Yesterday afternoon was the first of five events of the Ed Gibson on the road tour, the event was held in Birmingham with Dinis Cruz, Barry Dorrans there to give a helping hand...

First up was Ed Gibson who gave another great talk on the dangers of organized crime on the Internet and some of the realities which we face - very thought provoking, if not a little bit scary.

Dinis Cruz then gave another great presentation on hacking applications, didn't do his Rooting the CLR presentation however he did demostrate Metasploit which was great to see (only heard of it, never used it before).  Also did his HacMeBank demo which was great, as this time I was looking at it from the view of my final year project and a pen tester more than a developer...

Quick break, and then the panel discussion about what is security. There where some interesting points come up from the guys and was a good active dicussion.

Overall, a very good afternoon/evening. Presentations where excellent, and the organisation by nxtgen was really good (or at least it appeared to be...).  Looking forward to more events like this is.

For more information on the remaining four events visit http://www.nxtgenug.net/EdGibson/ . I would strongly recommend going if are interested in the area of security, or just because you can get out the office for an afternoon.

Buy

Book's Website

The evolution of the web is changing faster than most normal people can keep up with.  New website applications are popping up online daily, most of which contain some important, and sometimes financial information which the company wants to display or sell.  Most applications also contain information only 'certain' users can see in a secure area where you might have to pay to access, and only you are allowed to see.

This book describes many different ways in which the application can be used as a weapon against the company, allowing the 'hacker' to access restricted data, corrupt databases or bring down the server hosting the site.

Over the 13 chapters, this book describes all the common ways of attacking a website, from profiling the application to find out what OS and webserver it is running, or launching a full DDoS attack on the server.

After reading the book cover-to-cover, I am now aware of the dangers online and as a developer what my application must be able to withstand and block against. It also has information about the not-so common attacks, and various ways hackers attempt to break into websites - such as encoding the XSS attack to get around blacklists.  The book also covers almost all languages and platforms, allowing everyone to have a good understanding.  The  code samples included are an excellent way to seeing for yourself the potential harm, and if you can't see it - have it explain to you in the next paragraph of the book.

At the end of every chapter there is a "references and further reading" section, contains all the links to items discussed within the chapter.  This ranges from Microsoft's security alerts to PoC (Proof of Concept) applications and recommended applications to provide excellent additional reading.

At the very end of the book, there is a checklist to make sure your application is up-to scratch and secure.

I highly recommend this book to anyone who wants a good understanding of all the different ways in which web apps can be attacked.  If you are currently developing applications (both internally and externally) I strongly recommend you having a read of this book - you never know, it might just save your application and confidential database from hackers.

Over the next few weeks / months I plan to blog about my experiences of using Ruby on Rails, with this being the first post.

I will be using my iBook (OSX 10.4) to work with rails, one reason is because I want to use my ibook more - I can then justify a new one, and also because it enables me to understand creating websites for linux servers.

In case you don't yet know, Ruby on Rails is all the rage at the moment. Their website says

"Ruby on Rails is an open-source web framework that's optimized for programmer happiness and sustainable productivity. It lets you write beautiful code by favoring convention over configuration".

I have to admit, I tried it when it was first released and found it really cool, however never thought it would take off - won't make that mistake again.

Locomotive

Locomotive is an application for OS X to allow developers to drag and drop the installation into the Applications directory, and have a full working Ruby on Rails environment instantly.

Download : http://locomotive.raaum.org/

Strongly suggest you install (sorry, drag and drop) this. It will save you hours!

MySQL

I'm sure everyone has heard of MySQL. MySQL is a open source database application running on almost every platform, offering both commercial and a free community edition. 

I went ahead and installed MySQL 5.0 Community Edition (free) from http://dev.MySQL.com/downloads/MySQL/5.0.html .  OSX installation of this is very simple, has two packages - a main and a startup - I installed the main package first.  After installing both packages you will need to edit your ~/.bash_login script to set the path directory for MySQL.

pico ~/.bash_login
PATH="/usr/local/bin:/usr/local/sbin:/usr/local/mysql/bin:$PATH"

The default username is root.  Default password is blank - nice and secure.

You can login to the server by loading a new terminal window and entering the command MySQL.  If you have problems accessing the server, you might need to start the MySQL service (or just reboot).

First RoR Application

The application will look something like below (with Aqua effects which got lost in the screenshot)

From within the application you can start/stop the application, open a terminal with RoR commands (like gem), show the application in finder as well as create new applications.

To create a new application, select the Applications menu, and click Create New... which will launch the dialog below.

Enter a name, and a directory where the app will live and click Create.

Next, click Run on the toolbar which will start the pre-configured webserver.  Then go Applications > Preview in Browser to view the new application.  The application runs on http://localhost:3000

That's your first application created.

Conclusion

Just to sum up, Locomotive solves a whole host of problems when configuring RoR on OSX. It gives you a great environment to develop applications.

Over time, I will post more on RoR, locomotive and MySQL.

DHL just delivered my replacement iBook battery.

In a well padded box, there was a return address label, a security label (if broken, void), and a set of instructions on what to do next.

Basically, discharge the recalled battery completely, put it in the box, put the new stickers on, call DHL and ask them to pick it up charging Apple.  Will do that Monday.

That was quick and simple!

Just read on the BBC news website that the PS3 has been delayed in Europe, but will still be released in November in Japan and US.

Blame/Reason: Blu-Ray Drives

The xBox 360 team must be partying right now, another Christmas in Europe without competition (ok, Wii could cause some problems).

Mr Kutaragi has said "I am so sorry not to be able to answer all the expectations,".  Wonder if he will have to say that again pre/post launch?

After using a site called ComputerManuals.co.uk for around a year, I thought I should really post something about their excellent service!

An example is as follows:

Yesterday morning, I purchased three new books for uni next year.  The total for the three books came to £49.57 including FREE! postage and packaging and a 5% discount for a review I wrote previous. As an example, Amazon would have been £52.77 with their slow Super Saver shipping (5-7 days).  Yesterday afternoon I received an email saying the items had been shipped - Excellent!

This morning, a DHL van pulled up with the guy holding a average size box.  It just happens to be the books arriving.  Excellent! Not only where the books cheaper than Amazon, but the arrived a week earlier than Amazon would have.

I have had numerous experiences with this company, and all of them have been really good, never had a single problem (touch wood). The great thing about this company is that they attend the large Microsoft events, with a stand so you can have a quick look and buy on the stop and the same great price as online.  Saw them at VS Launch Day, DDD3, the MSDN Roadshow (might attend others I haven't).

So visit the site, have a look around and see if anything takes your fancy.

Every Friday they update the best new books list so you can see the latest topics on offer. Currently they have the new WPF book on there.

Computer Manuals.co.uk

Just read on BBC News online of some very sad news.  Steve Irwin, known for his Crocodile Hunter TV show and the Australian Zoo has died while filming a documentary in Queensland by a stingray.

It is a great shame that some one who has done some much for animals and the environment has died.  My thoughts go out to his family and the animals at this time.

Read the report here:

http://news.bbc.co.uk/1/hi/world/asia-pacific/5311...

Just saw on my RSS that DDD4 date has been announced.

The all important day is:

Saturday 2nd December 2006

There is now a call to arms for all developers who want to give a session.

A few have already been suggested here:

http://www.developerday.co.uk/ddd/agendaddd4.asp

The two from Barry Dorrans look interesting, might have to bookmark his blog idunno.org.   Looks like he is coming to Birmingham for the Ed Gibson talk - cool!

I will definitely be attending. However, not sure how I am going to get there this year.