Software Development Metrics review

This book covers the metrics on software development processes. It makes a relevant effort to explain each metric in detail. It is easy to understand and the graphic material (diagrams, charts, etc) is great.

Beyond of the expected stuff (definitions, context and so on) I would highlight the availability of one model to identify/support the proper metrics in every project. Together with the metrics catalog in the book located under two major sections (metrics for steering and metrics for improvement) I would also highligh the rest of content where the author put all metrics to work.

The author also introduces each metric with a short template where you can find all relevant information about the metric. It is very useful to know/identify the metric you are looking for quickly.

I would say the author does a great job explaining the real goals of one metric. He helps to identify patterns and antipatterns while covering use cases closed to the real world.

In summary, I found an updated and fresh reference to metrics in this book. It is a great book on this topic.

I found this book available here:

• Manning Publications Co.
• Amazon.com

OpenStack in Action review

This book is really good. If you are into OpenStack, DevOps and Cloud you should read it.

The target for this book is sysadmins, developers and architects working in Cloud environments. The main topic is OpenStack but it explores another systems and solutions related to its ecosystem.

You will find the right information to understand, deploy and operate an OpenStack solution. The level of detail goes to the command line interface although it includes the proper graphical tools and dashboards to achieve the same results.

The author does a good and progressive job to introduce the different topics with each new chapter. You don’t need to read the chapters in order but I would recommend.

If you are a newcomer to OpenStack you will enjoy the second chapter where the author introduces DevStack. It provides the right testbed to follow the whole material and/or test all commands and ideas along the book.

The compute, networking and storage blocks are covered in detail. The book explains how you can configure and set the major services related to these componentes (Nova, Neutron, Cinder, etc) in OpenStack but it also explains how they interoperate and the technologies supporting them (kernel namespaces, OVS, LVM, etc)

Another strong point in the book is the way how the author covers colateral technologies required to go to production. In this field, he explains what approach is good enough to go in production but he highlights the limitations while providing alternatives (Ceph, Fuel, etc)

Related to graphics, pictures and diagrams. They are all in place. I found them clear and concise.

I would say this book contains an extensive effort to cover OpenStack and related technology. Great book.

I found this book available here:

• Manning Publications Co.
• Amazon.com

Software Defined Networks: A Comprehensive Approach review

This book is great to know what Software Defined Networks are and how they work.

The book is an enjoyable walk along this disruptive technology. It explains the traditional issues with classic and distributed networking and the pros/cons with this new approach based on Software. It has a great level of detail.

Beyond of the expected content on clear definitions, taxonomies and technologies (OpenFlow, Open vSwitch, OpenDaylight and so on) it covers the industry from different points of views (ecosystem, business, programming, maturity, etc) The illustrations and graphical stuff are very good.

Great book.

I found this book available here:

• Elsevier Store
• Amazon.com

The Docker Book: Containerization is the new virtualization review

Docker complements kernel namespacing with a high-level API which operates at the process level. It runs processes with strong guarantees of isolation and automation. The analogy of one container is pretty good.

I found the book really useful. It contains great examples. Apart of the expected overview, tool description and quick boot, it contains several use cases with focus on testing, continuous integration, service and so on. It illustrates the Docker API and comment on the right way to contribute code and documentation to Docker.

It is a short and easy book to read. It shows the real value and potential under docker. Great introduction to Docker.

I found this book available here:

• Amazon.com

Building the Infrastructure for Cloud Security review

This book introduces the different security solutions and products supported by Intel around the trusted Cloud concept. The book covers the context of Cloud computing and how new security approaches are required to face the current challenges (firmware attacks, bootkits, etc)

I would say two main topics drive the whole book: the tandem hardware-cryptography and the idea of trust chain. On these two topics authors set up their idea of building a trust chain from a secure boot foundation (compute domain) and then extending this protection to the network and storage domains in the Cloud.

It is interesting knowing how the new perimeter is defined in terms of data, its location, and the Cloud resources procesing it. I liked the chapter on boundary controls in the Cloud (Geolocation, Geo-fencing, Geo-tagging and Asset Tagging)

I found this book available here:

• Apress
• Amazon.com

JavaScript Application Design review

This book covers the process of designing a well engineered JavaScript web app. It explains in detail crucial aspects such as automation, modularity or patterns with focus on practical web development and design. It assumes you understand the basics of JavaScript.

The author shares his experience along a quite dense text. Plenty of technical details, figures and snippets of code are available in the book. The author follows an incremental approach. It starts with building stuff (tools, processes, workflow, environment, etc) and then it jumps to design (modularity, patterns, features, testing, architecture, etc) He gets a smooth transition and I suppose beginners will be happy to catch all this stuff in one only book.

My favourite part of the book was the second part, ‘managing complexity’. I enjoyed the ‘REST API design and layered service architectures’ chapter where the book covers API design pitfalls, layered service or client side consumers among other topics.

In summary, I found this book interesting. Although it doesn’t contain novel stuff I think it is a great introductory book, it highlights the right way to get the things done with JavaScript and it introduces all technologies you could need with your first JavaScript application design.

