Tuesday, June 23, 2009

Review: Gray Hat Python

216 pages, a title of 'Gray Hat Python' and a table of contents with subjects such as 'design and program your own debugger', 'learn how to fuzz windows drivers', 'create powerful fuzzers from scratch', DLL injection, hooking, malware analysis. My first impression was that it must be really niche, hardcore and not for me.

You'd think that the book would appeal to only a subgroup of security professionals or software engineers given the subject matter. The small book also suggests that there would not be much space left to explain the matter to people who are not experts.

First impressions are often wrong.



In my opinion this book is a must for all people who deal with security on a technical level. The book is also interesting for programmers who want to learn more about debuggers and other low level aspects. People who want to learn some new tricks in Python will probably like the book as well. But all these people don't have to be experts to enjoy this book. There are a few ways you can read this book as it was clearly written with a few different levels of perspective in mind.

For example, you can learn about the inner workings of a debugger without actually understanding the Python code. All topics are first clearly explained on a conceptual level. After that Python code is used for implementation. You will get introduced to the Python code gradually, in the beginning each program is short and basic and the most important lines are highlighted and explained. After that more functionality gets added and further explanations follow.

Though the book deals with quite a wide variety of subjects, they all have a low-level debugging aspect. This makes that it is interesting for both security oriented people and developers. It's all about basic, low level techniques. And most of them can be used both for making and breaking stuff.

Given the subject matter and size of the book, clearly some things had to be left out. One of the things this book left out was implementation of the debugger on operating systems other then Windows. I think it was a good choice since Windows is still the platform on which most debugging and reversing takes place. Also, Windows offers a few API functions that make it easier to do debugging. This abstraction was used well to keep things understandable and short while still offering a good picture of what makes a debugger tick. Especially the chapter on debuggers contains loads of references for people who want to explore further. But I missed a few references for debugger implementation on other operating systems.

The only drawback was that there seemed to be some errors in some code listings. Unfortunately, there is no errata section on this book's website yet (24-jun-2009). This can make getting the example code to run a challenge for non Pythonians.

All in all, this is a very cool and unique book for all people who want to take a deeper look.

Monday, June 15, 2009

No Time to Say Hello-Goodbye

I woke up today at six, went on a run and somehow don't even have time for a proper blogpost. Today's run was hard but good. At the end of the training I was sweating all over the place, not that usual sweat but that greasy hard-work sweat.


I hoped I could take it easy after such hard work so early in the morning, but alas. No time to say hello, goodbye. I'm off to take a quick shower and a quick breakfast. Here are the stats:



I'm going down the rabbit hole...

Saturday, June 13, 2009

Muddy horsetracks

The periodical rains of last week kept me from running. Not because of the rain itself, but because of the mudpools it would leave behind. Rain meant I would not be able to run on the horse tracks but only on pavements. Since I want to take it easy on the shins I just waited for better weather. When it turned out to be a bright sunny day yesterday I prepared to go on a run. This time I wore some new gear: shorts and an armband for my iPod.

I'm not really a shorts man but it was definately better then the usual jogging pants I wear. It has a small pocket on the lower back for keys or some change. Quite nice since that part does not move as much while running and I will not be bothered by moving coins or keys.



In addition I put on my new Griffin Aerosport Armband for my iPod. At first I was unpleasantly surprised when it looked like it could not accomodate for the nike+ receiver. But it actually does and its pretty comfortable. I especially like the cable clip.

Being all dressed up, I went on a run, on the horse tracks like I planned. But most of the tracks were still wet and there were huge mudpools. So I was jumping, snake-running, and some times running of the track in order to keep going. It got pretty messy!

The run intervals were at 6 minutes, but like usual, the first one was the toughest. I did the horse tracks two times in one session now and I think I need to start looking for another route. I'm eying another park wich is a bit out of my way but will possibly offer more long unpaved tracks. I'm not sure if it is nice since it looks like it has a big road running right through the middle of it. It's pretty lame that we can't even have a designated piece of forest without roads and pavements and such.



After my run I spent quite some time stretching. I also had a highly unconfortable shower with some hot/cold water therapy. I really hate that cold water it but I think it does really help. I think it really helped since I'm feeling quite recovered today. Or maybe it was the delicious spaghetti after the run :-)

Anyway, here are yesterday's stats:

I like to think that, were I not hindered by the mud, I would have got that 300 meters extra and got my first 5K!

Wednesday, June 10, 2009

Review: The Manga Guide to Databases

Most of my friends and colleagues had to laugh when I told about or showed them this manga guide. Though this book is really fun to read and contains many subtle jokes, it's not something to dismiss as some crazy comic book.



