February 2014

Book: Java Puzzlers

It’s always a bit embarrassing to acknowledge, but Java Puzzlers: Traps, Pitfalls, and Corner Cases is one of the books on my bookshelf that has remained largely unread for quite a while (since 2006 in fact; I have a habit of writing the acquisition date inside the cover). Yet this week I finally finished it, and for a book on programming languages it’s actually a pretty good read. Here’s a few off the top of my head reasons.

Most importantly of course is that it’s educational. While a few of the puzzles are indeed corner cases that I suspect most will only rarely if ever encounter (such as the weird behaviour that may arise in floating point arithmetic), most of the material seems likely to come in handy from time to time when a bug creeps in. And not only for the simple bug: on a few occasions were the bugs I found in the puzzles not really bugs at all, with the real problem being something a lot more profound.

Fortunately, while the depth of the material sometimes makes the puzzle format of the book seem a bit quaint (for instance when the bug lies deep in the Java framework), the book also contains an elaborate overview/index in the back so that it’s also useful for those of us without photographic memory.

Which brings me to the final point, namely that the presentation is also quite pleasant: the font is easy to read, the writing is concise, and — most importantly — the code snippets are nicely formatted, to the point, and without clutter (to see how much impact this can have just open the horrible Thinking in Java). Due to the puzzle/solution nature of the book some blank space had to occur, but even this is nicely filled, with visual illusions.

Book: Violent Python

Since I’ve been refreshing my practical computer science knowledge recently, including picking up the Python language and getting dirty with the practical aspects of computer security, I thought that the Violent Python book might be the perfect match. It’s definitely not a bad book, but it will probably get a nice little place on the basement bookshelf.

It is hardly scientific, but the fact that the book contains full terminal dumps from installing packages and downloading files using wget is usually not a good sign. I don’t know why this is done (if not to just increase the page count for higher profit) yet it makes the book harder to read since a lot has to be skipped. Of course this shouldn’t be used as the only means of judging the book, but also in this case does the correlation manifest itself.

Having said that though, the book also contains a lot of interesting material, most noticeably a good survey of the extension module available for Python as well as interesting case studies of previous exploits. Although for the latter, it is no match for Hacking Exposed which contain a lot more concentrated.

What would I have liked to see in the book? Well I suppose its subscript “a cookbook for hackers, forensic analysts, penetration testers, and security engineers” is actually rather fitting, except for the latter: as someone who’s primarily interested in building security systems using Python, it helped me understand more about how to break into them but very little about how to build them.

First Ilford HP5+ 400 (Film #12)

It makes good sense what I’ve heard on several occasions: that one should stick with one sort of black & white film, say the Kodak T-Max 400, and become good at exposing it, developing it, and printing it. Still, following my little test of different colour films I thought it’d be fun to see what other black & white films were up to; at the very least to know that there are good alternatives when Kodak stops their production. Continue reading