Posts

I have just started reading Tribe of Hackers by Marcus Carey (et al). I already love the format of the book. He takes 14 questions and asks them to prominent people in the field of computer security. Before I start reading the book, though, I want to provide my own answers to his questions and then see how they relate to the others in the book. If there is one myth that you could debunk in cybersecurity, what would it be? I find the biggest myth about computer security is that it is somehow so mysterious and technical that it is difficult to understand. It does often involve deep understanding of computers, but the fundamentals of computer security look very similar to that of traditional security. And with that knowledge, anyone can learn computer security easily by building up their skills from first principles. ...

In the previous article I showed how a model can be disabled. One of the things that you probably noticed is that I’m using a timestamp (DateTime) field instead of a Boolean field. This is a trick I learn years ago after working on a large database (>2B rows) for an Enterprise client. It has been useful in so many ways that I put it into every database design I do, yet I’ve never written about it before and only talked to developers in person about the purpose of the design. ...

When I first started using model concerns I struggled with how I could test the functionality of the concern, without having to replicate the tests across all models. Here I show you how I decided to test model concerns. It may be controversial, so buckle up. What are Model Concerns? Model concerns are an interesting concept that — if I recall correctly— debuted with Rails 4. They allow a developer to refactor common functionality out from various models and centralize it into a module, called a concern. A non-contrived example of this shows how several of my models can be deactivated at any time. ...

I am taking the wraps off of my first product ever: Security Awareness for Busy People. Those who know me know that I’m not the type of person to shout my accolades from the rooftops, so this is a bit out of my comfort zone right now. Regardless, I’m proud of my work and I want to share this with the world. Background As I mentioned, this is my first product ever. Throughout my career I have helped other companies build software, maintain secure systems, or train their employees to be better developers/operators/administrators. I have done this as both a full-time employee and as a consultant. I always have these ideas to create products and yet never deliver on them for a couple reasons: ...

I am working on a new project, Security Awareness for Busy People, and I accidentally found a trick to bypass one of the restrictions when working in the AWS SES sandbox. But first, can I just say that I love finding undocumented functionality in AWS? I feel like a techie version of Indiana Jones! AWS SES, or Simple Email Service, is a service provided by Amazon Web Services that allows customers to send emails. This is similar to services like SendGrid. Emails can be sent either via SMTP or through their API. It’s really cool, fairly cheap, and very easy to setup and get started. The best part is that you can hook your incoming or outgoing emails into the entire AWS ecosystem and process them automatically. But I digress. ...

Today’s article is going to be a bit different. I recently interviewed with a company and had such a bad experience that I really wanted to talk about it. But, I wanted to let some time pass so that my emotions do not cloud my writing. Fortunately, the company in question gave me the chance to provide some anonymous feedback on the interview process. Unfortunately, they don’t quite realize that anonymity is difficult to get right, and that nobody else in the world gets to read and learn from the feedback. So I’m posting it here. I’m not posting it on Glassdoor because I want to own my content, not relinquish it to a third-party or play the name-and-shame game. ...

I love static websites. And that love has only grown over time. I started my career building dynamic websites with database backends and those are great, but they require a lot more mental energy to build and secure. Static website, on the other hand, require very little effort and are very resilient to being attacked. So this article explains how I build static websites these days. It may not be what you use and that’s fine, we can both celebrate our differences. ...

As you can probably tell, the site has been redesigned for 2020. It has been 7 years since I made the initial design and I felt it was time for it to be refreshed, as well as provide a better experience for readers on mobile devices. I used Bulma for the CSS framework and VueJS for interactivity. I really like working with Bulma, I find it has a more simple grammar than Bootstrap and is more tweakable as well. The elements and components that can be made aren’t as feature-rich as Bootstrap, but overall I find that I don’t need them for what I do. I used Bulma first on my resume and since that was a breeze, I have started using it on other projects as well. But I held off on using it on this website as the original design wasn’t my best work, so I had to first bush-whack through bad Sass and HTML. Thankfully, ripping out Bootstrap and replacing it with Bulma was so easy that I got it done in 4 hours. ...

This post will be a living document that stores all my favourite quotes. At this point, I’m not going to comment on the quotes themselves, or why I find them good. I typically keep these in a private document, but I want to just share them with you and maybe you will think about how they fit into your mindset. Or maybe the quote means nothing to you and you move on. That’s fine too. ...

These are the songs I was listening to this year. Where Are You Now? – Lady Leshurr, Wiley – Where Are You Now? Mad Love – Sean Paul, David Guetta, Becky G – Mad Love One Click Headshot – Feed Me – Feed Me’s Escape from Electric Mountain Love Is All I Got – Feed Me, Crystal Fighters – Calamari Tuesday Be Nice – Black Eyed Peas, Snoop Dogg – Be Nice Summer Days – Martin Garrix, Macklemore, Fall Out Boy – Summer Days Intoxicated – Martin Solveig, Good Times Ahead – Intoxicated Get Up (Rattle) – Bingo Players, Far East Movement – Get Up (Rattle) Chameleon – PNAU – Chameleon Instruction – Jax Jones, Demi Lovato, Steffion Don – Snacks Work Bitch – Britney Spears – Britney Jean Drop That Low (When I Dip) – Tujamo – Drop That Low (When I Dip) I Love It – Icona Pop, Charli XCX – THIS IS… ICNOA POP Five More Hours – Deorro, Chris Brown – Good Evening I Like It - Dillon Francis Remix – Cardi B, Bad Bunny, J Balvin, Dillon Francis – I Like It Way To Break My Heart – Ed Sheeran, Skrillex – No.6 Collaborations Project Antisocial – Ed Sheeran, Travis Scott – No.6 Collaborations Project Freelance – Toro y Moi – Outer Peace Harder – Jax Jones, Bebe Rexha – Snacks When the Rain Beings to Fall – Jermaine Jackson, Pia Zadora – Jermaine Jackson Moonlight – Gaullin – Moonlight And that’s it for 2019! See you next year! ...