You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    Through example code, this guide demonstrates how CoffeeScript abstracts JavaScript, providing syntactical sugar and preventing many common errors. You’ll learn CoffeeScript’s syntax and idioms step by step, from basic variables and functions to complex comprehensions and classes.Written by Alex MacCaw, author of JavaScript Web Applications (O’Reilly), with contributions from CoffeeScript creator Jeremy Ashkenas, this book quickly teaches you best practices for using this language—not just on the client side, but for server-side applications as well. It’s time to take a ride with the little language that could.Discover how CoffeeScript’s syntax differs from JavaScriptLearn about features such as array comprehensions, destructuring assignments, and classesExplore CoffeeScript idioms and compare them to their JavaScript counterpartsCompile CoffeeScript files in static sites with the Cake build systemUse CommonJS modules to structure and deploy CoffeeScript client-side applicationsExamine JavaScript’s bad parts—including features CoffeeScript was able to fix

    As the words "at work" suggest, Peter Seibel focuses on how his interviewees tackle the day–to–day work of programming, while revealing much more, like how they became great programmers, how they recognize programming talent in others, and what kinds of problems they find most interesting. Hundreds of people have suggested names of programmers to interview on the Coders at Work web site: http://www.codersatwork.com. The complete list was 284 names. Having digested everyone’s feedback, we selected 16 folks who’ve been kind enough to agree to be interviewed:- Frances Allen: Pioneer in optimizing compilers, first woman to win the Turing Award (2006) and first female IBM fellow- Joe Armstrong: Inventor of Erlang- Joshua Bloch: Author of the Java collections framework, now at Google- Bernie Cosell: One of the main software guys behind the original ARPANET IMPs and a master debugger- Douglas Crockford: JSON founder, JavaScript architect at Yahoo!- L. Peter Deutsch: Author of Ghostscript, implementer of Smalltalk-80 at Xerox PARC and Lisp 1.5 on PDP-1- Brendan Eich: Inventor of JavaScript, CTO of the Mozilla Corporation - Brad Fitzpatrick: Writer of LiveJournal, OpenID, memcached, and Perlbal - Dan Ingalls: Smalltalk implementor and designer- Simon Peyton Jones: Coinventor of Haskell and lead designer of Glasgow Haskell Compiler- Donald Knuth: Author of The Art of Computer Programming and creator of TeX- Peter Norvig: Director of Research at Google and author of the standard text on AI- Guy Steele: Coinventor of Scheme and part of the Common Lisp Gang of Five, currently working on Fortress- Ken Thompson: Inventor of UNIX- Jamie Zawinski: Author of XEmacs and early Netscape/Mozilla hackerWhat you’ll learn:How the best programmers in the world do their jobWho is this book for?Programmers interested in the point of view of leaders in the field. Programmers looking for approaches that work for some of these outstanding programmers.

    This groundbreaking new book sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours-- sometimes even minutes-no matter what the size of a project or the complexity of its code base. Jez Humble and David Farley begin by presenting the foundations of a rapid, reliable, low-risk delivery process. Next, they introduce the "deployment pipeline," an automated process for managing all changes, from check-in to release. Finally, they discuss the "ecosystem" needed to support continuous delivery, from infrastructure, data and configuration management to governance. The authors introduce state-of-the-art techniques, including automated infrastructure management and data migration, and the use of virtualization. For each, they review key issues, identify best practices, and demonstrate how to mitigate risks. Coverage includes - Automating all facets of building, integrating, testing, and deploying software - Implementing deployment pipelines at team and organizational levels - Improving collaboration between developers, testers, and operations - Developing features incrementally on large and distributed teams - Implementing an effective configuration management strategy - Automating acceptance testing, from analysis to implementation - Testing capacity and other non-functional requirements - Implementing continuous deployment and zero-downtime releases - Managing infrastructure, data, components and dependencies - Navigating risk management, compliance, and auditing Whether you're a developer, systems administrator, tester, or manager, this book will help your organization move from idea to release faster than ever--so you can deliver value to your business rapidly and reliably.

