(Audio)book review: We Are Legion (We Are Bob).

I have not posted a book review in almost a year, and I have not even written one for Goodreads, which I probably should do as well. I feel kind of awful for it because I do have a long list of good titles I appreciated in the meantime. So let me spend a few words on this one.

We Are Legion (We Are Bob) tickled me in the list of Audible books for a while because the name sounded so ludicrous I was expecting something almost along the lines of the Hitchikers’ Guide To The Galaxy. It was not that level of humour, but the book didn’t really disappoint either.

The book starts in the first scene in present time, with the protagonist going to a cryogenic facility… and you can tell from the cover that’s just a setup of course. I found it funny from the first scenes that the author clearly is talking of something he knows directly, so I wasn’t entirely too surprised when I found that he’s a computer programmer. I’m not sure what it is with people in my line of work deciding to write books, but the results are quite often greatly enjoyable, even if it takes a while to get into them. On this note, Tobias Klausmann of Gentoo fame wrote a two-part series1, which I definitely recommend.

Once you get on with the main stage for the book, it starts off in the direction you expect with spaceships and planets as the covers lets you to imagine. Some of the reviews I read before buying the book found it very lightweight and no-brainer, but I don’t see myself agreeing. While taking it with a lot of spirit and humour, and a metric ton of pop-culture references2, the topics that are brought up include self-determination, the concept of soul as seen by an atheist point of view, global politics as seen from lightyears away3, and the vast multitudes of “oneselves”.

Spoilers in this paragraph, yes definitely spoilers, and a bit of text so you may not read them out of line of sight. Go back to the following paragraph if you don’t want any. Indeed, it’s very hard to tell, and a question that the book spends quite a bit of time pondering over without an answer, whether the character we see in the first scene is actually the protagonist of the book. Because what we have later is a computer “replicant” of the memories and consciousness of him… and a multitudes of copies of that, each acting more or less differently from the original, leaving open the question whether the copies are losing something in the process, or whether it is the knowledge of not being the “original” that make them change. I found this maybe even more profound than the author intended.

Spoilers aside, I found the book enjoyable. It’s not an all-out bright and shiny future, but it’s also not the kind of grim and dark dystopia that appears to be a dime a dozen nowadays. The one thing that still bothers me a little bit, and that probably is because I would have fallen into the same trap, is that the vast majority of the book focuses on technical problems and solutions, though to be fair it pulls it off (in my opinion) quite healthily, rather than by hiding all the human factors away into “someone else’s problem” territory. It reminded me of an essay I had to write in middle school about the “school of the future”, and I ended up not spending a single word on people, even after the teacher pointed out I should have done so and got me to rewrite it. I’m glad there are people (who are not me) studying humanities.

I found it funny that the Wikipedia page about the book insisted on pointing out that reviewers noted the lack of female characters. That’s true, there are a handful of throwaway women throughout the book, but no major character. I don’t know if there was any way around it given the plot as it stands now though, so I wouldn’t read it too much into it, as the book itself feels a lot like a trip into one’s own essence, and I’m not sure I’d expect an author to be able to analyse this way someone else but themselves. I have not read/listened to the other books in the series (though I did add them to my list now), so maybe that changes with the change of focus, not sure.

As for the audiobook itself, which I got through Audible where it was at “special price” $1.99, I just loved the production. Ray Porter does a fantastic job, and since the book is all written in the first person (from somewhat different points of view), his voicework to make you know which point of view is speaking is extremely helpful not to get lost.

All in all, I’ve really enjoyed the book, and look forward to compare with the rest of the series. If you’re looking for something that distracts you from all the dread that is happening right now in the world, and can give you a message of “If we get together, we can do it!”, then this is a worthy book.


  1. I hadn’t realized book two was out until I looked Tobias up on Amazon. I’ll have stern words with him next time I see him for not warning me!
    [return]
  2. This happens most of the time with geeks writing books, although not all the time thankfully. From one side it does build a nice sense of camaraderie with the protagonists because they feel like “one of us” but on the other hand sometimes it feels too much. Unless it’s part of the story, like here or in Magic 2.0.
    [return]
  3. Pun totally intended.
    [return]

Book Review: Life Nomadic

I think it’s fitting that I’m starting the review of this book while sitting in the AirFrance lounge at Charles de Gaulle Airport, coming back from a four days trip to Paris to see Video Games Live playing at Le Grand Rex.

Life Nomadic was one of a set of suggestion that my dentist, of all people, gave me. Since the book is short, and it was available on Kindle Unlimited, I thought to start with it, even though it was possibly the one I was the least interesting of the list. Turns out my instincts were right and shouldn’t have even read this.

The premise of the book may be interesting, and depending on the cover you see for it, it might be what catches your eye: How to travel the world for less than you pay in rent. I find this is quite the clickbait (how do you call clickbait on a book cover?) because that’s not what it talks about at all; it’s not just travelling the world, the author argues for a complete overhaul of your life to be able to do so, and that, in my opinion, is myopic to say the least.

