SSL and TLS: Designing and Building Secure Systems

By Eric Rescorla

Yes. SSL and TLS: Designing and Building Secure Systems is exactly what the title promises. If I had already coded a rating system, I’d probably expand it for this this book.

  • Author: Eric Rescorla
  • Publisher: Addison-Wesley
  • ISBN: 0-201-61598-3
  • Published: 2000
  • Pages: 499

If you have to code an application that uses SSL or TLS — or if you have to code an SSL or TLS library, then this is the book you need. It certainly was the book I needed, and I needed it badly, when I was working on the secure messaging layer over JXTA for Tryllian’s ADK — agent development kit.

Sometimes, but all too seldom, one reads a book that simply exudes competence. This is one of those books. All through the book it is clear that Eric Rescorly indeed does know what he is talking about; he knows so well what he’s talking about that he never has to fudge, he never has to write obscurely to mask lack of knowledge, and thus he writes with complete authority. He manages to be crystal clear, surely an achievement when writing on a topic traditionally viewed as extremely obscure.

However, that is not the only commendable quality. SSL and TLS: Designing and Building Secure Systems is very well organized. Rescorla first discusses public key cryptography — the basis for SSL and TLS — with a practices ease. Then he continues to give the details of the SSL/TLS protocol in the second part. The third part shows how to use SSL or TLS in your application, using very clear example code, both in C and in Java.

An engaging feature is the clear division between general discussion and deep-down core details. Fortunately, there is no stint of either, and the core details are illustrated with dumps from Rescorla’s own packet dumper.

At all places where I needed a backreference to something discussed earlier, I found that Rescorla had anticipated my needs and added a quick ‘as discussed in chapter X, Y is needed for Z.’ — and made it possible to read the whole book in about three days.

Topics discussed are: security concepts, the SSL protocol, security issues, performance, application design, http over SSL and smtp over SSL. Two appendices complete the book.

In short: if you are working on an SSL application, and you don’t have this book, then you’re, in view of the importance of security, almost criminially negligent.

Wandelingen door Rome

By Godfried Bomans

Het is vrij eenvoudig om van een losbol te houden en inderdaad ontmoeten zij ook overal sympathie. Maar om een heilige aardig te vinden, betaalt u de prijs van zelfverwijt.

  • Author: Godfried Bomans
  • Publisher: Elsevier
  • Published: MCMLVII
  • Pages: 216

On the basis of this quote alone one would be justified to style the great Dutch author Godfried Bomans the Chesterton of the Low Countries.

Unfortunately, Bomans has never really worked out his thoughts — sometimes it seems as if he were almost afraid to investigate the things that people usually call serious, and he could never resist the temptation to be merely flippant, instead of witty.

Which is a pity, since Bomans possessed wit in spades — as the seven volumes of his collected (though not complete) works testify.

Wandelingen door ROME is a collection of about twenty essays he appears to have written while living in Rome. Some of those, like De keerzijde van Rome are sublime; others, like Waarheden als koeien peter out, go nowhere in particular.

It is nowhere as famous a book as Eric of het klein insectenboek or his fairy tales. But Bomans, a devout Roman Catholic, spends quite a bit of time in this book on his religion, and especially on the Pope of his days, Pius X, whom he loved deeply. That makes this collection of impressions — essays is too big a word — valuable for me at least.

Oh, and the translation of the teaser? It’s quite easy to love a rake, and indeed, rakes are universally beloved. But in order to like a Saint, you must pay in self-reproach.(And, yes, the original is snappier. Learn Dutch…

Mastering Regular Expressions

By Jeffrey E.F. Friedl

The first edition of Mastering Regular Expressions by Jeffrey E.F. Friedl tries to explain the way regular expressions work, and how you can work with them. In this edition he focuses on Perl; the second edition is said to pay more attention to Python. Not a very useful book, I’m afraid.

I consider this book rather a — what’s the English for ‘miskoop’?. Well, I shouldn’t have bought it. Not just because the moment Amazon delivered it to my doorstep, the second edition that offers more Python converage, but because the text itself is flawed.

Let me expand on that. I needed this book because I wanted to write several complex applications for which regular expressions seemed best suited. Since I’m pretty much a self-taught programmer, I haven’t had the formal training in formal languages and compiler design that would have made using regular expressions a snip.

In order to reach that goal I needed a text that would explain how regexpses work, how to use them and what the pitfalls are. Succinctly, and with a minimum of fuss.

