Book Review: The Tangled web

Just completed reading “The Tangled web: A guide to securing modern applications” by Michael Zalewski.

The book is surprisingly small given the amount of information it covers about interaction of web browsers, web sites and client-side web technologies.

The book starts with the discussion of what a valid URL could look like (http://yahoo.com:80@google.com/microsoft.com – think which site is being connected to here) and then discusses several fundamental building blocks of the modern web (like cookies) as well as standard technologies (like Flash) in depth. The issue of same-origin policy and how it differs from DOM to cookie to  pseudo-urls is explained with amazing clarity.
One of the best things about this book is that it makes regular references to RFCs for authoritative answers and the corresponding deviant [and undefined] behavior implemented by the browsers.
The book also covers new (HTML5) security features in detail.
While reading the book, occasionally I felt information overload but I think the “Tangled web” and not the book “Tangled web” is responsible for that.

I would strongly recommend this book for anyone who deals with web[site] security as well as parsing HTML.

Disclosure: We both work for [different teams under] Google Security.

Book Review: Steve Jobs by Walter Isaacson

Steve Jobs

The book is 50% story of Jobs and 50% history of the Valley.
From the beginning of Apple to it becoming the world’s most valuable company, the book covers everything in depth (and is a bit too long)
Some of the key things in the book are Steve Job’s fruitarian diet, journey to India, love for absolute minimalism, extreme (positive as well as negative) treatment of employees, relation with Bill Gates (and Microsoft), battle with Google, battle with cancer and a strong belief that normal rules simply don’t apply to him.
The book covers a few major ideas including iTunes store (which brought music online), making of Toy Story, development of iPhone and iPad in detail.
At several points, the author clearly illustrates that Apple’s designers and NOT engineers make the rules, for example, during the iPhone 4 antenna fiasco.
Overall, it was a nice read, especially, when reading it along with In the Plex which is about Google.

Book Summary: In the Plex by Steven Levy

An amazing book which describes Google’s journey right from its beginning in the Stanford dorm. The author interviewed several top echelons of Google and presented several interesting insider anecdotes and stories of Google.

The book provides details of major projects like Gmail, Google Desktop, Google News and Google Toolbar, Google Books and the failure of Orkut. It also describes the process of acquisition of YouTube, Blogger, Docs, GrandCentral and Double Click.

In the Plex

Following are the few salient points. The book has many more interesting anecdotes which I am forced to skip here.

Read More

Female Foeticide

The first episode of Aamir Khan’s show Satyamev jayate raised the issue of female foeticide in Rajasthan. While the show asked for stringent laws, it missed a few major reasons behind the same.

Read More

Book Summary: Imagining India by Nandan Nilekani

The book presents a generalists view of post-independent India. Unlike India Unbound, this book focuses primarily on post-independent India and takes a more pragmatic approach towards understanding the problems of contemporary India.  The best parts of the book are the interesting contradictions that the nation went through – love/hate relationship with the English language, fear of technology, and neglected urban development.

Imagining India

Overall, the book is divided into four sets of ideas, that have arrived, that are in progress, that are still being debated, and finally, that have yet to become part of public debate.

I have highlighted the best sections of the book in bold.

Read More

Towards a broken future of Internet

Internet, which initially started as a DARPA experiment is [still] under the indirect control of USA government through ICANN despite several objections from Europe as well as IBSA. This worked when most users were from the western world with the notable exception of China and few minor quirks. But in the past few decades, not only the governments around the world are putting more controls but also the internet users (as well as enterprises) are fighting back against US control. In this blog post, I will describe the main threats to the existence of (current form of) Internet.

Read More