Home
Fractals
Tutorials
Books
My blog
My LinkedIn Profile

BOOKS i'm reading

Napoleon Hill Keys to Success: The 17 Principles of Personal Achievement, Napoleon Hill, ISBN: 978-0452272811
The 4-Hour Workweek: Escape 9-5, Live Anywhere, and Join the New Rich (Expanded and Updated), Timothy Ferriss, ISBN: 978-0307465351
The Fountainhead, Ayn Rand, ISBN: 0452273331
Web Hosting Canada

mailto:olivier@olivierlanglois.net

Category: Windows programming

12/16/07

Permalink 05:35:07 pm, by lano1106, 365 words, 2165 views   English (CA)
Categories: Windows programming, Software security

Writing Secure Code

Writing Secure Code, Michael Howard and David LeBlanc, ISBN: 0735615888


This is a good book as it does a good job covering the different sources of software insecurities:

  • The classical buffer overflows on the stack and on the heap
  • Canonical issues on input
  • The least privilege principle
  • There is a brief overview on how store a secret

On the last point, the authors know well the topic. If you are using cryptography to protect something in your software but just store the private key in a global variable then you are helping tremendously the job of hackers as all they will have to do is look into your executable binary to search for something that looks like a key. A security measure is as strong as its weakest element and no hacker is foolish enough to attack a cryptographic algorithm that is proven strong. Even if you store the key in a secure place, all that is needed to retrieve the key is to perform a memory dump at the right time just before the software use the key. At least, you can make hackers job harder as there is nothing you can do to make your software 100% safe against hacker if the software is valuable enough to motivate them to hack your software. All you can do by improving your software security is to buy you some time before your software is hacked. All that to say that there is no bullet proof solution against hackers but the book gives solid leads to improve software security in that aspect.

In this book, there is a strong emphasis on Microsoft security technologies. The Windows Crypto API and the Microsoft OSes privileges API are described in length. If you develop on Windows and want to make your software more secure then this is an excellent book for you. If you develop on another platform, there is still something for you in this book as there are a lot of code snippets that are platform independent to improve software security such as input validation for file names to protect yourself against canonization bugs.

This is a very good book about software security but I do not recommend it simply because there is a new edition of it.

07/19/07

Permalink 04:02:48 pm, by lano1106, 95 words, 3548 views   English (CA)
Categories: Windows programming, Windows programming

Microsoft Outlook Programming, Jumpstart for Administrators, Developers, and Power Users

Microsoft Outlook Programming, Jumpstart for Administrators, Developers, and Power Users, Sue Mosher, ISBN: 1555582869

It is not perfect. One complain is that the first part is too easy and is aimed for total beginners and then there is the second part where a lot of material is presented too fast. I wished that the book spent less time with very basic (pun intended) VBA stuff but takes more time to make the transition to more advanced topics smoother.

Other than that, the book contains a lot of code that can easily be reused such as in my C++ tutorial that shows how to automate Outlook from a C++ program.

Permalink 03:54:05 pm, by lano1106, 167 words, 2537 views   English (CA)
Categories: Windows programming

Programming Microsoft Outlook and Microsoft Exchange 2003, Third Edition

Programming Microsoft Outlook and Microsoft Exchange 2003, Third Edition, Thomas Rizzo, ISBN: 0735614644

I have been disappointed by this book. I wanted it mostly to learn how to program Outlook. When I started reading it, I have realized that only a small portion of it was dedicated to Outlook.

Perhaps that I am harsh against the book value because I am not part of the intended readers but I guess that even readers interested to programming Exchange would not find much value of this book. I am saying so because the book is huge close to a thousand pages but it sounds like a cut and paste of the Exchange programmer user manual. When I purchase a book like this one, I expect it to be a complement to the product documentation, to give a better insight of how and why a given software works like it does. This book does not deliver up to these expectations.

The best Outlook programming book that I have found is: Microsoft Outlook Programming, Jumpstart for Administrators, Developers, and Power Users. Skip this one.

06/18/07

Permalink 09:15:15 pm, by lano1106, 93 words, 2337 views   English (CA)
Categories: Windows programming, Windows programming, TCP/IP, TCP/IP

Winsock 2.0

Winsock 2.0, Lewis Napper, ISBN: 0764580493

Windows sockets are not like BSD sockets. The book explains very well the different specific modes into which winsock can be used: Blocking mode in a dedicated thread, asynchronous mode using Windows messages and Overlapped I/O that removes some memory copying when passing buffer to send/receive data from/to sockets. It also covers the Socket classes provided with MFC. In my opinion, this book covers very well the details specific to Windows version of the socket API and that will allow the readers to take advantage of this socket API version.

06/17/07

Permalink 12:53:05 pm, by lano1106, 169 words, 2130 views   English (CA)
Categories: Windows programming, Windows programming

Inside ATL

Inside Atl, George Shepherd, Brad King, ISBN: 1572318589

ATL is an interesting C++ framework to easily create COM classes. It uses extensively the C++ templates and is coupled with Visual C++ wizards to automate the writing of skeleton code of an ATL project. However there is not much documentation coming with VC++ on ATL and there are so much options in the wizards dialog windows that unless you know what you are doing, you will probably not do the right thing. This is where this book comes in.

First, one of the coauthor, George Shepherd, is also the coauthor of the book MFC Internals that I really liked. This book does a good job to guide you through the main ATL features. My only complain is that, like almost every other book on COM that I have read, it assumes that you know nothing about C++ and COM and takes the first 2 chapters to introduce you these topics and that represents almost 100 pages of prerequisite material that should have been found only in a introduction book IMO.

:: Next Page >>

Olivier Langlois's blog

I want you to find in this blog informations about C++ programming that I had a hard time to find in the first place on the web.

| Next >

March 2024
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Search

Custom Search

Misc

XML Feeds

What is RSS?

Who's Online?

  • Guest Users: 1

powered by
b2evolution