Books 2015 Part 1

The intention of this post was to be an annual reflection of my reading habits. Since I’ve kept at it for seven months, I’m not going to delay it until 2016, I’ll just drop monthly updates whenever I work my way through a book or two.

January 2015

I started re-reading Shadowrun novels after trying to plan a blog post relating my Macbook to a cyberdeck in this universe. I got sucked in because they’re entertaining. I haven’t read many of these since early college, and it is fascinating to see what predictions about the future they totally missed. Fax machines are still a thing in this universe. And payphones, called telecoms, but the principal is the same.

Streets of Blood

Nosferatu

Striper Assassin

February 2015

Just a single entry, because Neal Stephenson writes books that are forever long. Snow Crash is the next book out of people’s mouths after Neuromancer. I’ve read most of William Gibson’s cyberpunk stuff, so I decided it was time to give this one a shot. It’s got some great stuff in it, but is way to long to develop what really was a fairly simple story. I think I’ll be avoiding Neal Stephenson for awhile. I still love Cryptonomicon, but I was pretty unhappy at the end of reading this book, despite the utterly badass notion of a hacker with swords that wrote a sword-fighting engine to match his reality.

Snow Crash

March 2015

March is nonfiction month. I’ve spent two months this year reading fiction, so now it’s time to get on track with something else. I’ve got a backlog of want and need to read stuff. I don’t really have any goal except to read new books rather than re-read old books, and for them to be non-fiction. However, they’re obviously closely matched to my interests, one has Macintosh in the title.

The Macintosh Way Picked this up when Guy put these out for free. I am nostalgic about Classic Mac stuff, probably because it was my first exposure to computing. I’ve read folklore.org on and off for almost ten years. Now that I have experience watching and interacting with the management of a fair sized corporation, these sorts of books are a lot more interesting. — After finishing the book its very funny to compare 1990 Apple to 2015 Apple. There’s a lot that they didn’t do or believe in now that is a staple of their business, mostly retail and hands on support. There are many other things that stand out as exactly the same, namely they want developers to create fantastic Mac and iOS applications. Apple does not want ports from other operating systems, they don’t want good enough, they want their platform to run the best software.

Lauren Ipsum I think I saw this on one too many infosec slides and need a short break to something completely different. Its borderline non-fiction. There’s a little girl lost in a strange world, which turns out to directly map to computing concepts. Its kind of like Tron meets Through the Looking Glass. It’s not a bad story, just feels, exaggerated for the effect of the metaphor. I probably will not be reading this again.

April 2015

Continuing non-fiction, I started with Creativity, Inc. Mostly because I bought a copy for my Dad and I know he will want to discuss it. Well, that and Ed Catmull and Pixar have proven to be one of the most clever groups to deal with people.

May 2015

Finally finished Creativity, Inc. To crudely sum it up, the entire book focuses on intrinsic honesty. Pixar’s success is based on the fact that anyone can tell anyone anything, no repercussions. Catmull presents this in different ways, talking about his own history, John Lasseter and the other film directors, and of course Steve Jobs. They all have a different way of looking at it and phrasing it, but honesty is what drives their professions and the company they work for. Its impressive to read about a company that both says they work for that kind of honesty, then shows it. Catmull describes many painful moments that they needed the honesty to make the films work. He also talks about “Notes Day”, when they turned to the company at large to help them become more effective. This struck me because he describes the thoughts leading up to it, its execution, and it’s followthrough. I’ve never seen something like that executed on that scale by an organization so … honestly.

June 2015

Busy month, nothing to report here other than I’ve pledged to myself that I need to read more books I’ve never read before. I spent a fair bit of time thinking about it and realized I’ve been reading the same couple of dozen books every few years for roughly twenty years. No more. I’ll need a break eventually, but for now I need to stop reading pulp sci-fi and horror books. I need to spend more time reading different things. For now that’s all pretty technical non-fiction, but we’ll see where this path ends.

July 2015

June was weird and as such I didn’t actually finish things. I slowly moved through this, Dissecting the Hack: The F0rb1dd3n Network, Revised Edition , at home and WOW is all I can think to say. If you ever know anyone interested in the nuts and bolts of infosec, this is the book for them. It’s got a cheesy narrative story in the first half of the book, which feels like a true-to-life adaptation of the movie hackers. However the second half is astoundingly verbose, contextualizing every bit of jargon, in-joke, or techy thing that happens in the story. After reading this I feel like if I had read this two year ago, I would be in a very different position in my life. This book compiles all the things that I’ve picked up from blog posts, con talks, conversations, twitter, and every other source that has helped me learn about infosec. Totally worth the time for anyone that considers themselves new to the industry, or anyone willing to learn a little bit more.

At work I’m also trying to branch out, but this time with a lot less success than my home book. Metasploit, The Penetration Tester’s Guide felt list a mis-guided mess. The book opens with a quick once over through Metasploit features, where and why to use them, but left me with lots of “how?” questions. The most glaring example is database use. The book guides you through using nmap directly in Metasploit, storing the results in a database, and then . . . nothing. That’s the last reference to the database that I saw. WHY would you store all your scan results, then not use them as a variable in every module for the rest of the book?! That failure definitely biased me through the rest of the book, because for every example I’m asking, “Why the HELL am I typing RHOST again?!”. Another sin that bugged me, but honestly is not the authors fault, is that two thirds of the exploit examples are based on Windows XP SP2. In 2010, when the book was published, that wasn’t that big of a deal to find. Now? In 2015? I’ve got access to a software testing library, and we don’t keep those laying around. I blame this on the editorial staff not being technically foresighted enough. There are plenty of intentionally vulnerable linux distros that could have stood in for Windows. Enough ranting. If you’re reading this and interested in Metasploit, read the Offensive Security version of this book, Metasploit Unleashed.