Attacking Network Protocols

I am always trying to expand the boundaries of my knowledge. While I have a basic understanding of networking and a high-level understanding of security issues, I have never studied or read up on the specifics of packet sniffing or other network traffic security topics. This book changed that.

Attacking Network Protocols: A Hacker’s Guide to Capture, Analysis, and Exploitation takes a network attacker’s perspective while probing topics related to data and system vulnerability over a network. The author, James Forshaw, takes an approach similar to the perspective taken by penetration testers (pen testers), the so-called white hat security people who test a company’s security by trying to break through its defenses. The premise is that if you understand the vulnerabilities and attack vectors, you will be better equipped to protect against them. I agree with that premise.

Most of us in the Free and Open Source software world know about Wireshark and using it to capture network traffic information. This book mentions that tool, but focuses on using a different tool that was written by the author, called CANAPE.Core. Along the way, the author calls out multiple other resources for further study. I like and appreciate that very much! This is a complex topic and even a detailed and technically complex book like this one cannot possibly cover every aspect of the topic in 300 pages. What is covered is clearly expressed, technically deep, and valuable.

The book covers topics ranging from network basics to passive and active traffic capture all the way to the reverse engineering of applications. Along the way Forshaw covers network protocols and their structures, compilers and assemblers, operating system basics, CPU architectures, dissectors, cryptography, and the many causes of vulnerabilities.

Closing the book is an appendix (additional chapter? It isn’t precisely defined, but it is extra content dedicated to a specific topic) that describes a multitude of tools and libraries that the author finds useful, but may not have had an excuse to mention earlier in the book. This provides a set of signposts for the reader to follow for further research and is, again, much appreciated.

While I admit I am a novice in this domain, I found the book helpful, interesting, of sufficient depth to be immediately useful, with enough high-level descriptions and clarification to give me the context and thoughts for further study.

Disclosure: I was given my copy of this book by the publisher as a review copy. See also: Are All Book Reviews Positive?

Learn Java the Easy Way

This is an enjoyable introduction to programming in Java by an author I have enjoyed in the past.

Learn Java the Easy Way: A Hands-On Introduction to Programming was written by Dr. Bryson Payne. I previously reviewed his book Teach Your Kids to Code, which is Python-based.

Learn Java the Easy Way covers all the topics one would expect, from development IDEs (it focuses heavily on Eclipse and Android Studio, which are both reasonable, solid choices) to debugging. In between, the reader receives clear explanations of how to perform calculations, manipulate text strings, use conditions and loops, create functions, along with solid and easy-to-understand definitions of important concepts like classes, objects, and methods.

Java is taught systematically, starting with simple and moving to complex. We first create a simple command-line game, then we create a GUI for it, then we make it into an Android app, then we add menus and preference options, and so on. Along the way, new games and enhancement options are explored, some in detail and some in end-of-chapter exercises designed to give more confident or advancing students ideas for pushing themselves further than the book’s content. I like that.

Side note: I was pleasantly amused to discover that the first program in the book is the same as one that I originally wrote in 1986 on a first-generation Casio graphing calculator, so I would have something to kill time when class lectures got boring.

The pace of the book is good. Just as I began to feel done with a topic, the author moved to something new. I never felt like details were skipped and I also never felt like we were bogged down with too much detail, beyond what is needed for the current lesson. The author has taught computer science and programming for nearly 20 years, and it shows.

Bottom line: if you want to learn Java, this is a good introduction that is clearly written and will give you a nice foundation upon which you can build.

Disclosure: I was given my copy of this book by the publisher as a review copy. See also: Are All Book Reviews Positive?

Then She was Born

Eleven Nobel Peace Prize laureates. The Dalai Lama. Pope Francis. These are just some of many who support an initiative to #HelpAfricanAlbinos. In many countries, people with albinism are discriminated against, harassed, and persecuted. There is too little understanding and too much false information.

Then She was Born is an attempt to spread awareness of the problem using a fictional account of a girl, Adimu, who is born in a village. We see her struggle for survival against powerful superstition and tradition. Using information taken from the accounts of many African albinos, the story is gripping, moving, and also a call to action. The book was originally written and published in Italian by Cristiano Gentili as Ombra Bianca and has been masterfully translated into English for the reviewed edition by Lori Hetherington. The story is engaging, with characters that are relatable and deep.

Prior to reading this book, I had heard passing mentions, but had no real knowledge of the issue. This is a work of fiction, but it is based on real events and there are real lives at stake. I will share this book with anyone among my friends who will read it and I recommend it highly to those who are not local to me.

Disclosure: I was given my copy of this book by the publisher as a review copy. See also: Are All Book Reviews Positive?

Starting a New Job

Starting today, I’m very excited to be working as a technical writer for Canonical. It is a thrill to be able to earn money while learning and writing about something that I am already passionate about: Ubuntu.

Some readers of my blog may not know this: Canonical is the company that provides support and resources to help the open source community make Ubuntu and promote its use across a multitude of devices and use cases.

A Blind Willie Johnson cover

I don’t think I have mentioned my YouTube channel on this blog. It is time. I recorded a couple covers of Blind Willie Johnson songs this week as my most recent contributions. In this video, I mention a really cool collection of covers that I supported on Kickstarter a few years back that was released just recently. Check it out with this song, the links I provide from it, and please know you are invited to also check out any of the songs I have recorded. (I also take requests from time to time, although there is a queue and it takes me time to learn songs I don’t already know…)