You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    But where do they come from? What kind of environment breeds them? What sparks the flash of brilliance? How do we generate the breakthrough technologies that push forward our lives, our society, our culture? Steven Johnson's answers are revelatory as he identifies the seven key patterns behind genuine innovation, and traces them across time and disciplines. From Darwin and Freud to the halls of Google and Apple, Johnson investigates the innovation hubs throughout modern time and pulls out the approaches and commonalities that seem to appear at moments of originality.

    In this fascinating, provocative new book, Kevin Kelly provides an optimistic road map for the future, showing how the coming changes in our lives—from virtual reality in the home to an on-demand economy to artificial intelligence embedded in everything we manufacture—can be understood as the result of a few long-term, accelerating forces. Kelly both describes these deep trends—flowing, screening, accessing, sharing, filtering, remixing, tracking, and questioning—and demonstrates how they overlap and are codependent on one another. These larger forces will completely revolutionize the way we buy, work, learn, and communicate with each other. By understanding and embracing them, says Kelly, it will be easier for us to remain on top of the coming wave of changes and to arrange our day-to-day relationships with technology in ways that bring forth maximum benefits. Kelly’s bright, hopeful book will be indispensable to anyone who seeks guidance on where their business, industry, or life is heading—what to invent, where to work, in what to invest, how to better reach customers, and what to begin to put into place—as this new world emerges.

    This groundbreaking new book sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours-- sometimes even minutes-no matter what the size of a project or the complexity of its code base. Jez Humble and David Farley begin by presenting the foundations of a rapid, reliable, low-risk delivery process. Next, they introduce the "deployment pipeline," an automated process for managing all changes, from check-in to release. Finally, they discuss the "ecosystem" needed to support continuous delivery, from infrastructure, data and configuration management to governance. The authors introduce state-of-the-art techniques, including automated infrastructure management and data migration, and the use of virtualization. For each, they review key issues, identify best practices, and demonstrate how to mitigate risks. Coverage includes - Automating all facets of building, integrating, testing, and deploying software - Implementing deployment pipelines at team and organizational levels - Improving collaboration between developers, testers, and operations - Developing features incrementally on large and distributed teams - Implementing an effective configuration management strategy - Automating acceptance testing, from analysis to implementation - Testing capacity and other non-functional requirements - Implementing continuous deployment and zero-downtime releases - Managing infrastructure, data, components and dependencies - Navigating risk management, compliance, and auditing Whether you're a developer, systems administrator, tester, or manager, this book will help your organization move from idea to release faster than ever--so you can deliver value to your business rapidly and reliably.

    By understanding what the browser can and cannot do, you’ll be able to make better design decisions and deliver faster web applications to your users.Author Ilya Grigorik—a developer advocate and web performance engineer at Google—starts with the building blocks of TCP and UDP, and then dives into newer technologies such as HTTP 2.0, WebSockets, and WebRTC. This book explains the benefits of these technologies and helps you determine which ones to use for your next application.- Learn how TCP affects the performance of HTTP- Understand why mobile networks are slower than wired networks- Use best practices to address performance bottlenecks in HTTP- Discover how HTTP 2.0 (based on SPDY) will improve networking- Learn how to use Server Sent Events (SSE) for push updates, and WebSockets for XMPP chat- Explore WebRTC for browser-to-browser applications such as P2P video chat- Examine the architecture of a simple app that uses HTTP 2.0, SSE, WebSockets, and WebRTC

    Who are these people, what motivates them, and why should you care?Consider these facts: Everything around us is turning into computers. Your typewriter is gone, replaced by a computer. Your phone has turned into a computer. So has your camera. Soon your TV will. Your car was not only designed on computers, but has more processing power in it than a room-sized mainframe did in 1970. Letters, encyclopedias, newspapers, and even your local store are being replaced by the Internet.Hackers & Painters: Big Ideas from the Computer Age, by Paul Graham, explains this world and the motivations of the people who occupy it. In clear, thoughtful prose that draws on illuminating historical examples, Graham takes readers on an unflinching exploration into what he calls “an intellectual Wild West.”The ideas discussed in this book will have a powerful and lasting impact on how we think, how we work, how we develop technology, and how we live. Topics include the importance of beauty in software design, how to make wealth, heresy and free speech, the programming language renaissance, the open-source movement, digital design, internet startups, and more.

