As the words "at work" suggest, Peter Seibel focuses on how his interviewees tackle the day–to–day work of programming, while revealing much more, like how they became great programmers, how they recognize programming talent in others, and what kinds of problems they find most interesting. Hundreds of people have suggested names of programmers to interview on the Coders at Work web site: http://www.codersatwork.com. The complete list was 284 names. Having digested everyone’s feedback, we selected 16 folks who’ve been kind enough to agree to be interviewed:- Frances Allen: Pioneer in optimizing compilers, first woman to win the Turing Award (2006) and first female IBM fellow- Joe Armstrong: Inventor of Erlang- Joshua Bloch: Author of the Java collections framework, now at Google- Bernie Cosell: One of the main software guys behind the original ARPANET IMPs and a master debugger- Douglas Crockford: JSON founder, JavaScript architect at Yahoo!- L. Peter Deutsch: Author of Ghostscript, implementer of Smalltalk-80 at Xerox PARC and Lisp 1.5 on PDP-1- Brendan Eich: Inventor of JavaScript, CTO of the Mozilla Corporation - Brad Fitzpatrick: Writer of LiveJournal, OpenID, memcached, and Perlbal - Dan Ingalls: Smalltalk implementor and designer- Simon Peyton Jones: Coinventor of Haskell and lead designer of Glasgow Haskell Compiler- Donald Knuth: Author of The Art of Computer Programming and creator of TeX- Peter Norvig: Director of Research at Google and author of the standard text on AI- Guy Steele: Coinventor of Scheme and part of the Common Lisp Gang of Five, currently working on Fortress- Ken Thompson: Inventor of UNIX- Jamie Zawinski: Author of XEmacs and early Netscape/Mozilla hackerWhat you’ll learn:How the best programmers in the world do their jobWho is this book for?Programmers interested in the point of view of leaders in the field. Programmers looking for approaches that work for some of these outstanding programmers.

    You need to assume it will run in the most hostile environments imaginable -- and design, code, and test accordingly. Writing Secure Code, Second Edition shows you how. This edition draws on the lessons learned and taught throughout Microsoft during the firm s massive 2002 Windows Security Push. It s a huge upgrade to the respected First Edition, with new coverage across the board. Michael Howard and David LeBlanc first help you define what security means to your customers -- and implement a three-pronged strategy for securing design, defaults, and deployment. There s especially useful coverage of threat modeling -- decomposing your application, identifying threats, ranking them, and mitigating them. Then, it s on to in-depth coverage of today s key security issues from the developer s standpoint. Everyone knows buffer overruns are bad: Here s a full chapter on avoiding them. You ll learn how to establish appropriate access controls and default to running with least privilege. There s detailed coverage of overcoming attacks on cryptography (for example, avoiding poor random numbers and bit-flipping attacks). You ll learn countermeasures for virtually every form of user input attack, from malicious database updates to cross-site scripting. We ve just scratched the surface: There are authoritative techniques for securing sockets and RPC, protecting against DOS attacks, building safer .NET applications, reviewing and testing code, adding privacy features, and even writing high-quality security documentation. Following these techniques won t just improve security -- it ll dramatically improve robustness and reliability, too. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks For Dummies®, Second Edition.

    Fortunately, there s a solution: Erik T. Ray s Learning XML, Second Edition. This book presents an outstanding birds-eye view of the XML landscape. It s definitely not a programming book (though it does introduce some key XML programming issues). Rather, it s focused on key ideas you need to understand whatever you want to do with XML. That could be document management, web or print content delivery, application integration, B2B commerce, data storage, internationalization -- you name it.Ray s day job is software developer and XML specialist at O Reilly. There, he s helped to implement a complete publishing solution, using DocBook-XML and Perl to produce books in print, on CD-ROM, and for online delivery. So he understands XML from the real-world point of view of someone with a job to do. His first goal is to take on the big questions. First, What is XML? Ray attacks this question from multiple angles, introducing XML as a general-purpose information storage system, a markup language toolkit, and an open standard (or, increasingly, a collection of standards). What can (and can t) you do with XML? What s the history that led us here? And what tools do you need to get started? Next, he introduces the basic building blocks of XML markup and all XML-derived languages: stuff you ll need to know regardless of your goals. Through easy examples, you ll understand elements, attributes, entities, and processing instructions -- and how they fit together in a well-formed XML document. Then, it s on to representing information with XML -- in other words, understanding the nature and planning the structure of the documents you ll be using. Ray starts simply, then builds on his basic examples to discuss narrative documents with text flows, block and inline elements, and titled sections. Once you can handle those, he discusses more complex information modeling, as used in specialized markup languages such as VML. This edition contains an entirely new chapter on XML Schemas -- what he calls the shepherds that keep documents from straying outside of the herd and causing trouble. Schemas, of course, have become hugely important. This is one of the best plain-English introductions to the topic we ve seen. Ray then turns to presentation, introducing CSS stylesheets, basic usage, rule matching, properties, and more. A little later on, he returns to the subject -- this time with a complete introduction to XSL-FO that illuminates two powerful examples. The first is TEI-XML, a markup language for scholarly documents (Ray presents a Shakespearean sonnet, appropriately coded). The second is the immensely powerful DocBook -- which, as we ve observed, Ray knows inside and out. Learning XML is superbly written. Clear explanations. Simple examples. Great metaphors and analogies. And excellent introductions to nearly every topic that matters, from links to presentation, transformation to internationalization. If you re just starting out with XML, you re lucky to have it. Bill CamardaBill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.

