Review by Steve Hardwick

No Starch Press, November 2011, 320 pp., $49.95

In a recent survey by Veracode in December 2011 found that more than 80 percent of approximately 10,000 web applications examined failed security testing. This data shows that web applications provide a fertile ground for hackers to launch their malware. Obviously web developers still have some work to do to make their applications secure. The Tangled Web by Michal Zalewski is targeted toward web application developers and security professionals that have a solid understanding of the web and browser operations at an operational level. The author will go into fairly technical details assuming that the reader has the necessary skills to understand the technology discussed.

After an introductory chapter outlining some security fundamentals, the book is split into three parts. The first part covers browser and web technologies. Specific attention is paid to vulnerabilities and how they became to be part of the infrastructure. The second part covers browser security and highlights some of the ways to mitigate the inherent holes in the current technology. The final portion covers some of the new vulnerabilities that are expected to come in the near future. With a couple of exceptions, most chapters are concluded with a security engineering cheat sheet. This gives a summary of the topics covered in the chapter and serves as a guide to implementing some of the technology discussed. It provides a useful quick reference to the books contents after the reader has completed their read through and can be used as a design aid on future projects.

Part One goes into some depth on the various technologies used by browsers, both their inherent operating infrastructure and the services used over the web. Attention is paid to areas of the technology that are open to exploitation. In many cases the author outlines how some of the weaknesses came into being and provides a good view into the difficulty of building this technology. Part One is broken down into chapters that cover the different pieces of the browser function. Both internal processes, HTML and CSS parsing for example, are covered plus external processes, HTML and URL parsing, are reviewed. Two chapters cover additional programming capabilities of the browser i.e. JavaScript and plug-ins.  Throughout this section many examples are given on how the vulnerabilities can be exploited. This gives the reader a better understanding on how a hacker would go about using these weaknesses. In some cases a chapter has a limited discussion of the topic due its wide complexity. The author does include references to other works that cover the topic in greater detail and then focuses on key areas that are relevant to web security.

Read the rest of this entry »

Printronix has announced a unique solution for the office that’s using iPads and iPhones and requires print capability. The xPrintServer, sold for $149.99, connects to networked printers via a cable and then presents these printers in the iPad and iPhone device menu.

The product fills a gap for the mobile device market. Apple’s AirPrint is available to iOS users, but the list of supported wireless printers is small indeed. At least compared to the 63 pages of printers supplied by Printronix at this month’s announcement. Neither of our office printers are on the list, but they’re fairly antique or not networkable.

The xPrintServer can be connected anywhere on your LAN (on the subnet on which your printers are located). Simply use the RJ45 cable and plug it directly into the LAN, router, etc. Your iOS device users should then connect to your corporate WiFi network – at which point the xPrintServer will auto discover and auto populate your available printer list on the iOS device. It supports any iOS device running version 4.2 or later, including iPad and iPad 2, iPhone (3GS or later), and iPod Touch.

Attaching the xPrintServer to your network won’t impact any existing networked printer settings or printers. Users can continue to use printers as they normally do.

The product will be sold through standard retail channels including Amazon.com, starting early next year. There’s a clever commercial online at YouTube to sell the concept to your IT manager or Computer Guy.

Macworld has packaged its User Conference experience as iWorld this year, tech talks and presentations that run Thursday through Saturday during the Macworld Expo, January 26-28.

Today’s the last day to get a $75 rate on iWorld, the end of the early-bird registration. They’re also packaging an opening night Blast with the three-days of classes for a total of $110. In fact, today is the last early bird day for all of the Macworld experiences, from pre-show training to the Mac IT meetings for administrators and high-end business users. Even the Expo Pass, the lowliest entry ticket to the January events, goes up by $5 tomorrow.

A full list of everything that’s on offer in the iWorld sessions is online. For example, at 10AM Friday is a Super iPad Tools for Work tech talk that promises to “cover office type applications, presentations without projector, database management, PDF management, outlining and brainstorming, tracking secure data, tracking travel and expenses, dictation and transcription, remote OS administration, making phone calls (on an iPad!), and remote meetings (like WebEx and GoToMeeting).”

