Review by Steve Hardwick

No Starch Press, November 2011, 320 pp., $49.95

In a recent survey by Veracode in December 2011 found that more than 80 percent of approximately 10,000 web applications examined failed security testing. This data shows that web applications provide a fertile ground for hackers to launch their malware. Obviously web developers still have some work to do to make their applications secure. The Tangled Web by Michal Zalewski is targeted toward web application developers and security professionals that have a solid understanding of the web and browser operations at an operational level. The author will go into fairly technical details assuming that the reader has the necessary skills to understand the technology discussed.

After an introductory chapter outlining some security fundamentals, the book is split into three parts. The first part covers browser and web technologies. Specific attention is paid to vulnerabilities and how they became to be part of the infrastructure. The second part covers browser security and highlights some of the ways to mitigate the inherent holes in the current technology. The final portion covers some of the new vulnerabilities that are expected to come in the near future. With a couple of exceptions, most chapters are concluded with a security engineering cheat sheet. This gives a summary of the topics covered in the chapter and serves as a guide to implementing some of the technology discussed. It provides a useful quick reference to the books contents after the reader has completed their read through and can be used as a design aid on future projects.

Part One goes into some depth on the various technologies used by browsers, both their inherent operating infrastructure and the services used over the web. Attention is paid to areas of the technology that are open to exploitation. In many cases the author outlines how some of the weaknesses came into being and provides a good view into the difficulty of building this technology. Part One is broken down into chapters that cover the different pieces of the browser function. Both internal processes, HTML and CSS parsing for example, are covered plus external processes, HTML and URL parsing, are reviewed. Two chapters cover additional programming capabilities of the browser i.e. JavaScript and plug-ins.  Throughout this section many examples are given on how the vulnerabilities can be exploited. This gives the reader a better understanding on how a hacker would go about using these weaknesses. In some cases a chapter has a limited discussion of the topic due its wide complexity. The author does include references to other works that cover the topic in greater detail and then focuses on key areas that are relevant to web security.

Read the rest of this entry »

Dragon Dictate is available for a special Cyber Monday price today, just $99 for the combination of dictation software and the company’s training video. It’s marked down $130 for today. That’s a discount off the boxed version, which includes a nice one-ear USB headset.

After having evaluated the obvious parts of the 2.5 version, it’s easy to see why a training video would be a big bonus. In addition to supporting Office 2011 and tapping wireless mics, the software has a voice recognition mode that is worth every minute you’ll put into it. Not that Dictate is useless without the training, but a video that outlines the education process will be a lot smoother than the extensive-but-exhaustive product manual.

If you’ve never used an online dictation product before, there’s no better time to start — considering that the technology is a quantum leap in front of anything during the previous decade.

There’s something about the conversational tone in writing that attracts us. Especially when we want to persuade or sell either an idea or a product. In testing, our writing got simpler and more direct while we dictated.

The new 2.5 version of the product lets you use an iPhone or an iPad to control the software, treating the phone as a wireless mic. You can also make a quick post directly to Facebook or Twitter. It’s as simple as saying “post to Twitter,” although you’ll want to be able to find a way to manage the 140-character limit for Twitter.

Rolling tablets out into companies and businesses presents a special challenge. How do you get your users or employees comfortable with the change from laptop to tablet computing? It’s a good idea to provide some kind of a primer for the iPad, especially since Apple has done so little on its own to document the product. In paper, anyway; there’s a modest collection of videos on using the included elements of the tablet, like iTunes, Safari and Mail. And Apple has a 140-age user guide you can download and read in a PDF reader.

That kind of vendor-supplied documentation is fine, to a point. But this kind of training rarely gets as honest as an independent guide to a product. For example, if you look over those videos on the Apple website, you’ll find they’ve got a snappy 2 minutes on buying music via iTunes on the iPad — when what you really need is a primer on how to use iTunes on the Mac or PC to control what’s on your iPad. No such video exists.

