They’re Watching You… (Book Review: Little Brother)

My good friend Wil Wheaton (yeah, we’ve never met.. or talked…) mentioned a captivating book he read a few months ago. What really caught my attention was that he handed the book off to his son because he thought it was a book he could share with him. Having children myself, I decided to take a look at the book to see what all the fuss was about. That book is called Little Brother .

Little Brother is a book about a teenager caught up in global events that forever change his life. After a terrorist attack in his neighborhood, the Department of Homeland Security swoops in to save the day. What follows is a terrifying look into the future of our own country as privacy erodes and Big Brother takes over.

Cory Doctorow weaves a tale that is not only believable, but may be an eery foreshadowing of real events. It is a glaring reminder that we, as citizens, must ensure that the government continues to serve rather than control us.

I heartily recommend checking this book out. Cory has released Little Brother under the Creative Commons License and has it available as a free download on his website. I strongly encourage you to support Cory and buy a copy if you like the book. And if you like Cory’s work, his website has free downloads of other stories he has written.

Geek Reading List

Wil Wheaton (Wesley from ST:TNG) writes a weekly column for Suicide Girls (NSFW). In a recent article, he writes about 5 books every Geek should read. He has some pretty good picks, but I’d like to add some more. Keep in mind though, I’m nowhere near as eloquent as Wil is.. :)

Diamond Age

Author: Neal Stephenson

Published: 1995

This, for me, was one of the greatest books I’ve ever read. In the future, where nanotechnology is the norm and matter compilers offer the basic necessities of living for free, a young girl is given a unique gift in the form of a book. But this is no ordinary book. This is the Young Ladies Illustrated Primer. What follows is a whirlwind of activity as the true nature of the primer is discovered, the balance of power is shifted, and a new class is formed.

The Illuminatus Trilogy

Author: Robert Anton Wilson & Robert Shea

Published: 1975

The ultimate conspiracy theory. From beginning to end, Wilson and Shea wrap theory after theory together creating, at times, a semi-plausible theory about the government and who truly runs it. Complete with Atlantis, Nazis, and even Shoggoths, this story will keep your head spinning. This is definitely not a tale for the faint of heart!

Discworld Series

Author: Terry Pratchett

Published: 1983 – Current

A flat world held up on the backs of four elephants, all standing on the shell of the Great A’Tuin, the star turtle. Enter hilarity. These are some of the funniest books I’ve ever read. If you like Douglas Adams’ novels, then you’ll love Pratchett. A mixture of magic, stone age technology, and general mayhem is presented in each book of this massive series. From the wizard Rincewind to Death himself, there are characters for every occasion.

The Lord of the Rings

Author: J.R.R. Tolkien

Published: 1954-1955

Tolkien is commonly known as the “father of modern fantasy”. This three volume series continues where The Hobbit left off, following the tale of the Ring as it passes into the hands of Frodo the hobbit. Frodo’s task is to take the ring to Mount Doom and destroy it. A journey of epic proportions follows as Frodo becomes the center of a battle for Middle Earth.

Book Review : Pro PHP Security

I just finished reading Pro PHP Security by Chris Snyder and Michael Southwell. I’m always looking for ways to improve my programming skills and security is an area I try to focus on. Secure web applications are becoming more important every day as more and more of our lives are placed online. With that in mind, I purchased this book to increase my PHP skills.

Overall the book was quite good. The book is broken into four parts. Part one is a general overview of security and it’s importance. Nothing really new here, but a good introduction nonetheless.

Part two delves into server-side security, outside of the realm of PHP. This includes shared hosts, firewalls, software installation, and more. None of this is really PHP specific per se, but still important topics. There is a decent introduction to encryption and it’s importance in security. There are a few PHP examples throughout these chapters that show how to handle SSH, SSL, hashing, and general encryption using the mcrypt() function. Part two concludes with an overview of authentication, permissions, and restrictions. There is a decent example of a single sign-on system, as well as an overview of PHP safe mode.

Part three covers more in-depth PHP programming practices designed to prevent many of the more common security problems. This section starts with a chapter on input validation, a very important topic indeed. The authors explain what input validation is and how to accomplish it. There are several examples that show how to validate the data you need and ensure that it’s safe to use throughout your program. Subsequent chapters cover SQL Injection, Cross-Site Scripting, Remote Execution, and Session Hijacking. Throughout each chapter are dozens of examples showing how to handle each situation.

Finally, part four covers user interaction with your programs. Since the majority of the web applications you will write are intended to interact with users, this is pretty important.  The authors cover ways to ensure that your users are, in fact, human users and not scripts.  Identity verification is covered with methods ranging from simple email response to SMS messages.  And once you’ve determined that your users are real, you’ll need to provide them with a list of actions they can perform.  The authors show how roles-based authorization can help with this and allow for a scaleable system that can be extended in the future.  In the next few chapters, the authors cover data loss, safely executing system commands, and handling RPC calls.  And finally, the authors explain the value of Open Source software and the advantages of peer review.

Â

Overall this is an excellent book and I highly recommend it.  While this book is geared towards PHP programming, it does cover a wide variety of topics that are not strictly PHP specific.  While I was aware of many of the topics covered within this book, I did learn a variety of new tricks for dealing with security threats.  If you’re interested in learning more about security and how to secure your programs, I definitely recommend reading this book.