Don't fool yourself, under the happy Manga lies a superb learning book on databases. The book deals with the fundamentals in a clear, quick and fun way. It's quite amazing how some conceptually difficult topics are explained in such a short book. The book brought a clear understanding of some things a 4-year bachelor's study on the subject failed to clearly explain. I hated everything Database before I read this book. Mostly because I felt it was a dry and boring subject and this idea was supported by terribly boring, big fat books with a lot of difficult language.

The book tackles all you need to know to be able to design, use and maintain a database. Subjects such as Database normalization, Database design, ERD models, SQL, ACID, locking mechanisms, query and database optimization, security, architecture, stored procedures and database replication are all explained wonderfully. There are exercises on each topic, and answers are provided a few pages further.



One of the strong points of the book is that it succeeds in explaining some very practical things without being implementation dependent. All the knowledge you gain from this book will be applicable to any database system.

The author is a sheer didactic genius! Repetition is cleverly hidden in comics, written out paragraphs, drawings and exercises. You hardly notice you are actually learning Your thought process is guided by the main characters in the book and a few hours later you know all the Database fundamentals.

People who care about the environment can also enjoy this book since it's been printed on some nice quality Sustainable Forestry Initiative paper. A nice way to read responsibly.

This book is by far the best book I have read on the subject. I think this book absolutely rocks and recommend it to anyone working with or just interested in databases.

Everything should have it's own Manga Guide!

Sunday, June 7, 2009

RRRR!

Rest, don't push it, listen to your body... I was getting that advice from nearly everyone, runners, shop keepers and even a physiotherapist who had suffered shin splints. I had been feeling increasing pains in both my inner lower shin and outer shin lately and felt my legs were heavy and tired all the time. I was really spooked by my possible 'anterior compartment syndrome' and even more by the possible 'tibia stress fracture'. So I took a whole week off, no running.

Ruby provided a way to keep my mind at least a bit focused on running after that. I made a beginning to write an application that can read my exercise data from my Nike+ipod. The app is not finished yet, only the parser part is. I still need to finish the part that gets the data from the database and shows you some nice trends. I'll put the code on github when I have that part running.

Reading 'Ruby in Practice', which I've won, gave me inspiration for my app. However, I did not even finish the first chapter or two other books were in my mailbox! Off course I started to read those, 'The Manga Guide To Databases' and 'Grey Hat Python' as well. To add to the book frenzy, I just found out I also won the ebook version of the ultimate Ruby bible: 'Programming Ruby 1.9: The Pragmatic Programmers' Guide'! So yeah, get ready for some reviews ;-)



Running put the great week to a fantastic end. I have been feeling a bit jumpy the whole week, I really missed the running already. I guess it's quite addictive. Anyway, I did some googling and asked a physiotherapist I know about some stretch exercises for my shins. Yesterday I found the following stretches and they had an immediate effect:




Seated shin stretch

More shin stretches
'Swan lake stretch'

That last one did it for me so I decided to call it the 'swan lake'...

Ok...after that I decided to wear my new black-tech-ninja long-sleeve running shirt and go at it. This time however I really took time to do a proper warm-up. First a fast paced 1k walk, after that a 1k run. After that some stretches. Then I went off, I felt the inner shin hurting again quite soon. But then I saw a horse track, a sand path. When I went running on that, I felt nothing. The rest of the run was mostly a struggle because I had not ran for a whole week and was eating pizza and other badness while doing my geek things. However, when I got home I was pleasantly surprised by my stats: I passed 4K, nearly got to 5, RRRR!!

Monday, June 1, 2009

Review: Learn to program 2nd edition

As I'm taking a brake from running to prevent shin injuries. So I had time to finish reading my latest book, 'Learn to program 2nd edition'. Well I've finished it and thought I'd share my feelings about it in a review, so here it is:



The best book out there if you want to learn programming. If you have a little experience but are unsure, you will like this book too.

The book is also suited as a lightweight introduction to Ruby. But if you have a decent amount of experience in another programming language and want to learn Ruby, or if you want to dive in directly, consider a book like Programming Ruby or the Ruby Way.

The book is very readable and funny. You'll understand most things without too much effort because of the way the author explains things clearly.

The book contains fun exercises such as the 'angry boss' or 'deaf grandma' exercises.

The only minor points were that the exercises were mostly not very practical for real life situations. The last few chapters were not as clear in explaining things as most of the book.

This book offers great value for money and is well worth your time, adding to that it's not a big book and very reasonably priced. Definitely worth it.

Since the second edition is really just from the press, there are no other reviews. So you'll just have to do with mine (I'm a critic so don't worry!):

Amazon

For the Dutch