Category Archives: book reviews

book reviews, books, privacy, tech

Cyber Privacy by April Falcon Doss

1 Comment

This is a book about pervasive data collection and its implications. The author, April Falcon Doss, is a lawyer who spent 13 years at the US National Security Agency (NSA), itself an organization controversial for phone-tapping and other covert surveillance practices. Disturbing though that is, one of Doss’s observations is that “in democratic countries … the government doesn’t have nearly as much data as private companies do.” She argues that government-held data is less troubling since its usage is well regulated, unlike privately held data – though these safeguards do not apply in authoritarian regimes.

Government use then is just one piece of something much bigger, the colossal amount of personal data gathered on so much of what we do, our buying habits, what we search for on the internet, our health, our location, our contacts, tastes and preferences, all tracked, stored, and used in ways that we might not expect. Most of the book simply describes what is happening, and this will be eye-opening to anyone who has not followed the growth of data collection and its use in marketing and advertising over the last twenty years or so. Doss describes how a researcher analyzed his iPhone activity and found that “within seven days, the phone had exported data via 5,400 hidden app trackers.” – and Google’s Android is even worse.

How much do we care and how much should we care? Doss looks at this question which to me is of particular interest. We like getting stuff for free, like social media, search, maps and directions; but how aware are we of hidden costs like compromised privacy and would we be willing to pay in other ways? Studies on the subject are contradictory; humans are not very logical on the matter, and it depends exactly how the trade-off between privacy and cost is presented. The tech giants know this and in general we easily succumb to the temptation to hand over personal information when signing up for free services.

Doss makes some excellent and succinct points, as when she writes that “privacy policies offer little more than a fig leaf of user notice and consent since they are cumbersome to read, difficult to understand, and individuals have few alternatives when it comes to using the major digital platforms.” She also takes aim at well-intended but ineffective cookie legislation – which have given rise to the banners you see, especially in the EU, inviting you to accept all manner of cookies when you visit a web site for the first time. “A great deal of energy and attention has gone into drafting and implementing cookie notice laws,” she says. “But it is an open question whether anyone’s privacy has actually increased.”

She also observes that we are in uncharted territory. “It turns out that all of us have been unwitting participants in a multifaceted, loosely designed program of unregulated research,” she writes.

Personally I agree that the issue is super-important and deserves more attention than it gets, so I am grateful for the book. There are a couple of issues though. One is that the reason personal data gathering has escalated so fast is that we’ve seen benefits – like free services and personalisation of advertising which reduces the amount of irrelevant material we see – but the harms are more hidden. What are the harms? Doss does identify some harms, such as reduced freedom in authoritarian regimes, or higher prices for things like Uber transport when algorithms decide what offers to show based on our willingness to pay. I would like to have seen more attention paid though to the most obvious harm of the moment, the fact that abuse of personal data and social media may have resulted in political upheavals like the election of Donald Trump as US president, or the result of the Brexit referendum in the UK. Whatever your political views, those who value democracy should be concerned; Doss gives this matter some attention but not as much as it merits, in my opinion.

Second, the big question is what can be done; and here the book is short of answers. Doss ends up arguing that we have passed the point of no return in terms of data collection. “The real challenge lies in creating sufficient restrictions to rein in the human tendency to misuse information for purposes that we’ve collectively decided are unacceptable in society,” she writes, acknowledging that how we do so remains an open question.

She says that her ambitions for the book become more modest as the research continued, ending with the hope that she has provided “a catalogue of risks and relevant questions, along with a useful framework for thinking about the future” which “may spark further, future discussions.”

Fair enough, but I would like to have seen more practical suggestions. Should we regulate more? Should Google or Facebook be broken up? As individuals, does it help if we close social media accounts and become more wary about the data that we give away?

Nevertheless I welcome this thought-provoking book and hope that it does help to stimulate the future debate for which the author hopes.

BenBella Books (3 Nov. 2020)

book reviews, books

The Whole Truth by Cara Hunter

Set in Oxford, this crime novel continues Hunter’s series based on the cases of DI Adam Fawley. A student has accused a professor of sexual assault – and unusually, the accused is female. Separately, an old case returns to haunt Fawley and his pregnant wife Alex: a criminal whom he put away has done his time, will he attempt the revenge he swore he would exact when convicted?

It is a great read, a book which drew me in quickly and kept me absorbed. I love the fact that the author is a Colin Dexter fan who uses an anagram of Morse for the surname of one of her own fictitious detectives. The plot is full of twists, it’s super-clever, and I particularly enjoyed that last few chapters when the pieces slot into place, worked out by someone unexpected.

That said, I do have a few niggles. One is that there the two separate stories here are essentially unrelated and get almost equal attention, despite the fact that it is the incident with the professor and her student that is highlighted in the blurb and cover picture. Two plots for the price of one isn’t a bad thing, except that the second plot about Fawley’s old case is quite a bit more interesting and exciting than the one which is meant to be the main one. It’s just as well, since I doubt the book would have held my interest without it, but I do wonder if it would have been better to make this more compelling plot the main theme.

Second, I found it odd that the book is written part in first person, from Fawley’s perspective, and partly in third person. There is a bit of chronological jumping around too, but that I have no problem with. There are also illustrations featuring lots of text which are quite hard to read on a Kindle.

Still, these little annoyances did not stop me enjoying the book which was a welcome distraction in these strange days of pandemic.

Penguin. Pub Date 25 Feb 2021
.net, book reviews, microsoft, professional, software development, visual studio, Web, web authoring

Book review: Professional ASP.NET MVC 5. Is this the way to learn ASP.NET MVC?

3 Comments

This book caught my eye because while I like ASP.NET MVC, Microsoft’s modern web application framework, it seems to be badly documented. Even the word “badly” is not quite right; there is lots of documentation, some of high quality, but finding your way around it is challenging, thanks to the many different pieces involved. When I completed an ASP.NET MVC project recently, I found it frustrating thanks to over-reliance on sample projects (hey, here is a an application we did that works, see if you can figure out how we did it), many out of date articles relating to old versions; and the opposite, posts and samples which include preview software that does not seem wise to use in production.

image

In my experience ASP.NET MVC is both cleaner and faster than ASP.NET Web Forms, the older .NET web framework, but there is more to learn before you can go ahead and write an application.

Professional ASP.NET MVC 5 gives you nearly 600 pages on the subject. It is aimed at a broad readership: the introduction states:

Professional ASP.NET MVC 5 is designed to teach ASP.NET MVC, from a beginner level through advanced topics.

Perhaps that is too broad, though the idea is that the first six chapters (about 150 pages) cover the basics, and that the later chapters are more advanced, so if you are not a beginner you can start at chapter 7.

The main author is Jon Galloway who is a Technical Evangelist at Microsoft. The other authors are Brad Wilson, formerly at Microsoft and now at CenturyLink Cloud; K Scott Allen at OdeToCode, David Matson who is on the ASP.NET MVC team at Microsoft, and Phil Haack formerly at Microsoft and now at GitHub. I get the impression that Haack wrote several chapters in an earlier edition of the book, but did not work directly on this one; Galloway brought his chapters up to date.

Be in no doubt: there are plenty of well-informed ASP.NET MVC people on this team.

The earlier part of the book uses a sample Music Store application, a version of which is publicly available here. You can also download a tutorial, based on the sample, written by Galloway. The public tutorial however dates from 2011 and is based on ASP.NET MVC 3 and Visual Studio 2010. The book uses Visual Studio 2013.

Chapters 1 to 6, the beginner section, do a decent job of talking you through how to build a first application. There are chapters on Controllers, Views, Models, Forms and HTML Helpers, and finally Data Annotations and Validation. It’s a good basic introduction but if you are like me you will come out with many questions, like what is an ActionResult (the type of most Controller methods)? You have to wait until chapter 16 for a full description.

Chapter 7 is on Membership, Authorization and Security. That is too much for one chapter. It is mostly on security, and inadequate on membership. One of my disappointments with this book is that Azure Active Directory hardly gets a mention; yet to my mind integration of web applications with Office 365 (which uses Azure AD) is a huge feature for Microsoft.

On security though, this is a useful chapter, with handy coverage of Cross-Site Request Forgery and other common vulnerabilities.

Next comes a chapter on AJAX with a little bit on JQuery, client-side validation, and Ajax ActionLinks. Here is the dilemma though. Does it make sense to cover JQuery in detail, when this very popular open source library is widely documented elsewhere? On the other hand, does it make sense not to cover JQuery in detail, when it is usually a vital part of your ASP.NET MVC application?

I would add that this title is poor on design aspects of a web application. That said, I was not expecting much on the design side; but what would help would be coverage of how to work with designers: what is safe to hand over to designers, and how does a typical designer/developer workflow play out with ASP.NET MVC?

I would also like to see more coverage of how to work with Bootstrap, the CSS framework which is integrated with ASP.NET MVC 5 in Visual Studio. I found it a challenge, for example, to discover the best way to change the default fonts and colours used, which is rather basic.

Chapter 9 is on routing, dry but essential background. Chapter 10 on NuGet, the Visual Studio package manager, and a good chapter given how important NuGet now is for most Visual Studio work.

Incidentally, many of the samples for the book can be installed via NuGet. It’s not completely obvious how to do this. I found the best way is to go to http://www.nuget.org and search for Wrox.ProMvc5 – here is the link to the search results. This lists all the packages available; note the package names. Then open the Nuget package manager console and type:

install-package [packagename]

to get the sample.

Chapter 11 is a too-brief chapter on the Web API. I would like to see more on this, maybe even walking through a complete application with clients for say, Windows Phone and a web application – though the following chapter does present a client example using AngularJS.

Chapter 13 is a somewhat theoretical look at dependency injection and inversion of control; handy as Microsoft developers talk a lot about this.

Next comes a very brief introduction to unit testing, intended I think only as a starting point.

For me, the the next two chapters are the most valuable. Chapter 15 concerns extending MVC: you learn about extending models with value providers and model binders; validating models; writing HTML helpers and Razor (the view engine in ASP.NET MVC) helpers; authentication filters and authorization filters. Chapter 16 on advanced topics looks in more detail at Razor, routing, templates, ActionResult and a few other things.

Finally, we get a look at how the Nuget.org application was put together, and an appendix covering some miscellaneous details like what is new in ASP.NET MVC 5.1.

Conclusions

I find this one hard to summarise. There is too much missing to give this an unreserved recommendation. I would like more on topics including ASP.NET Identity, Azure AD integration, Entity Framework, Bootstrap, and more. Trying to cover every developer from beginner to advanced is too much; removing some of the introductory material would have left more room for the more interesting sections. The book is also rather weighted towards theory rather than hands-on coding. At some points it felt more like an explanation from the ASP.NET MVC team on “why we did it this way”, than a developer tutorial.

That said, having those insights from the team is valuable in itself. As someone who has only recently engaged with ASP.NET MVC in a real application, I did find the book useful and will come back to some of those explanations in future.

Looking at what else is available, it seems to me that there is a shortage of books on this subject and that a “what you need to know” title aimed at professional developers would be widely welcomed. It would pay Microsoft to sponsor it, since my sense is that some developers stick with ASP.NET Web Forms not because it is better, but because it is more approachable.

 

book reviews

Review: When computing got personal by Matt Nicholson

This is a book which ends too soon; but it is a good read nevertheless.

Journalist Matt Nicholson here provides a history of personal desktop computing, beginning with machines like the DEC PDP-8 in 1965, which was not a desktop computer but merely the size of a refrigerator so more convenient than a mainframe, and the Canon Pocketronic in 1970 which was an early pocket calculator. The key enabler was the invention of the integrated circuit, which packs thousands (and today, sometimes billions) of semiconductors into a single package.

image

Early chapters follow the history of the MITS Altair, IBM’s first portable computers, Apple, Commodore, Atari, Intel and Microsoft. The reasons why IBM adopted Microsoft’s MS-DOS rather than CP/M from Digital Research are explained in detail; it was not merely because Digital’s CEO Gary Kildall was out flying when IBM called. Nicholson goes on to describe the battle of the WIMPs, graphical user interfaces from Apple, Digital Research and Microsoft, the triumph of Windows and the near-death of Apple before the return of Steve Jobs in 1997. The closing chapters look at the history of the Internet and the world wide web, and the rise of open source software and how Microsoft fought it.

I have read numerous books on the history of personal computing and rate this one highly. The research is excellent, backed by a 20 page bibliography. Nicholson also shows his editorial expertise by keeping the writing brisk and compact; the book is only 300 pages long.

That said, the book is stronger on the early years than it is on later developments. The bulk of the material relates to the years up to around 2004, a decade ago. Google hardly gets a mention, and the mobile revolution kicked off by Apple’s iPhone in 2007 has only a couple of paragraphs.

The reason I presume is that Nicholson aims to cover only desktop computers; yet the title of the book refers to personal computing, and a tablet with a Bluetooth keyboard being used for productivity (I am typing this review on one now) is part of the same story.

Nicolson describes how Microsoft turned on a pin in 1992, when Bill Gates authored his Internet Tidal Wave internal memo that marked the beginning of the company’s conversion to the web and its success with Internet Explorer.

It seems to me that this is a parallel with the announcement of Windows 8 in 2011 and Microsoft’s adoption of a touch user interface, though the outcome so far has been less successful; and that the extraordinary rise of Google Android is far enough along that it deserves more than the single mention it gets in this book. Google’s Chrome OS and Chromebook, which is hybrid desktop and internet technology, is another important development.

I would have liked Nicholson to write more about the last ten years then; but that does not take away from the high quality of what is covered here; recommended if you would like to understand how personal computing began.