Slashdot Mirror

Part of this bundle, which HumbleBundle.com has under the "Pay what you want!" section, is:

Hacking the Xbox: An Introduction to Reverse Engineering by Andrew "bunnie" Huang

Before getting too excited about this offering from HumbleBundle.com, keep in mind that the publisher has previously made this available completely free. (See: Hacking the Xbox: An Introduction to Reverse Engineering by Andrew "bunnie" Huang, for free.)

He was a 'security' contractor in Iraq who got ousted shortly before Rumsfeld did. Which shows up in his book as mostly misunderstanding the success of the surge, and how the insurgency was defeated sufficiently for Obama to call the war over.

What is this doing on Slashdot? And what does someone have to do to get a book review published here? I wrote a review of If Hemingway Wrote Javascript, which is a better book and actually related to tech. Why is this stuff showing up on Slashdot when reviews of tech books are not?

One of my first forays into the realm of hardware hacking was following along as you recorded your exploration of the original Xbox console. I was fascinated by the hardware, but enjoyed your analysis and methods even more. It was you that got me interested in hardware and hacking. (Aside: Thank you very much for releasing your book as a freely-available download and for the open-letter about Aaron and MIT)

What was the most memorable experience for you of your Xbox expose? Was there a particular part of the hardware that you found especially well-designed (or laughably poor)? A method that yielded unexpected success (or failure)? What kind of fallout from Microsoft did you face? I remember you posting the voicemail of the Microsoft employee asking you to remove the images of the Xbox ROM -- something I got a good laugh out of. And as a follow-up: do you have a feeling for how "secure" hardware has changed in the decade since the original Xbox launch?

Thanks for taking the time to answer our questions, and also for all the work you've done pushing for a world with both open software and open hardware.

His book, Hacking the Xbox, is now available for free: http://www.nostarch.com/xboxfr... The chapter on the methods he used to actually bypass the system's boot security was fascinating.

No Starch Press for instance.

That's called "Networking". Your operating system selects the source port, and it must be above port 1023. This is the port that data comes back to. A connection is unique by src/dest/srcpt/dstpt, so if you want to connect to the same server on port 80 multiple times you need to use multiple source ports.

You obviously don't know shit about networking. I trust No Starch Press as much as O'Reilly (these are both very high quality publishers), but can't speak for that book in particular. I'll probably buy it (Yes it's pricey) because I don't know shit about IPv6 and my first 50 encounters have bewildered me. I get concepts, but I don't get the new protocol... can't live with that.

Some more:

http://nostarch.com/
http://pragprog.com/
https://www.baenebooks.com/t-drm.aspx
http://www.dragonmount.com/index.php/News/book-news/new-drm-free-ebook-store-r401
http://lifehacker.com/5946956/grab-a-bundle-of-drm+free-ebooks-on-the-cheap

If you can set up your gateway to export Netflow data, you get excellent data for tracking your traffic (connection metadata) without all the bulk of keeping a full copy of the traffic.

There's a large number of tools available for collecting, analyzing and otherwise dissecting collected Netflow data, with a good number most likely available via your favorite free Unix-like operating system's packages collection. My favorite combo is to set up an OpenBSD box as the gateway, have it export traffic data via the pflow(4) facility and do the collection and analysis bits somewhere via nfdump/nfsen (see eg nfsen.sourceforge.net for info).

There are various resources available within direct reach of web search, but I would also recommend taking a look at Michael W. Lucas' book Network Flow Analysis for a nice treatment of Netflow in general (it uses flow-tools, but most of what he writes will be useful in the context of other tools too).

I really wish I had a book like this as a kid.

Also a fan! Also, he wrote a book on Xen.

So since I have had one of the early ebook devices (Sony prs) I have always had to look for ebook stores outside of the big 3 that are linked to the devices. Here are some of the ones where I shop:
no starch press
fictionwise
wowio - graphic novel ebooks
oreilly technical books
smashwords
Baen web scription
the ENTIRE Vorkosigan Saga

The article is misleading. IPtables isn't as bad as it suggests and has had dynamic rules since always.

