Issuu launches collaborative e-publishing layout tool

spotlightWe’ve covered digital magazine service Issuu a few times. The latest news about the service is that it’s launched a new digital collaboration platform, called Collaborate.

The general idea seems to be that it’s like Google Docs on steroids, or a collaborative version of a writing and layout tool like Indesign. Instead of simply collaborating on a document, you set up your layout (or import it from Indesign) and then you and other users can import text, pictures, and other content. Once you’re done, you can publish it via Issuu’s publishing platform or export it as a PDF. The collaboration platform requires a subscription to Issuu’s Optimum plan, and it works on both the desktop and tablets.

This is certainly an intriguing development. It’s more suited to e-magazines than e-books, but all the same, it’s certainly a step beyond simple document collaboration tools like Google Docs. Personally, though, I wish there was a collaborative version of Scrivener—I don’t need layout in my writing, but I could use access to its document organization capabilities at the same time as I work together online with friends. It would also be nice to have access to a tool you didn’t have to pay a subscription fee to use.

Still, this could be the first of many more fully-featured collaboration tools. If one company has the idea, it isn’t hard for another company to have a similar one. It will be interesting to see if any competitors crop up.

The post Issuu launches collaborative e-publishing layout tool appeared first on TeleRead News: E-books, publishing, tech and beyond.

Original URL:

Original article

Gunning for Google, Comcast Preps Gigabit Internet That Works With Regular Cable

Gunning for Google, Comcast Preps Gigabit Internet That Works With Regular Cable

The Internet provider everyone loves to hate is gearing up to offer one gigabit per second Internet service in five U.S. cities. The post Gunning for Google, Comcast Preps Gigabit Internet That Works With Regular Cable appeared first on WIRED.

Original URL:

Original article

SMTP Strict Transport Security

By Nathan Willis
April 20, 2016

It is no secret that email has been a weak point in the security of
the standard Internet protocol suite for quite some time. While
improvements to HTTP and TLS have resulted in more robust web
security, mail transfer has lagged behind. Now, a new draft RFC has
been submitted to the Internet Engineering Task Force (IETF) that may
make SMTP connections substantially more secure, closing loopholes
that have made mail transfer vulnerable to
man-in-the-middle and cryptographic-downgrade attacks.

The draft is called SMTP
Strict Transport Security
(SMTP STS), and it was first posted on
March 18. The authors work for a variety of well-known
technology companies and ISPs, including Google, Yahoo, Comcast,
Microsoft, LinkedIn, and 1&1 Internet. It sets out a standard by
which a mail server can publish an STS Policy that defines how mail
transfer agents (MTAs) can connect using TLS, how they can validate
the server’s TLS certificate, and what they should do in the case that
a TLS session cannot be correctly established. As the name implies,
SMTP STS is similar in design to HTTP Strict Transport
Security (HSTS), defined in RFC6797.

SMTP was originally defined in RFC821, long before TLS
(or SSL) were invented, and sent
all messages in the clear. The STARTTLS extension (RFC3207) added support
for TLS transport in 2002. Although reports are that STARTTLS has
proven popular with mail providers, it suffers from some severe

First, the TLS session is subject to downgrade
attacks. In the SMTP session-establishment handshake, the
STARTTLS command is sent from one machine to the other, in
the clear. Upon receipt, the remote machine is intended to respond by
initiating a TLS handshake before the SMTP session continues. But an
attacker sitting in between the two machines can simply intercept and
drop the STARTTLS command (or overwrite it with garbage), in
which case the SMTP session will continue in plaintext.

The second shortcoming is that, in a STARTTLS handshake, client
machines do not attempt to verify that the TLS certificate presented
by the server actually belongs to the expected domain. Here again, an
attacker in the middle can intercept the genuine certificate and
replace it with a fraudulent one, without the client knowing the difference.

