Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape.In The Tangled Web, Michal Zalewski, one of the world's top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they're fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. You'll learn how to:Perform common but surprisingly complex tasks such as URL parsing and HTML sanitization Use modern security features like Strict Transport Security, Content Security Policy, and Cross-Origin Resource Sharing Leverage many variants of the same-origin policy to safely compartmentalize complex web applications and protect user credentials in case of XSS bugs Build mashups and embed gadgets without getting stung by the tricky frame navigation policy Embed or host user-supplied content without running into the trap of content sniffing For quick reference, "Security Engineering Cheat Sheets" at the end of each chapter offer ready solutions to problems you're most likely to encounter. With coverage extending as far as planned HTML5 features, The Tangled Web will help you create secure web applications that stand the test of time.

    How's that possible? Google revealed the secret through a project called Kubernetes, an open source cluster orchestrator (based on its internal Borg system) that radically simplifies the task of building, deploying, and maintaining scalable distributed systems in the cloud. This practical guide shows you how Kubernetes and container technology can help you achieve new levels of velocity, agility, reliability, and efficiency.Authors Kelsey Hightower, Brendan Burns, and Joe Beda--who've worked on Kubernetes at Google--explain how this system fits into the lifecycle of a distributed application. You will learn how to use tools and APIs to automate scalable distributed systems, whether it is for online services, machine-learning applications, or a cluster of Raspberry Pi computers.Explore the distributed system challenges that Kubernetes addressesDive into containerized application development, using containers such as DockerCreate and run containers on Kubernetes, using Docker's Image format and container runtimeExplore specialized objects essential for running applications in productionReliably roll out new software versions without downtime or errorsGet examples of how to develop and deploy real-world applications in Kubernetes

    At under 200 pages it's quick reading too. Makes a great airplane book.

    Developers of every stripe-hobbyists and professionals alike-fall in love with jQuery the minute they've reduced 20 lines of clunky JavaScript into three lines of elegant, readable code. This new, concise JavaScript library radically simplifies how you traverse HTML documents, handle events, perform animations, and add Ajax interactions to your web pages.jQuery in Action, like jQuery itself, is a concise tool designed to make you a more efficient and effective web developer. In a short 300 pages, this book introduces you to the jQuery programming model and guides you through the major features and techniques you'll need to be productive immediately. The book anchors each new concept in the tasks you'll tackle in day-to-day web development and offers unique lab pages where you immediately put your jQuery knowledge to work.There are dozens of JavaScript libraries available now, with major companies like Google, Yahoo and AOL open-sourcing their in-house tools. This book shows you how jQuery stacks up against other libraries and helps you navigate interaction with other tools and frameworks.jQuery in Action offers a rich investigation of the up-and-coming jQuery library for client-side JavaScript. This book covers all major features and capabilities in a manner focused on getting the reader up and running with jQuery from the very first sections. Web Developers reading this book will gain a deep understanding of how to use jQuery to simplify their pages and lives, as well as learn the philosophy behind writing jQuery-enhanced pages.

    Unlike other introductory books, it focuses on the program design process. This approach fosters a variety of skills--critical reading, analytical thinking, creative synthesis, and attention to detail--that are important for everyone, not just future computer programmers. The book exposes readers to two fundamentally new ideas. First, it presents program design guidelines that show the reader how to analyze a problem statement; how to formulate concise goals; how to make up examples; how to develop an outline of the solution, based on the analysis; how to finish the program; and how to test. Each step produces a well-defined intermediate product. Second, the book comes with a novel programming environment, the first one explicitly designed for beginners. The environment grows with the readers as they master the material in the book until it supports a full-fledged language for the whole spectrum of programming tasks.All the book's support materials are available for free on the Web. The Web site includes the environment, teacher guides, exercises for all levels, solutions, and additional projects.A second edition is now available.

    Unfortunately, developers are creating mountains of unmaintainable tests as a side effect. I've been fighting the maintenance battle pretty aggressively for years, and this book captures the what I believe is the most effective way to test.This book details my strong opinions on the best way to test, while acknowledging alternative styles and various contexts in which tests are written. Whether you prefer my style or not, this book will help you write better Unit and Functional Tests.

    Through four years of groundbreaking research, Dr. Nicole Forsgren, Jez Humble, and Gene Kim set out to find a way to measure software delivery performance—and what drives it—using rigorous statistical methods. This book presents both the findings and the science behind that research. Readers will discover how to measure the performance of their teams, and what capabilities they should invest in to drive higher performance.

