker that needs to build and use electronic forms that will be stored in SharePoint.” Its goal is to “teach you the basics of building and using InfoPath 2010 forms in a SharePoint 2010 environment.”

The writers assume you are at least a “savvy Office and Windows user.” It is helpful, but not mandatory, to also have at least some basic familiarity with SharePoint Server 2010. “However, even if you’re not a SharePoint guru, most topics in this book should be within your grasp,” they point out.

If you do not have a SharePoint environment in your company, “InfoPath 2010 supports the creation of forms in Microsoft Office 365,” the two authors note. Office 365 is Microsoft’s cloud product that provides online access to a variety of programs for communicating and collaborating.

InfoPath has been around for a few years and recently was given a significant update. But many businesses and computer users do not have it.

That’s not show-stopper when InfoPath and SharePoint work together, the authors point out. “If you create your forms as browser-enabled form templates, users who don’t have InfoPath installed on their computer can still work with the form in a browser. This lets you share business forms with a variety of users, including employees, customers, and vendors.”

The 446-page book has 14 chapters. The first four chapters show how to create and format forms using InfoPath. The remaining chapters focus on using InfoPath with SharePoint.

According to the two authors, “the mission of this book is to help you understand how to create business forms that provide a pleasant, reliable, and intuitive experience for your users and customers,” they write.

The process of creating, formatting and publishing forms is shown and described in clear, succinct how-to steps. Practice files can be downloaded from a Microsoft site, and the exercise topics range from the basics of form design to building an approval process and working with SharePoint views and dashboards, to (1) “control what fields are displayed at any given time” and (2) “generate reports from any information in SharePoint lists and libraries.”

The authors add: “SharePoint libraries, specifically form libraries, are well suited for storing and managing InfoPath forms.”

InfoPath’s native language is XML, “perhaps the single most powerful method of storing and sharing structured data to come along since the advent of digital computing.” Creating electronic forms has long been a code-intensive process.

InfoPath hides most of the XML behind an easy-to-use interface. And XSLT (Extensible Style Sheet Language) style sheets also “‘sit in front of’ the underlying XML and transform it into the rich and easy-to-use forms that InfoPath can create.”

The book’s illustrations, short paragraphs, step-by-step lists and example files can all help readers get up to speed quickly, whether Microsoft InfoPath 2010 is used with Microsoft SharePoint on a company network or via the cloud, by way of Office 365.

Si Dunn‘s latest book is a novel, Erwin’s Law. His other published works include Jump, a novella, and a book of poetry and several short stories, all available on Kindle. He previously worked in the telecommunications industry as a software and hardware tester and technical writer.

Galaxy Tab: The Missing Manual – #bookreview #android

Galaxy Tab: The Missing Manual
By Preston Gralla
(O’Reilly, paperback, list price $19.99; Kindle edition, list price $19.99)

Getting or giving yourself a Galaxy Tab for Christmas?

Consider getting this book to go with it, whether you’re getting a 3G/4G or Wi-Fi version of the Samsung tablet computer.

Reason one: You won’t find much how-to information packed in the box with the Galaxy Tab.

Reason two: Veteran technology writer Preston Gralla has prepared a nicely organized, well-written and heavily illustrated Galaxy Tab guide that covers the Samsung TouchWiz interface, as well as the device itself.

Gralla’s step-by-step instructions and tips can save you considerable time and effort as you learn the features and put your new device to work browsing the Web, checking email, playing music, shooting video and doing many other tasks for fun or work.

Parts & Chapters

This 427-page “Missing Manual”is organized into six parts, including 16 chapters and two appendixes.

Part One covers “The Basics and Getting Online.” The chapters are:

  • Chapter 1: The Guided Tour – (Everything from activating the Power/Lock Key to using the headphone jack, Volume Key and cameras and putting widgets and app shortcuts on the home screen.)
  • Chapter 2: Getting Online: Wi-Fi, 3G and 4G – (Getting online and also setting up and managing your Google account.)
  • Chapter 3: Navigating the Web – (And doing a variety of tasks such as saving online images, synching the Galaxy Tab’s bookmarks with your computer’s bookmarks, and managing online security.)
  • Chapter 4: Downloading and Using Apps – (Including where to get apps; managing, sharing and uninstalling apps; troubleshooting apps, the Samsung Apps Store, and more.)
  • Chapter 5: Ten Great Android Apps – (For games, productivity, music and pictures, and information.)

Part Two focuses on “Getting Social and Finding Your Way.” The chapters are:

  • Chapter 6: Contacts, Chat, and Video Chat – (Everything from “how you chat” and starting Google Talk to responding to chat invitations, audio and video chat, and managing chat contacts.)
  • Chapter 7: Facebook, Twitter, and Other Social Apps – (How to use your Galaxy Tab on social media.)
  • Chapter 8: Maps and Navigation – (Using Google Maps, finding your location, searching maps, street view, and turn-by-turn navigation.)

Part 3 covers “Books, Media, and Games.” The chapters are:

  • Chapter 9: Books and Magazines – (Using Google Books, the Kindle app, and reading magazines and newspapers online or with Android apps.)
  • Chapter 10: Music – (Transferring music files from PC or Mac to Galaxy Tab; playing music; using the Google Cloud Music player, the Samsung Music Player and the Music Hub.)
  • Chapter 11: Camera, Photos, and Video – (Taking pictures or downloading from web, displaying them, and sharing them; taking videos and sharing them via YouTube; and using Media Hub to rent and play movies and TV shows.)

Part Four deals with “Getting Productive.” The chapters are:

  • Chapter 12: Gmail and Email – (The various ways to receive, send and manage email using a Galaxy Tab.)
  • Chapter 13: Calendar – (Using the Calendar, synchronizing it with Outlook, and using other Calendar capabilities, including geolocation.)
  • Chapter 14: Getting Work Done with Your Galaxy Tab – (Setting up your Galaxy Tab with your company account; using Virtual Private Networking (VPN); using Google Docs, and using Microsoft Office.)

Part 5 is titled “Advanced Topics.” The chapters are:

  • Chapter 15: Controlling Your Galaxy Tab with Your Voice – (Using the Voice Actions features, sending a voice recording, and using other voice features.)
  • Chapter 16: Settings – (Focuses on “all of the Galaxy Tab’s settings, and explains what they do for you.” Shows how to make changes.)

Part Six is titled “Appendixes.” The two appendixes are:

  • A. Setup, Signup, and Accessories
  • B. Troubleshooting and Maintenance

Bottom Line

O’Reilly bills its “Missing Manual” series as “the book that should have been in the box.” You won’t find Preston Gralla’s handy book in the Galaxy Tab box.

But the paperback or Kindle version can help you discover the most enjoyable and productive ways to use your shiny new tablet.

Si Dunn