You linked to the old version of the book of PF'. It's an excellent book.

Anyone who uses iptables a lot really should try pf. They will love it.

Over in OpenBSD land, PF has supported tables of IP addresses that can be manipulated on the fly for years (see eg these table samples. One common use is (courtesy of another useful adaptive feature called state tracking options) to detect and block bruteforcers (see eg this set of tutorial examples). In addition, the OpenBSD versions of dhcpd and bgpd as well as other applications are routinely set up to interact with your filtering config via tables.

Another adaptive or dynamic feature is anchors, named sub-rulesets where applications such as a proxy (ftp-proxy for example) or relayd (the load balancer) can insert and delete rules as needed. You can manipulate rules inside anchors from the command line too, of course.

My BSDCan slides has more material, as of course does The Book of PF, and never forget The PF docs as the authoritative source.

- such as No Starch press (http://nostarch.com), and quite possibly others.

Don't forget the biggest of the DRM-free ebook publishing houses: Baen.

They focus on a fairly narrow niche (Sci-fi, especially military sci-fi, with some fantasy), but within their niche they're a dominant dead-tree publisher and in general I think they were the first e-book publisher to really "get it". Everything they sell is available in multiple non-DRM'd formats, their prices are reasonable ($4-$6 for individual books, or they sell $15 bundles containing 5-6 books) and they even offer a Free Library containing complete titles from all of their top authors. They've also pioneered an interesting practice of including a CD with dozens of full novels (mostly NOT from the Free Library) in the back of their hardback editions, and they actually encourage sharing of those CDs and fully support the efforts of someone who has put these CD images online for free download.

Baen has been selling e-books this way for over a decade now (since 1999), and what started has something of an experiment has continued as a very profitable business plan.

I find it's always worth mentioning that there are publishers out there who respect their customers enough to not do the DRM dance, and from the author's view (yes, I am one) the danger of people not reading your stuff is more scary than the danger of not getting paid for every last copy.

Full disclosure: I have a book out on No Starch, The Book of PF, 2nd ed.

I find it's always worth mentioning that there are publishers out there who respect their customers enough to not do the DRM dance, and from the author's view (yes, I am one) the danger of people not reading your stuff is more scary than the danger of not getting paid for every last copy.

Full disclosure: I have a book out on No Starch, The Book of PF, 2nd ed.

It's probably worth mentioning that there's at least one tech books publisher that publishes e-book versions in several formats (IIRC you get them all in a zip archive), with no DRM. That publisher is No Starch Press (http://nostarch.com).

I think for most of the writers who publish on No Starch, the thinking is that readers should have access to the material the form that's convenient to them, with as few restrictions as possible. For my own part, I see the bittorent trackers that turned up about four hours after the PDF version of the first edition of my book mainly as a sign that people appreciate my work.

Full disclosure: I have a title out on No Starch that's been available as ebook before the printed version is available (expected about Nov 10th), see http://nostarch.com/pf2.htm

He has ebook version for sale for half the price, and that comes in Mobi (which Kindle will read) and ePub (which iBooks will read). And PDF for printing.

Actually, it looks like the mobi & epub just became available!

http://nostarch.com/lisp.htm

I'm interested in learning the essentials of statistics. What would be a good book to start me out?

I got The Manga Guide to Statistics and it did introduce me to the very basics. However, there are many places where it just gives you an equation, without deriving it or even explaining it. After reading this book, I now know how to calculate standard deviation, but I'm still a bit vague on how people actually use it. I would like to see some examples of how people use statistics in (for example) science experiments.

My ideal book would explain the basics, with examples, and show how the math works. Ideally it wouldn't be a thousand pages long, either, but that's a secondary consideration.

Recommendations, please?

P.S. Those of you who know about statistics: how good are the Wikipedia pages on statistics?

steveha

You really need to read at least this book

http://nostarch.com/assembly.htm

Before talking about definitions.

HTH

Well, that made me laugh. Of course, some people are pretty concerned about filesharing when it comes to sharing book files. I can make an argument for and against, oddly enough.