    Thread programming enables developers to design applications that are more responsive to user demands, faster, and more easily controlled. This book offers comprehensive coverage of this vital aspect of the Java language. The book is completely up-to-date with the new thread model that is now incorporated into the most recent version of the Java Virtual Machine. All Java programmers interested in doing concurrent programming must understand these new concepts. The book approaches the topic from a design pattern point of view. It introduces and summarizes Java's concurrency support, shows readers how to initiate, control, and coordinate concurrent activities, and offers numerous recipe-like techniques for designing and implementing Java structures that solve common concurrent programming challenges. Specifically, the book presents important strategies for avoiding the inconsistencies that can crop up in multi-threaded programs, addresses the concept of liveness-how to ensure that all threads in use are kept active simultaneously, examines state-dependent action, and demonstrates effective methods for handling user requests in a multi-threaded environment.

    "Monitoring Monitoring" explains what makes your monitoring less than stellar, and provides a practical approach to designing and implementing a monitoring strategy, from the application down to the hardware in the datacenter and everything in between.In the world of technical operations, monitoring is core to everything you do. In today s changing landscape of microservices, cloud infrastructure, and more, monitoring is experiencing a new surge of growth, bringing along new methodologies, new ways of thinking, and new tools.Complete with a primer on statistics and a monitoring vocabulary, this book helps you identify the main areas you need to monitor and shows you how to approach them. It s ideal for operations engineers, system administrators, system and software engineers, site reliability engineers, network engineers, and other operations professionals."

    It starts by explaining how message queuing works, its history, and how RabbitMQ fits in. Then it shows you real-world examples you can apply to your own scalability and interoperability challenges.About the TechnologyThere's a virtual switchboard at the core of most large applications where messages race between servers, programs, and services. RabbitMQ is an efficient and easy-to-deploy queue that handles this message traffic effortlessly in all situations, from web startups to massive enterprise systems.About the BookRabbitMQ in Action teaches you to build and manage scalable applications in multiple languages using the RabbitMQ messaging server. It's a snap to get started. You'll learn how message queuing works and how RabbitMQ fits in. Then, you'll explore practical scalability and interoperability issues through many examples. By the end, you'll know how to make Rabbit run like a well-oiled machine in a 24 x 7 x 365 environment.Written for developers familiar with Python, PHP, Java, .NET, or any other modern programming language. No RabbitMQ experience required. Purchase of the print book comes with an offer of a free PDF, ePub, and Kindle eBook from Manning. Also available is all code from the book. What's InsideLearn fundamental messaging design patternsUse patterns for on-demand scalabilityGlue a PHP frontend to a backend written in anythingImplement a PubSub-alerting service in 30 minutes flatConfigure RabbitMQ's built-in clusteringMonitor, manage, extend, and tune RabbitMQ========================================​====Table of ContentsPulling RabbitMQ out of the hatUnderstanding messagingRunning and administering RabbitSolving problems with Rabbit: coding and patternsClustering and dealing with failureWriting code that survives failureWarrens and Shovels: failover and replicationAdministering RabbitMQ from the WebControlling Rabbit with the REST APIMonitoring: Houston, we have a problemSupercharging and securing your RabbitSmart Rabbits: extending RabbitMQ

    Try out more than 1,000 commands to find and get software, monitor system health and security, and access network resources. Then, apply the skills you learn from this book to use and administer desktops and servers running Ubuntu, Debian, and KNOPPIX or any other Linux distribution.

    While some fear is healthy (often viewed as a conscience that tells programmers to be careful!), the author believes that byproducts of fear include tentative, grumpy, and uncommunicative programmers who are unable to absorb constructive criticism. When programming teams buy into TDD, they immediately see positive results. They eliminate the fear involved in their jobs, and are better equipped to tackle the difficult challenges that face them. TDD eliminates tentative traits, it teaches programmers to communicate, and it encourages team members to seek out criticism However, even the author admits that grumpiness must be worked out individually! In short, the premise behind TDD is that code should be continually tested and refactored. Kent Beck teaches programmers by example, so they can painlessly and dramatically increase the quality of their work.

     The author spent two years researching every bug avoidance technique she could find. This book contains the best of them. If you want to program faster, with fewer bugs, and write more secure code, buy this book!

    This title also teaches you how to use the HTML5 and CSS3 features alongside the earlier standards.