You can compare the packages and register to save some dough at the Macworld 2012 website.

Dragon Dictate is available for a special Cyber Monday price today, just $99 for the combination of dictation software and the company’s training video. It’s marked down $130 for today. That’s a discount off the boxed version, which includes a nice one-ear USB headset.

After having evaluated the obvious parts of the 2.5 version, it’s easy to see why a training video would be a big bonus. In addition to supporting Office 2011 and tapping wireless mics, the software has a voice recognition mode that is worth every minute you’ll put into it. Not that Dictate is useless without the training, but a video that outlines the education process will be a lot smoother than the extensive-but-exhaustive product manual.

If you’ve never used an online dictation product before, there’s no better time to start — considering that the technology is a quantum leap in front of anything during the previous decade.

There’s something about the conversational tone in writing that attracts us. Especially when we want to persuade or sell either an idea or a product. In testing, our writing got simpler and more direct while we dictated.

The new 2.5 version of the product lets you use an iPhone or an iPad to control the software, treating the phone as a wireless mic. You can also make a quick post directly to Facebook or Twitter. It’s as simple as saying “post to Twitter,” although you’ll want to be able to find a way to manage the 140-character limit for Twitter.

Order online at Apple's website

Search as you will for the deals from Apple’s retail outlets on Friday. The supplier advertises special deals on its products for the day after Thanksgiving, and the retail store pricing on Wednesday appears was as it’s always been on products at its retail outlets. The iPad, for example, was at $499 rock bottom. The retail outlets clambered onto the Black Friday bandwagon with slight discounts, matching those online.

The Apple Store online posts discounts only on Nov. 25. Apple’s got iPad 2s at $458 (plus tax) through the end of Friday (looks like they’re running that sale through midnight PST, judging from when they updated the store page early Friday), as well as the iPod Touch, the Nano, the iMac, Macbook Pro and the Macbook Air. The Air has the steepest discounts at $101 off the regular $999 price for the 11.6-inch model. That Air is a great alternative to the iPad if you need a keyboard — and the more recent models have a backlit keypad, too.

Check the Apple Store webpage for details. Shipping is free.

We’ve found the iPad for about $21 less, at $473.99, at MacMall on a Friday only sale. You have to call and talk to a sales rep to buy the iPad 2 at MacMall, mostly so they can offer you an upsell of a protection plan (which is a pretty good investment). MacMall’s at 800-622-6225.

Apple has announced that customers who replaced a MagSafe power adapter for Macbooks or Macbook Pros might be entitled to a settlement. The early versions of these adapters, introduced in 2005, had a T-junction on the part that attaches to the laptop. Some cords frayed and could start fires.

Settlements range from the cost you paid to replace the adapter (within 1 year of replacement) down to $35. What’s more, if your MagSafe from that era is showing signs of wear, Apple has a Adapter Replacement Program. You get your adapter replaced for free by taking your adapter and computer to an Apple Retail Store or Apple Authorized Service Provider, or by contacting AppleCare.

Apple says that adapters which show “Strain Relief Damage” are eligible. Strain Relief Damage “means fraying, melting, straining, sparking, weakening, discoloration, bubbling, overheating and/or separation of the Adapter’s strain reliefs.”

You can apply for your cash compensation online at www.AdapterSettlement.com or by calling 888-332-0277.

Rolling tablets out into companies and businesses presents a special challenge. How do you get your users or employees comfortable with the change from laptop to tablet computing? It’s a good idea to provide some kind of a primer for the iPad, especially since Apple has done so little on its own to document the product. In paper, anyway; there’s a modest collection of videos on using the included elements of the tablet, like iTunes, Safari and Mail. And Apple has a 140-age user guide you can download and read in a PDF reader.

That kind of vendor-supplied documentation is fine, to a point. But this kind of training rarely gets as honest as an independent guide to a product. For example, if you look over those videos on the Apple website, you’ll find they’ve got a snappy 2 minutes on buying music via iTunes on the iPad — when what you really need is a primer on how to use iTunes on the Mac or PC to control what’s on your iPad. No such video exists.