It might sound “trendy” to say this, but the book clearly reeks of white privilege — while the author never mentions that directly, it becomes very clear by oblique references that he’s white, and he’s clearly male, he says that at the beginning. He’s also healthy, and he’s insisting that this is thanks to his diet, rather than having won the health lottery and having grown up in a rich, healthy environment.

Indeed, the whole premise of the book is that if you’re privileged, in one way or another, travelling around the world is easy. But until you get to the end, when he’s talking about what to do with work (again in a fairly myopic way), you don’t realize that all his suggestions hinge on one important node: you have to be able to risk your job.

Forget to follow the advises of these books if (and this is an incomplete list, I’m sure):

  • you have a medical condition, light or heavy, that requires you have a relationship with a medical professional — I find it difficult to make appointments with my diabetologist while travelling for work, and with a relatively fixed schedule, if I were to follow his advise of just taking whichever next flight comes to your mind, I would probably be half-dead with untreated diabetes.
  • you are not American or European, as he’s ignoring all the difficulties of getting visas for most other nationalities; it is true that if you have an American or European passport getting visas for most of the world is just triviality and spending some money, it is less the case if you have other nationalities — and in some cases, it might actually get you outright in trouble;
  • you are not a white male, for whichever part of the world — the book starts with the author recounting doing something quite illegal and being given a slap on the wrist by the authorities; while it is true that I’d fear American police more than the rest of the world right now, plenty of stories from friends and acquaintances tell me this is a privilege; the risk of jail time is real if you’re not white even in Europe, let alone what may happen in some random country in which you happen to be one of the most obscure minorities;
  • your work actually requires presence, or timing, or any kind of (even flexible) schedule — the author does not quite specify what he works on, except by describing himself as a “die hard entrepreneur”; he says he stared by writing some software to sell, and points out he was mostly living off royalties of a previous book he published; I’ll get back to this;
  • you have any family ties at all — a relative, parent, close friend that is ill, or that you support directly or indirectly, as a lot of the talk in this book relies on how “cheap” (compared to US dollars) is the life in many developing countries.

To expand a little bit about how myopic his advises are, I’ll also point out how they can’t even apply to me, and I’m a well-off, single, straight, white guy with (loose) family ties. Even seeing my doctor three times a year (which is not much), I have to have with me a significant amount of “paraphernalia” for my diabetes: pills, insulin, needles, glucometer, etc. This by itself makes it almost impossible to just spend months at a time without a fixed schedule of being able to refill them. Not only some of those medications would not be available in some parts of the world at all, but even if they are, they are a significant cost, and I’m not even factoring in effects of the craziness of the US insurance system on the drugs prices. Besides, those things don’t really travel well. I have a refrigerated pack for my insulin, and luckily I never had trouble through airports before, but I have heard horror stories with insulin pumps and metal detectors. Even the Libre’s simple sensor managed to get me a stern questioning by the Nice airport security guards (and if you want to know, that was before the terrorist.)

While at it, I would like to present a thank you to AirFrance; their lounges at CDG are the only ones I’ve seen, up to now, that make it welcoming to take insulin: they have a sharps container in the bathroom, so you don’t have to ask for it (possibly embarrassingly for some people.) They also have signs on their aircrafts pointing you at their cabin crew for the container, which I’ve done before when flying back from Japan.

A particular note I’ll spend on the work section I noted above. As I said the guy defines himself as an entrepreneur, and if you have spent as much time as me around the Silicon Valley crowd, you can easily recognize the type in the book, even when they are from Austin, instead. He’s the kind of person who made “techie” into a bad word. The whole section about “Earning Money as You Travel” takes no consideration of workers outside of “our” (damn, I don’t want to be associated with this guy’s peers!) industry. The first suggestion is to start a business — well, I know how that goes, and it’s not easy at all, indeed it can only work well if you have capital to invest on it to begin with, which was a big problem for me when I did, because I had none, this guy clearly had since early on (as he goes on to say how he used to order random crap off Internet just for the giggles.)

The other suggestion is to go on contracting, or being a remote worker, suggesting that you may work on websites or software, or that (and I quote) «many office jobs can translate into contractor work» which to me sound like this guy has never seen an office worker outside of tech. And even within tech, he clearly has no idea what he’s talking about (emphasis mine):

Jobs that are particularly conductive to going mobile are jobs that require minimal interaction with others, like writing, editing, programming, graphic design and system administration.

If you have ever tried doing system administration remote, you would know right away that this is clearly bullshit — if you have no idea what the customer is doing, and how they are doing it, you are a horrible system administrator. Yes, you can work remote, but there is no way that they only require “minimal interaction”: they need plenty of interaction, maybe even more so when doing it remote.

Want to have even more fun? Again emphasis mine.

Figure out which program you’d like to become proficient at. Buy the software, buy the great tutorials to learn it from [omissis], and spend some time practicing. The money you’ve amassed from selling everything should easily last you through the transition period.

