Book Review: Harry Potter and the Deathly Hallows
I finished the final Harry Potter book a couple weeks ago. I figure I'll add my insignificant review to the Internet. I will probably say things that other people have said, and a few things that no one has said. The short summary is that I like it, but I feel like I've lost a good friend. The knowledge that there won't be any more makes it a bittersweet parting.
Book Review: The Four Hour Work Week
I just finished reading The Four Hour Work Week by Timothy Ferriss. There's some pretty compelling stuff in there. He hypes up his web site, however, as if there were some über-top secret stuff there that only people who buy the book can get. That's a load. Beyond that shortcoming, it's really quite an exciting and potentially life-changing book.
Book Review: How To Break Web Software
In all, I was significantly disappointed. First off, the book is pretty short for the price. 158 pages of content. I read it cover-to-cover in one sitting. The chapters of material are weak, especially as the book wears on. By the time they get to the very end (Web Services) they have dropped the whole attack format altogether. In fact, when they introduce cross-site tracing, they completely punt. They tell you the simplest basics about the problem, and then refer the reader to the original whitepaper for more information. I haven't found cross-site tracing to be a particularly viable attack, myself, so it's not a terrible loss.
Appendix A is a republished history lesson that Whittaker wrote for IEEE in 2003. It is an oblique bit of value. Not completely off-topic, but not squarely on-topic, either. To me it feels like filler. Appendix B is a list of bugs in their demo app. That's handy. Appendix C is high value, but short. It's a list of web hacking tools and brief descriptions of how to use them. This is the only section that gives you hope that you can do what they talk about in the book. The descriptions are brief, unfortunately, and don't do the tools justice.