book

A book is a set of written, printed, illustrated, or blank sheets, made of ink, paper, parchment, or other materials, usually fastened together to hinge at one side. read more at WikiPedia

  • Apache Maven books

    apache_maven

    Questions for the official certification.

     JavaBlackBelt is a community for Java & open source skills assessment. It is dedicated to technical quizzes about Java related technologies. This is the place where Java developers have their technology knowledge and development abilities recognized. Everybody is welcome to take existing and build new exams.

     

    maven.the.definitive.guide BetterBuildsWithMaven

    Maven: The Definitive Guide (Readable HTML alpha release)

    Better Builds with Maven (Free PDF)

    • Covers:Maven 2.0.4
    • Publisher:DevZuz
    • Published:March 2006
    • Authors: John Casey, Vincent Massol, Brett Porter, Carlos Sanchez

      Better Builds with Maven is a comprehensive 'How-to' guide for using Maven 2.0 to better manage the build, test and release cycles associated with software development. The chapters include:

      • An introduction to Maven 2.0
      • Creating, compiling and packaging your first project
      • Best practices and real-world examples
      • Building J2EE Applications
      • Extending builds by creating your own Maven plugins
      • Monitoring the health of source code, testing, dependencies and releases
      • Team collaboration and utilising Continuum for continuous integration
      • Converting existing Ant builds to Maven
    0596007507_cat  

    Maven: A Developer's Notebook

     

     

     

  • Big Bang Blockchain: La seconde révolution d'internet de Stéphane Loignon

    La blockchain est annoncée comme une révolution technologique, économique, politique et sociétale aussi puissante qu’Internet. Cette « chaîne de blocs » promet d’être l’outil incontournable de demain. 

    À quoi sert la blockchain ? 

    Cette nouvelle technologie permet avant tout d’envoyer de l’argent en ligne sans intermédiaire : ni banque, ni compagnie de carte de crédit. Elle pourrait bouleverser la finance, l’assurance et le transfert d’argent tout en étant le moteur d’un vaste mouvement de décentralisation de l’économie numérique. Grâce à elle, certains rêvent déjà « d’ubériser Uber ». Cette « invention géniale », selon Jean-Claude Trichet, l’ancien président de la Banque centrale européenne, donne également la possibilité d’enregistrer de l’information de manière immuable : diplômes, documents administratifs, titres de propriétés et même bulletins de vote. Les démocraties et les administrations vont pouvoir se réinventer !
    Passionné par cette transformation en cours, le journaliste Stéphane Loignon l’analyse dans cette grande enquête réalisée auprès de 48 spécialistes dans sept pays (créateurs de start-ups, experts de grands groupes, financiers, universitaires, députés…). Avec enthousiasme, esprit critique et pédagogie, il décrypte le fonctionnement de la blockchain, explique ses enjeux, évalue son potentiel et expose toutes les applications existantes et futures. Une révolution qui nous concerne tous.

    Trés bonne introduction á la technologie du blockchain, sans rentrer dans trop de détails techniques. Stéphane Loignon commence par nous amener dans un voyage vers le future pour nous présenter à quoi pourrait ressembler un monde post-blockchain, par la suite il retrace l'histoire et l'origine de cette technologie révolutionaire . Le livre ensuite dévelope le potentiel et les impacts de la blockchain vu par des startups, états, banques et dans des domaines variés: économique, sociale, politique...

    L’irruption de la blockchain laisse entrevoir un monde radicalement différent, plus efficace, plus transparent, plus automatisé, où nous seriont tous plus libre et mieux considéré comme consommateur, travailleur et citoyen. Comment collecter les taxes et les impôts dans ce nouveau monde ou tout sera decentralisé sera un challenge, qui occupera bon nombre d'experts dans les mois et années à venir ;-)

    Acheter sur Amazon

     

  • Contest - Win a book PacktPub “Joomla! 1.5 Site Blueprints”

    It starts today. The winner will be announced on September 25, 2010, before Midnight GMT+1.

    Win a book PacktPub “Joomla! 1.5 Site Blueprints”

    pakct.joomla.1.5.blueprint 
    Here are the basics but PLEASE read all the rules.