Yes, he did argue selling everything you own at the beginning of the book. He seems to think that you can do that, and amass money, probably while living in an RV and working from the tables of a closed-up restaurant in-between lunch and dinner, as he did. And that should be enough to learn something new you never did before. I’m sure this guy would have been able to, if he wasn’t lucky (because it’s all a matter of luck.)

Okay, enough with the usual SV-style no-work-is-important-but-tech part, let’s see if there is any value in this book otherwise.

He does have a significant amount of useful information on the actual travelling part, although some of it is clearly only important to note to Americans, such as the viability of train travel in Europe. He has good suggestions for the use of ferries (that I may actually try once in a lifetime too, because I am indeed lucky, and despite disliking travel, taking a week or so to traverse the ocean without a flight sounds cool to do.) Unfortunately that makes up only about half of the book.

He’s got a good list of suggestions about gear, too — although a lot of it is already part of privilege: most of the options are bloody expensive and not something that you can even consider without an injection of capital at the “transition” as he calls it. If you are lucky and privileged it might be worth a look, I have particularly been tempted by Smartwool, and particularly by their wool socks, as my diabetes makes it more likely I get blisters, if my feet get wet — but before those even got to me, I ended up buying a pair of tights in Paris, because it was very cold while I was there, and The North Face store in the city stocks Smartwool too; they are significantly expensive, but also much more comfortable that others I tried before.

His suggestions for services are also out of touch — among others he’s suggesting the American Express Platinum card, which admittedly it is a very useful card for a traveller lucky enough to afford one: not only it ignores the fact that not everybody can get a credit card but also that it’s not only the price that makes American Express an elitist card. It is effectively limitless (or rather, has a very flexible limit) which means their credit score requirements can be significantly higher.

In the book he points at his website to provide a list of gear — which sounded like a cool idea, I do something similar myself for my hardware, but the link is now dead. Which is a shame, because that might have been the only useful thing he could have done for the public. Too bad.

Finally, some of his suggestions are downright unethical, including abusing airfare rules to enter lounges he should not have access to (although I hope he took a shower while there, because one of the most anoying things while travelling is the well-off traveller smelling like goats for a four hours flight.) And mine and hsi point of view are clearly at odds on the general ethical side, too:

[speaking about airfare systems] I like systems like this — they reward the smart and determined at the cost of the lazy or ignorant.

I would rephrase it as “They reward the lucky elite at the cost of the otherwise busy masses.” But clearly my belief system and his are very different. It should not be a surprise by then that the book the guy got his money from, and that allowed him to start, sound like that a PUA title (or, in his words, “a book on dating for men”.

Travel should widen your horizons, it’s very hard not to, but my feeling is that this guy has been looking at the world as if he deserves all of it. Rather than being empathetic to the condition of others that might not have his privilege, he pours contempt for them: friends locked in their lives (whether by choice or lack of opportunities), people living in their own home countries, and even the readers of this book.

Final result: not a fan. I’ll actually synthesise this review in a form that is acceptable to Amazon and GoodReads and post it as a warning.

A short list of fiction books I enjoyed

I promised in the previous review a few more reviews for the month, especially as Christmas gifts for geeks. I decided to publish this group-review of titles, as I don’t think it would have served anybody to post separate book reviews for all of these. I would also suggest you take a look at my previous reviews so that you can find more ideas for new books to read.

Let’s start with a new book by a well-known author: The Ocean at the End of the Lane by Neil Gaiman is, as it’s usual with him, difficult to nail (ah-ha) to a genre quickly. It starts off as the story of a kid’s youth but builds up to… quite something. I have listened to the audiobook version rather than the book, and as it started it seemed something perfect to make me sleep well, but then again it mixed with my own dreams to form something at the same time scary and full of warmth.

It’s common to say that it’s the journey, not the destination, that is important, and I find that is a very good description of what I like in books. And in the case of Gaiman’s book, this is more true than ever. I was not looking forward for it to end, not because it’s a bad ending (even though it did upset me a bit) but because I really wanted to stay in that magical world of the Ocean at the end of the lane.

Next up, two series from an author who’s also a friend: Michael McCloskey who writes both fantasy and scifi — I have yet to start on his fantasy series, but I fell in love with his scifi writing with Trilisk Ruins. I think it might be worth retelling the story of how I found out about it, even though it is a bit embarrassing: for a while I was an user on OkCupid – so sue me, it feels lonely sometimes – and while I did not end up meeting anybody out of there, my interest was picked by an ad on one of the pages: it was part of the cover of Trilisk Ruins but with no text on it. I thought it was going to be some kind of game, instead it was a much more intriguing book.