No Starch Press has produced a “My New iPad 2” book, written by Wallace Wang, to help. We reached out to a first-time iPad user  who’s running a travel agent business, Ron Wilcox of Seabird Cruises, to tell us how this book stacked up for him. He added, after reviewing it, “now just try to get it out of my hands.”

I’ve often found instruction manuals to be frustrating and confusing.  Many are written with an assumption about the level of understanding that the reader already has about the subject. Online manuals tend to be exasperatingly user-UNfriendly, but manufacturers are so fond of the format that good print manuals are often difficult to find.

However, this manual, for this user, was pretty close to perfect. The index was detailed and complete. As a reference manual, it was quick and easy to locate information specific to a particular function. Read the rest of this entry »

The faster, cheaper, cooler-running WD My Book Studio

Stop reading now if disk drives bore you. You might be able to find some articles up here about storage disaster recovery, because if disks make your eyes glaze over, you’re likely to recover from a disaster. Knowing the basics about disks for your Mac is as important as knowing a cholesterol score. A slow score, or a low score for your drive is going to attack the heart of your business: your data.

That’s why I was glad to review the improved model of the Western Digital My Book Studio. I found it faster, running cooler and a better value than a drive I bought at the start of the year.

The price of external drives, which you plug into your Mac, has dropped dramatically since I last bought a drive. Just seven months ago I paid $140 for a Mercury Elite AL Pro 1.5TB drive with two kinds of interfaces, two FireWire 400, and one USB 2.0. The 3TB My Book — twice as much storage — costs $200 at Amazon.com for three kinds of interfaces, two Firewire (either can be used at 400 or 800) plus a USB port. (The wider range of interfaces to plug in, the better. Your more modern Macs are now shipping with fewer ports on them, and it’s good to have non-USB port choices on the back of a drive.)

One of the biggest upgrades to this My Book — I now run a two-year-old 1TB My Book for Time Machine backups — is the new case. It’s morphed from plastic to aluminum, so it stays cooler. Cool means quieter, and this drive is so cool it has no fan. No fan is one less moving part to break down, plus less electricity to purchase.

I ran speed tests against this newest My Book. A massive file transfer that took 6 minutes, 53 seconds on the older My Book completed in 5:37. That’s about 20 percent faster, time that can really add up in an era when big files of 10MB or more — think recorded Skype calls. or the size of your iPhoto Library — have become commonplace. Read the rest of this entry »

Urban Tool’s Pocket Bar is a big enough deal to warrant its own field testing here at Bites HQ. To be thorough, we took this $100 mobile device case outside of headquarters, carrying it on a business trip to San Francisco that put the bag though its paces. Urban Tool bills it as being the perfect fit for the iPad, and they’re right, by one measure.

Urban Tool’s Pocket Bar is flexible, but my iPad had to ride bareback to fit into the best compartment

The Pocket Bar looks like a good match for the iPad, taller than the tablet but with just about the same width. The bag is woven with a nylon and elastane cloth that has some stretch and a waterproofed quality. Inside there’s a full cotton interior to protect sensitive gear. The main pocket is roomy in its thickness, but it’s mouth is a bit tight on the width of the iPad. Only the most spare of iPad cases can squeeze their way through the zippered opening. I stripped off my ZooGue case and let the tablet ride bareback, for the first time in months, inside the Pocket Bar. It was an easy slip in and out at airport security.

The outside of the case is dotted with pockets that stretch to fit mobile phones, point and shoot cameras, wallets and more. A key lanyard is clipped on the outside, and another key yo-yo is inside another pocket. The array of outside pockets is one of the best features of this bag. I was about to discover another one when I stepped off the BART on Powell Street. It was pouring, a classic February California rain. Read the rest of this entry »

Pogue and his boys review the newest iPad

The only iPad you can buy today is the original generation’s models. Apple sold out its first build of the product in less than a day over the kickoff weekend. Apple built up less than enough inventory to immediately satisfy customers hungry for the iPad 2. Delivery times at 1 AM Pacific were quoted at 2-3 business days, regardless of model. By mid-morning the deliveries were 5-7 business days. Now the orders placed will be fulfilled through Apple’s online store in 3-4 weeks.