    1. You must be 18 years or older to enter
    2. You must be following me http://www.twitter.com/cedricwalter
    3. You must send out the following tweet EXACTLY as it appears – failure to do so will disqualify you – do NOT put @ sign in front of cedricwalter anywhere in the Tweet
    4. The prize will be awarded on September 25, 2010
    5. I will ship the book anywhere in the world free of charge but  if you live outside  Europe you are responsible for any taxes, custom duties in the event you win.

    Here’s the tweet you should send…

    Win a book Packt Publishing “Joomla! 1.5 Site Blueprints” from Cédric Walter. Pls RT. Info at: http://tinyurl.com/32cu8up

    I will We keep a record of each tweet in a database and then a random number generator picks the winner. Due to limited time, I cannot and will not answer ANY questions about the contest on Twitter or via e-mail. The information you need is all right here.

    Here’s some of the fine print – PLEASE READ IT CAREFULLY.

    If you’d like to enter to win, first, go to Twitter and if you don’t already have an account there, set one up. It’s free. Then follow me – Cedric Walter. Go to http://www.twitter.com/cedricwalter and click on the Follow button that appears under my profile.

    That’s it. Just follow me on Twitter. (http://www.twitter.com/cedricwalter). Send out the tweet listed above – and you’re done.


    But this is important – only do this ONE TIME! It does not in any way improve your odds if you Tweet this message more than once. You will not be penalized if you do it more than once, but it won’t help. If you do send it more than once, you’ll just make your followers mad and you WILL NOT increase your odds. PLEASE don’t ask me to check if you’ve already entered or if your entry qualifies.

    If you are already following me on Twitter – you don’t need to un-follow and then re-follow. In fact, if you follow and un-follow me more than twice, you will be blocked. People who follow me just for the contests and who drop in and out will be blocked from my Twitter account.

    You must be at least 18 years old to win. All taxes are the responsibility of the winner. The decision of the judges is final. The winner will be announced on www.twitter.com/cedricwalter , and www.waltercedric.com  September 25, 2010, sometime before Midnight, GMT+1.

    This contest is void where prohibited by law. The contest is open to anyone, world wide as long as you live in a country where contests such as this one are legal. If you live in Quebec Canada for instance, you may not participate since contests like this one are illegal there without payment of a bond. It’s your responsibility to ensure that contests like this one are not prohibited by your local law. Actual prize awards will only happen after your execution of an affidavit of eligibility.

    You will not be able to enter as long as your tweets are private.
    We will not answer questions about the contest other than to point you to these rules.
    If any part of this makes you uncomfortable, or if you don’t like the fact that I do these giveaways, please don’t participate.

    Thanks for your support.

  • CryptoParty Handbook v1.1 has been released

    cryptoparty

    CryptoParty is a grassroots global endeavor to introduce the basics of practical cryptography such as the Tor anonymity network, key signing parties, True Crypt, and virtual private networks to the general public.

    The first draft of the 442-page CryptoParty Handbook (the hard copy of which is available at cost), was pulled together in three days using the book sprint approach, and was released 2012-10-04 under a CC-BY-SA license; it remains under constant revision.

    The CryptoParty Handbook v1.1 has been released and you download or edit here

    Why Privacy Matters
    Privacy is a fundamental human right. It is recognized in many countries to be as central to individual human dignity and social values as Freedom of Association and Freedom of Speech. Simply put, privacy is the border where we draw a line between how far a society can intrude into our personal lives.

  • Free IBM book on migrating to desktop Linux

    "The goal of this IBM Redbook is to provide a technical planning reference for IT organizations large or small that are now considering a migration to Linux-based personal computers. For Linux, there is a tremendous amount of "how to" information available online that addresses specific and very technical operating system configuration issues, platform-specific installation methods, user interface customizations, etc. This book includes some technical "how to" as well, but the overall focus of the content in this book is to walk the reader through some of the important considerations and planning issues you could encounter during a migration project. Within the context of a pre-existing Microsoft Windows-based environment, we attempt to present a more holistic, end-to-end view of the technical challenges and methods necessary to complete a successful migration to Linux-based clients."
    Download PDF here