Michael’s secret is in talking about a future that may be far off, but that is, well, feasible. It’s not the dystopia painted by most scifi books I’ve read or skimmed through recently, although it’s not a perfect future — it is, after all, the same as now. And technology is not just thrown up from a future far away that we can count on it as magic, nor it is just an extension of today’s. It is a projection of it in a future: the Links are technologies that while not existing now, and not having a clearly-defined path to get to them, wouldn’t be too far fetched to be existing.

Parker Interstellar Travels – that’s the name of the series starting with Trilisk Ruins – is mostly lighthearted, even though dark at times. It reads quickly, once you get past the first chapter or two, as it jumps straight into an unknown world, so you may be stunned by it for a moment. But I would suggest you to brace yourself and keep going, it’s fully worth it!

There is a second series by Michael, but in this case an already-closed trilogy, Synchronicity, starting with Insidious, which is set in the same universe and future, but it takes a quite different approach: it’s definitely darker and edgier, and it would appeal to many of the geeks who are, as I write, busy reading and discussing potential AI problems. I have a feeling that it would have been similar in the ‘60s-‘70s after 2001 was released.

In this series, the focus is more on the military, rather than the individuals, and their use, and fear, of AIs. As I noted it is darker, and it’s less action-driven than PIT, but it does make up for it in introspection, so depending on what your cup of tea is, you may chose between the two.

The fourth entry in this collection is something that arrived through Samsung’s Amazon deals. Interestingly I already had an audiobook by the same author – B.V. Larson – through some Audible giveaway but I have not listened to it yet. Instead I read Technomancer in just a week or so, and it was quite interesting.

Rather than future, Larson goes for current time, but in a quite fictionalized setting. There’s a bit of cliché painting of not one, but two women in the book, but it does not seem to be as endemic as in other books I’ve read recently. It’s a quick-bite read but it’s also the start of a series so if you’re looking for something that does not end right away you may consider it.

To finish this up, I’ll go back to an author that I reviewed before: Nick Harkaway, already author of The Gone-Away World, which is sill one of my favourite modern books. While I have not read yet Tigeman which was on this year’s shortlist for the Goodreads Awards, last year I read Angelmaker which is in a lot of ways similar to The Gone-Away World, but different. His characters once again are fully built up even when they are cows, and the story makes you want to dive into that world, flawed and sometimes scary as it is.

Have fun, and good reads this holiday season!

Book Review: Getting More

It has been a while since I wrote my last book review and it was not exactly a great one, so I’ll try to improve on this by writing a few reviews over the next month or so. After all what better gift for geeks than books?

I have had the pleasure to read Getting More last October, as part of a work training. It’s a book about negotiation, and makes a point multiple times to detach that from the idea of it being manipulation, even though it’s probably up to you to see whether the distinction is clear enough for you. The author, Prof. Stuart Diamond, runs a negotiation course at Wharton, in Pennsylvania, and got famous with this.

I was expecting the book to be hogwash, as many other business books, and especially so as many materials I’ve been given before at courses (before my current job though). Turned out that the book is not bad at all and I actually found it enjoyable, even though a bit repetitive — but repetita iuvant as they say; the repetition is there to make you see the point, not just for the sake of being there.

The main objective of the book is to provide you with process and tools to use during negotiation, big-time business deals and everyday transactions alike. It also includes example on how to use this with your significant other and children, but I’ll admit I just skipped over them altogether as they are not useful to me (I’m single and I don’t even see my nephew enough to care about dealing with children.)

It was a very interesting read to me because, while I knew I’m not exactly a cold-minded person especially when frustrated, I found that some of the tools described I’ve been using, for a long time, without even knowing about their existence. For example, when I interviewed for my current job, my first on-site interviewer arrived with a NERV sticker on his laptop — we spent a few minutes talking about anime, and not only that reassured me a lot about the day, – you have no idea how stressed I was, as I even caught a fever the day before the interview! – it also built an “instantaneous” connection with someone who did indeed become a colleague. I would think it might have added to his patience for my thicker than usual accent that day, too.

Between anecdotes and explanations, the book has another underlying theme: be real. This is the main point of difference between negotiation and manipulation as seen from the book. In the more mundane case of dealing with stores, hotels and airlines, you have two main examples of using the techniques, to get compensated for something negative that happened, whether or not it was in control of the other party, and otherwise to ask penalties waived when you did something incorrect, unintentionally. It would be tempted to cause something negative and ask for compensation even if everything was perfect — that would be manipulation, and it’s unlikely to work very well unless you’re a good -actor- liar, and rather makes it worse for the rest of the world.

The book invites you to keep exercising the tools daily — I have been trying but it’s definitely not easy especially if you’re not an extrovert by nature. It takes practice and, especially at the beginning, more time than it would be worth: arguing half an hour for a fifteen euro discount somewhere is not really worth it to me, but on the other hand practice makes perfect and the processes to apply for small and big transactions the same. I have indeed been able to get some ~$100 back at the Holiday Inn I’ve stayed at in San Francisco.

