A friend of mine lent me his copy of Crypto (by Steven Levy) last week, today I got around to finish reading it (been pretty busy lately as you can tell from close to zero new posts on this blog).

What's especially interesting about this book is the history, the background. In the past, I have read a couple of technical-level books, even attended Crypto conference in Santa Barbara in 1997. What this book highlights are the connections between the acting persons (mathematicans may forgive me) as well as the whole shenanigans of trying to put the genie back in the bottle. I do remember some of those (PGP, low international key strengths, Clipper), but never read about them in such detail.

If you have some time to spare, definitely worth your time to understand how cryptography went public.

There is absolutely no excuse to not read Hard Code, the book version of I.M. Wright's (49) columns. Get it. Read it. Now!

I set aside the entire day for reading the book Writing Secure Code for Windows Vista. And I was already able to put it back into the bookshelf thanks to its concise nature. The authors only tell the reader about "What's new and changed", without having people wade through tons of stuff they already know. I really greatly appreciate that the authors did not do a third edition of Writing Secure Code just for bringing developers up to speed on Vista security.

Hint to book publishers: other areas would also benefit from this approach. There is only so much time to read books, and I don't want to skim through information I already know. Please consider catering to non-noobs by offering more of these "What's new and changed" types of books to us old dogs.

PS: Way cool to be mentioned in a security book! (p27)

Two weeks ago, during this year's AspInsiders summit, I got ahold of a 1982 (!) copy of "The Soul of a New Machine" at Half Price Books. I still have to decide whether the equally ancient Continental boarding pass DEN-SEA used as a bookmark will be kept too (I guess so), but the book is definitely worth your time - be it for a computer history lesson, or on the "signing up" concept and all other project management topics being touched on (without it being a pm book). The story in itself is more than fascinating, so although old by now, it does come highly recommended.

A book store at a conference always adds weight to my luggage and back home gets me into trouble with my already (again) limited space on the bookshelf. So this time I 'restrained' myself and got myself 'only' four books: Hunting Security Bugs, Microsoft Solutions Framework Essentials, Dynamics of Software Development 2006 Edition and Pro VSTS 2005 Application Development. I'm especially looking forward to Hunting Security Bugs.

From the "Summer of Books": I just finished reading the book Software Engineering with Microsoft Visual Studio Team System. Great (project management) book, even if you never plan on using VSTS. As there are other reviews online (Mike's and one that includes an interview with Sam Guckenheimer on TSS), I'll simply stick with a "highly recommended".

Michael Howard plugged his latest book The Security Development Lifecycle in his blog back in April (A New Book: The Security Development Lifecycle). It isn't yet available in stores, but I decided to preorder because I'm really looking forward to this book. Why? Because it describes a security process in development that works - the SDL @ Microsoft.

On my flight to Seattle today (or yesterday, depending on the time zone) I started to read Professional ASP.NET 2.0 Security, Membership, and Role Management by Stefan Schackow. The book definitely is a must-have for every ASP.NET developer, even if you decide to read one chapter only: A Matter of Trust (#3). This one will save you loads of time when you have to deploy an application into non-full trust environments. However, the other chapters are worthwhile too, like #2 which details exactly which identity is used when by what part of the engine. Bottomline: highly recommended reading.

The only way for me to not come home with tons of books is to give bookstores a wide berth. This is not an option at a PDC where so many new books are presented, and so many other ones are deeply discounted. Hence the list:

• Threat Modeling We got that book during Monday's Attack and Defense preconference session. Free, of course.
• Coder to Developer That was on my list for a (too) long time.
• Presenting Windows Workflow Foundation I didn't make it to any of the giveaway sessions, so I bought a copy.
• Programming Windows Presentation Foundation I wonder why I couldn't resist <g />
• Visual Studio Tools for Office Since I saw VSTO 2005 for the first time at an event in Redmond this year, I was looking forward to playing with it. Here's my ticket.
• The best of Verity Stob Special thanks to Gary Cornell from Apress for giving me a free copy! A real classic. Shame on you if you don't know Verity Stob, however, about everyone I told about the book so far was like "Verity Who?". You're definitely reading the wrong rags.
• Mastering Windows Server 2003 Affectionately know as "the Minasi", I simply could not pass up on that book on Friday - 42 USD! Compare that to the regular selling price of 55 Euro...

A hopefully luggable list of books...

With the weather being abysmally bad this weekend (snow on 1700m in early August is quite a nasty surprise), I at least got around to complete the book The Best Software Writing I, which consists of essays collected and introduced by Joel Spolsky. I have to admit that I would have never read most of those had I simply stumbled upon them on the Web. But the preselection with a focus on good writing made it appealing to me.

From a technical point of view (technical not necessarily meaning a developer-centric world), I really enjoyed reading (in order from the TOC) Strong Typing vs Strong Testing, C++ - The Forgotten Trojan Horse, What to Do When You're Screwed, Larry's rules of software engineering #2: Measuring testers by test metrics doesn't, Team Compensation (only in the book or Better Software Magazine) as well as all the stuff by Eric Sink (Hazards of Hiring being the favorite among his essays printed in the book).

Yet another security book is coming: The 19 Deadly Sins of Software Security. You can read about its contents on Michael Howard's blog here. I am not yet done with Protect Your Windows Network : From Perimeter to Data by Jesper Johansson and Steve Riley (great site, btw). I definitely do recommend this book to everyone interested in security!