  • Google: some books worth reading

    Some interesting book that draw my attention:

    Commercials

    • Google secrets: How to get a top ranking, ebook by Dan Sisson. A how-to guide for getting your website ranked in the top 10 on the Google search engine. 109 pages full of tips, best practices, checklists, and samples. I found that it is also available as PDF here for Ex. A website is also available with some extract of the book, extended chapter summary. In the meantime, I discover a lot of litterature on the subject:
    • Google Hacks: 100 Industrial-Strength Tips & Tools
      by Tara Calishain, Rael Dornfest (Oreilly ISBN: 0596004478). review [amazon]
    • How to Do Everything with Google (McGraw-Hill Osborne Media ISBN: 0072231742) review [amazon]

    Free papers

    • The Google cluster (Published by the IEEE Computer Society 0272-1732/03/$17.00 Ù 2003 IEEE) an interesting paper with a lot of figures which try to determine the number of machine, used by google. As always, full of superlatives (read power consumption chapter)
    • Googled is a collaborative blog which try to write a book online (start in 2003). Readers can submit freely ideas, information and comments. Seems dead now and outdated

    Google speak!

    • Google is also though Google's labs releasing some top informations about their technologies that make them the best search engine today.
    • Let me finish this news with some FREE tips and feature descriptions provided by the king itself Google features

    for finishing, a very good internet portal http://www.pandia.com/
    Happy googling ;-)
    You can also try Google AdWords: You market your own site, or an affiliate marketing site, via the Google AdWords program and Google AdSense: You get paid by Google to put AdWords ads on your own site. They makes sure that all of the ads that run on your site are relevant to the type of content you have on your site.

    200 million searches per day, 100,000 advertisers
  • Joomla! 1.5 Site Blueprints received

    Joomla! 1.5 Site Blueprints 

    A warm thanks to PACKT publishing for having sent me this book free of charge for review!

    Note:

    I will offer this book after the review randomly to one of my twitter follower!!!! more details soon.

    Here is a link to Packt online shop

     

     

    What you will learn from this book :

    You will see how to build the following site projects:

    • A company website
    • A fan site for users wishing to share their interests by blogging – built around the Blog module
    • An events site for listing events from multiple users – built around the Events module
    • A Community Portal for social networking
    • A newspaper site for publishing an online newspaper or magazine
    • An e-commerce website with Ubercart
    • A directory site for listings in several categories
    • A photo sharing site for publishing and organizing images from multiple users
    • A Googlemap site to create complex Googlemap mashups
    • A news aggregating site for publishing news feeds from several sources

    Language :English
    Paperback :270 pages [ 235mm x 191mm ]
    Release Date :May 2010
    ISBN :1849511705
    ISBN 13 :978-1-849511-70-4
    Author(s) :Timi Ogunjobi

  • JoomlaPatches for Joomla 1.0.15 for SecurityImages 4.x only

    The 22 february 2008 also marks an incremental bug fixing and security update for Joomla! 1.0 series software." [..]

    Joomla 1.0.15 is out!

    These are original Joomla 1.0.15 files modified to support com_SecurityImages 4.x ONLY:

    • Use SecurityImages in contact section
    • Use SecurityImages in login module
    • Use SecurityImages in registration component
    • Use SecurityImages in administrator login page

    First upgrade Your site to Joomla 1.0.54, then apply this patch with FTP/SCP by overwriting one more time all files with zip content

    Download it here, thanks to the user in my forum mirjam for having prepared them :-)