I have got my set of reserves on using the methods described on the book – it sometimes feels manipulative and relying on implicit privilege – but on the other hand, Prof. Diamond points out multiple time that the methods works best when both parties know about them, so spreading the word about the book is a good idea, and telling people explicitly what you’re doing is the best strategy.

Indeed, I felt that I would have gotten better from Tesco just last week, if they had read the book and applied the same methods. A delivery was missed, and that was fine, but then the store went incommunicado for over ten hours instead of calling me right away to reschedule, and the guy who called me lied on the order going to be new the day after. They gave me some €25 back straight on the card — which is okay for me, but it was not really in their best interest, as I could have walked away with the money and gone to a different store. I asked them if they could offer me some months of their DeliverySaver (think Amazon Prime for groceries) for free.

Yes, the DeliverySaver subscription would have had a much higher value (€7.5/month), but it would be actually cheaper to them (as I live in an apartment complex, that they delivery to daily anyway, the delivery costs are much lower than that), and it would have “forced” me to come back to them, rather than going to a competitor such as SuperValu. As it turns out, I’ve decided to stick with Tesco, mostly because I have their credit card and it is thus still convenient to stay a customer. But I do think they could have made a better deal for themselves.

At any rate, the book is worth a read and the techniques are not completely worthless, even though difficult to pull off without being a jerk. It requires knowing a lot about a system to do so, but again this is something that is up to the people reading the book.

(Short) Book Review: Xamarin Mobile Application Development for Android

You probably read by now that I’ve been thinking of build either an Android application or a Chrome one as either companion or replacement for the glucometer utilities which I’ve been writing in Python for the past few months.

Packt has been nice enough to let me review Xamarin Mobile Application Development for Android, and so I decided to take into consideration the option of actually building the app in C#, so that it can be shared across various platforms.

The book goes into details of what Android applications can and should do and provides nice examples, mostly around a points-of-interst application. It’s hard to say much when I don’t want to complain, so I’ll just say, give it a go, if you don’t plan to make your apps open source (which I think you should). As the book points out, being able to share your backend libraries (but not frontend/UI ones!) across operating systems and platforms (phone, tablet, computer) is a godsend, so I think Xamarin did build a very good tool for the job.

On the other hand, I’m definitely not going to pursue this — while C# is a language I like, and Xamarin for Android allows you to use JNI extensions as the one Prolific releases for their USB-to-serial adapter, I find having the tool open source is more important than any of this.

Book Review: OAuth 2.0 Identity and Access Management Patterns

PacktPub sent me another book for review after the quite good Learning Cython Programming (which I reccommend!), this time the book is OAuth 2.0 Identity and Access Management Patterns (Packt). I’m afraid to say I’m not incredibly impressed.

The book is not bad; the content is there and it can be useful, just I don’t know if the price attached to it, especially from Amazon or for the print edition is worth it. From one point of view, OAuth 2 itself is quite simple in its design, intentionally, as the previous implementation was obviously overcomplicated; on the other, the book sticks strictly to the protocol itself rather than describing ways to integrate it with your application.

One of the weakest points of the book is that it sticks strictly to the terminology used by the standard. While terminology is important, it would be nice to have a more “plain English” definition of what’s going on, and an explanation of said terms. Even things like “secure storage” are not obvious (secure to whom?).

Books like this to me are good if after reading it I have fewer questions than when I started. I did choose to review this one because I have had bad experience while trying to implement OAuth before – and the messy hybrid that was the first version of Facebook Connect – and I wanted to know what the current state of the art is in the authentication department. But the book did not make it any clearer to me.

There’s lots of hand-waving, too. For instance the state parameter that is passed on during requests is told «can be used for defending against man in the middle attacks» — but there is no explanation on how this works; sure it’s passed unmodified back to the caller, but what are the semantics? Similar to XSRF tokens? If there is such an attack, what stops Eve from using the same state value? I’m sure there are answers and best practices, but the book does not help me there.

There are also some references that while factually true, are rendered in such a way to be ambiguous and misleading. When explaining the advantages of OAuth 2 over previous authentication systems, for example, it gets compared to HTTP Basic Auth complaining:

The drawback here is that, in this type of authentication, the user, alongside his username, enters and sends his password over the wire as well.

While this is true, nobody in their sane mind would use basic authentication nowadays; indeed anybody who wants to use HTTP-level authentication would use digest auth which does not suffer from the just-listed problem. Sure it has other issues, but that’s still the case.

The book will eventually proceed to explain what the advantage of OAuth 2 over user/password authentication is (fine-grained access control to resources hosted at a third-party service), but even just pointing that out right away would have been an improvement. Indeed here the problem is not that username and password are passed over the wire (they almost always are, at some point), but rather than you don’t have to provide your (say) Facebook password to (say) Duolingo for it to be able to find my friends already on the system. This is a definitive win over user/password authentication, but is not really made clear. Not that OAuth was the first implementation of a token-based authentication: after all Kerberos is a technology of the 80s.