SMTP STS defines a way for a mail server to publish a public record
that TLS is available and that SMTP clients should thus use it when making
connections. This record is the STS Policy, and has seven mandatory

  • v – the SMTP STS version. Only a value of STS1
    is supported.
  • to – a boolean indicating whether the server is “TLS
    Only.” If true, then clients who encounter errors in the TLS setup
    must not deliver any mail to the server.
  • mx – a comma-separated list of domains for which the
    policy applies.
  • a – the authentication mechanism clients should use to
    verify that the policy is authentic. The supported mechanisms are
    DNSSEC and an HTTPS URI at which the client can separately request the
    policy and verify that the two copies are identical.
  • c – the validation method clients should use to verify
    the authenticity of the server’s TLS certificate. The supported
    methods are DANE TLSA (RFC7672) and verifying the PKI trust chain on the certificate
    back to a root certificate authority (that is, traditional TLS
    identity checking as specified in RFC6125).
  • e – the maximum lifetime of the policy.
  • rua – the address to which feedback and errors may be reported by the

A server can publish its STS Policy at or via DNS as a TXT record
under the name The draft document further
specifies that any errors reported to a server by clients should
contain details about where unexpected results were encountered: an
expired certificate, a DNSSEC failure, a certificate that does not
match the server’s domain, and so forth.

As Lucian Constantin at InfoWorld pointed
, one possible security loophole is that the first time a
client connects to a server, it has no cached copy of the server’s STS
Policy to compare, so a man-in-the-middle attacker could, in theory,
intercept the first request and return a forged policy instead. That
forged policy would, by necessity, include an a field
similarly doctored to direct the client to an attacker-controlled
server when authenticating the policy.

The draft’s support for DNS-based policy publishing provides the
means for some additional robustness against man-in-the-middle attacks
over what is offered by TLS identity checking. If a server’s STS Policy is
published as a TXT record in a DNSSEC-protected zone, clients can verify its authenticity. Furthermore, the c field can be used to specify that
a DANE TLSA record for the server’s TLS certificate is required for
validation. Thus, an attacker would have to compromise the DNSSEC
server in addition to intercepting the SMTP handshake.

The draft also notes that clients are not obligated to accept STS
Policies the first time they retrieve them from a server. Instead,
they are permitted to use the rua reporting mechanism to tell
the server’s administrators what they saw. That report can be sent “offline”
or during a different session, potentially allowing failures and suspicious reports to be
routed around a man-in-the-middle attack. Such a reporting feature is
not found in HSTS; nevertheless, SMTP STS is still a “trust on first
use” system.

The authors of the draft list
two other options to be considered for future inclusion in STMP
STS as well. They are certificate pinning, in which a policy could
specify specific certificates that must appear in the
certificate-validation chain, and policy distribution, in which sites’
policies could be recorded and publicly tracked.

The draft also speculates that it could be worthwhile for a policy
to specify the list of cryptographic ciphers and TLS versions that the
server accepts, and perhaps to specify that all mail received
the server’s domain should be expected to arrive over TLS.
The latter feature would, in theory, allow a mail server to check for an STS
Policy for incoming mail domains and, thus, reject mail that is “supposed to”
arrive over TLS but does not. The draft notes, however, that such
a policy would come with its share or potential man-in-the-middle
attacks to be guarded against, and may not offer significant gains.

STARTTLS has, no doubt, improved the security of e-mail transfer,
but it is far from complete. SMTP STS hopefully closes some of the
more egregious holes.

(Log in to post comments)

Original URL:

Original article

Slack To Disable Thousands of Logins Leaked on GitHub

An anonymous reader writes: Thursday one technology site reported that thousands of developers building bots for the team-collaboration tool Slack were exposing their login credentials in public GitHub repositories and tickets. “The irony is that a lot of these bots are mostly fun ‘weekend projects’, reported Detectify. “We saw examples of fit bots, reminding you to stretch throughout the day, quote bots, quoting both Jurassic Park…and Don Quixote….”

Slack responded that they’re now actively searching for publicly-posted login credentials, “and when we find any, we revoke the tokens and notify both the users who created them, as well as the owners of affected teams.” Detectify notes the lapse in security had occurred at a wide variety of sites, including “Forbes 500 companies, payment providers, multiple internet service providers and health care providers… University classes at some of the world’s best-known schools. Newspapers sharing their bots as part of stories. The list goes on and on…”

Share on Google+

Read more of this story at Slashdot.