    Some of its new features are already being implemented by existing browsers, and much more is around the corner. Written by developers who have been using the new language for the past year in their work, this book shows you how to start adapting the language now to realize its benefits on today's browsers. Rather than being just an academic investigation, it concentrates on the practical--the problems HTML5 can solve for you right away. By following the book's hands-on HTML5 code examples you'll learn: new semantics and structures to help your site become richer and more accessiblehow to apply the most important JavaScript APIs that are already implementedthe uses of native multimedia for video and audiotechniques for drawing lines, fills, gradients, images and text with canvas how to build more intelligent web formsimplementation of new storage options and web databaseshow geolocation works with HTML5 in both web and mobile applicationsAll the code from this book (and more) is available at www.introducinghtml5.com. ********There appear to be intermittent problems with the first printing of Introducing HTML5. If you have one of these copies, please email us at ask@peachpit.com with a copy of your receipt (from any reseller), and we'll either provide access to the eBook or send you another copy of the print book -- whichever you prefer. If you'd like the eBook we can add that to your Peachpit.com account. You can set up a free account at www.peachpit.com/join http: //www.peachpit.com/join>. Thanks so much for your understanding!

    You'll learn techniques for implementing specific Web technologies and patterns to solve the needs of a typical company as it grows from modest beginnings to become a global enterprise.Learn basic Web techniques for application integrationUse HTTP and the Web’s infrastructure to build scalable, fault-tolerant enterprise applicationsDiscover the Create, Read, Update, Delete (CRUD) pattern for manipulating resourcesBuild RESTful services that use hypermedia to model state transitions and describe business protocolsLearn how to make Web-based solutions secure and interoperableExtend integration patterns for event-driven computing with the Atom Syndication Format and implement multi-party interactions in AtomPubUnderstand how the Semantic Web will impact systems design

    Relentlessly practical, the book delivers insight, not documentation, to teach developers what they need to know to build the next generation of SOAs.After explaining the advantages of service-orientation for application design and teaching the basics of how to develop SOAs using WCF, the book shows how you can take advantage of built-in features such as service hosting, instance management, asynchronous calls, synchronization, reliability, transaction management, disconnected queued calls and security to build best in class applications. "Programming WCF Services" focuses on the rationale behind particular design decisions, often shedding light on poorly-documented and little-understood aspects of SOA development. Developers and architects will learn not only the "how" of WCF programming, but also relevant design guidelines, best practices, and pitfalls. Original techniques and utilities provided by the author throughout the book go well beyond anything that can be found in conventional sources.Based on experience and insight gained while taking part in the strategic design of WCF and working with the team that implemented it, "Programming WCF Services" provides experienced working professionals with the definitive work on WCF. Not only will this book make you a WCF expert, it will make you a better software engineer. It's the Rosetta Stone of WCF.

    Now you can get in on the action as well. This book describes metaprogramming as an essential component of Ruby. Once you understand the principles of Ruby, including the object model, scopes, and eigenclasses, you're on your way to applying metaprogramming both in your daily work and in your fun, after-hours projects. Learning metaprogramming doesn't have to be difficult or boring. By taking you on a Monday-through-Friday workweek adventure with a pair of programmers, Paolo Perrotta helps make mastering the art of metaprogramming both straightforward and entertaining. The book is packed with:Pragmatic examples of metaprogramming in action, many of which come straight from popular libraries or frameworks, such as Rails. Programming challenges that let you experiment and play with some of the most fun, "out-there" metaprogramming concepts. Metaprogramming spells--34 practical recipes and idioms that you can study and apply right now, to write code that is sure to impress. Whether you're a Ruby apprentice on the path to mastering the language or a Ruby wiz in search of new tips, this book is for you.