    Topics are broken down into three major conceptual pieces: Virtualization, Concurrency, and Persistence. Includes all major components of modern systems including scheduling, virtual memory management, disk subsystems and I/O, file systems, and even a short introduction to distributed systems.

    Ideal for processing large datasets, the Apache Hadoop framework is an open source implementation of the MapReduce algorithm on which Google built its empire. This comprehensive resource demonstrates how to use Hadoop to build reliable, scalable, distributed systems: programmers will find details for analyzing large datasets, and administrators will learn how to set up and run Hadoop clusters. Complete with case studies that illustrate how Hadoop solves specific problems, this book helps you:Use the Hadoop Distributed File System (HDFS) for storing large datasets, and run distributed computations over those datasets using MapReduce Become familiar with Hadoop's data and I/O building blocks for compression, data integrity, serialization, and persistence Discover common pitfalls and advanced features for writing real-world MapReduce programs Design, build, and administer a dedicated Hadoop cluster, or run Hadoop in the cloud Use Pig, a high-level query language for large-scale data processing Take advantage of HBase, Hadoop's database for structured and semi-structured data Learn ZooKeeper, a toolkit of coordination primitives for building distributed systems If you have lots of data -- whether it's gigabytes or petabytes -- Hadoop is the perfect solution. Hadoop: The Definitive Guide is the most thorough book available on the subject. "Now you have the opportunity to learn about Hadoop from a master-not only of the technology, but also of common sense and plain talk." -- Doug Cutting, Hadoop Founder, Yahoo!

    So, why does conventional wisdom insist that software engineers focus primarily on the design and development of large-scale computing systems?In this collection of essays and articles, key members of Google's Site Reliability Team explain how and why their commitment to the entire lifecycle has enabled the company to successfully build, deploy, monitor, and maintain some of the largest software systems in the world. You'll learn the principles and practices that enable Google engineers to make systems more scalable, reliable, and efficient--lessons directly applicable to your organization.This book is divided into four sections: Introduction--Learn what site reliability engineering is and why it differs from conventional IT industry practicesPrinciples--Examine the patterns, behaviors, and areas of concern that influence the work of a site reliability engineer (SRE)Practices--Understand the theory and practice of an SRE's day-to-day work: building and operating large distributed computing systemsManagement--Explore Google's best practices for training, communication, and meetings that your organization can use

    In fact, generating accurate estimates is straightforward—once you understand the art of creating them.In his highly anticipated book, acclaimed author Steve McConnell unravels the mystery to successful software estimation—distilling academic information and real-world experience into a practical guide for working software professionals. Instead of arcane treatises and rigid modeling techniques, this guide highlights a proven set of procedures, understandable formulas, and heuristics that individuals and development teams can apply to their projects to help achieve estimation proficiency.

    Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography Shows you how to build cryptography into products from the start Examines updates and changes to cryptography Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.

    IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security.Featuring a Foreword written by world-renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception, this book is the first guide to planning and performing a physical penetration test. Inside, IT security expert Wil Allsopp guides you through the entire process from gathering intelligence, getting inside, dealing with threats, staying hidden (often in plain sight), and getting access to networks and data.Teaches IT security teams how to break into their own facility in order to defend against such attacks, which is often overlooked by IT security teams but is of critical importance Deals with intelligence gathering, such as getting access building blueprints and satellite imagery, hacking security cameras, planting bugs, and eavesdropping on security channels Includes safeguards for consultants paid to probe facilities unbeknown to staff Covers preparing the report and presenting it to management In order to defend data, you need to think like a thief-let Unauthorised Access show you how to get inside.