I've got some thoughts on the topic buried somewhere in our blog: http://nostarch.com/blog

Bill

about what I have learned so far.

First, I assume you are working with other people on this. My current project, http://nostarch.com/xen.htm has two authors, along with a tech editor, a regular editor, and all the other people the publisher handles.

First, do not use a non-text format to store your book while you are still working on it. Sure, all modern GUIs have merge facilities and change tracking, but the tools are extremely clumsy compared to even the most basic text revision control system. Do not underestimate the power of diff.

Second, when dealing in text, write your rough drafts in mediawiki markup (unless you are super-familiar with Latex or the like) - it is simple, and it gives you a nice output format for dealing with rough drafts. Heck, it means that if you are working with editors that need a gui, they have one.

The idea is that everyone can use text (or wikis.) once you have the book done, you can get copyedit to put it in whatever format they like (or alternately, you can write a sed script to convert the basic mediawiki to basic latex or whatever) the basic idea is to separate the 'write the book' task from the 'format the book' task.

Subject says it all, really. The best approach is to set up an OpenBSD machine as your gateway, filter traffic using PF to any degree you desire, and please set up spamd in greylisting mode (the default).

That will take care of most of your spam right there, and you could usefully have something like a spamasassin and clamav combo running in the delivery phase on your real mail server.

Useful references: Firewalling with OpenBSD's PF (tutorial)
The Book of PF
and Effective spam and malware countermeasures: Network noise reduction using free tools

And yes, I've blogged a bit about this too, over at my blog

WRT options 3 and 4:

Option 3. Buy a Free standards based formatted ebook for way less than the paper version.

Option 4. Buy the paper version and get the Option 3 ebook version included automatically.

Option 3 - why would someone "buy" a "free" ebook? If you meant "Buy a standards-based eBook for way less than the paper version", I think a free version (as in price and as in beer) would beat the "paid" version in the marketplace;

Option 4: There's certainly nothing stopping people going the "No Starch Press" route ... check out what they're doing with torrents.

The book has more than doubled in size, from 200 to 450+ pages. Many concepts get fuller explanations (and more hands-on examples) in the second edition, and it also includes an expanded introduction to fundamental programming concepts for true beginners.

With that said, more advanced topics are also expanded: the Networking chapter is greatly fleshed out, and Shellcoding and evading Security Countermeasures get the benefit of complete chapters. And for those looking for Windows-specific exploits, unfortunately, this one isn't for you. But the book does include a Linux LiveCD so Windows users can easily follow along. Check a detailed table of contents [PDF] out right here.

And the example code used in the book is up here.

Thanks for asking! ~Tyler at nostarch.com

It would have been very nice to see a slashdot review, but for obvious reasons I can not contribute one myself :)

I also think No Starch Press makes some good books.

Back when I was at No Starch Press (an O'Reilly partner), I remember working with Bob Smith, et al. on this book, and it makes me happy to see that it's seen the light of day.

This marks the 2nd time in a couple weeks that a No Starch book has been featured here. I hope to see a bunch more.

-JM

http://nostarch.com/download/rootkits_ch2.pdf

All I have to do is send you a TAR file with an already chmod'ed ELF binary and get you to unpack it and run it. And why not? Windows users do that all the time. Heck, they get infected by executables in password-protected ZIP files, even after Winzip and Windows ask them TWICE whether they want to run it or not. And Outlook by default won't even let them open it.

But maybe when all those people switch to "GNU/Linux" they'll automagically have their IQ upgraded by 70 points. Right?

How Linux Works describes the inside of the Linux system for systems administrators,
whether you maintain an extensive network in the office or one Linux box at home.

Some books try to give you copy- and-paste instructions for how to deal with every
single system issue that may arise, but How Linux Works actually shows you how the
Linux system functions so that you can come up with your own solutions.

After a guided tour of filesystems, the boot sequence, system management basics,
and networking, author Brian Ward delves into open-ended topics such as development
tools, custom kernels, and buying hardware, all from an administrator's point of view.