I found this book available here:

• Manning Publications Co.
• Amazon.com

RabbitMQ in Action review

RabbitMQ is an open source message broker and queueing server. It is used to share data among different applications using a common communication protocol. RabbitMQ, and similar software, is a key component when you are looking for availability, scalability and interoperability in your technical solution.

This book explains AMQP, the protocol used by RabbitMQ, and how messaging concepts map to AMQP. RabbitMQ server administration and management is covered too (CLI/GUI, REST API, etc)

Beyond of technical recipes and clear documentation the book covers messaging patterns and best practices. It teachs the way to use RabbitMQ with clustering, high availability, practical replication and security configurations.

In my opinion, this book is a great and balanced resource to break in the messaging world using RabbitMQ. The authors also included good and simple code examples to illustrate their words with useful code templates.

I found this book available here:

• Manning Publications Co.
• Amazon.com

Testing Python review

This book covers the art of software testing in Python. I found the book really useful. It contains clear, concise and practical information related to testing work in the Python community.

The book introduces relevant information and updated references on unit testing, testable documentation, test driven development (TDD) and behavior driven development (BDD), using the proper Python tools (Nose, PyTest, Pylint, etc) and automation infrastructure (Paver/Jenkins)

The author makes a great job commenting how all parts and concepts fit together (agile development, acceptance tests, Gherkin syntax, etc). He also covers performance testing (JMeter) and profiling (cProfile). Aspects related to cloud deployment/testing are mentioned together with concrete examples too.

As a side note to the previous comments, the book doesn’t cover functional testing and property-based testing. I guess those testing aspects would add a new perspective on productivity and efficiency related to functional Python.

Reading the book you will find testing techniques and tools that are in mainstream use within the Python community. Great book.

I found this book available here:

• Wiley
• Amazon.com

Platform Embedded Security Technology Revealed review

This book covers the effort of Intel to embed security technology in hardware. In detail, it introduces a tour of the embedded engine, exploring its internal architecture, security models and design details.

The book explains how this management engine is made of hardware and firmware and how those components cooperate via cryptography.

The content is light. It is technical content although it doesn’t go in depth details (structures, sizes, code and so on) It is a good overview to understand the Intel proposition in this arena and the marketing jargon used.

I found interesting the way how this technology had to pivot from networking to security use cases. Intel didn’t start from scratch this technology. I can imagine how Intel engineers reused the original design to extend functionality and how the marketing department adapted the commercial message. The author mentions how the same technology was marketed with different names in different products.

The part of the book where the author comment on rootkits, and how the engine was under attack, is a good counterpoint to understand the weak points and how hackers broke this technology in 2009.

Digital Rights Management (DRM) is covered in the book too. This part shows the way how hardware manufacturers, publishers, copyright holders, and individuals could use this technology with the intent to control the use of digital content and devices after sale.

You will find in this book an effortless, readable and clear writing style. It doesn’t cover anything in depth detail but is good enough to catch an overview of this technology.

I found this book available here:

• Apress
• Amazon.com

Hacking and Penetration Testing with Low Power Devices review

This book describes the addition of a kind of hacking and penetration testing more evolved and sophisticated than traditional and wired personal computer approach. The idea behind of this book is a low power penetration testing using tiny and cheap computers.

Over the last four decades, computer chips have become smaller, cheaper and more powerful. This book introduce The Deck, one custom Linux distribution designed to run penetration testing in low power devices easily hidden. The low power devices, or beagles, mentioned are based on systems developed by the nonprofit BeagleBoard.org Foundation.

The book teachs the way to install a base operating system together with the hacking toolbox. It describes the hardware for these beagles in depth too. There are plenty of scripting listings and commands to support this stuff.

If you know about intrussion techniques, toolkits and methodologies to break in computer networks and services you will not find any new material here (wireless cracking, nmap, metasploit, etc) In my opinion the interesting content comes from the experience of the author running pen-testing and how he uses the beagles to support the cracking effort. In detail, he comments the best way to install, hide and remove those tiny devices along the pen-testing target. The aerial drone attack approach is a good example case of how the security perimeter is impacted too.

My favourite chapter in the book is related to powering The Deck. It covers power requirements and sources (wall, USB, battery and solar power). It offers the right figures and proper web links to buy hardware if you wish.

The book covers the design of several beagles attacking in tandem too. All this coordination is radio based (802.11 and 802.15.4)

On the negative side the book contains some aspects to improve related to visual content. It needs to improve the quality of some screenshots, it is not possible the reading of characters in console captures. Some graphics appears in color and other graphics appears in BW. It would be great if all graphics were showed in a coherent way. Lastly, some desktop screenshots were taken by camera instead of capturing or dumping the desktop screen properly.

In summary, I enjoyed the reading. You won’t find any new thing in the software side if you have experience with penetration testing, but you will be able to identify how a mobile and low power hacking can be used in your daily pen-tests. Reading this book you will add new techniques and tools (hardware and software) in your penetration toolset.

I found this book available here:

• O’Reilly
• Amazon.com