Original URL:

Original article

On the dark art of software estimation

Article note: Truth. “Software estimates are always wrong, because the tasks being estimated are always, to some extent, terra incognito, new and unknown.”

estimate “How long will it take?” demand managers, clients, and executives. “It takes as long as it takes,” retort irritated engineers. They counter: “Give us an estimate!” And the engineers gather their wits, call upon their experience, contemplate the entrails of farm animals, throw darts at a board adorned with client/manager/executive faces, and return–a… Read More

Original URL:

Original article

Taskwarrior – intelligent TODO list

Taskwarrior running under “Bash on Ubuntu on Windows” 2016-04-07

Today we could verify that Taskwarrior works out of the box under “Bash on Ubuntu on Windows 10”.
Either by installing it via apt-get (which pulls the regular Ubuntu package) or by compiling it.
No changes needed to the source code. You compile it as you would do it on native Ubuntu. A few
tests were failing. But no major ones. Enjoy the screenshot and enjoy the thoughts of being able
to abandon Cygwin soon, if you are using Taskwarrior on Windows.

Bash on Ubuntu on Windows

Activity Digest: March 2016 2016-04-01

This is an ongoing series of activity reports, published monthly,
to highlight activity in the Taskwarrior project. Here is what
happened in March 2016.

Activity Digest: February 2016 2016-03-01

This is an ongoing series of activity reports, published monthly,
to highlight activity in the Taskwarrior project. Here is what
happened in February 2016.

Taskwarrior 2.5.1 Released 2016-02-24

Taskwarrior 2.5.1 is released. Although this is a minor release,
it contains many bug fixes and performance enhancements.
There have been a lot of changes. Here are the new features:

There aren’t any, this is a bug fix and performance release.

Taskwarrior Workflow Study 2016-02-09

Taskwarrior aims to provide a toolkit of various capabilities, which
can be cherry-picked to support many custom methodologies.

We have learned over the years that everyone uses it differently,
and for different things. There is a lot to be learned from how
someone uses software, the features they use, and the ones they do

Taskwarrior 2.5.1 Beta Released 2016-02-05

This release is a bug-fix, code cleanup and performance release only.
There are no new features, but the existing features all work a
little more reliably, and a lot faster.

Original URL:

Original article

Practical Router Reverse Engineering Part 2 – Scouting the Firmware

29 Apr 2016

In part 1
we found a debug UART port that gave us access to a linux shell. At this point
we’ve got the same access to the router that a developer would use to debug
issues, control the system, etc.

This first overview of the system is easy to access, doesn’t require expensive
tools and will often yield very interesting results. If you want to
do some hardware hacking but don’t have the time to get your hands too dirty,
this is often the point where you stop digging into the hardware and start
working on the higher level interfaces: network vulnerabilities, ISP
configuration protocols, etc.

These posts are hardware-oriented, so we’re just gonna use this access to gather
some random pieces of data. Anything that can help us understand the system or
may come in handy later on.

Please check out the
legal disclaimer
in case I come accross anything sensitive.

Full disclosure: I’m in contact with Huawei’s security team; they’ve had time
to review the data I’m going to reveal in this post and confirm there’s nothing
too sensitive for publication. I tried to contact TalkTalk, but their security
staff is nowhere to be seen.

Picking Up Where We Left Off

Picture of Documented UARTs

We get our serial terminal application up and running in the computer and power
up the router.

Boot Sequence

We press enter and get the login prompt from ATP Cli; introduce the
credentials admin:admin and we’re in the ATP command line. Execute the command
shell and we get to the BusyBox CLI (more on BusyBox later).

-----Welcome to ATP Cli------
Login: admin
Password:    #Password is ‘admin'
BusyBox vv1.9.1 (2013-08-29 11:15:00 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
# ls
var   usr   tmp   sbin  proc  mnt   lib   init  etc   dev   bin

At this point we’ve seen the 3 basic layers of firmware in the Ralink IC:

  1. U-boot: The device’s bootloader. It understands the device’s memory map,
    kickstarts the main firmware execution and takes care of some other low level
  2. ATP: Controls the bare metal, parallel processes, etc. as a linux-based kernel
  3. Busybox: A small binary including reduced versions of multiple linux
    commands. It also supplies the shell we call those commands from.

Lower level interfaces are less intuitive, may not have access to all the data
and increase the chances of bricking the device; it’s always a good idea to
start from BusyBox and walk your way down.

For now, let’s focus on the boot sequence itself. The developers thought it would
be useful to display certain pieces of data during boot, so let’s see if there’s
anything we can use.

Boot Debug Messages

We find multiple random pieces of data scattered accross the boot sequence. We’ll
find useful info such as the compression algorithm used for some flash segments:

boot msg kernel lzma

Intel on how the memory in the external flash is structured will be very useful
when we start extracting the flash contents.

ram data. not very useful

SPI Flash Memory Map!