With a mixture of background theory and real-world examples, this book shows both
"how" to administer Linux, and "why" each particular technique works, so that you will
know how to make Linux work for you.

... a good illustrated explanation of the steps needed to boot Ubuntu using the latest version of Ubuntu... and install the OS on the hard disk... a chapter which explains how to set up the network and log on to the internet, another for setting up your printer and scanner, still another explaining different ways of downloading and installing software... how to make the fonts on the Ubuntu machine look prettier and the steps needed to install different kinds of additional fonts such as Microsoft true type fonts... next three chapters deal exclusively in setting up and configuring audio and video in Ubuntu...

You can download the code (or purchase a PDF cheaper than the dead tree version) here: http://www.nostarch.com/frameset.php?startat=wcps Gotta love a published that has the balls to make the code available for free. I've got the Wicked Cool Shellscripts book, but find grep'ing the source a much handier way to recall examples.

The Book is published by No Starch Press, and is available from them for USD ~39 or one can be purchased at the bargain bin for USD ~5 or from eBay for USD 0.99. Covers all topics from modern Video and Sound and Network libraries in application development, and applied to entertainment purposes (which we all know is just a bend from business programming).

The author died recently (9th Month of 2005), and his page is still heldhttp://overcode.yak.net/. To summarize his death, a new and unusual Mole formed on his shoulder and within a Year it spread cancer throughout his body and lymphnodes. He was dead in a Year! He was a great man that I participated with in the forums at LINUXGAMES.COM. His book is a good reference, but is since depricated by the slowling changing APIs. John is an ex-employee of when LOKI was in business.

Those doctors made his last Year of life a living hell with all the medication they gave him. Remember folks: Vitamin-C suffocates cancer; therefore, avoid the consumption foods and drinks known to deplete Vitam-C such as Alcohol-tainted water and animal-flesh and most medication (like Aspirin).

Here's my recommendation: Linux For Non-Geeks

I don't agree with your characterization of No Starch Press books -- I think they're progressive, interesting, and highly readable. Also, I didn't "shop around" this book, so no other publisher had a chance to say no to it. I chose No Starch. You can read a sample chapter on their site.

I've been using SuSe Linux for a few years but I've also taken an interest in OpenBSD for a while. Recently I decided to give it a go. The online documentation is very well thought out. To suppliment online documentation I opted for an excellent book which should help new and experienced *nix users alike in getting the best from OpenBSD for their requirements. Absolute OpenBSD by Michael W. Lucas ISBN 1-886411-99-9 http://www.nostarch.com/ http://www.amazon.com/exec/obidos/search-handle-fo rm/103-8285097-8052630/ http://www.amazon.co.uk/exec/obidos/ASIN/188641199 9/qid%3D1129994895/026-1045610-3018009/ I like the way OpenBSD has been produced and the way in which it encourages good practice.

The book isn't $199, it's 24.95.

For some reason, the add on the bottom about prices is for a Palm Tungsten E2 PDA.

... Michal Zalewski is a Polish author and hacker who has a book named Silence on the Wire ...

• Does this guy have an axe to grind?
  
• Does this guy know what "heuristic" means?
  
• Is the technical content of this chapter worth the paper pulp used to print it?
  

Q. What to you get when you combine Apple and IBM?

A. IBM.

Shamelessly stolen from Apple Confidential.

• Conservation of energy. i.e. Laziness as a virtue, not a vice.
• Computers are toys to be played with.

Now, with that in mind I can think of some MUCH better uses of that $120 per month.

First things first, hop on over to levenger for some book storage. When I'm through with you you'll turn off that idiot-box altogether! Well, except for quality DVDs and TV shows (which are becoming all the more scarcer by the moment, don't even get me started on that topic!)!

So, unless you already have an AMPLE solution (meaning a decent bookcase with lots of pictures, carded star wars figures, hummels or whatever the heck you may be into) you're gonna NEED some first rate book-stashage! :D

Not that there's anything at all with grabbing a bit-torrent of something that's not yet out on DVD. And in my mind Netflix is a perfectly fine solution! Just more convenient than torrenting, less brain cycles that could be devoted to reading. If you haven't already, I'd highly recommend treating yourself to Lain and to Cowboy BeBop, as well as City of Lost Children.