That’s right; it means that unless you were up ordering at early morning, the soonest you will receive a new iPad model will be April 1-2. That’s one week after the device goes on sale outside the US. Analyst Gene Munster of Piper Jaffray estimated the company sold 500,000 across retail outlets and Apple’s online stores. The first edition of the tablet sold 300,000 units.

Despite the simultaneous outlets of Best Buy, Walmart, Target and the two phone carriers in the US, nothing was available to purchase one hour after the iPad 2 went on sale in retail settings. The tablets disappeared in 37 minutes at a local Verizon shop here in Austin. The ATT outlet across the parking lot had only four on hand to begin with. At Verizon, they were eager to order one, to arrive in the official monthlong waiting period.

The prices at retail outlets are no better than those at the Apple Stores, and an online order costs the same. Free shipping is part of every order now — but the Apple Store online offers free engraving.

The most fun review that I’ve seen so far comes from the New York Times’ David Pogue, who employs his two young sons in explaining what’s improved while we see the boys goof and cavort and even drop the new iPad. They demonstrate the most sizzling apps on the new device, Garage Band and iMovie. The latter obviously has more business uses than the former. Also mentioned is the new gyroscope, which when developers tap into it, gives app users the chance to observe a product in 3D and manipulate moving parts. Great prospect for an interactive sales catalog.

Wallace Wang's My New iPad from No Starch Press

My New iPad was written by a stand-up comic, but the advice in this thorough book is no joke. The 350 pages of this manual ($24.95 print plus ebook, $19.95 ebook) from No Starch Press don’t overlook a thing in the iPad user experience. It’s a guide to the 1st generation of the iPad, written in Deb. 2010. iPad 2 users can look forward to another edition in May, but this book does include specifics on the recent iOS 4.2 release. Apple rolled out version 4.3 of the iOS today.

The new iPad user can rely on this book like a novice cook reading The Joy of Cooking. The tasks explained, from setting up email accounts to synchronizing contacts, all include a novel What You’ll be Using feature.

For example, to transfer ebooks and audiobooks to the iPad, you’ll need 1. The iPad’s USB cable; 2. iTunes on your computer; 3. The iBooks app. The range of possible ingredients is vast these days for Apple owners, with some software on desktop/laptops, and other programs on iPads. This feature keeps things well-sorted-out. There’s a generous layout that leaves plenty of room for screen shots — very important for new-user books.

Another element that’s extraordinary is the “Additional Ideas” wrap-ups for each chapter. After you’ve learned how to do something like set up and customize an email account, it’s good to see the bigger picture and deploy what you’ve learned to do. Establishing separate accounts for work and home, or customizing your signature, may seem obvious to some. But a user who’s new to the Mail in iPad, coming from a Web-based mail service, can find this deeper dive aspect useful.

If you own an iPad already, this book will provide the training to take it to another level. I’ve learned that every onscreen keyboard key can be held down to reveal its alternative characters. Great for speeding up your typing.

Bookmark management is another insider kind of task you might have overlooked if you already own this device. A lot of this kind of technique is hidden away in the Settings app of the iPad. You’ll feel a lot more comfortable with Settings by using this book. Read the rest of this entry »

Business cards may seem like a throwback to a simpler time, but they’re still in high use today. I carted a sheaf of them to Macworld Expo recently and came back with a fistful of new ones to integrate. WorldCard Mobile from Penpower — which gave me a $5.99 copy of its app to evaluate — makes card entry and organization painless.

It’s a little bit of a miracle for this old dog to point my iPhone at a card, snap a picture and then have it Recognize the card and its fields, and slip them into my Contacts app. Often this happened without a shred of extra work on my part. Sometimes I had to make an edit or two. I even had an arty business card that used a very stylized “A” in the middle of the contact’s name. WorldCard Mobile never blinked at the challenge. Mary got her first name plugged in automatically.

