Sign in
Log inSign up
On books for learning

On books for learning

Todd's photo
Todd
·Jan 19, 2019

The Internet/Web is indeed a great resource for information, especially when the information is needed ASAP or for free information.

However, I often get weird looks from associates and strangers for having about 60 computer-science related books and regularly carrying them around, reading and re-reading them, using highlighters so that they resemble syntax highlighting in an editor, and generally getting most of my info from them.

I've spent a lot of time Googling and using StackOverflow as well but I can tell you that in my experience, books have a solid edge in several categories which is why I turn to books for most of my serious learning:

1) I can mark them up - when I struggle to misunderstand a sentence, I find that using various colored highlighters helps my mind focus in on the content to better understand it. I also use tab-style bookmark labels to quickly locate subjects and pencil to write my own comments in the books.

2) Books published by reputable publishers (such as Wiley or Manning for example) have a far higher standard of content quality than some random dude's blog or forum post. I've found that when reading books by an acclaimed publisher and/or author, the content quality and information density in a book is far higher than anything I find on Google. One example was I was recently trying to research hacking Android apps for security testing. I first tried Googling and I did find some results, but I also picked up the book Android Hacker's Handbook. I had searched Google and asked around forums and got bits and pieces of advice but the handbook went far more in-depth... The book introduced dozens more tools than appeared in my searches and it also explained in a semantically-structured way what task each tool is used for and why. This is just one example but I've found this over and over with many subjects.

3) Books are often reliable/scholarly sources - This is one of my favorites... Even if I am well-versed in a subject, I'll read a book by experts in the field on that subject. Why? Because yes, I'll learn a few more things here and there, but it also gives me awesome firepower and ammo for when someone calls my actions or decisions into question - I can now cite the book and state "Bruce Schneier, world-reknown cryptographer suggests doing this on page 241 of Applied Cryptography" for example... So the person I'm working with understands the information is backed up by other professionals than myself or joe schmoe online. And then these types of books also cite their sources, adding even more credibility.

4) Less distractions - ads and sponsored listings on Google or other websites do have a distracting impact on users - there are no banners or popup ads in books, just straight content... No notifications, no people messaging you, just you and the learning material... There's value in this. There's value in not going to StackOverflow and seeing 5 notifications and then going down a rabbit hole and losing track of the original visit purpose.

5) There is value in using the knowledge provided by a book and filling the gaps via trial and error. I've realized that we often put too much value on the solution to a problem but there is actually often more value in the journey/process of reaching that solution. Say I have a problem when writing a C# program. I can Google for exactly how to solve that specific problem in this specific case and probably get a StackOverflow answer within 30 seconds and it might work and move on... However, what if I decided instead to just rely on the documentation or knowledge in a book on my desk, and figure the rest out using experimentation? It may take me an extra 4 hours, but during those 4 hours I improve my problem solving skills significantly and perhaps even learn a few things on my own that were not in that SO answer. This is noted also by the fact that the C programming language, Unix, Google itself, the Internet/ARPANET, the Linux kernel, and many other of the best, most foundational software were all created before Google or SO even existed.

6) Last but not least, one of my favorite things about books is that they have a preface and background.... They explain the history behind how things used to be done, how and why they got started that way, and then go on to begin teaching. Most blog posts and Internet articles do not do this or do not do it to the extent it is done in larger books. But this information is invaluable in subject matter understanding and crafting how you will tackle the problem that you are faced with. Maybe you read a blog post where an author tells you how to implement OAuth 2.0 in a specific framework, but you don't really know what OAuth is, how it started, and all of what it's capable of... You just know how to get up and running with it... This can bite you later on - maybe you begin to form biased opinions of the software due to ignorance of where it came from and which problems it was designed to solve, etc... Or perhaps you would choose another solution entirely if you knew more of what you were working with, other than it's an authorization system used by many large organizations. Maybe you would read who created OAuth to begin with, then search that person and read their background, learning of other useful projects or outlooks from there, etc...

The Too Old Myth

You often hear that tech is a fast-paced trade, and while this is sorta true, in my experience thus far, it's not nearly as face-paced as marketing departments and CEOs like to claim - making something sound new, flashy and cool is mostly to sell products, not for education purposes.

During much of my career thus far, I've relied on books which were published 10, 20, 30, sometimes even 40 years ago and when I first began to pick the books up, I was expecting to not get much out of them, but I figured, "hey I can get it for 3-5 bucks so if nothing else it'll be a fun history lesson." To my amazement at the time, the stuff I was reading, published 20 years ago, was describing the exact methods that I saw people using in modern python, javascript, C++, etc... When I began analyzing malware, I read a book published many years ago... Malware especially is a field which is supposedly constantly changing with latest and greatest hack techniques... Yet, using old knowledge I was able to successfully reverse-engineer and analyze many of today's threats.... Why?

Because minor details change, but processes stay the same for long periods of time; in my career I've found the processes to be more important than the details. As a security engineer for example, it would appear initially that pentesting a web app and reverse-engineering a kernel driver would be completely different and require different skills. This is true to a degree - in order to understand a kernel driver you will likely need knowledge of C, the APIs of the underlying operating system, and maybe even some assembly language. To pentest a web app, you'll want to know about HTTP/REST/CRUD as well as javascript and HTML at the least.

However, once all of that knowledge is attained, they are very similar - you have your initial recon phase where you just examine the application's behavior, static strings, and code, jotting down information that helps you learn about the system... From that, you may Google the different components/3rd party libraries to learn more about what they do, you then look for known vulnerabilities in those components and also use your own experience to begin examining the inputs/outputs and common trouble spots...

In this regard, I've found that analyzing a web app, Android app, driver, user-space C# program, etc... are all fundamentally very similar... And it's these main process habits that allow me to succeed in the role rather than the surface-level knowledge that can be Googled for. I've found that books often tell a narrative and the human mind can pick up on the process of the authors, noticing minute similarities and differences between them all and combine that with personal experience and experimentation and a 20 year old book isn't nearly as useless as many people may think!

Conclusion

In conclusion, this article is not suggesting that one should not use Google, StackOverflow, or even Hashnode but rather it is attempting to realize that there is still a ton of value provided in books and they can be combined as a learning tool in addition to the web resources. I find that many folks for some reason assume that once you're out of college, thick books are no longer a preferred method of learning, but they've certainly served me well so far and I continue to read them every day!