Friedl, however, suffers from the common O’Reilly disease (and I must admit that I cheerfully copied that in my book on GUI programming with Python): the authors tries to be witty. Funny. Verbose. Countless cute metaphors about cars and engines make it difficult to find what you need, or even to read at any speed.

Part of that lack of progress is because the book doesn’t display any celerity: around page 73 we’re still dealing with common metacharacters. And after the chapter on backtracking, the differences between the various flavours of regular expressions found in Emacs, Perl, Python and so on are treated, but not in any real detail.

And chapter 7 deals just with Perl. Well, perhaps I just had the wrong expectations, or perhaps I already knew too much about a subject I thought I was pretty ignorant in…

A much better choice would have been to buy the Dragon book, that is, Compilers, Principles, Techniques and Tools, by Alfred V. Aho, Ravi Sethi, Jeffrey D. Ullman (Contributor). That explains what regular expressions are in fine detail.

Piramus en Thisbe — Twee Rederijkersspelen uit de Zestiende Eeuw

By Dr. G.A. van Es
A Bronnenstudie en tekstuitgave by Dr. G.A. van Es.

This 2002 Sinterklaas present brings together the two oldest Dutch plays based on Ovid’s immortal Piramus and Thisbe story. Notes, reprints of illustrations and manuscript and of course the delightful story material combine to form a very pleasant package.

  • Author: Dr. G.A. van Es
  • Publisher: Zwolse Drukken en Herdrukken voor de Maatschappij der Nederlands Letterkunde te Leiden
  • Published:1964

One of the most curious phenomena in the history of the Dutch language is the rapid swing from being almost a calque of German to becoming a calque of English. The introduction to this book, published in 1964, is written in a heavily Germanized Dutch that is sometimes slow to read. By contrast, the sixteenth century Dutch is a breeze.

Nevertheless, since I have always thoroughly enjoyed the various spoofs of the Piramus and Thisbe story in Kees Stip’s Zes Variaties op een Misverstand, this book provided a lot of background. It even gives the sources for the reproduced plays from the Gesta Romanorum and the Bible des Poètes.

These plays are so-called Rederijkersspelen. This particular genre has been long maligned, but the sheer fun that speaks from them, even four centuries after, is infective. The authors of the plays, the people who wrote them down in the collected plays for the Haarlemse Rederijkerskamer and surely the people who acted the plays must have enjoyed them a lot.

 

Death of an Englishman

By Magdalen Nabb

“It’s just a complaint I have, an allergy. It’s the sunshine starts it off.” If you can stand reading this remark between five and perhaps ten times, then you might very well like this book. I did, the remark did get a payoff, but I’m not unreservedly enthousiastic about this book.

A mystery novel set in Florence, with a marshall of the carabinieri (spelling?) in the leading role, it appears to be Magdalen Nabb’s debut novel.

  • Author: Magdalen Nabb
  • Publisher: Collins Crime
  • Published: 1988 (1981)
  • ISBN: 0-00-6167760-4
  • Pages: 203

Let’s start with the things I really liked about this book: lots of sympathetic engaging characters, colour locale in spades (and the certainty that the author knows the locale she’s writing about), an interesting plot and a perfect length.

Things I like rather less: a protagonist with a horrible shtick, a curiously disjointed writing style that sometimes leaves me completely confused about what exactly happened, and — no, no and — that’s it.

It’s Christmas in Florence and the extremely likeable Marshall Guarnaccia has a serious bout of flu. A cadet from the military school, carabiniere Bacci, picks up the phone in the middle of the night, and the book is on its way. Bacci is a very interesting character. Young, inexperienced, ambitious, a very natty dresser, a stickler for proprieties and precision — many an author would have created an insufferable know-it-all-better from this material. But Bacci is anything but insufferable. He’s also eager to learn, eager to help and genuinely enthousiastic about his job. Quite an achievement, so much character in so short a genre novel.

The story unfolds relatively smoothly — except for the occasional stutter or stammer. Sometimes a scene feels as if it has been reconstituted from two scenes hacked to pieces, and sometimes a scene just doesn’t work. There’s a memorable chase somewhere near the end of the book (hope I’m not giving aways spoilers now) that suffers from this defect. The first twenty pages are quite hard to read…

But by the time the Captain (no, not the Marshall!) and Bacci are starting their investigation for real, the book begins to grip. And the final denouement is very touching, without getting sentimental.

I bought another one of the Marshall books together with this one (ten books for two euros…), and I’ll be starting on it right away.

Interesting, by the way, is that a google for Magdalen Nabb gives more German and French results than English hits. Don’t know what to make of that.