And more compression intel:

root is squashfs'd

We’ll have to deal with the compression algorithms when we try to access the raw
data from the external Flash, so it’s good to know which ones are being used.

What Are ATP and BusyBox Exactly? [Theory]

The Ralink IC in this router uses the ATP firmware to control memory and parallel
processes, keep overall control of the hardware, etc. In other words, it’s a
kernel, and it’s based on Linux. We know ATP has a CLI, but it is extremely

Welcome to ATP command line tool.
If any question, please input "?" at the end of command.

help doesn’t mention the shell command, but it’s usually either shell or
sh. This ATP CLI includes less than 10 commands, and doesn’t support any kind
of complex process control or file navigation. That’s where BusyBox comes in.

BusyBox is a single binary containing reduced versions of common unix
commands, both for development convenience and -most importantly- to save memory.
From ls and cd to top, System V init scripts and pipes, it allows us to
use the Ralink IC like a Linux box.

One of the utilities the BusyBox binary includes is the shell itself, which has
access to the rest of the commands:

BusyBox vv1.9.1 (2013-08-29 11:15:00 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
# ls
var   usr   tmp   sbin  proc  mnt   lib   init  etc   dev   bin
# ls /bin
zebra        swapdev      printserver  ln           ebtables     cat
wpsd         startbsp     pppc         klog         dns          busybox
wlancmd      sntp         ping         kill         dms          brctl
web          smbpasswd    ntfs-3g      iwpriv       dhcps        atserver
usbserver    smbd         nmbd         iwconfig     dhcpc        atmcmd
usbmount     sleep        netstat      iptables     ddnsc        atcmd
upnp         siproxd      mount        ipp          date         at
upg          sh           mldproxy     ipcheck      cwmp         ash
umount       scanner      mknod        ip           cp           adslcmd
tr111        rm           mkdir        igmpproxy    console      acl
tr064        ripd         mii_mgr      hw_nat       cms          ac
telnetd      reg          mic          ethcmd       cli
tc           radvdump     ls           equipcmd     chown
switch       ps           log          echo         chmod

You’ll notice different BusyBox quirks while exploring the filesystem, such
as the symlinks to a busybox binary in
That’s good to know, since any commands that may contain sensitive data will
not be part of the BusyBox binary

Exploring the File System

Now that we’re in the system and know which commands are available, let’s see if
there’s anything useful in there. We just want a first overview of the system,
so I’m not gonna bother exposing every tiny piece of data.

The top command will help us identify which processes are consuming the most
resources. This can be an extremely good indicator of whether some processes are
important or not. It doesn’t say much while the router’s idle, though:


One of the processes running is usbmount, so the router must support connecting
‘something’ to the USB port. Let’s plug in a flash drive in there…

usb 1-1: new high speed USB device using rt3xxx-ehci and address 2
++++++sambacms.c 2374 renice=renice -n +10 -p 1423

The USB is recognised and mounted to /mnt/usb1_1/, and a samba server is
started. These files show up in /etc/samba/:

# ls -l /etc/samba/
-rw-r--r--    1 0        0             103 smbpasswd
-rw-r--r--    1 0        0               0 smbusers
-rw-r--r--    1 0        0             480 smb.conf
-rw-------    1 0        0            8192 secrets.tdb
# cat /etc/samba/smbpasswd
nobody:0:XXXXXXXXXXXXXXXXXXX:564E923F5AF30J373F7C8_______4D2A:[U ]:LCT-1ED36884:

More data, in case it ever comes in handy:

  • netstat -a:
    Network ports the device is listening at
  • iptables –list:
    We could set up telnet and continue over the network, but I’d rather stay as close
    to the bare metal as possible
  • wlancmd help:
    Utility to control the WiFi radio, plenty of options available
  • /etc/profile
  • /etc/inetd
  • /etc/services
  • /var/:
    Contains files used by the system during the course of its operation
  • /etc/:
    System configuration files, etc.

/var/ and /etc/ always contain tons of useful data, and some of it makes
itself obvious at first sight. Does that say /etc/serverkey.pem??

Blurred /etc/serverkey.pem


It’s very common to find private keys for TLS certificates in embedded systems.
By accessing 1 single device via hardware you may obtain the keys that will help
you attack any other device of the same model.