  • Metrics and Models in Software Quality Engineering book - Adisson Westley

    "For more than 50 years software has been a troublesome discipline. Software's problems are numerous and include cancelations, litigation, cost overruns, schedule overruns, high maintenance costs, and low levels of user satisfaction. The problems with software occur more often than not. My company's research indicates that more than half of large software projects will encounter some kind of delay, overrun, or failure to perform when deployed. But software does not have to be as troublesome as it has been. Some complex software projects do achieve their delivery schedules and cost targets, and behave properly when used. Throughout my career in software I've been interested in what distinguishes successful software projects from failures and disasters. It happens that the main factors leading to software success are easily identified when side-by-side comparisons of similar projects are performed, where one set was successful and the other set was troublesome. The successful software projects achieve excellence in software quality control, and they are able to do this because of excellence in software quality measurements. Although it might be thought that excellent software quality control is expensive, it turns out to yield a very positive return on investment. When canceled software projects and disasters are studied by means of "autopsies," they all have similar patterns: Early phases of troubled projects are handled carelessly without adequate requirements analysis or design reviews. After rushing through the early phases and seeming to be ahead of schedule, problems begin to mount during coding and testing. When testing begins in earnest, serious problems are detected so that schedules and cost targets cannot be achieved. Indeed, some software projects have so many serious problems—termed bugs or defects—that they are canceled without completion. By contrast, successful projects are more thorough at the start. The requirements are carefully analyzed and the designs are formally inspected. This takes some time and adds upfront costs, but once coding and testing begin, the value of careful quality control allows the projects to move rapidly to a successful conclusion. Stephen Kan and I both learned the importance of software quality control and good software quality metrics at IBM. Even though Stephen and I worked in different IBM labs during different decades, we have some common viewpoints. We have both been convinced by empirical evidence that without excellent software quality control, large system development is hazardous and likely to fail. We also both know that effective software quality control is built on a foundation of careful measurements using accurate metrics."

    A free metrics plugin for eclipse is also available on sourceforge "Provide metrics calculation and dependency analyzer plugin for the Eclipse platform. Measure various metrics with average and standard deviation and detect cycles in package and type dependencies and graph them." http://sourceforge.net/projects/metrics/
  • Preventing SQL Injection Attacks on your Joomla! Websites

    This article is extracted from:
    Joomla! Web Security

    Secure your Joomla! website from common security threats with this easy-to-use guide

    image004
  • Learn how to secure your Joomla! websites
  • Real-world tools to protect against hacks on your site
  • Implement disaster recovery features
  • Set up SSL on your site
  • Covers Joomla! 1.0 as well as 1.5
  • For more information, please visit:
    http://www.PacktPub.com/joomla-web-security-guide/book

    Joomla!, a very popular content management system (CMS) is as you may know an easy-to-deploy-and-use content management system. This ease of use has lent itself to rapid growth of both the CMS and extensions for it. You can install it on almost any host, running Linux or Windows. This highly versatile software has found itself in such lofty places as large corporate web portals, and humble places such as the simple blog.

    Joomla! itself is inherently safe, but misconfigurations of the CMS, vulnerable components, hosts that are poorly configured, and weak passwords can all contribute to the downfall of your site. Hence, it's always better to ensure the security of your site.

    In this article by Tom Canavan, we will take a look at how SQL injection attacks can occur to your Joomla website, how we can test for SQL injection attacks, and how to stop SQL injection.

    Introduction

    Mark Twain once said, "There are only two certainties in life-death and taxes." Even in web security there are two certainties: It's not "if you are attacked", but "when and how" your site will be taken advantage of.

    There are several types of attacks that your Joomla! site may be vulnerable to such as CSRF, Buffer Overflows, Blind SQL Injection, Denial of Service, and others that are yet to be found.

    The top issues in PHP-based websites are:

    • Incorrect or invalid (intentional or unintentional) input
    • Access control vulnerabilities
    • Session hijacks and attempts on session IDs
    • SQL Injection and Blind SQL Injection
    • Incorrect or ignored PHP configuration settings
    • Divulging too much in error messages and poor error handling
    • Cross Site Scripting (XSS)
    • Cross Site Request Forgery, that is CSRF (one-click attack)

    SQL Injections

    SQL databases are the heart of Joomla! CMS. The database holds the content, the users' IDs, the settings, and more. To gain access to this valuable resource is the ultimate prize of the hacker. Accessing this can gain him/her an administrative access that can gather private information such as usernames and passwords, and can allow any number of bad things to happen. When you make a request of a page on Joomla!, it forms a "query" or a question for the database. The database is unsuspecting that you may be asking a malformed question and will attempt to process whatever the query is. Often, the developers do not construct their code to watch for this type of an attack. In fact, in the month of February 2008, twenty-one new SQL Injection vulnerabilities were discovered in the Joomla! land. The following are some examples presented for your edification. Using any of these for any purpose is solely your responsibility and not mine:

