Packt Publishing Discounts!!! Get'em Quick!

A career as a software/hardware engineering is always a whirlwind when it comes to learning and keeping current on your skills. Just like an Olympic athlete, we need to be honing our skills every day; I'd even say that if you aren't learning a new language every year you will not be able to keep up with the coming trends. There are tons of resources out there that will help you, but I wanted to point out just one today: PackT Publishing - Skill Up. Every ebook and video Packt has ever created is currently $5 each - I don't know how long this will run. This is an amazing deal and you should at least look into it. These titles usually run for $20- $40 each for ebooks and $50 - $70 each for the video training! I have definitely purchased my share of training from them and they are always great.

Also, if you're not sure which skill you should be sharpening, then take a look at the Year in Review to find out what many professionals are doing.

Who Knew Python Machine Learning Could Be So Easy?

I recently read "Python Machine Learning" by Sebastian Raschka.  I loved it!(You can buy it at Packt or Amazon)

Technical, but not too much. Let's face it, machine learning algorithms are technical in nature. However, this book allows you to gloss over the actual technical details if you don't really need to understand them right away and view the implementation of the logic in the code snippets. Though, I must say, the presentation of the technical subjects are explained clearly and with supporting graphs and images to help visualize the concepts. It was a wonderful experience to understand the code, even though the theory was also given. This allows most people to jump right in and start writing in python. For the mathematicians out there, you can take the equations and verify them if need be.

The ideas build upon each other and just like teaching a child to talk, the quality of machine learning seems to be about getting good training sets for your algorithms. As such, Sebastian is good about giving in-depth, best practice steps on how to make sure your training data is clean and normalized, as well as your feature selection is relevant - which was great. You'll learn how to merge results from multiple data sets into a more thorough model in order to filter out weaknesses of various algorithms. You'll be able to predict future outcomes using regression analysis using techniques from statistics to look for patterns and anomalies, again, all explained in very understandable words. Though the content and speed of the book is all very good and relevant, the icing on the cake is in the last two chapters (which you need to have worked up to in the previous chapters); understanding and then creating a layered neural network to solve complex problems like hand written digit recognition. And to top it all off he teaches us how to make it more powerful using the Theano tool.

You also gain great insight into many uses of the python language, SQLite databases, implement it by developing a small web application during the process, and understanding some parallel processing - from loading large data sets and processing them to using math and science libraries to process the data without having to be a rocket scientist.

Another great benefit of this read is not just the programming and math techniques you'll learn, but the right questions you need to ask about your data to make the results useful - unsupervised learning. The data sets used in the book range from breast cancer subjects to political science and from movie reviews to processing topics in order to determine a particular bias and then on to image processing.

The only downside (if you can even call it that) is that there is a lot of math involved, but to his credit, Sebastian teaches it in such a way that you don't really need to understand the math equation to understand how the equation works. In essence he is saying, "You don't need to understand the laws of physics to build a house, but here are a set of tools to help you create a magnificent house."

The fundamental concepts I've learned have opened the door to an enormous amount of possibilities I could not have even thought of doing had I not read this book. I used to think that true machine learning was only for super geniuses. But now I feel like I have another set of tools I can use to perform nearly superhero tasks. Python Machine Learning will be a reference book I use for many years to come.

So Much Good Information - Python Web Penetration Testing Cookbook!

I just finished reading "Python Web Penetration Testing Cookbook" by Cameron Buchanan et al. (pick it up at Packt or Amazon)

Overall an excellent read! Easy to follow scripts presented in the point of view as a hacker (including subtle remarks toward those that use these techniques for ill-fated purposes). Cameron presents an idea, shows the python script and corresponding source contents for which this script works against, then describes the scripts steps, and then goes on to describe additional related things about this script. You could say that each script could build upon each other, but that's not totally true. The author makes sure they are really cut and paste recipes. He gives you the recipe and often a way to include it into a bigger, more comprehensive script - that builds upon each step as the book progresses. Being a cookbook, there is plenty of code examples for you to try out. This is not a book about theory, but rather implementation - so all the fluff is cut out and it gets right to the point.

The book also focuses most of the direct web page vulnerability testing (2-3 chapters) at php script as the web pages' source. This would have been nice to have a corresponding discussion related to aspx, jsp, etc. There is some discussion of other technology other than php, and I get that the book would have probably doubled in size if more common page source was discussed, but it is something to think about when reading. Create the same page in aspx or jsp and attempt if there is a similar vulnerability.

Don't worry though, there's plenty of scripts related to SQL injection, header processing, encryption, encoding, payloads, shells, and even how to report your findings. These items are not necessarily exclusive to a single technology, so you are not pigeon-holed into testing only a certain type of website/server.

This book is not about learning python so if you're new to it, and you really want to understand how to manipulate each recipe, then I suggest searching for a beginner python book. However, that being said, most average level programmers can understand the scripts presented without needing to reach out for a python book/video.

Being in the industry for over 15 years, I've seen a lot of tools you can buy off the shelf that tout the ability to do this same thing just by running a program. I think knowing what it actually does is key to really understanding your vulnerabilities rather than trusting someone else's process because after all, attack vectors change all the time and with this information you can easily change your scripts.

In conclusion, this book is perfect for a web application developer wanting to test her application or an IT person ready to see just how vulnerable their application is - all with the ability to report the findings to those who need to know where to plug the holes. This is a book I will be referring to during and after each project I work on.