This key could be used to communicate with some server from Huawei or the ISP,
although that’s less common. On the other hand, it’s also very common to find
public certs for services from communication with remote servers.

In this case we find 2 certificates next to the private key; both are self-signed
by the same ‘person’:

  • /etc/servercert.pem: Most likely the certificate for the serverkey
  • /etc/root.pem:
    Probably used to connect to a server from the ISP or Huawei. Not sure.

And some more data in /etc/ppp256/config and /etc/ppp258/config:


These credentials are also available via the HTTP interface, which is why I’m
publishing them, but that’s not the case in many other routers (more on this

With so many different files everywhere it can be quite time consuming to go
through all the info without the right tools. We’re gonna copy as much data as
we can into the USB drive and go through it in our computer.

The Rambo Approach to Intel Gathering

Once we have as many files as possible in our computer we can check some things
very quick. find . -name *.pem reveals there aren’t any other TLS certificates.

What about searching the word password in all files? grep -i -r password .

Grep Password

We can see lots of credentials; most of them are for STUN, TR-069 and local
services. I’m publishing them because this router proudly displays
them all via the HTTP interface, but those are usually hidden.

If you wanna know what happens when someone starts pulling from that thread,
check out Alexander Graf’s talk
“Beyond Your Cable Modem”,
from CCC 2015. There are many other talks about attacking TR-069 from DefCon,
BlackHat, etc. etc.

The credentials we can see are either in plain text or encoded in base64.
Of course, encoding is worthless for data protection:

$ echo "QUJCNFVCTU4=" | base64 -D

WiFi pwd in curcfg.xml

That is the current WiFi password set in the router. It leads us to 2 VERY
interesting files. Not just because of their content, but because they’re a
vital part of how the router operates:

  • /var/curcfg.xml:
    Current configuration file. Among other things, it contains the current WiFi
    password encoded in base64
  • /etc/defaultcfg.xml:
    Default configuration file, used for ‘factory reset’. Does not include the
    default WiFi password (more on this in the next posts)

Exploring ATP’s CLI

The ATP CLI includes very few commands. The most interesting one -besides
shell– is
This isn’t your regular debugger; debug display will simply give you some info
about the commands igmpproxy, cwmp, sysuptime or atpversion.
Most of them
don’t have anything juicy, but what about cwmp? Wasn’t that related to remote
configuration of routers?

debug display cwmp

Once again, these are the CWMP (TR-069) credentials used for remote router
configuration. Not even encoded this time.

The rest of the ATP commands are pretty useless: clear screen, help menu, save
to flash and exit. Nothing worth going into.

Exploring Uboot’s CLI

The bootloader’s command line interface offers raw access to some memory areas.
Unfortunately, it doesn’t give us direct access to the Flash IC, but let’s
check it out anyway.

Please choose operation:
   3: Boot system code via Flash (default).
   4: Entr boot command line interface.
You choosed 4
Stopped Uboot WatchDog Timer.
4: System Enter Boot Command Line Interface.
U-Boot 1.1.3 (Aug 29 2013 - 11:16:19)
RT3352 # help
?       - alias for 'help'
bootm   - boot application image from memory
cp      - memory copy
erase   - erase SPI FLASH memory
go      - start application at address 'addr'
help    - print online help
md      - memory display
mdio   - Ralink PHY register R/W command !!
mm      - memory modify (auto-incrementing)
mw      - memory write (fill)
nm      - memory modify (constant address)
printenv- print environment variables
reset   - Perform RESET of the CPU
rf      - read/write rf register
saveenv - save environment variables to persistent storage
setenv  - set environment variables
uip - uip command
version - print monitor version
RT3352 #

Don’t touch commands like erase, mm, mw or nm unless you know exactly
what you’re doing; you’d probably just force a router reboot, but in some cases
you may brick the device. In this case, md (memory display) and printenv
are the commands that call my atention.