No Starch Press has produced a “My New iPad 2” book, written by Wallace Wang, to help. We reached out to a first-time iPad user  who’s running a travel agent business, Ron Wilcox of Seabird Cruises, to tell us how this book stacked up for him. He added, after reviewing it, “now just try to get it out of my hands.”

I’ve often found instruction manuals to be frustrating and confusing.  Many are written with an assumption about the level of understanding that the reader already has about the subject. Online manuals tend to be exasperatingly user-UNfriendly, but manufacturers are so fond of the format that good print manuals are often difficult to find.

However, this manual, for this user, was pretty close to perfect. The index was detailed and complete. As a reference manual, it was quick and easy to locate information specific to a particular function. Read the rest of this entry »

The man who brought more innovation to 21st Century computing than any other has died at age 56. Steve Jobs passed away with his family earlier today, falling victim to the pancreatic cancer he’d been battling for more than five years. His passing marks the end of one era in business computing: The period when a CEO and company leader used vision and desire to lift a sinking ship into leadership, powered by his control and drive and passion for tomorrows.

I had a brush up against his darkest era while I was a journalist nearly two decades ago. He’d been exiled from the company he created and so went out to found Object-Oriented pioneer NeXT and then Oscar-snatching Pixar. I had a near-miss in getting to interview him while he was toiling away at NeXT. At PCI, where we published and I edited the HP Chronicle, we were starting up NeXT World, and he was to be the interview for our inaugural issue. I left the company, ultimately to start our other HP newsletter, the The 3000 NewsWire, and NeXT then withdrew the interview access. It was a matter of timing, but now it’s a time for some personal regret. feel like I’ve lost a bigger brother today. He was maddening and a lightning rod for criticism and never somebody you wanted to ride in an elevator with — unless you had a great answer to “what are you working on today?”

Nobody ever missed NeXT World, or even NeXT. But for the computer world, a big disturbance in the force opened up today. He never took more than $1 a year as a salary, instead compensated in stock, shares whose value rose from below $15 each to form the largest capitalized company in the world this summer. A CEO who takes that compensation, and then leaves in a golden parachute that’s drifting as high as his ideals and ideas, may not grace our industry for a long time to come.

In 2009 he had a liver transplant to treat a pancreatic neuroendocrine tumor, his mortal diagnosis that he outlived for an extra two years. But even earlier, in 2005 when his doctor had told him to go home and get his affairs in order, he gave a now-legendary address to the Stanford graduating class entitled How to Live Before You Die. It’s up on TED, that nexus of brilliant talks about humanity and technology and science. (Being a brilliant writer, Jobs had this words worked out on paper before he talked, and the transcript is online, too.) His own words on that day serve as the best epitaph, and the brightest light forward, now that his own searchlight has gone dark. There’s advice in there for anyone who’s still distilling a future in their computing life. You can only see how the dots of your life connect looking backward, he said, not forward. but faith is essential to doing good. “You have to trust that the dots will somehow connect in your future. You have to trust in something — your gut, destiny, life, karma, whatever. This approach has never let me down, and it has made all the difference in my life.

Getting kicked out of Apple may have had the same sting as watching anything you love taken away. “It was awful tasting medicine,” he said of losing Apple. “But I guess the patient needed it. Sometimes life hits you in the head with a brick. Don’t lose faith. Don’t waste a minute of your life,” he says in that speech. His own achievements and leadership, from a man who built a computer “for the rest of us,” are a marker for the rest of us and what we might do so long as we believe in what we love.

A colleague of mine in the analysis business bets the Barnes & Noble Nook can become the first tablet to hit a magic, cheaper price point. Guy Smith is fond of calling tablets “slabs,” which is one way to cheapen the iPad’s innovation. After all, nobody’s come close to making a comparable tablet that is cheaper to own.

Looks like the B&N Nook may be the $250 slab we have discussed. Given recent software upgrades and a cottage industry into making them full Android slabs, the Early Majority market seems to be defined as under $250, powerful enough to read, surf and play a few games.

