If you are writing something not application specific in Java you are doing something wrong as it is probably already written for you. But finding the correct solution or class that answers the need you have is often hard. Books such as Java in a Nutshell are useful, but you need to know what you want before you look.

Ian Darwin’s book Java Cookbook is a mammoth (829 page) book that provides answers to hundreds of questions. His style is easy to follow. The book is broken down into major topic areas (strings, numbers, OO techniques, networking, etc.). Each section begins with an overview of the capabilities that Java provides in that area followed by a series of Q&A entries that address specific problems a programmer might encounter. He then concludes with a simple application (or two) that demonstrates the techniques he has discussed. Simple, straightforward, useful.

This second edition has expanded to cover new features that are being developed for Java 1.5. As a programmer familiar with working in Java (but by no means an expert) I found these topics to be the most enlightening. Specifically the coverage of the new foreach construct and the templating mechanisms.

Overall this is a book useful for everyone who codes in Java. It has basic techniques for the new user, and expands into areas that an expert would need.

“Be afraid. Be very afraid.”

If there is one motto to be taken from this book, that is it. Security Warrior takes a new track from most security books, the view of the attacker. How and what they do are explained in detail, from reverse code engineering to methods of avoiding intrusion detection systems. As a systems administrator, part of me wants to just go and unplug all my servers after reading this book.

Far from an introductory book, the authors assume you are familiar with the concepts of securing servers and networks on the internet (achieved, possibly from books like Practical Unix and Internet Security). The first half of the book covers attack methods and then switches to defense methods for the remainder.

The authors provide detailed and up to date information regarding program disassembly for the purpose of patching as well as for determining possibilities for buffer and heap overflows. Methods and tools are discussed for Windows, Linux, and Windows CE. This is heavy stuff; you will need to be at least passing familiar with assembly language and computer architecture to make sense of what they are discussing. They move on to cover network attacks beginning with reconnaissance techniques, firewall and IDS avoidance, and hiding your tracks. I found it very impressive the discussion of some of the most moedrn tools; not only did they discuss TCP stack fingerprinting, they mentioned the latest developments in non-static and passive OS detection tools.

In the last “attacker” section of the book, they discuss specific vulnerabilities in many services, including topics such as Active Directory hacks (extending even into the weaknesses of smart card technology). General web attacks like SQL injection and parameter checking problems are discussed as well as the deficiencies present in most wireless ethernet implementations.

After scaring the daylights out of you in the first part of the book, the authors proceed to the defensive topics of the book. They cover the general topic of logging adequate information and dealing with logs from multiple sources. Alternate syslog implementations are discussed that provide more flexibility than the standard toolsets. For networks in general, intrusion detection systems are discussed using Snort as the example tool. Honeypots are also described in brief. Computer forensics is covered as well as techniques that are used to destroy electronic evidence.

I felt this was an excellent book. It is definitely an advanced book, but is a welcome relief for people who are experienced in computer security and want something that pushes the edge.

I love Williamsburg in the summer.

OK, I realize this was a horrible event and my heart goes out to the victims and their loved ones, but what the hell is up with this headline?

90 dead in tanker horror smash

“tanker horror smash” What?!?!

::sigh::

I’m an official real student again. I got my acceptance letter and have returned the “yes, I will register” paperwork. Master’s degree, here I come (albeit slowly).

Just a quick note that I have posted some pictures. Click on the Photography link to the right

Alton Brown - Rants & Raves!

If I’ve said it once I’ve said it 97 times: there are no bad foods, just bad food habits. If I’m fat (and I’m not saying that I am) it’s not Ronald McDonald’s fault, or ConAgra’s fault or Ben & Jerry’s fault, or my mom’s fault or anyone’s fault but my own. I don’t support lawsuits against fast food any more than I support lawsuits against cigarette companies. Anyone who doesn’t know cigarettes are bad for you is an idiot. Anyone who doesn’t know that eating too much fast food will make you fat…ditto. In fact I think I may organize a class action lawsuit against people who stage lawsuits against corporations who they think should take responsibility for them. Criminy! Most corporations can barely take responsibility for themselves much less others.

If I’m fat it’s because I’ve shoved to many calories down my pie hole. I don’t need to chat with Oprah about it and I sure don’t need to consult that loathsome profiteer “Dr” Phil. I just need to stop eating so much and exercise more.

Ok, just one link. An article by the author of Talking Point Memos, a very good blog.

“Confidence Men” by Joshua Micah Marshall

At Karen’s proding, the essays I wrote for my grad school application are below. I am aware that I lay it on pretty thick, so be make sure you have your hip waders on before you click on the link for more.

