Attacking Network Protocols

I am always trying to expand the boundaries of my knowledge. While I have a basic understanding of networking and a high-level understanding of security issues, I have never studied or read up on the specifics of packet sniffing or other network traffic security topics. This book changed that.

Attacking Network Protocols: A Hacker’s Guide to Capture, Analysis, and Exploitation takes a network attacker’s perspective while probing topics related to data and system vulnerability over a network. The author, James Forshaw, takes an approach similar to the perspective taken by penetration testers (pen testers), the so-called white hat security people who test a company’s security by trying to break through its defenses. The premise is that if you understand the vulnerabilities and attack vectors, you will be better equipped to protect against them. I agree with that premise.

Most of us in the Free and Open Source software world know about Wireshark and using it to capture network traffic information. This book mentions that tool, but focuses on using a different tool that was written by the author, called CANAPE.Core. Along the way, the author calls out multiple other resources for further study. I like and appreciate that very much! This is a complex topic and even a detailed and technically complex book like this one cannot possibly cover every aspect of the topic in 300 pages. What is covered is clearly expressed, technically deep, and valuable.

The book covers topics ranging from network basics to passive and active traffic capture all the way to the reverse engineering of applications. Along the way Forshaw covers network protocols and their structures, compilers and assemblers, operating system basics, CPU architectures, dissectors, cryptography, and the many causes of vulnerabilities.

Closing the book is an appendix (additional chapter? It isn’t precisely defined, but it is extra content dedicated to a specific topic) that describes a multitude of tools and libraries that the author finds useful, but may not have had an excuse to mention earlier in the book. This provides a set of signposts for the reader to follow for further research and is, again, much appreciated.

While I admit I am a novice in this domain, I found the book helpful, interesting, of sufficient depth to be immediately useful, with enough high-level descriptions and clarification to give me the context and thoughts for further study.

Disclosure: I was given my copy of this book by the publisher as a review copy. See also: Are All Book Reviews Positive?

Learn Java the Easy Way

This is an enjoyable introduction to programming in Java by an author I have enjoyed in the past.

Learn Java the Easy Way: A Hands-On Introduction to Programming was written by Dr. Bryson Payne. I previously reviewed his book Teach Your Kids to Code, which is Python-based.

Learn Java the Easy Way covers all the topics one would expect, from development IDEs (it focuses heavily on Eclipse and Android Studio, which are both reasonable, solid choices) to debugging. In between, the reader receives clear explanations of how to perform calculations, manipulate text strings, use conditions and loops, create functions, along with solid and easy-to-understand definitions of important concepts like classes, objects, and methods.

Java is taught systematically, starting with simple and moving to complex. We first create a simple command-line game, then we create a GUI for it, then we make it into an Android app, then we add menus and preference options, and so on. Along the way, new games and enhancement options are explored, some in detail and some in end-of-chapter exercises designed to give more confident or advancing students ideas for pushing themselves further than the book’s content. I like that.

Side note: I was pleasantly amused to discover that the first program in the book is the same as one that I originally wrote in 1986 on a first-generation Casio graphing calculator, so I would have something to kill time when class lectures got boring.

The pace of the book is good. Just as I began to feel done with a topic, the author moved to something new. I never felt like details were skipped and I also never felt like we were bogged down with too much detail, beyond what is needed for the current lesson. The author has taught computer science and programming for nearly 20 years, and it shows.

Bottom line: if you want to learn Java, this is a good introduction that is clearly written and will give you a nice foundation upon which you can build.

Disclosure: I was given my copy of this book by the publisher as a review copy. See also: Are All Book Reviews Positive?

Then She was Born

Eleven Nobel Peace Prize laureates. The Dalai Lama. Pope Francis. These are just some of many who support an initiative to #HelpAfricanAlbinos. In many countries, people with albinism are discriminated against, harassed, and persecuted. There is too little understanding and too much false information.

Then She was Born is an attempt to spread awareness of the problem using a fictional account of a girl, Adimu, who is born in a village. We see her struggle for survival against powerful superstition and tradition. Using information taken from the accounts of many African albinos, the story is gripping, moving, and also a call to action. The book was originally written and published in Italian by Cristiano Gentili as Ombra Bianca and has been masterfully translated into English for the reviewed edition by Lori Hetherington. The story is engaging, with characters that are relatable and deep.

Prior to reading this book, I had heard passing mentions, but had no real knowledge of the issue. This is a work of fiction, but it is based on real events and there are real lives at stake. I will share this book with anyone among my friends who will read it and I recommend it highly to those who are not local to me.

Disclosure: I was given my copy of this book by the publisher as a review copy. See also: Are All Book Reviews Positive?

Starting a New Job

Starting today, I’m very excited to be working as a technical writer for Canonical. It is a thrill to be able to earn money while learning and writing about something that I am already passionate about: Ubuntu.

Some readers of my blog may not know this: Canonical is the company that provides support and resources to help the open source community make Ubuntu and promote its use across a multitude of devices and use cases.

A Blind Willie Johnson cover

I don’t think I have mentioned my YouTube channel on this blog. It is time. I recorded a couple covers of Blind Willie Johnson songs this week as my most recent contributions. In this video, I mention a really cool collection of covers that I supported on Kickstarter a few years back that was released just recently. Check it out with this song, the links I provide from it, and please know you are invited to also check out any of the songs I have recorded. (I also take requests from time to time, although there is a queue and it takes me time to learn songs I don’t already know…)

Fighting Shadows

Fighting Shadows is set in Morocco. It is a fictional account that tells the story of one young man’s attempt to find justice after receiving a brutal beating during a political protest. Set against the backdrop of the Arab Spring throughout North Africa, the book attempts to demonstrate in narrative some of the reasons why the uprising never took hold to the point of revolution or civil war, like happened other countries such as Libya, Tunisia, and Egypt.

The story begins on that fateful day, February 20, 2011, starting with Farid and his participation in a protest in the town of Sefrou. The reader is taken on a journey that touches on the delicate balance of power in a country that rails against a history of control and abuse of power by the government while also fearing the rise of Islamist fundamentalism should that power be toppled.

The novel ably and clearly demonstrates the fear many citizens feel, whether their fear is centered on the local police, on the national security forces, or on the government’s secret forces. The book describes problems with bribery and corruption, but it also describes good people standing up and trying to fight against it. The real question is how effective those fights are or can be. This book does not give a definitive answer, but does an excellent job of asking questions that should be asked.

I have written a small amount; about these issues in the past, but not much. I lived in Morocco for 7 years and hope to visit again. I have friends who live there, a few expats and far more Moroccan people. I have no interest in stirring up trouble for myself or for them. At the same time, if we don’t question what we see and ask questions about what could be done, nothing can ever improve, in Morocco or anywhere else.

Fighting Shadows does not prescribe a specific remedy, but does a very good job of illuminating the problems that exist. Anyone interested in the politics and people of the region will find that the book helps frame questions that need to be worked through as Morocco and the Moroccan people look toward the future. Will the future be based in fear, whether fear of the Makhzen or of the Ikhwan, or will the future be ruled by hope, and if so, hope in what?

Note: this is a self-published book. Often, I find that self-published books deserve closer scrutiny than manuscripts that have gone through the more rigorous editorial and publication process with a publishing house. It is because I found this book to NOT have most of the common weaknesses of self-published books that I decided to post about it. My guess is that the only reason that a large publisher wouldn’t print this is because they may have felt the market was too small for the book to earn out. The content is of high enough quality to deserve your consideration.

No disclosure needed. I bought this book and thought it was worth sharing with you.