RT3352 # printenv
ramargs=setenv bootargs root=/dev/ram rw
addip=setenv bootargs $(bootargs) ip=$(ipaddr):$(serverip):$(gatewayip):$(netmask):$(hostname):$(netdev):off
addmisc=setenv bootargs $(bootargs) console=ttyS0,$(baudrate) ethaddr=$(ethaddr) panic=1
flash_self=run ramargs addip addmisc;bootm $(kernel_addr) $(ramdisk_addr)
load=tftp 8A100000 $(u-boot)
u_b=protect off 1:0-1;era 1:0-1;cp.b 8A100000 BC400000 $(filesize)
loadfs=tftp 8A100000 root.cramfs
u_fs=era bc540000 bc83ffff;cp.b 8A100000 BC540000 $(filesize)
test_tftp=tftp 8A100000 root.cramfs;run test_tftp
ethact=Eth0 (10/100-M)

Environment size: 765/4092 bytes

We can see settings like the UART baudrate, as well as some interesting memory
locations. Those memory addresses are not for the Flash IC, though. The flash
memory is only addressed by 3 bytes: [0x00000000, 0x00FFFFFF].

Let’s take a look at some of them anyway, just to see the kind of access this
interface offers.What about kernel_addr=BFC40000?

md `badd` Picture

Nope, that badd message means bad address, and it has been hardcoded in md
to let you know that you’re trying to access invalid memory locations. These
are good addresses, but they’re not accessible to u-boot at this point.

It’s worth noting that by starting Uboot’s CLI we have stopped the router from
loading the linux Kernel onto memory, so this interface gives access to a very
limited subset of data.

SPI Flash string in md

We can find random pieces of data around memory using this method (such as that
SPI Flash Image string), but it’s pretty hopeless for finding anything specific.
You can use it to get familiarised with the memory architecture, but that’s about
it. For instance, there’s a very obvious change in memory contents at

md.w 0x000d0000

And just because it’s about as close as it gets to seeing the girl in the red
, here is the md command in action. You’ll notice it’s very easy to spot
that change in memory contents at 0x000d0000.

Next Steps

In the next post we combine firmware and bare metal, explain how data flows
and is stored around the device, and start trying to manipulate the system to
leak pieces of data we’re interested in.

Thanks for reading! 🙂

Original URL:

Original article

A Path to Programming Language Theory

layout title
Programming Language Theory

Finding a path to enlightenment in Programming Language Theory can be a tough one, particularly for programming pracitioners who didn’t learn it at school. This resource is here to help. Please feel free to ping me or send pull requests if you have ideas for improvement.

Note that I’ve attempted to order the books in order of most “tackleable”. So the idea is to read books from top to bottom. As always, it depends on your background and inclinations. It would be nice to provide multiple paths through this material for folks with different backgrounds and even folks with different goals. However, for now, it is what it is.

Mathematical Literacy


Type Theory

For a quick course in Type Theory, Philip Wadler recommends: Types and Programming Languages, Proofs and Types, followed by Advanced Topics in Types and Programming Languages.


  • SF – Software Foundations – Benjamin C. Pierce et al.
  • TaPL – Types and Programming Languages – Benjamin C. Pierce
  • PROT Proofs and Types – Jean-Yves Girard, Yves Lafont and Paul Taylor – 1987-90 pdf
  • PFPL – Practical Foundations for Programming Languages – Robert Harper
  • ATTaPL – Advanced Topics in Types and Programming Languages – Edited by Benjamin C. Pierce (pdf)
  • CPDT – Certified Programming with Dependent Types – Adam Chlipala
  • SEwPR – Semantics Engineering with PLT Redex – Matthias Felleisen, Robby Findler, and Matthew Flatt. Redex
  • HoTT – Homotopy Type Theory, Univalent Foundations of Mathematics
  • Coq’Art Interactive Theorem Proving and Program Development, Coq’Art: The Calculus of Inductive Constructions – Yves Bertot, Pierre Castéran.
  • TTFP – Type Theory and Functional Programming – Simon Thompson, 1991
  • PiMLTT – Programming in Martin-Löf’s Type Theory, An Introduction – Bengt Nordström, Kent Petersson, Jan M. Smith
  • Using, Understanding, and Unravelling The OCaml Language — An introduction pdf
  • Polymorphic typing of an algorithmic language (PhD Thesis) – Xavier Leroy pdf
  • ATP – Handbook of Practical Logic and Automated Reasoning – John Harrison
  • Basic Simple Type Theory – J. Roger Hindley pdf www paperback@booko
  • Lambda Calculus and Combinators – J. Roger Hindley and Jonathan P. Seldin www pdf
  • Semantics with Applications: An Appetizer – Hanne Riis Nielson, Flemming Nielson pdf
  • An Introduction to Lambda Calculi for Computer Scientists – Chris Hankin
  • The Definition of Standard ML (Revised) – Milner, Fofte, Harper, and MacQueen
  • The Definition of Standard ML (1990) and Commentary on Standard ML (1991) www definition pdf commentary pdf