The calls to security measures are also vague, ranging from security through obscurity by suggesting to «perform code analysis» to make reverse engineering harder (what?), or to encrypt a whole SQLite database to prevent SQL injection attacks. Oh and there are no other apps beside JavaScript “client apps” and mobile applications. Maybe the desktop is already dead? I don’t think so.

I’m sorry if I sound harsh, but the author definitely knows the topic, so I would have hoped for more, especially for the not-so-cheap price the book is sold at. Toward the end of the book, lots of pages are “wasted” by XML dumps when trying to explain how to make use of SAML 2.0 — without explaining what it is or why we should care (not that online I could find a good answer to this).

At any rate if you’re struggling with OAuth 2, the book is not bad, but unless you really want to spend on books, this one is not for you.

Book Review: Learning Cython Programming

Thanks to PacktPub I got a chance to read an interesting book this week: Learning Cython Programming by Philip Herron (Amazon, Packt). I was curious because, as you probably noticed, after starting at my current place of work the past April, I ended up having to learn to use Python, which ended up with me writing my glucometer utilities in that language, contrarily to most of my other work, which has been done in Ruby. But that’s a topic for a different post.

First of all, I was curious about Cython; I heard the name before but never looked much into it, and when I saw the book’s title and I quickly checked what it was, my interest was definitely picked. If you haven’t looked into it either, at a quick summary it’s a code generator bridge between Python and good plain old C, wrapping the latter such that you can either make it run Python callbacks, or generate a shared object module that Python can load, and offload the computation-intensive code to a more performant language. And it looks a lot like a well-designed and well-implemented version of what I hoped to get in Ruby with Rust — no connection with Mozilla’s language with the same name.

The book is a quick starter, short and to the point, which is an approach I like. Together with the downloadable source code, it makes it a very good solution to learn Cython, and I recommend it if you’re interested. Not only it covers the obvious language itself, but it covers a wide range of use cases that show how to make good use of the options provided by Cython. It even goes on to show how to integrate it in a build system (although I have some reserves on the Autotools code in there, which I think I’ll send Philip a correction for).

I seriously wish I had Cython and this book when I was working on Hypnos, an Ultima OnLine «server emulator» for which I wanted to add Python-based scripting — other emulators at the time used either a very simple, almost basic-like scripting language, Perl or C#. This was before I tried to use Python for real, which turned me to hate its whitespace-based indentation. I did write some support for it but it was a long and tedious process, so I never finished it. Not only Cython would make that work much less tedious, but the book shows exactly how to add Python scripting capabilities to a bigger, C program using tmux as the example.

The book does not ignore the shortcomings of Cython of course, including the (quite clumsy) handling of exceptions when crossing the foreign language barrier. While there are still a bunch of issues to be straightened out, I think the book is fairly good at setting proper expectation for Cython. If you’re interested in the language, the book looks like the perfect fit.

Book Review: Instant Mercurial Distributed SCM Essentials How-to

Okay the title is a mouthful for sure, but this new book from Packt Publishing is an interesting read for those who happen to use Mercurial only from time to time and tends to forget most of the commands and workflows, especially when they differ quite a bit from the Git ones.

While I might disagree with using some very unsafe examples (changing the owner of /etc/apache to your user to experiment on it? Really?), the book is a very quick read and I feel like for the price it’s sold by Packt (don’t get distracted by the cover above, that links to Amazon) it’s worth a read, and keeping it on one’s shelf or preferred ebook reader device.

Well, not sure if I can add more to this, I know it sounds like filler, but the book is short enough that trying to get into more details about the various recipes it proposes would probably repeat it whole. As I said, in general, if you have to work with Mercurial for whatever reason, go for it!

Book review: Counting From Zero

I might be a masochist, I don’t know. Certainly I didn’t find it enjoyable to read this book, but at least I got to the end of it, unlike the previous one which I also found difficult to digest.

The book, Counting from Zero by Alan B. Johnson is one of the worst books I’ve read in a while, to be entirely honest. It’s another cyber-thriller, if we want to use this name, akin to Russinovich’s Zero Day (review) and Trojan Horse (review) which I read last year and found.. not so thrilling — but in comparison, they are masterpieces.

So the authors in both the Russinovich’s and Johnson’s cases are actually IT professionals; the former author works at Microsoft, the latter has been co-author of the ZRTP protocol for encrypting audio/video conversations. Those who had to deal with that and Zfone before are probably already facepalming. While Russinovich’s world is made up of nuclear plants running Windows on their control systems, and connecting it to Internet, Johnson’s a world that is.. possibly more messed up.

Let’s start with what I found obnoxious almost immediately: the affectations. The cover of the book already shows a Ø sign — while I’m not a typographer, and I didn’t feel like asking one of my many friends who are, it looks like a bold Bodoni or something similar. It’s not referring to the Scandinavian letter though, and that’s the sad news. In the whole text, the character zero (0) has been replaced with this (wrong) character. For a person who can get angry when he has to replace ò with o for broken systems to accept his name, this is irksome enough. The reasoning for this is declared in the second half of the book as all programmers write it this way to not mistake it for an ‘o’ vowel — bad news for the guy, I don’t know people who do that consistently.