WOW! I'm Very Impressed! - Stencyl Essentials

Just finished reading Stencyl Essentials by Richard Sneyd (pick it up at Packt or Amazon). I was a bit wary about yet another game creation tool that touted no coding necessary in order to create high quality games for iOS, Android, desktop, etc. So, I read this book and I'm happy to say that I'm very glad I did. Richard Sneyd has done an impressive job at creating a very fast, yet simple to grasp introduction and implementation of a full 2D side-scroller game. In particularl, he gives detail where detail is appropriate in order to help the user understand the "why", and then lays out the "how" in very easy to understand terms. The detail does not come in a lot of vast technical explanations about the underlying system, but rather very well placed analogies that, in my opinion, really helped me understand the tools; after-all, I think that's the whole point of the book (It gives you a well founded explanation of the essential ingredients in order to create a high quality and fun to play game). I had no idea Stencyl was such a powerful tool.
I highly recommend this book to anyone - beginner to expert. Though an expert game developer probably would not opt to use Stencyl since they would surely have their own framework setup already, this book really does a great job of convincing me to use Stencyl for some of my 2D games, and I will be using it. Thanks Richard!

Mastering Cocos2d Game Development - Great For Creating Your First Game Dev Pipeline

I just read "Mastering Cocos2d Game Development" and I was pleasantly surprised. (Get it at Packt or Amazon)
I'm impressed by the historical information the book gives you about other tools that are used to support a cocos2d pipeline. The first few chapters do a great job of giving the reader all the info they need to quickly and efficiently get a game framework up and running and out into testers hands for prototyping. The code examples are all for the most part clear and understandable for anyone familiar with objective-c/c++, but someone new to the language should also be able to learn how to write code using the same examples as long as they are not completely new to programming. Each line of code is not always discussed so if you are unfamiliar with objective-c, it may be best to review the basics in another book/resource first. There are plenty of visual diagrams and references that help the reader understand what is being discussed - this is a great benefit. The author also take special consideration that not everyone will be using the same workflow, so alternatives are given in these situations - which is a welcome benefit of this book.
I recommend this book for devs that want to get an app into the market fast, but the draw back is that the app being designed is not a 3D game or even a 2D side-scroller. Though the book does show examples of 3D games (Crossy Road, etc.) and does talk about elements of a 2D side-scroller, it really only covers 2D static playing fields (board game style) and does a good job of it. I must, however, add that the book adds polishing effects such as parallax scrolling for dept perception. This is all very cool and extremely helpful for creating a board game style app that helps the user feel like it's a bit 3-dimensional. All the setup and framework is still incredibly helpful even for 2D side-scrollers, but it's really teaching you a board game type of playing field.
In conclusion, If you need to learn how to create a board game style app for iOS, then I highly recommend it. If you are creating a side-scroller or 3D game, then this may be a good reference for setting up the basic framework and other tools that help create 2D graphics. But you will not finish this book with a working knowledge of how to create other style games.

The Unreal Engine and C++ - Two of the Most Powerful Tools in the Known Universe!

If you want to learn C++ to build a game, check out "Learning C++ by Creating Games with UE4".  (Get it at Packt or Amazon)
This is a book that creates a simple to learn bridge between learning a complex language and applying that knowledge to creating a game in Unreal Engine 4, which can have a steep learning curve. Learning C++ by Creating Games with UE4 was like a breath of fresh air. I must admit, I'm not a beginner to C++, but I read it as if I was; and from that perspective, it's a tremendously helpful book. Even if you already know C++, but don't know Unreal Engine 4, you will know them both at the end of this book. But after all, the book's primary focus it to teach C++, and secondarily teach you Unreal Engine 4. I love the way William Sherif uses analogies to describe principles of the c++ language, then apply that same principle to the UE4 environment.

After the first initial chapters spent in the syntax of C++, William gets right into learning the ropes, but gives great encouragement along the way. In addition, his tips are timely and valuable, not just fluff. I feel like I'm a much better C++ programmer and can now script great games in the Unreal Engine 4 because I chose to read this book. I'm hoping to release my first Unreal Engine 4 game soon. Thanks William!

How to build openssl for iOS

I've been working on an app for iOS that requires a connection to https (ssl). This works great, but I've recently become aware of the all too daunting man-in-the-middle attack. This happens when the iOS app does not compare a hashed version of the ssl certificate against the server's certificate and just checks that the certificate has been signed. This allows a sniffer to intercept your request, and attach a proxy server to the iOS app's request, thus becoming the man-in-the-middle between you're communication with the server. They then have access to all the data you and the server send. Fortunatly, there is a verification process for the certificate that requires use of openssl for iOS. The problem is that openssl is not readily available for iOS... [enter stage "compile it yourself"]. It's not that difficult to compile openssl for yourself I followed this tutorial on the subject, but straight out of the box, it didn't compile, so I had to make a few modifications. Those modifications are what I'm documenting: Here's what that tutorial has:

Openssl is a useful library written in C that implements TLS, SSL and a few useful cryptographic functions. It's not included by default on iOS, but with a little shell scripting you can build and embed it in an app pretty easy. Without further ado, here are all the steps on how to do it in your favorite Terminal: Embedding the library in an app works by dragging the two .a files into the project and setting the header search paths to point at the newly created header files.

Everything worked fine until line 15 where the files are compiled. The tar that was downloaded was not "openssl-1.0.1f" but rather "openssl-1.0.1e" (you can see that in line 6, but that's not what is downloaded). So I needed to open up that script and edit line 7 to be LIB_NAME="openssl-1.0.1e". This worked like a charm. It took about 10-15 minutes for the compile, but then I had the libssl.a and libcrypto.a files compiled! Yay! I then copied them into by "lib" directory within the xcode project and then dropped them into the "Link Binaries With Libraries" section of "Build Phases" found in the project settings.