Does anyone know if there is a way to blacklist a certificate on a windows 8.1 machine? To me, managing certificates between the os, IE, Chrome and Firefox is a bit of a joke in 2015. Besides blacklisting, I would love to know of script that will output the certificates that the PC has trusted but are not trusted by Verisign.
I don't think it's that easy. My book on Amazon currently has one 5-star review that's just one word and two 5-star reviews with two words each. I am the author and the publisher, and I know for a fact that these reviews are not fake. But they probably come across as fake. I think that there some people who just want to share their opinion of a book without making an effort to write a good review.
Personally, I'd prefer to have only reviews backed up with an explanation. If a book is good, tell me why. If it isn't good, I'd like to know why you think it isn't. That's the only way to make the next edition better.
I have noticed an increase of reviews that typically contain a subject of "<Number> Stars", and either no review body, or a very short review body, such as "good book".
I too hate reviews like that, but I think it's due to Amazon nagging customers to leave reviews for things that are purchased on the Kindle. I am beginning to suspect they have an app or form somewhere where you tap the number of stars and write your review in a text block.
Edit [responding to moe, below]: that's a matter of taste. I prefer to have my SQL _outside_ my code. If I have to write a little XML to make it happen, so be it. Additionally, unlike your example, a strict separation of SQL and data ensures SQL injection is not possible. That's also a worthy goal.
I think the most important lesson from the last couple of years is that all our security protocols must come with adversarial testing suites -- from inception. Clearly, there's a long way between designing a secure protocol (I am not saying that SSL and TLS were properly designed) and implementing one.
I think the NSA's clandestine backdooring of hardware, software and standards, in contradiction of their charter, shows that the processes and organizations producing and shipping those protocols, software and hardware also need adversarial testing.
Yeah I would have hoped that tests involving skipped or out of order protocol flows would have been part of their normal functional testing.
I remember reading a while back about NASA's testing procedures and they have a team who's sole job is finding bugs in the code produced by the other development teams. It seems like that structure should be adopted for these security critical projects. Ideally the open source community is supposed to help out with the reviews, but in reality it needs to be someone's whole job.
You can get it directly from me (Feisty Duck is my small publishing business) here: https://www.feistyduck.com/books/bulletproof-ssl-and-tls/ This is the best option, because you get all digital formats (PDF, EPUB, and Kindle; there's no DRM), unlimited digital updates of the same edition, and a paperback if you want it.
You can also buy it in paperback from Amazon and other online stores, but you can get the digital formats only from Feisty Duck. That said, it's possible to upgrade your paperback for a small free.
Just as an aside: the SSL Labs test is slow on purpose -- that's how we stay under the radar and avoid too many complaints from server operators. That said, it's a common complaint and I intend to optimize some operations in the next major version.
Please note that the discount on the bundle (paperback and digital formats) is about 48%, due to the coupon limitations of Shopify. For full disclosure: we currently have a small discount for everyone, and the coupon adds 40% on top of that.
I built a similar single-source publishing workflow to publish my books, but it's based around DocBook. I am very happy with DocBook because it has all the features I need for technical publishing (styling, indexing, cross-references, etc). For writing I use OxygenXML, which allows me to edit text without working with XML directly and -- crucially -- supports change tracking that makes working with editors/copyeditors a breeze.
To get good results from FOP you really need to dig deep into the XSL stylesheets. The amount of customisation work is usually not that big, but the problem is that you need to learn a lot about the stylesheets to know how to make the changes. If you don't already know XSLT the learning curve can be steep. The change-build-test process is very slow, especially when you're essentially guessing where to make the changes. (Which, for me, happened most of the time.)
I was happy with FOP, but eventually moved to a commercial product: 1) I wanted to use OpenType fonts, which generally offer better quality and support a wide range of languages, 2) full support for ligatures, 3) better handling of SVG illustrations (FOP's integration with Batik is clunky and makes it very difficult to use the same fonts as the main document), and 4) better indexes.