    The devices we use to get just-in-time coupons, directions when we're lost, and maintain connections with loved ones no matter how far away they are, also invade our privacy in ways we might not even be aware of. Our devices send and collect data about us whenever we use them, but that data is not safeguarded the way we assume it would be. Privacy is complex and personal. Many of us do not know the full extent to which data is collected, stored, aggregated, and used. As recent revelations indicate, we are subject to a level of data collection and surveillance never before imaginable. While some of these methods may, in fact, protect us and provide us with information and services we deem to be helpful and desired, others can turn out to be insidious and over-arching. Privacy in the Age of Big Data highlights the many positive outcomes of digital surveillance and data collection while also outlining those forms of data collection to which we may not consent, and of which we are likely unaware. Payton and Claypoole skillfully introduce readers to the many ways we are 'watched, ' and how to adjust our behaviors and activities to recapture our privacy. The authors suggest the tools, behavior changes, and political actions we can take to regain data and identity security. Anyone who uses digital devices will want to read this book for its clear and no-nonsense approach to the world of big data and what it means for all of us.

    Fully updated for Windows Server® 2008 and Windows Vista®, this classic guide delivers key architectural insights on system design, debugging, performance, and support—along with hands-on experiments to experience Windows internal behavior firsthand. Delve inside Windows architecture and internals: Understand how the core system and management mechanisms work—from the object manager to services to the registry Explore internal system data structures using tools like the kernel debugger Grasp the scheduler's priority and CPU placement algorithms Go inside the Windows security model to see how it authorizes access to data Understand how Windows manages physical and virtual memory Tour the Windows networking stack from top to bottom—including APIs, protocol drivers, and network adapter drivers Troubleshoot file-system access problems and system boot problems Learn how to analyze crashes

    Unlike other texts on the subject (which tend to be either massive volumes detailing every conceivable style of lock or brief "spy manuals" that only skim the surface) this book is for INFOSEC professionals that need essential, core knowledge of lockpicking and seek the ability to open most locks with relative ease. Deviant's material is presented with rich, detailed diagrams and is offered in easy-to-follow lessons which allow even beginners to acquire the knowledge very quickly. Everything from straightforward lockpicking to quick-entry techniques like shimming, bumping, and bypassing is explained and shown.Whether you're being hired to penetrate security or simply trying to harden your own defenses, this book is essential. Detailed photos make learning as easy as picking a lock DVD is filled with indispensible lock picking videos and color photos Extensive appendix details tools and toolkits currently available for all your lock picking needs

    It details the core protocols that make TCP/IP internetworks function, and the most important classical TCP/IP applications. Its personal, easy-going writing style lets anyone understand the dozens of protocols and technologies that run the Internet, with full coverage of PPP, ARP, IP, IPv6, IP NAT, IPSec, Mobile IP, ICMP, RIP, BGP, TCP, UDP, DNS, DHCP, SNMP, FTP, SMTP, NNTP, HTTP, Telnet and much more. The author offers not only a detailed view of the TCP/IP protocol suite, but also describes networking fundamentals and the important OSI Reference Model.

    What should we do, or leave undone, in a day or a lifetime? How much messiness should we accept? What balance of new activities and familiar favorites is the most fulfilling? These may seem like uniquely human quandaries, but they are not: computers, too, face the same constraints, so computer scientists have been grappling with their version of such issues for decades. And the solutions they've found have much to teach us.In a dazzlingly interdisciplinary work, acclaimed author Brian Christian and cognitive scientist Tom Griffiths show how the algorithms used by computers can also untangle very human questions. They explain how to have better hunches and when to leave things to chance, how to deal with overwhelming choices and how best to connect with others. From finding a spouse to finding a parking spot, from organizing one's inbox to understanding the workings of memory, Algorithms to Live By transforms the wisdom of computer science into strategies for human living.