Mark Russinovich (his blog is highly recommended) commented on that book during one of his TechEd Europe talks. The book is written (including) by the guy running rootkit.com, famous for the Hacker Defender rootkit for Windows. Looks like there's yet another book to be added to my backlog for reading this summer <g />.

Dino Esposito has posted code updates here for his book Introduction to ASP.NET 2.0. I was tech editor on this book, so I definitely recommend getting the book (and no, I don't get anything for this shameless plug).

Then you definitely should go to your favorite bookstore and get yourself a copy of The Zen of CSS Design: Visual Enlightenment for the Web. Author is David Shea, who brought us the css Zen Garden Web site.

After dinner yesterday, we decided to go to B&N which happened to be nearby. Well, I left with two more books to read: The .NET Developer's Guide to Windows Security and Open Source .NET Development: Programming with NAnt, NUnit, NDoc, and More. The former is by Keith Brown, and contains all those things you usually don't find C# samples for easily: for example, to how to modify ACLs - and much, much more.

The second one (by Brian Nantz) on OS tools for .NET development will be a reference for me on the various tools that we do use today, as well as others that we are likely to evaluate. It also contains a brief section (roughly a page) on #develop, which I happen to be the PM for. I would like to set the record straight on a couple of things though:

• #ziplib is only used to zip the help index XML files
• #cvslib hasn't been a part of the distribution for a couple of years now. However, it played an extremely vital role in #develop's gestation: the GUI for #cvslib was a prototype for the addin system we later used in #develop.
• Magic Library - in May last year (Fidalgo Beta 1), it was entirely replaced by the DockPanel Suite. Before that, we already had replaced portions of the Magic widgets with Lutz' CommandBar for .NET.

Just picked up the book Customizing the Microsoft® .NET Framework Common Language Runtime by Steven Pratschner. Looks like it is going to be a very, very interesting read.

There is a chapter online from an AW book at InformIT: Introduction to Refactoring. The interesting (and as always flameworthy) point: In this chapter, Joshua Kerievsky explains the whys and hows of refactoring, and why you shouldn't trust that automated refactoring program.

Busy day in open source land for me - after releasing a .NET USB library earlier today, we now finally were able to release the book "Dissecting a C# Application - Inside SharpDevelop" as a free ebook! More than 500 pages of information (architecture and code) on a real-world application written entirely in C#.

The book was originally published (January 2003) by Wrox Press, which went under shortly after the book's release. With all three original authors (Christian Holm, Mike Krüger, Bernhard Spuida) agreeing, I worked with Gary Cornell from Apress to release the book to the general public for free - and I am more than happy to announce this event today! Thanks Gary, you have been really, really forthcoming - and wow, we made it happen before Christmas.

Apress has a section titled Alpha and Beta Books. There you can read "first drafts" (alpha) as well as "shipping real soon now" (beta) chapters of upcoming book releases. You will find a wide range of book topics on the aforementioned page. Currently interesting to us in the .NET camp are the chapters for the Test Driven Development (TDD) book.

I have been busy refactoring the Registry Editor, converting it from hack to architecture. As I plan to release the source code for it, I want it to be well-structured and easily extensible (I don't think I'll do editors for all registry data types). Can't wait for VS.NET 2005 where refactoring will be built in, though you can easily get ReSharper today. Online resources aside, the Refactoring dead-tree edition from Fowler should sit on every developer's bookshelf.

To close this post, one more screenshot of the Registry Editor in action - the menu:

Ingo recommended the book to me during the Connect Event in Barcelona. Because I had read Peopleware, I was game to get another book from Tom DeMarco. Over the weekend, I easily managed to get through The Deadline. Why? Because it is a really great book (even hilarious at times) and the “resulting” Mr. Tompkins journal is a treasure-trove of project management advice.

Definitely worth checking out too is the Tom DeMarco interview done by his publisher, Dorset House Publishing.

Note to self: need to grab a copy of Version Control with Subversion. We have been using Subversion even while it still was in Alpha and Beta stages - and I am really convinced that it is more than up to its commercial counterparts, especially when it comes to platform and tool support!

The last week was slow with regards to book reading, too many things got in the way (including good weather for race cycling, which is rare in October here - I already have winter tires on my car...). Peopleware by Tom DeMarco and Timothy Lister nonetheless was a highly interesting read; you get prescriptive advice, which can be start for you on a project or even a higher level.

They are also talking about a topic close to my heart: teamicide - I have seen that way too many times myself. They present a list of sure-fire "techniques" to inhibit formation of teams and disrupt project sociology:

• Defensive management
• Bureaucracy
• Physical separation
• Fragmentation of people's time
• Quality reduction of the product
• Phony deadlines
• Clique control
• Those damn posters and plaques
• Overtime: the unanticipated side effect

Agreed, 100%. Experienced, 100%.

Newsforge has an article online which is excerpted from the book Know Your Enemy: Learning About Security Threats (2nd edition), a highly recommended read even for programmers - both the article (focused on honeypots) and then of course the book. Written by a member of the Honeynet Project, this book teaches you how to study a black hat attack and learn from it. In addition, you get valuable insight into the mindset of black hats and their community.

Just finished reading the book Joel on Software: And on Diverse and Occasionally Related Matters That Will Prove of Interest to Software Developers, Designers, and Managers, and to Those Who, Whether by Good Fortune or Ill Luck, Work with Them in Some Capacity. This is the dead tree version  of select articles from Joel Spolsky's Joel on Software (definitely easier to read than online, and I positively do like dogearing my books). Needless to say that I highly recommend it.

The next book is already in the mail: Paper Prototyping by Carolyn Snyder. Like I said, one down, n to go.