There’s features to share cards and contacts over email, and the app files its own “stack” of cards. It also stores the original photo of the card for reference. A very useful feature gives you the ability to take an email signature block and recognize it into the WorldCard database. There’s more editing needed on a signature block than a card, but it saves a lot of work of cutting and pasting, old-style.

There are not a lot of features in World Card Mobile. That decision follows classic app design, to do something really well and not gunk up the rest of the app. At $5.99 it will pay for itself within the first hour you use it on business cards. You gotta figure it will work with the new iPad 2, which will include the product’s first back-facing camera.

Highly recommended. There’s no end in sight to the business card. But using an iPhone or iPad with WorldCard Mobile to put these into a database is a nice upgrade to the old card scanner + software solutions. This is also a great example of how an app for iPhone can beat any desktop Mac application, just by focusing on one good thing.

As the iPad makes its way into the hearts and plans of the enterprise, businesses let the device make its way into office workflows. The Quickoffice family of apps makes mobile office work possible and even pleasant, with access to the cloud.

Share slides and docs via the cloud

There are more clouds than ever to share work through, thanks to the latest version of Quickoffice Connect Mobile Suite. In addition to Google, Dropbox, box.net, and Mobile Me’s iDisk and Web interface, the suite’s been integrated with two additional mobile cloud storage providers, Huddle and SugarSync. And what’s on the way in a new version is support for social publishing partners Slideshare, Scribd and .docstoc.

We’ve used Quickoffice for about six months here as a regular iPad tool. It’s got built-in accommodations for Microsoft’s Office tools, so you can save and trade and edit files for things like Word and Excel. Last year they added Powerpoint support, and at year’s end the Suite gained the ability to edit Powerpoint slides. When I think of the trips where slide edits might have made a difference, if only the right person in the company could get to them, this editing is one of the best arguments for pushing your office work, via these clouds, to the iPad. Read the rest of this entry »

Keyfolio keypad: An iPad version of a netbook

One of the best additions I’ve made to my iPad this year has been the Kensington Keyfolio keyboard. It’s a Bluetooth keyboard that includes a nice protective, leather case for the iPad. It also adds a stand capability to the iPad, one which works just great to browse the Web from bed in the morning if you’re getting a pre-dawn start on your work day. In a way, this adds the touch interface of the iPad to the concept of a netbook. The weight of the combined keyboard and iPad comes in at 2.75 pounds, so you’re right into the netbook weight category.

The Keyfolio has a great battery saving feature, pulling itself offline when you stop using it for an extended period. It doesn’t need to be resynced often, and you can bypass it by simply switching it off to use the iPad onscreen keyboard.

It’s a great product in the Kensington tradition: well built, lightweight, protects your iPad. Even can be used in a non-keyboard setting (i.e. just a case to use while reading your iPad.) Some say you can’t use it on your lap, but a nice lap desk (think Levenger) makes that possible, too. Big improvement over the on-screen keyboard.

Only the Apple iPad dock has better speed, but it’s not a traveling tool like this one. This keyboard recognizes and includes the cursor arrows, unlike some iPad writing apps whose softkey keyboards do not. I wish there were a shift key on both sides of this keyboard, and the apostrophe key has its own key that’s not in an intuitive place. You type a bit slower at first while using it, but get used to having those keys in unusual places. So far, very happy with this product. In a way, this makes the iPad a great alternative to the new MacBook Air, which at first glance seems like an iPad with an attached keyboard. The Air weighs a little more than the Keyfolio combo, and of course, it’s a full Mac. Just doesn’t have that touch interface, but a lot richer field of applications.

Keyfolio is $69.99 at Amazon today and worth every penny. I bought an Apple Keyboard Dock in the very first month of the iPad’s existence, but the Apple device doesn’t offer a landscape mode like the Keyfolio does. (Keyfolio won’t do portrait, in contrast.) But the Apple keyboard isn’t portable and won’t act as a stand for Netflix movies. There’s a lot to like here.