    The authors guide you step by step, using construction of a CD database application to give you hands-on experience as you progress from the basic to the complex. You'll start with fundamental concepts like writing Unix programs in C. You'll learn basic system calls, file I/O, interprocess communication, and shell programming. You'll become skilled with the toolkits and libraries for working with user interfaces.The book starts from the basics, explaining how to compile and run your first program. New to this edition are chapters on MySQL(R) access and administration; programming GNOME and KDE; and Linux standards for portable applications. Coverage of kernel programming, device drivers, CVS, grep, and GUI development environments has expanded. This book gives you practical knowledge for real wor ld application.What does this book cover?In this book, you will learn how toDevelop programs to access files and the Linux environment Use the GNU compiler, debugger and other development tools Program data storage aapplications for MySQL and DBM database systems Write programs that take advantage of signals, processes and threads Build graphical user interfaces using both the GTK (for GNOME) and Qt (for KDE) libraries Write device drivers that can be loaded into the Linux kernel Access the network using TCP/IP sockets Write scripts that use grep, regular expressions and other Linux facilities Who is this book for?This book is for programmers with some C or C++ experience, who want to take advantage of the Linux development environment. You should have enough Linux familiarity to have installed and configured users on Linux.

    In the tradition of Manning's ground breaking "In Action" series, this book comes from right from the source. Written by Bruce Payette, one of principal creators of PowerShell, Windows PowerShell in Action shows you how to build scripts and utilities to automate system tasks or create powerful system management tools to handle the day-to-day tasks that drive a Windows administrator's life. Because it's based on the .NET platform, PowerShell is also a powerful tool for developers and power users.Windows PowerShell in Action was written by Bruce Payette, one of the founding members of the Windows PowerShell team, co-designer of the PowerShell language and the principal author of the PowerShell language implementation. The book enables you to get the most out of the PowerShell environment. Using many examples, both small and large, this book illustrates the features of the language and environment and shows how to compose those features into solutions, quickly and effectively.This book is designed for anyone who wants to learn PowerShell and use it well. Rather than simply being a book of recipes to read and apply, this book gives you the deep knowledge about how PowerShell works and how to apply it.

    When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.You'll learn how to:Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.

    This book will help those familiar the command line and basic shell scripting start using Ansible to provision and manage anywhere from one to thousands of servers.The book begins with fundamentals, like installing Ansible, setting up a basic inventory file, and basic concepts, then guides you through Ansible's many uses, including ad-hoc commands, basic and advanced playbooks, application deployments, custom modules, and special cases like running ansible in 'pull' mode when you have thousands of servers to manage (or more). Everything is explained with pertinent real-world examples, often using Vagrant-managed virtual machines.

    This groundbreaking new book sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers, and operations, delivery teams can get changes released in a matter of hours-- sometimes even minutes-no matter what the size of a project or the complexity of its code base. Jez Humble and David Farley begin by presenting the foundations of a rapid, reliable, low-risk delivery process. Next, they introduce the "deployment pipeline," an automated process for managing all changes, from check-in to release. Finally, they discuss the "ecosystem" needed to support continuous delivery, from infrastructure, data and configuration management to governance. The authors introduce state-of-the-art techniques, including automated infrastructure management and data migration, and the use of virtualization. For each, they review key issues, identify best practices, and demonstrate how to mitigate risks. Coverage includes - Automating all facets of building, integrating, testing, and deploying software - Implementing deployment pipelines at team and organizational levels - Improving collaboration between developers, testers, and operations - Developing features incrementally on large and distributed teams - Implementing an effective configuration management strategy - Automating acceptance testing, from analysis to implementation - Testing capacity and other non-functional requirements - Implementing continuous deployment and zero-downtime releases - Managing infrastructure, data, components and dependencies - Navigating risk management, compliance, and auditing Whether you're a developer, systems administrator, tester, or manager, this book will help your organization move from idea to release faster than ever--so you can deliver value to your business rapidly and reliably.

    The second edition of this book helps you prepare for the PMP certification exam using a visually rich format designed for the way your brain works. You'll find a full-length sample exam included inside the book. More than just proof of passing a test, a PMP certification means that you have the knowledge to solve most common project problems. But studying for a difficult four-hour exam on project management isn't easy, even for experienced project managers. Drawing on the latest research in neurobiology, cognitive science, and learning theory, Head First PMP offers you a multi-sensory experience that helps the material stick, not a text-heavy approach that puts you to sleep. This book will help you:Learn PMP's underlying concepts to help you understand the PMBOK principles and pass the certification exam with flying colorsGet 100% coverage of the latest principles and certification objectives in The PMBOK Guide, Fourth Edition, including two new processes: Collect Requirements and Identify StakeholdersMake use of a thorough and effective preparation guide with hundreds of practice questions and exam strategiesExplore the material through puzzles, games, problems, and exercises that make learning easy and entertainingHead First PMP puts project management principles into context to help you understand, remember, and apply them -- not just on the exam, but also on the job.