Even if I’m writing a password where the letters and numbers can be mistaken – which is not common, as I usually use one or the other — my preferred note for zeros is a dot at the center. Why a dot and not the slash that the author so much like? It’s to not confuse it with the many similar symbols some of which are actually used in mathematics, where the zeros are common (and this is indeed something that my math teacher in high school convinced me of). Furthermore – as Wikipedia notes – the slashed zero’s slash does not go over the circle, for the same reason as me using the dot: it would be too easy to mistake for an empty set, or a diameter sign.

Once, the use of this fake slashed zero is cute, done as a sed replacement all over the book? Bleah.

It’s not the only affectation though, another one is that chapters have been numbered … in hexadecimal. And before somebody asks, no it was not 0x-prefixed, which would probably have made more sense. And finally, there are email quoted almost every chapter, and they have a “PGP” block at the end for the signature (even though it is left to intend that they are actually encrypted, and not just signed). I’m pretty sure that there is some meaning behind those blocks but I can’t be bothered searching. There are also a bunch of places where words are underlined like if they were hyperlinks — if they were, they were lost in translation on the Kindle Paperwhite (which I have bought last week after breaking my Keyboard), as they are not clickable.

Stylistically, the book stinks. I’m sorry, I know it’s not very polite to criticize something this harshly, but it really does. It reads like something I was trying to write in middle school: infodumps a-plenty – not only in computer stuff but even on motorbike details – and not in a long-winded, descriptive, “look how cool” kind of way, just in a paragraph of dumping info on the reader, most of which is really not important to the story – action driven, and repeating the subject, the protagonist’s name, every line – Mick did this. Mick did that. Mick went somewhere – and in general very few descriptions of environments, people, or anything at all.

But, style is an acquired skill. I didn’t like the first Harry Potter book, and I enjoyed the later ones. In Russinovich’s case, the style issues on the first book were solved on the second (even though the story went from so-so to bad). So let’s look into the story instead. It’s something already seen: unknowns find zero-days, you got the self-employed wizkid who gets to find a fix, and save the world. With nothing new to add there, two things remain to save a book: characters and, since this is a cyberthriller, a realistic approach to computers.

These should be actually the strong points of the book, standing to the Praise between ToC and Prologue — Vint Cerf describe it “credible and believable”, while Phil Zimmerman calls it a “believable cast of characters”. It sets the expectation high.

The main protagonist is your stereotypical nerd’s wet dream: young self-employed professional, full of money, with a crew of friends, flying around the world. This might actually be something Johnson feels he’s himself, given that his biography on both the book and Amazon points that he’s a “Million Miler” with American Airlines. Honestly, I don’t dream to travel that much — but you all know how I hate flying. Not only he’s a perfect security expert and bike rider, he’s also a terrific mechanic, a sailor, and so many more things. His only defect in the whole book? He only speaks English. I’m not kidding you, he doesn’t go as far as shouting at a woman in the whole book! Have you ever met a guy like that in a security or FLOSS conference? I certainly haven’t, including myself. Seriously, no defects… sigh… I like characters when they have defects because they need to compensate to become lovable.

Scratch the protagonist then. Given the continuous turmoil in the IT scene about sexism and the limited showcase of women in a positive light, you’d expect that somebody writing about IT might want to tip the scale a little bit in their favor — or at least that’s what I would do, and what I’d like to see. How many female characters are there in the book? The protagonist’s sister, and his niece her daughter; the protagonist’s “on-again, off-again”, a new woman joining the crew at the beginning of the book, and … spoiler … a one-off, one-chapter hacker that falls for one of the oldest tricks in the book (after being said to be brilliant — even though her solutions are said not to be elegant).

The on-and-off, who’s supposed to be one of the crew of security experts, is neither seen, nor said, doing anything useful at all in the story, beside helping out in the second chapter crisis where the protagonist and his friends save a conference by super-humanly cloning a whole battery of servers and routers in a few hours from scratch, dissect a zero-day vulnerability on a web server, fix it, and do an “anonymous commit” (whatever the heck that should be!). Did you say “stereotype!”, expecting the protagonist to be madly in love with his long-time friend? No, worse, she’s the one who wants him, but he’s just not there.

The newly-joining gal? Works for a company that would have otherwise been badmouthed at the conference, and has a completely platonic relationship with the protagonist all over the book. Her only task is to “push papers” from the protagonist to her company’s techs — Daryl from Russinovich’s books is more proactive, and if you read them, you know that’s a hard record to beat.

Family-wise … parents are dead sister is married with child. Said child, even if coming up many times during the book, is almost always called “Sam” — a play with a tomboysh girl? I’d say more like an interchangeable character, as it could easily have been a boy instead of a girl, for what the book’s concerned. The sister is, by the way, a librarian — this is only noted once, and the reason is to do yet another infodump on RFID.