  • Lambda Calculi with Types — Henk Barendregt pdf
  • A Tutorial Implementation of a Dependently Typed Lambda Calculus – Andres Löh, Conor McBride and Wouter Swierstra www pdf, was previously published as “Simply Easy” pdf



Programming Languages


  • DCPL – Design Concepts in Programming Languages – Franklyn Turbak and David Gifford, 2008
  • CTM – Concepts, Techniques and Models of Computer Programming, Peter Van Roy and Seif Haridi
  • EOPL – Essentials of Programming Languages, 3rd Edition – Daniel P. Friedman
  • PLAI-2nd – Programming Languages: Application and Interpretation – Shriram Krishnamurthi course with videos PLAI-1st
  • PAIP Paradigms of Artificial Intelligence Programming: Case Studies in Common Lisp – Peter Norvig, 1992


  • An argument against call/cc – Oleg Kiselyov www

Compiler Construction


  • LiSP – Lisp in Small Pieces – Christian Queinnec
  • CwC Compiling with Continuations – Andrew W. Appel
  • MCIiML Modern Compiler Implementation in ML – Andrew W. Appel
  • pj-lester-book Implementing functional langauges: a tutorial – Simon Peyton Jones and David Lester, 1992
  • slpj-book-1987 – The Implementationn of Functional Programming Languages – Simon Peyton Jones – 1987


  • ZINC – The ZINC experiment, an economical implementation of the ML language – Xavier Leroy (Technical Report) more OCaml papers


Runtime systems


  • The Garbage Collection Handbook, The Art of Automatic Memory Management – 2011 – Richard Jones, Antony Hosking, Eliot Moss – www


  • Lambda: The Ultimate GOTO – Debunking the ‘Expensive Procedure Call’ Myth, or, Procedure Call Implementations Considered Harmful, or, Lambda: The Ultimate GOTO – 1977 – Guy Lewis Steele, Jr. pdf

Functional Programming


  • Bird and Wadler – Introduction to Functional Programming, 1st Edition – Bird and Wadler
  • AoP – The Algebra of Programming – Richard Bird, Oege de Moor
  • Programming in Haskell – Graham Hutton, 2007 www
  • RWH – Real World Haskell – Bryan O’Sullivan, Don Stewart, and John Goerzen
  • FPiS – Functional Programming in Scala – Paul Chiusano and Rúnar Bjarnason
  • SICP, Structure and Interpretation of Computer Programs, by Abelson, Sussman, and Sussman
  • PCPH – Parallel and Concurrent Programming in Haskell – Simon Marlow
  • RWOC – Real World OCaml – Jason Hickey, Anil Madhavapeddy, and Yaron Minsky
  • Developing Applications With OCaml – Emmanuel Chailloux, Pascal Manoury and Bruno Pagano, 2000 www
  • BTLS – The Little Schemer – Daniel P. Friedman, Matthias Felleisen
  • BTSS – The Seasoned Schemer – Daniel P. Friedman, Matthias Felleisen
  • BTML – The Little MLer – Matthias Felleisen, Daniel P. Friedman
  • HTDP – How to Design Programs – Matthias Felleisen, Robert Findler, Matthew Flatt, Shriram Krishnamurthi
  • HR – The Haskell Road to Logic, Maths and Programming – 2nd Ed. – Kees Doets, Jan van Eijck pdf
  • A Book of Abstract Algebra – 2nd Ed. – Charles C. Pinter booko
  • Lectures on the Curry-Howard Isomorphism pdf
  • Purely Functional Data Structures – Chris Okasaki phd-thesis in pdf paperback@booko More purely functional data structures


  • Lambda Papers – Lambda: The Ultimate Imperative/Declarative/GOTO – Guy Steele and Gerald Sussman
  • Exploring Generic Haskell (PhD thesis) – Andres Löh. This an epic, assessible, book-length PhD on datatype generic programming.
  • ICFP accepted papers


Category Theory

Philip Wadler’s advice here is “read Pierce for motivation, Mac Lane for the presentation of the maths”.



Other collections

Original URL:

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: