Penetration Testing with Perl

I was sent a review copy of Penetration Testing with Perl by Douglas Berdeaux. I really didn’t like it. Here’s the review I’ve been sharing on Amazon and Goodreads.

I’ve been wanting to learn a bit about Penetration Testing for a while and as Perl is my programming language of choice this seemed like a great book to choose. Unfortunately, it wasn’t.

I have no doubt that the author knows what he is talking about when it comes to Penetration Testing, but there were several things that prevented this book from transferring much of that knowledge to me.

Firstly, the typesetting in the book is terrible. I was reading the Amazon eBook edition – it’s possible that the printed version is better. For example, there’s a lot of code in this book and it’s in a proportional font. In order for code to be readable, it needs to be in a fixed-width font. Also, there are two or three places where an equation appears in the text, but it appears in an unreadably small font. I have just checked in the PDF version of the book and neither of these problems appear there. It would seem that this is down to a problem in Packt’s eBook creation process.

Secondly, it’s obvious that English is not the author’s first language. At times this really prevents him from getting his point across clearly. I’m very happy to see non-native speakers publishing books in English. But the publishers need to provide high quality proof-readers to ensure that the language is good enough.

Thirdly, the organisation of the book is a little haphazard. The first couple of chapters are introductions to Perl and Linux, but after that we are dropped immediately into a discussion of network sniffing. Later in the book there are chapters on intelligence gathering, social engineering and password cracking. These are all far simpler topics which could have served as a gentle introduction to the book, getting people up to speed on Perl before delving into the complex internals of network packets. Once again, I think this should be the responsibility of the publisher. There should be a good editor working on the book alongside the author and shaping the manuscript so that the story it tells guides the user through the subject as easily as possible.

Finally, the book falls short in its technical content. I can’t comment on the author’s explanations of Penetration Testing (I was, after all, reading the book to learn about that topic), but the Perl code that he uses throughout the book is really bad. He is obviously someone who only ever learned enough Perl to get his job done and never bothered to learn how Perl really works or to keep his knowledge up to date. As a result, the book is full of the kind of code that gives Perl its reputation as a write-only language. The idioms that he uses are often out of date (using ‘-w’ instead of ‘use warnings’, for example), confusing (predeclaring subroutines unnecessarily, using ampersands on function calls) or just plain wrong (‘my ($x, $y, $z) = 0 x 3′ just doesn’t do what he thinks it does). Actually, it’s worse than that. It’s not just Perl he doesn’t understand, it’s the fundamentals of good software engineering. His code is a confusing mess of global variables and bad design. This is another failure by the publisher. There should have been a competent technical editor checking this stuff.

I’ve read four or five Packt books now. They’re all of this standard. None of them should have been published. But Packt seem to have hit on a good business model. They find unknown authors and produce books as cheaply as possible. Their publishing process omits all of the editing and checking that more reputable publishers use. The books that come out of this process are, of course, terrible. But, for reasons I can’t understand, people still buy them.

Packt books – just say no.

Data Munging with Perl

Data Munging with PerlMany years ago, I wrote a book called Data Munging with Perl. People were kind enough to say nice things about it. A few people bought copies. I made a bit of money.

Recently I re-read it. I thought that some of it was still pretty good. There were some bits, particularly in the early chapters, that talked about general principles that are still as relevant as they were when the book was published.

There were other bits that haven’t aged quite as well. The bits where I talk about particular CPAN modules are all a bit embarrassing as Perl fashions change and newer, better modules are released. Although it was still available from Amazon, I really didn’t want people paying for it as a lot of it was really out of date.

But today I got an interesting letter from the publishers, telling me that they have taken the book out of print. And that allĀ  the rights in the book have reverted to me. Which means that I can now distribute it in any way that I like. And people don’t have to pay a lot of money for a rather out of date book.

So, you can download a PDF of the book from http://perlhacks.com/dmp.pdf. Or I’ve embedded the book below.

I might even have the original documents somewhere. So if I get some spare time I might be able to produce a more reasonable ebook version (but don’t hold your breath!)

Let me know if you find it useful.

The Definitive Guide to Catalyst

I’ve just published my review of “The Definitive Guide to Catalyst“. I thought it was worth quoting the final paragraph here:

The application development methods discussed by the authors of this book are the ones which will define good Perl development practice in the coming years. If you have any interest in how you should be developing Perl applications then you should be buying this book.

In short, I think you should all buy it.