    With its simple commands, flags, and parameters, a well-formed command-line application is the quickest way to automate a backup, a build, or a deployment and simplify your life. With this book, you'll learn specific ways to write command-line applications that are easy to use, deploy, and maintain, using a set of clear best practices and the Ruby programming language. This book is designed to make any programmer or system administrator more productive in their job. Now updated for Ruby 2.Writing a command-line application that's self-documenting, robust, adaptable and forever useful is easier than you might think. Ruby is particularly suited to this task, because it combines high-level abstractions with "close to the metal" system interaction wrapped up in a concise, readable syntax. Plus, Ruby has the support of a rich ecosystem of open source tools and libraries.Ten insightful chapters each explain and demonstrate a command-line best practice. You'll see how to use these tools to elevate the lowliest automation script to a maintainable, polished application. You'll learn how to use free, open source parsers to create user-friendly command-line interfaces as well as command suites. You'll see how to use defaults to keep options simple for everyday users, while giving advanced users options for more complex tasks. There's no reason why a command-line application should lack documentation, whether it's part of a help command or a man page; you'll find out when and how to use both. Your journey from command-line novice to pro ends with a look at valuable approaches to testing your apps, and includes some fun techniques for outside-the-box, colorful interfaces that will delight your users.With Ruby, the command line is not dead. Long live the command line.

    Spring Boot and Spring Cloud offer Java developers an easy migration path from traditional monolithic Spring applications to microservice-based applications that can be deployed to multiple cloud platforms. The Spring Boot and Spring Cloud frameworks let you quickly build microservices that are ready to be deployed to a private corporate cloud or a public cloud like Amazon Web Services (AWS) or Pivotal’s CloudFoundry.Spring Microservices in Action teaches you how to use the Spring Boot and Spring Cloud frameworks to build and deploy microservice-based cloud applications. You'll begin with an introduction to the microservice pattern and how to build microservices with Spring Boot and Spring Cloud. Then you'll get hands-on and discover how to configure Spring Boot. Using lots of real-world examples, you'll learn topics like service discovery with Spring Cloud, Netflix Eureka, and Ribbon. Next, you'll find out how to handle potential problems using client-side resiliency patterns with Spring and Netflix Hystrix. This book also covers implementing a service gateway with Spring Cloud and Zuul and event processing in the cloud with Spring Cloud Stream. Finally, you'll learn to deploy and push your application to cloud services, including AWS and CloudFoundry. By the end of this book, you'll not only be able to build your own microservice-based applications, but how operationalize and scale your microservices so they can deployed to a private or public cloud.

    Though it may not seem this way for those who have been in the field for most of their careers, in the overall scheme of professions, software builders are relative "newbies." In the short history of the software field, a lot of facts have been identified, and a lot of fallacies promulgated. Those facts and fallacies are what this book is about. There's a problem with those facts-and, as you might imagine, those fallacies. Many of these fundamentally important facts are learned by a software engineer, but over the short lifespan of the software field, all too many of them have been forgotten. While reading Facts and Fallacies of Software Engineering , you may experience moments of "Oh, yes, I had forgotten that," alongside some "Is that really true?" thoughts. The author of this book doesn't shy away from controversy. In fact, each of the facts and fallacies is accompanied by a discussion of whatever controversy envelops it. You may find yourself agreeing with a lot of the facts and fallacies, yet emotionally disturbed by a few of them! Whether you agree or disagree, you will learn why the author has been called "the premier curmudgeon of software practice." These facts and fallacies are fundamental to the software building field-forget or neglect them at your peril!

    This book makes it easy From how to install and run Java to understanding classes and objects and juggling values with arrays and collections, you will get up to speed on the new features of Java 6 in no time.Discover how toUse object-oriented programmingWork with the changes in Java 6 and JDK 6Save time by reusing codeMix Java and Javascript with the new scripting toolsTroubleshoot code problems and fix bugsAll on the bonus CD-ROMCustom build of JCreator and all the code files used in the bookBonus chapters not included in the bookTrial version of Jindent, WinOne, and NetCaptor freewareSystem Requirements: For details and complete system requirements, see the CD-ROM appendix.Note: CD-ROM/DVD and other supplementary materials are not included as part of eBook file.