But if you're a coder, I really honestly feel that developing fascility with Assembly is a good move. I am only part way through a great book from No Starch called [CAUTION:PDF] the "Art of Assembly" that (in the short time I've been reading it) has allowed me to tighten up my C++ code a bit! I cant wait to see the result when I am finished! I also planning to read another book I have on Assembly, but this one is so good I'm not sure how much I'll need it! I'll probably read that second book anyway though. The author contends that no matter WHAT the language in question, be it C, C++, Java, Perl, Ruby, Python, or Lisp, your coding will benefit.

I accidentally ran into the president of No Starch at the last 2600 conference. His name is Bill, and he's a really mellow very nice dude! I've been emailing him back and forth and he was nice enough to email me sample chapters from the upcoming title "Enterprise Linux Clustering". Honestly I haven't given them a thorough read, just a perusal but it seems top notch so far! I honeslty believe that No Starch is developing into the "New O'Reilly". Not in every sense of course, because O'Reilly's website is far more developed in the form of information and online instructive articles and news. Not even to mention that I have yet to be disappointed by an O'Reilly release! But NS is DEFINETLY an admirable up and commer!

Once you're through a good set of skill building in Assmebler, you can reinforce your mad skillz by moving onto what will eventually be a 3 part series specifically written for people wo like their High languages like C++ or Perl or whatever called "Writing Great Code" by the same author as the Assembly book. I understand the series to focus mostly on machine archictecture, rather than assembly which will benefit every coder from Assember on up to C or maybe even VB. From there you can move onto some more interesting uses for your newfound knowledge (sorry if I'm incorrectly assuming you to not be a veteran Assembly yoda). What's the fun of writing ANY language if all you get to write is "Hello World" shite? So you can move on to cool and useful things like how to crackpro

"How else can I help the EFF," you ask? 30% of the profits from book purchases at No Starch Press (when follow the link from the EFF's website) are donated back to the EFF.

If you don't want to buy it, go to the local Borders and read it in the cafe'. :)

Here is some more information on the book. You can even download a part of Ch5. Also, it can be purchased on this web site for $14.95 instead of $24.95 (USD).

As a slightly biased source of information (I work for the publisher, No Starch Press) I would recommend the above-mentioned title for those interested in software exploits. It's a great introduction to fundamental ways to exploit software. It may not have quotes from Schneier, but it's a great book. Check it out here: nostarch.com

by Randy Hyde at Univ California - Riverside. To learn about assembly on 80x86 processors, check out the printed book, or download the text with a Linux or Windows point-of-view. It's written in a style that's not overwhelming to the novice.

Book of Webmin page at nostarch.com

Full disclusure: I am the acquisitions editor for No Starch Press

From the interview, Bunnie Huang said:

"I'm just waiting for someone to scan the book in and put the book on the Net in free electronic form. The book is Creative Commons Licensed, so you're free to do that. I'm not releasing the book on my own in an electronic format, at least for now, because I get better legal protections shipping real paper books than selling electronic books."

We should encourage people to buy the book in addition to getting their copy electronically (for those that haven't read the article, the book is licensed under a Creative Commons license that will allow scanning the book in and distributing electronic copies). This is a great chance not only to show how the DMCA stifles free speech but to point out the hypocrisy of thinking of electronic distribution of information is somehow less worthy of free speech protection than traditional paper books. Huang is probably right that paper books enjoy more free speech protection than electronic distribution and that is sad.

In an effort to make this book easier to find and buy, visit this site and support presses that help society freely distribute information. If you have objections to buying from Amazon (who is listed on isbn.nu's price index), there are other places with better prices and availability. Buying direct from the press gives the press the most money.

I don't know when this interview was actually published, but I think it must have been a while ago-- "Hacking the Xbox" was picked up by No Starch Press, and it appears to be still published by them...