    This authoritative book scrapes away these bad features to reveal a subset of JavaScript that's more reliable, readable, and maintainable than the language as a whole--a subset you can use to create truly extensible and efficient code.Considered the JavaScript expert by many people in the development community, author Douglas Crockford identifies the abundance of good ideas that make JavaScript an outstanding object-oriented programming language-ideas such as functions, loose typing, dynamic objects, and an expressive object literal notation. Unfortunately, these good ideas are mixed in with bad and downright awful ideas, like a programming model based on global variables.When Java applets failed, JavaScript became the language of the Web by default, making its popularity almost completely independent of its qualities as a programming language. In JavaScript: The Good Parts, Crockford finally digs through the steaming pile of good intentions and blunders to give you a detailed look at all the genuinely elegant parts of JavaScript, including:SyntaxObjectsFunctionsInheritanceArraysRegular expressionsMethodsStyleBeautiful featuresThe real beauty? As you move ahead with the subset of JavaScript that this book presents, you'll also sidestep the need to unlearn all the bad parts. Of course, if you want to find out more about the bad parts and how to use them badly, simply consult any other JavaScript book.With JavaScript: The Good Parts, you'll discover a beautiful, elegant, lightweight and highly expressive language that lets you create effective code, whether you're managing object libraries or just trying to get Ajax to run fast. If you develop sites or applications for the Web, this book is an absolute must.

    Cooper details many of these meta functions to explain his central thesis: programmers need to seriously re-evaluate the many user-hostile concepts deeply embedded within the software development process. Rather than provide users with a straightforward set of options, programmers often pile on the bells and whistles and ignore or de-prioritise lingering bugs. For the average user, increased functionality is a great burden, adding to the recurrent chorus that plays: "computers are hard, mysterious, unwieldy things." (An average user, Cooper asserts, who doesn't think that way or who has memorised all the esoteric commands and now lords it over others, has simply been desensitised by too many years of badly designed software.) Cooper's writing style is often overblown, with a pantheon of cutesy terminology (i.e. "dancing bearware") and insider back-patting. (When presenting software to Bill Gates, he reports that Gates replied: "How did you do that?" to which he writes: "I love stumping Bill!") More seriously, he is also unable to see beyond software development's importance--a sin he accuses programmers of throughout the book. Even with that in mind, the central questions Cooper asks are too important to ignore: Are we making users happier? Are we improving the process by which they get work done? Are we making their work hours more effective? Cooper looks to programmers, business managers and what he calls "interaction designers" to question current assumptions and mindsets. Plainly, he asserts that the goal of computer usage should be "not to make anyone feel stupid." Our distance from that goal reinforces the need to rethink entrenched priorities in software planning. -- Jennifer Buckendorff, Amazon.com

    Naturally, that means John Walkenbach returns with a new edition of his bestselling VBA Programming book and covers all the methods and tools you need to know in order to program with Excel. With this comprehensive guide, Mr. Spreadsheet shows you how to maximize your Excel experience using professional spreadsheet application development tips from his own personal bookshelf.Featuring a complete introduction to Visual Basic for Applications and fully updated for the latest features of Excel 2013, this essential reference includes an analysis of Excel application development and is packed with procedures, tips, and ideas for expanding Excel's capabilities with VBA.Offers an analysis of Excel application development and a complete introduction to VBA Features invaluable advice from Mr. Spreadsheet himself, bestselling author John Walkenbach, who demonstrates all the techniques you need to create Excel applications, both large and small Covers navigating the Excel interface, formatting worksheets, interacting with other Office applications, working with collaboration tools, and using sample workbooks and John Walkenbach's award-winning Power Utility Pak to help enhance your Excel skills Provides tips, tricks, and techniques for expanding Excel's capabilities with VBA that you wont find anywhere else Excel 2013 Power Programming with VBA is packed with procedures, tips, and ideas for achieving Excel excellence with VBA.

    The answers aren't easy -- just incredibly successful.