If you want to know the kind of dump of infodumps this book is, the author goes on a limb to comment about “obsolete” measure units, including an explanation of what the nautical knots are modeled after, explains the origins of “reboot”, the meaning of “order of magnitude”, ranted about credit card companies “collecting databases of purchasing habits and data”, the fact that you use dig to run a “DNS trace”, the fact that Tube is the “unofficial name for London’s underground railway” (unofficial? TFL calls it Tube!), the fact that there is a congestion charge in London, the fact that Škoda is a Czech brand, and what the acronym RAM stands for!

If anything, the rest of the “crew” does even less than all these people, all the work is done by the protagonist… even though all the important pieces are given to him by others! Sigh.

Before closing the review (that you can guess is not positive at this point), let’s look at the tech side. Given the author is a colleague, and given the kind of praises coming from other people “in the scene”, you’d expect a very realistic approach, wouldn’t you? Well, the kind of paranoia that the protagonist is subject to (not accepting un-encrypted email, phone calls or video) is known to be rampant, although I found that this is often more common among wannabes than actual professionals.

But (and I did take notes, thanks to the Kindle), even accepting that in the fury of disconnecting a possibly infected or to-be-infected network from the Internet you can identify in a nanosecond which are the (multiple) cables to the internet and at the same time damaging them (without even damaging the connectors)… since when you need a “makeshift soldering iron to repair the broken Ethernet connector” ? If it was equipment-side, a soldering iron is not going to be enough; if it was the cable… WTF are you using a soldering iron for?!

Ah! At some point the protagonist is given by “an uncle in Australia” some “magnetic GPS trackers” to use against the bad guys. How the uncle could have guessed that he needed them is already a good question. The fact that the ones used toward the end are for no use at all, is something I don’t want to spend time on. My question is going to be do you call realistic a throwable magnetic bug that receive GPS signal on the underside of a car *and can be traced by a cellphone in real-time*?

Oh and of course, this is the world-famous, filthy-rich security expert who only has one password for every service and changes it every week. If somebody thinks this is a good idea, let me remember that this extends the surface on which you’re vulnerable to MITM or sniffing attacks on in an incredible way! And they even steal his private key, not once, but twice! It seems like he knows everything about PGP and encryption but not about the existence of SmartCards.

Even though the guy has an impressive collection of SIM cards and mobile phones that work all over the world, including in the middle of the Atlantic ocean. And when he buys a new phone, he can just download and compile the operating system. And we have to fight to get Android sources for our phones…

Okay the review is getting longer than I expected, so I’ll just note down that the guy “performed a disk wipe on the solid state storage” — and yes he’s referring to the 37-or-however-much-that-was wiping that was debunked by the paper’s author, as most people misinterpreted it altogether. And that is completely irrelevant to solid state storage (and most modern non-solid state storage as well!). Oh and he doesn’t buy off-the-shelf systems because they could have keyloggers or malware in them, but trusts computer parts bought at the first store he finds on his phone.

Of course he can find components for a laptop in a store, and just fit it in his custom CNC case without an issue. He can also fit a state-of-the-art days-long battery that he was given earlier, without a charger design! Brilliant, just brilliant. Nothing for a guy who “did a mental calculation of how much lighter it would be in a titanium case… and how much more expensive”. I don’t even know the current price of dollars, he can calculate the weight difference and price of a titanium case in his mind.

Last pieces before the bombshell: the guy ends up in the TSA’s No-fly List; they actually spell the full TSA name. Then he’s worried he can’t take a plane from London to Kiev. Message for somebody who spent too much time in the USA even though he’s Australian (the author): TSA’s competence stops at the US border! And, even in the situation where somebody left their passport in the side pocket of somebody else’s carry on bag (so fortunate, deus ex machina knows no borders!), you don’t have to find the same glasses he had on the photo… they let you change glasses from time to time. And if you do have to find them you don’t need to find real glasses, if they give you headaches.

Sorry, I know, these are nitpicks — there is much more in the book though. These are just the ones that had me wondering out loud why I was still reading the book. But the bombshell I referred above is the following dialogue line:

“Sir, he uses ZRTP encryption for all his calls, and strong encryption on all his messaging. We know who he communicates with but we haven’t been able to break any yet…”

Thanks, Randall! XKCD #538

I know the guy is a co-author of ZRTP. But…

Book review: Instant Munin Plugin Starter

This is going to be a bit of a different review than usual, if anything because I actually I already reviewed the book, in the work-in-progress sense. So bear with me.

Today, Packt published Bart ten Brinkle’s Instant Munin Plugin Starter which I reviewed early this year. Bart has done an outstanding job in expanding from the sparsely-available documentation to a comprehensive and, especially coherent book.

If you happen to use Munin, or are interested to use it, I would say it’s a read well worth the $8 that it’s priced at!