    Example 1

    index.php?option=com_****&Itemid=name&cmd=section§ion=-
    000/**/union+select/**/000,111,222,
          concat(username,0x3a,password),0,
        concat(username,0x3a,password)/**/from/**/jos_users/*

    Example 2

    index.php?option=com_****&task=****&Itemid=name&catid=97&aid=-
    9988/**/union/**/select/**/
    concat(username,0x3a,password),0x3a,password,
    0x3a,username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/
    from/**/jos_users/*

    Both of these will reveal, under the right set of circumstances, the usernames and passwords in your system. There is a measure of protection in Joomla! 1.0.13, with an encryption scheme that will render the passwords useless. However, it does not make sense to allow extensions that are vulnerable to remain. Yielding ANY kind of information like this is unacceptable.

    The following screenshot displays the results of the second example running on a test system with the vulnerable extension. The two pieces of information are the username that is listed as Author, and the Hex string (partially blurred) that is the hashed password:

    You can see that not all MD5 hashes can be broken easily. Though it won't be shown here, there is a website available where you enter your hash and it attempts to crack it. It supports several popular hashes.

    When I entered this hash (of a password) into the tool, I found the password to be Anthony.

    image001

    It's worth noting that this hash and its password are a result of a website getting broken into, prompting the user to search for the "hash" left behind, thus yielding the password.

    The important news, however, is that if you are using Joomla! 1.0.13 or greater, the password's hash is now calculated with a "salt", making it nearly impossible to break.
    However, the standard MD5 could still be broken with enough effort in many cases. For more information about salting and MD5 see: http://www.php.net/md5.

    For an interesting read on salting, you may wish to read this link:www.governmentsecurity.org/forum/lofiversion/index.php/t19179.htm

    SQL Injection is a query put to an SQL database where data input was expected AND the application does not correctly filter the input. It allows hijacking of database information such as usernames and passwords, as we saw in the earlier example.

    Most of these attacks are based on two things. First, the developers have coding errors in their code, or they potentially reused the code from another application, thus spreading the error. The other issue is the inadequate validation of input. In essence, it means trusting the users to put in the RIGHT stuff, and not put in queries meant to harm the system.
    User input is rarely to be trusted for this reason. It should always be checked for proper format, length, and range.

    There are many ways to test for vulnerability to an SQL Injection, but one of the most common ones is as follows:

    image003 

    In some cases, this may be enough to trigger a database to divulge details. This very simplistic example would not work in the login box that is shown. However, if it were presented to a vulnerable extension in a manner such as the following it might work:



    This "posting" method (presented as a very generic exploit and not meant to work per se in Joomla!) will attempt to break into the database by putting forward queries that would not necessarily be noticed.

    But why 1=1- - ? According to PHP.NET, "It is a common technique to force the SQL parser to ignore the rest of the query written by the developer with-- which is the comment sign in SQL."

    You might be thinking, "So what if my passwords are hashed? They can get them but they cannot break them!"

    This is true, but if they wanted it badly, nothing keeps them from doing something such as this:

    INSERT INTO jos_mydb_users
    ('email','password','login_id','full_name')
    VALUES (This email address is being protected from spambots. You need JavaScript enabled to view it.','default','Jdoe','John Doe');--';

    This code has a potential if inserted into a query such as this:

    http://www.yourdomain/vulnerable_extension//index.php?option=com_vulext
    INSERT INTO jos_mydb_users
    ('email','password','login_id','full_name')
    VALUES (This email address is being protected from spambots. You need JavaScript enabled to view it.','default','Jdoe','John Doe');--';

    Again, this is a completely bogus example and is not likely to work. But if you can get an SQL DB to divulge its information, you can get it to "accept" (insert) information it should not as well.

    


    This article is extracted from:
    Joomla! Web Security

    Secure your Joomla! website from common security threats with this easy-to-use guide

    image004
  • Learn how to secure your Joomla! websites
  • Real-world tools to protect against hacks on your site
  • Implement disaster recovery features
  • Set up SSL on your site
  • Covers Joomla! 1.0 as well as 1.5
  • For more information, please visit:
    http://www.PacktPub.com/joomla-web-security-guide/book


    Testing for SQL Injections

    The following examples are known good tests to detect some SQL Injection vulnerabilities.