If it weren’t for the blasted “take up all the supply” deals that Apple’s new CEO Tim Cook negotiated for tablet components, maybe Lenovo could afford to build a sub-$250 tablet. It’ll happen one day, and the people who waited will be glad to pay less. For the next year, the cheap tablet is something like what we call a jackalope here in Texas, a mythic cross of jackrabbit and antelope. You can imagine one, but that’s as far as you’ll get.

Guy is reading from Crossing the Chasm to get that Early Majority Market label. The book was written 20 years ago and has not been refreshed in this century. But even by those aged measures, the Nook won’t be measuring up. While people are “rooting” their Nooks to turn them into Android tablets, they’re playing with a toy that doesn’t have a strong future. It’s the old Windows world dream of getting some big part of $500 worth of value by spending $250, just because there’s a lot of demand. This chestnut is the “nice try Apple, and very clever: but cheap, primitive copycats will overrun you.”

No product is perfect, but it will take bigger treads than the Nook’s to do that running. I’d be betting on something besides any book reader that needs its users to slap a new operating system into it. There are some other Nook problems, and all of them point to strengths in Apple’s tablet model.

– Barnes & Noble, the Nook’s maker, was hoping for a buyout this summer and had to settle for about $200 million in fresh investment. This sounds a lot like Palm, which was building the iPhone killer WebOS until it got bought out by HP. And then got killed by HP in the wake of the TouchPad debacle.

– About 270 people comprise the Nook technical team. Apple probably has more than that in California alone.

– Barnes & Noble is suing the content providers who stock the Nook with many of its books. B&N hates the $9.99 or better pricing Apple negotiated with the top six publishers. Apple negotiated, while B&N pushes back with a lawsuit.

It might be worthwhile to see what tablet Amazon brings out this fall. But compared to a real tablet, it is likely to be a primitive device that performs the browse and email and listen and watch functions that make up the biggest part of iPad ownership. It takes passion about a product — not an operating system like Android or just the content — to give a tablet purchaser lasting value. Read the rest of this entry »

The Great Presenter, in his element in earlier days

Steve Jobs, 56 years old and on his third medical leave, has resigned from his job at Apple as CEO. He also left the company with a heritage and credo that can only be compared to Walt Disney’s. Jobs did Walt’s exit even better, naming Tim Cook as successor to the CEO position. Jobs is also remaining as Apple’s Chairman of the Board and a director.

Cook doesn’t have to move anything into a new office, because he’s been running Apple as CEO in fact for much of the last three years. Cook, 50, has been performing CEO duties since the start of this year. He’s been a constant presence in the Apple analyst briefings about the spectacular quarterly results the company has posted for more than six quarters by now. As Jobs’ resignation letter confirms, Apple had a succession plan in place for this day. The succession was swift, unlike the last three changes to the CEO position of Hewlett-Packard. Cook’s election to the CEO post was immediate by the Apple board, based on instructions in the brief letter Jobs used to file his resignation.

I have always said if there ever came a day when I could no longer meet my duties and expectations as Apple’s CEO, I would be the first to let you know. Unfortunately, that day has come.

I hereby resign as CEO of Apple. I would like to serve, if the Board sees fit, as Chairman of the Board, director and Apple employee.

As far as my successor goes, I strongly recommend that we execute our succession plan and name Tim Cook as CEO of Apple.

I believe Apple’s brightest and most innovative days are ahead of it. And I look forward to watching and contributing to its success in a new role.

I have made some of the best friends of my life at Apple, and I thank you all for the many years of being able to work alongside you.

The markets were skittish about this news in after-hours trading, just as analysts predicted they would be. It will take a few more product introductions to convince investors nothing essential is just about to change, simply because a temporary medical leave became permanent.

In the tone of Jobs’ letter I heard an echo of another that I saw him write. This one was to the employees of NeXT Computer, celebrating the birth of his daughter in 1992. Simple, direct and hopeful. This voice is what’s going to echo through the near future in Cupertino and beyond. It’s the voice that banished doubts about whether simple computing would succeed against popular PCs, and so carve out a future where Apple would become the largest creator of technology in a world that’s still hungry for magic — the kind that Walt gave us. Read the rest of this entry »