Until 05:00 PT 7/November/2014 are offering 50% off individual books from the O’Reilly Web Design Starter Kit at http://shop.oreilly.com/category/get/web-design-kit.do?code=DNWKIT. If you buy the whole kit, the saving is 60%!
Learning Web Design, 4th Edition
“Do you want to build web pages, but have no previous experience? This friendly guide is the perfect place to start. You’ll begin at square one, learning how the Web and web pages work, and then steadily build from there. By the end of the book, you’ll have the skills to create a simple site with multi-column pages that adapt for mobile devices. Learn how to use the latest techniques, best practices, and current web standards—including HTML5 and CSS3. Each chapter provides exercises to help you to learn various techniques, and short quizzes to make sure you understand key concepts.”
Learning Responsive Web Design
“Deliver an optimal user experience to all devices—including tablets, smartphones, feature phones, laptops, and large screens—by learning the basics of responsive web design. In this hands-on guide, UX designer Clarissa Peterson explains how responsive web design works, and takes you through a responsive workflow from project kickoff to site launch.”
Designing for Performance
“This practical book helps you approach a new project or redesign with page speed in mind, and shows you how to test and benchmark your design choices' impact on performance. You’ll also learn how to create semantic HTML and CSS that are easily repurposed and edited later, saving not just page load time but also your own time during development.”
Information Architecture for the World Wide Web, 3rd Edition
“The post-Ajaxian Web 2.0 world of wikis, folksonomies, and mashups makes well-planned information architecture even more essential. How do you present large volumes of information to people who need to find what they're looking for quickly? This classic primer shows information architects, designers, and web site developers how to build large-scale and maintainable web sites that are appealing and easy to navigate.”
High Performance Responsive Design
“Responsive Web Design (RWD) requires a more abstract way of responding to a user's behavior and environment. There’s a delicate balance between designing for a user's context and insuring that the performance of the design is not weighed down by special elements. High Performance Responsive Design is the first book to approach RWD with performance in mind. Author Tom Barker, a software engineer, solutions architect, and technical manager, shows you how to create website designs that are both high performing and compelling for the context of the user.”
Interactive Data Visualization for the Web
Today’s $10 Deal of the Day from APress at http://www.apress.com/9781430265290 is Pro ASP.NET MVC 5. The author is Adam Freeman so you can be sure that the book is filled with real world examples.
“The ASP.NET MVC 5 Framework is the latest evolution of Microsoft’s ASP.NET web platform. It provides a high-productivity programming model that promotes cleaner code architecture, test-driven development, and powerful extensibility, combined with all the benefits of ASP.NET.”
Today’s half-price E-book deal from O’Reilly at http://shop.oreilly.com/product/0636920033677.do?code=DEAL is 21st Century C, 2nd Edition.
“Throw out your old ideas about C and get to know a programming language that’s substantially outgrown its origins. With this revised edition of 21st Century C, you’ll discover up-to-date techniques missing from other C tutorials, whether you’re new to the language or just getting reacquainted.”
Today’s $10 Deal of the Day from APress at http://www.apress.com/9781430242543 is Pro ASP.NET 4.5 in C#. One of the authors is Adam Freeman and I therefore recommend this book to all Dot Net developers.
“ASP.NET 4.5 is the principal standard for creating dynamic web pages on the Windows platform. Pro ASP.NET 4.5 in C# raises the bar for high-quality, practical advice on learning and deploying Microsoft's dynamic web solution.”
At http://www.syncfusion.com/resources/techportal/ebooks/machine, Syncfusion are offering a free E-Book Machine Learning Using C# Succinctly.
At http://www.wservernews.com/, Windows Server News has published an excellent series of links on POODLE for Windows Admins. Here is a copy of their links.
Things just seem to keep getting worse in IT, don't they? Just when you thought you had a handle on the ShellShock vulnerability a.k.a. BASH bug, another gaping flaw in the underlying protocols of the Internet raises its nasty head. So what is POODLE? Why should we worry about it? Can it affect Windows-based environments? If so, what can we do about it?
What is POODLE?
It's basically a flaw in version 3.0 of the SSL protocol which used to be the standard for encrypting web traffic but has since been superseded by an updated protocol named TLS.
Should I be worried?
If your company or organization does business over the web then you should probably be worried for two reasons. First, while your web servers are likely configured to use TLS by default for encrypting web traffic, they are also likely configured to fall back to using SSL 3.0 should negotiation between your web server and a customer's web browser fail with TLS for some reason. Second, if your users need to securely connect with their web browsers to any web servers that are outside your control, those web servers are vulnerable for the same reason described above. And if those web servers beyond your control get compromised, then users connecting to them are potentially exposed to various kinds of information disclosure attacks.
I want to know more about POODLE
Want to learn more about how POODLE works? Here is the original announcement concerning this vulnerability on the Google Online Security Blog:
The above blog post references a security advisory published on OpenSSL.org by some members of the Google Security Team (PDF file):
StackExchange also has an excellent "in a nutshell" explanation of how POODLE works:
OK what should I do?
There are basically two things you can do to protect your assets against POODLE:
- Disable SSL 3.0 on all systems, platforms, and products you own and manage.
- Apply any patches released by vendors to address this vulnerability.
What about Microsoft products?
SSL 3.0 is still supported (available for fallback purposes) in the following Microsoft products:
- All versions of the Windows operating system including both client and server versions
- Internet Information Services (IIS) web server role on the Windows Server platform
- Internet Explorer web browser on all versions of Windows
Yikes! OK how can I disable SSL 3.0 on Microsoft products?
See the Suggested Actions section of Microsoft Security Advisory 3009008 for some general workarounds (requires Windows ID sign-in):
This thread on ServerFault may also be helpful especially with regard to IIS:
And this tweet by Microsoft MVP Eric Lawrence shows an easy way users can disable SSL 3.0 if they use Internet Explorer as their web browser:
Eric later followed this up with another tweet:
What about other web servers and web browsers?
Scott Helme has a terrific post on his blog describing how to disable SSL 3.0 on:
- Web servers like Apache, NginX, and IIS
- Web browsers like Firefox, Chrome and Internet Explorer
Here is Scott's post:
Scott's article also includes links to sites where you can test your web server or web browser to ensure they have SSL 3.0 disabled.
George Chetcuti also published a note about the POODLE exploit on his blog on WindowsSecurity.com:
At the end of George's note he says "Go here to find out how to disable SSLv3 support in your browser" and points you to another good article that describes how to disable SSLv3 on various browser platforms:
Anything more for Windows admins?
We've found a few threads on various Microsoft forums that you might want to keep an eye on:
In the process of reviewing the excellent book ‘Expert ASP.NET Web API 2 for MVC Developers’ by Adam Freeman, some of the examples failed with the following:
Compiler Error Message: CS0234: The type or namespace name 'Ajax' does not exist in the namespace 'System.Web.Mvc' (are you missing an assembly reference?)
This was fixed by:
- Stopping the project
- Changing the Copy Local property against System.Web.Mvc from False to True.
- Restart and it now works!
Today’s $10 Deal of the Day from APress at http://www.apress.com/9781430257257 is TypeScript Revealed.