    Check for input vulnerabilities using "Single Quotes", as used in the following login form:

    howdy' OR 1=1- -

    This popular method is sometimes used in the form of a URL and you may see it appended to the INDEX.PHP in your log as follows:

    /index.php?id=howdy' OR 1=1 - -

    You may also wish to try inputting one of these popular methods:

    ' OR 1=1 - -

    " OR 1=1 - -

    'OR 'x'='x

    There are several more methods and this only scratches the surface of SQL Injections. They attempt to pass unchecked INPUT to the database, which will try to divulge an answer, rather than providing no answer.

    Note that you may see the use of the keyword UNION in your logs (see earlier examples). This is usually an early indicator that an attempt is being made on your site.

    To learn more about SQL Injections from a developer's point of view, please refer to the following:

    http://us3.php.net/manual/en/security.database.sql-injection.php

    A Few Methods to Prevent SQL Injections

    This is somewhat beyond the scope of this article, but the following are some things to touch upon:

    Developers should ALWAYS validate the user input, that is, test for type, length, format, and range, and always consider what malicious input may be thrown at the queries.

    DO NOT assume anything about the user input. For example, you shouldn't assume that an upload box for images won't be used for some other purpose. You should restrict the uploads to file types that you want to accept.

    How will your application behave if a malicious user enters a 100-megabyte JPG where your application expects a username?

    What will happen to your site if a DROP TABLE statement is embedded in a text field? What about a database command such as INSERT?

    The answer is: Always enforce the size. If the maximum input is 2 Meg, then enforce it. Don't allow bigger inputs because your users might be unhappy. If the maximum character length should be eight, do not allow inputs beyond it. This will prevent a buffer overfl ow, and other madness.

    Test the content of the string variables and accept only the expected values. Reject entries that contain binary data, escape sequences, and comment characters. This is a common technique.

    DO NOT ALLOW SQL statements directly from the user input. Provide a solid user interface that validates the users' input and then uses it.

    String concatenation is the primary point of entry for a script injection. So NEVER concatenate user input that is not validated, and has been checked to ensure that it has no nasty payloads.

    ALWAYS assign user rights within your SITE (including you) with the LEAST privileges needed. This keeps down the possibility of using the unnecessary privileges to take over the site.

    NEVER connect to the database as an admin, superadmin, or the database owner. Always keep these particular users for administrative use only.

    And According to PHP.NET

    "Check if the given input has the expected data type. PHP has a wide range of input validating functions, from the simplest ones found in Variable Functions and in Character Type Functions (for example, is_numeric(), and ctype_digit() respectively), and onwards to the Perl compatible Regular Expressions support.

    If the application waits for numerical input, consider verifying data with is_numeric(), or silently change its type using settype(), or use its numeric representation by sprintf()."

    There are commercially available tools such as Accunetix that can test for SQL Injections, and several sites that list recent and past extension vulnerabilities.

    In essence, test your system using some of the methods mentioned, provide it an input that is totally off the wall, or find some of the exploits and try them on your test server.

    Lastly, keeping your system patched is probably one of the best methods to prevent SQL Injections.

    About the Author

    A twenty-three year veteran of the Computer Business, and a Data Center Technology Consultant to Fortune-1000 Companies, Tom Canavan is a Certified Ethical Hacker and has a degree in Robotics and Numerical Control. He is author of the book Dodging the Bullets – A Disaster Preparation Guide for Joomla! Based Websites.

  • Recommended Book for Joomla!

    I highly recommend you these books, especially "Joomla! Web Security" by Tom Canavan as it will help you to secure your Joomla! site in an efficient way.

     

    joomla.web.security learning.joomla.extensions.development  
    Joomla! Web Security
    by Tom Canavan

    Learning Joomla! 1.5 Extension Development: Creating Modules, Components, and Plugins with PHP

     

    From the same author "is your site ready?" Disaster planning, preparation and recovery for Joomla! sites
    View all presentation on SlideShare about Joomla!