    What makes an operating system modern? According to author Andrew Tanenbaum, it is the awareness of high-demand computer applications--primarily in the areas of multimedia, parallel and distributed computing, and security. The development of faster and more advanced hardware has driven progress in software, including enhancements to the operating system. It is one thing to run an old operating system on current hardware, and another to effectively leverage current hardware to best serve modern software applications. If you don't believe it, install Windows 3.0 on a modern PC and try surfing the Internet or burning a CD. Readers familiar with Tanenbaum's previous text, Operating Systems, know the author is a great proponent of simple design and hands-on experimentation. His earlier book came bundled with the source code for an operating system called Minux, a simple variant of Unix and the platform used by Linus Torvalds to develop Linux. Although this book does not come with any source code, he illustrates many of his points with code fragments (C, usually with Unix system calls). The first half of Modern Operating Systems focuses on traditional operating systems concepts: processes, deadlocks, memory management, I/O, and file systems. There is nothing groundbreaking in these early chapters, but all topics are well covered, each including sections on current research and a set of student problems. It is enlightening to read Tanenbaum's explanations of the design decisions made by past operating systems gurus, including his view that additional research on the problem of deadlocks is impractical except for "keeping otherwise unemployed graph theorists off the streets." It is the second half of the book that differentiates itself from older operating systems texts. Here, each chapter describes an element of what constitutes a modern operating system--awareness of multimedia applications, multiple processors, computer networks, and a high level of security. The chapter on multimedia functionality focuses on such features as handling massive files and providing video-on-demand. Included in the discussion on multiprocessor platforms are clustered computers and distributed computing. Finally, the importance of security is discussed--a lively enumeration of the scores of ways operating systems can be vulnerable to attack, from password security to computer viruses and Internet worms. Included at the end of the book are case studies of two popular operating systems: Unix/Linux and Windows 2000. There is a bias toward the Unix/Linux approach, not surprising given the author's experience and academic bent, but this bias does not detract from Tanenbaum's analysis. Both operating systems are dissected, describing how each implements processes, file systems, memory management, and other operating system fundamentals. Tanenbaum's mantra is simple, accessible operating system design. Given that modern operating systems have extensive features, he is forced to reconcile physical size with simplicity. Toward this end, he makes frequent references to the Frederick Brooks classic The Mythical Man-Month for wisdom on managing large, complex software development projects. He finds both Windows 2000 and Unix/Linux guilty of being too complicated--with a particular skewering of Windows 2000 and its "mammoth Win32 API." A primary culprit is the attempt to make operating systems more "user-friendly," which Tanenbaum views as an excuse for bloated code. The solution is to have smart people, the smallest possible team, and well-defined interactions between various operating systems components. Future operating system design will benefit if the advice in this book is taken to heart. --Pete Ostenson

     Rails(TM) AntiPatterns identifies these widespread Rails code and design problems, explains why they're bad and why they happen--and shows exactly what to do instead.The book is organized into concise, modular chapters--each outlines a single common AntiPattern and offers detailed, cookbook-style code solutions that were previously difficult or impossible to find. Leading Rails developers Chad Pytel and Tammer Saleh also offer specific guidance for refactoring existing bad code or design to reflect sound object-oriented principles and established Rails best practices. With their help, developers, architects, and testers can dramatically improve new and existing applications, avoid future problems, and establish superior Rails coding standards throughout their organizations.This book will help you understand, avoid, and solve problems withModel layer code, from general object-oriented programming violations to complex SQL and excessive redundancy Domain modeling, including schema and database issues such as normalization and serialization View layer tools and conventions Controller-layer code, including RESTful code Service-related APIs, including timeouts, exceptions, backgrounding, and response codes Third-party code, including plug-ins and gems Testing, from test suites to test-driven development processes Scaling and deployment Database issues, including migrations and validations System design for "graceful degradation" in the real world

    Often, computer science and computer engineering curricula don't provide students with a concentrated and consistent introduction to the fundamental concepts that underlie all computer systems. Traditional computer organization and logic design courses cover some of this material, but they focus largely on hardware design. They provide students with little or no understanding of how important software components operate, how application programs use systems, or how system attributes affect the performance and correctness of application programs. - A more complete view of systems - Takes a broader view of systems than traditional computer organization books, covering aspects of computer design, operating systems, compilers, and networking, provides students with the understanding of how programs run on real systems. - Systems presented from a programmers perspective - Material is presented in such a way that it has clear benefit to application programmers, students learn how to use this knowledge to improve program performance and reliability. They also become more effective in program debugging, because t

    This makes the book random-access: Items are easy to browse and study in whatever order the reader needs. I will be recommending "Effective Python" to students as an admirably compact source of mainstream advice on a very broad range of topics for the intermediate Python programmer. " Brandon Rhodes, software engineer at Dropbox and chair of PyCon 2016-2017" It s easy to start coding with Python, which is why the language is so popular. However, Python s unique strengths, charms, and expressiveness can be hard to grasp, and there are hidden pitfalls that can easily trip you up. " Effective Python " will help you master a truly Pythonic approach to programming, harnessing Python s full power to write exceptionally robust and well-performing code. Using the concise, scenario-driven style pioneered in Scott Meyers best-selling "Effective C++, " Brett Slatkin brings together 59 Python best practices, tips, and shortcuts, and explains them with realistic code examples. Drawing on years of experience building Python infrastructure at Google, Slatkin uncovers little-known quirks and idioms that powerfully impact code behavior and performance. You ll learn the best way to accomplish key tasks, so you can write code that s easier to understand, maintain, and improve. Key features includeActionable guidelines for all major areas of Python 3.x and 2.x development, with detailed explanations and examples Best practices for writing functions that clarify intention, promote reuse, and avoid bugs Coverage of how to accurately express behaviors with classes and objects Guidance on how to avoid pitfalls with metaclasses and dynamic attributes More efficient approaches to concurrency and parallelism Better techniques and idioms for using Python s built-in modules Tools and best practices for collaborative development Solutions for debugging, testing, and optimization in order to improve quality and performance "