Provide whatever other information regarding your background, extracurricular activities, or general experience you may wish

As an undergraduate student, I worked to support my tuition and living expenses. I worked for the William and Mary Information Technology group, first as a member of the help desk and later as a network technician installing the networks in the residence halls. During the same period, I worked as for the Williamsburg Regional Library system as their sole techie. I developed their initial internet systems including mail servers and web servers.

After graduation, I spent 4 years working for 3GI (later acquired by RSA Security). I started as a software developer and advanced to head of our research and development group. After the 3GI office was closed, I was hired as a Network Security Consultant for Trigon Healthcare (now Anthem). My responsibilities included the implementation of PKI based systems for the communication of sensitive health care information between Trigon and health care providers.

I am now employed by the College of William and Mary as a Senior Programmer Analyst. My responsibilities include the development of software for course evaluation, the SACS accreditation process, and the College’s integrated web portal. I also participate in advisory groups that focus on information security and web software design.

In addition to my professional development, I maintain an internet domain for groups who provide content ranging from online roleplaying to ultimate frisbee. I also support approximately 15 people with email and web space. I have several personal web development projects including a popular online wishlist management system. I have authored and released two open source software projects.

Describe your career plans and the reasons you wish to pursue graduate studies.

After graduating from William and Mary in 1997 with a B.S in physics, I immediately entered the world of software development with only a minimal amount of formal training in computer science. Over the next several years, I progressed at 3GI through self teaching and mistakes made to become the head of our research and development group. My responsibilities included the design and architecture work for many of our software projects and core middleware. This was an amazing learning experience for me, but I found that I was hampered by my lack of formal training in the area for which I was responsible; I often had to rely upon instinct rather than training.

After 3GI, I realized my goal was to participate more effectively in the planning and design stages of software development. In order to accomplish this goal, I need to take the skills I have learned through experience and hone them by applying formal training. I feel graduate study in Computer Science will provide the additional knowledge and insights I need to succeed.

I have spent the last three semesters taking graduate computer science classes. The course work has begun to solidify the principals I learned through trial and error at 3GI, providing a new solid foundation from which I can move forward. I also feel that my experience in commercial software development can be an asset to the department and to other graduate and undergraduate students by offering a comparative insight to the theory and methods taught in class.

In the future, I intend to take the knowledge I have gained through graduate studies and reenter the high tech market. My goal is to be part of a small firm to develop software free of the bounds of a strict corporate structure. That environment allows for market flexibility and personal freedom. I see this as the logical continuation of my work at 3GI.

Contents of an email from a friend of mine. 6:00 PM Opening Prayer led by the Reverend Jerry Fallwell

6:30 PM Pledge of Allegiance

6:35 PM Burning of Bill of Rights (excluding 2nd amendment)

6:45 PM Salute to the Coalition of the Willing

6:46 PM Seminar #1: Iraq Stratergies-Voodoo/DooDoo WMD

7:30 PM First Presidential Beer Bong

7:35 PM Serve Freedom Fries

7:40 PM EPA Address #1: Mercury-It’s what’s for dinner!

8:00 PM Vote on which country to invade next

8:10 PM Call EMTs to revive Rush Limbaugh

8:15 PM John Ashcroft Lecture: The Homos are after your Children!!

8:30 PM Round table discussion on reproductive rights (MEN only)

8:50 PM Seminar #2 Corporations: The Government of the Future

9:00 PM Condi Rice sings “Can’t Help Lovin’ Dat Man”

9:05 PM Second Presidential Beer Bong

9:10 PM EPA Address #2. Trees: The Real Cause of Forest Fires

9:30 PM Break for secret meetings

10:00 PM Second prayer led by Cal Thomas

10:15 PM Lecture by Karl Rove: Doublespeak made easy

10:30 PM Rumsfeld demonstration of how to squint and talk macho

10:35 PM Bush demonstration of trademark “deer in headlights” stare

10:40 PM John Ashcroft demonstrates new mandatory Kevlar chastity belt

10:45 PM Clarence Thomas reads list of black republicans

10:46 PM Third Presidential Beer Bong

10:50 PM Seminar #3. Education: A Drain on our Nation’s Economy

11:10 PM Hilary Clinton Piñata

11:20 PM Second Lecture by John Ashcroft: Evolutionists: The Dangerous New Cult

11:30 PM Call EMTs to revive Rush Limbaugh again.

11:35 PM Blame Clinton

11:40 PM Laura serves milk and cookies

11:50 PM Closing Prayer led by Jesus Himself

12: 00 PM Nomination of George W. Bush as Holy Supreme Planetary Overlord