I built something and blogged about it! If you're into Django and security, read here:

My wife accompanied me to my talk to take a few photos for her portfolio :)

With all the public and private feedback regarding the „security 101“ blog series idea it looks like I will be writing a lot more in near future :)

Fully prepared to make it to Leipzig tomorrow and giving my „startup security“ talk on Monday.

While preparing the talk I actually started considering a blog series „startup security 101“, really starting with the basics like „why two people approve a merge into master“ and „yes, you have to have a lock screen password“

Google Street View letting you case a joint by going into its parking lot and checking rear doors and loading docks is one thing.

Letting you use 360° Photo to case a lobby (and get an idea of physical security and security guards) is another thing entirely.

This is nice!

Grafana: check
Graphite: check

Now onto getting data into those two and creating a few nice dashboards.

Making the whole setup fully replicatable actually took a bit more work than expected, but on premise with a backup location (satellite office) seems worth it.

Publishing Python packages is a painful process and I hate every minute.

I’ve been doing it for over a decade, but it still amazes me how many options and moving parts are involved.

People can bash npm all they want, but they solved the publishing process well.

YOU: so the A in RAID stands for "Array"?
US: Yes.
YOU: doesn't that mean saying "RAID array" is redundant?
US: Of course. That's what the R is for.

Because to much people complained that they had troubles to get their homeserver online I wrote a tutorial including all setup steps from 0 to running server, incl. reversed proxy, certificates, .... Have fun.

How to Setup your Matrix Synapse Messaging Homeserver (May 2019/English)


#matrix #synapse #setup #tutorial #riot

Mobile devs discussing an XML API

„JSON is so much easier to use!“
„You will be replaced by a company offering JSON!“

Got bad news for you. XML is not the problem but you inability to integrate an API without libraries that blur the line of HTTP client and object mapping.

I am all for libraries handling things this, but not being able to use one doesn’t mean the companies API is the problem here.

Published a new article - Buying an Android phone is hard. timo-zimmermann.de/2019/05/buy

ranting a bit about the various specs and bloatware you find on most devices.

First day with Android as primary phone. It’s doing a lot better in certain areas than expected and horrible in others I thought Google figured out years ago.

Going to make this my primary phone for a few weeks. Just starting to hire our Android team for Nurx and I should at least be able to act as tiebreaker and know what experience Android users expect.

Not really excited about the phone, but stock Android and regular updates are a selling point.

I was invited to speak to a few startups about security and I am currently not sure how to appproach this.

I’d like to keep it high level and reference resources to cover a lot of ground, but being too abstract likely makes the whole talk very unappealing.

So much to cover for infrastructure, web apps and physical security,... „don’t do stupid and pay the maid / janitor well“ feels a bit too simplified.

Apparently if you are logged in chrome, it will provide to websites like Quora and Pinterest(login with google) your information, beacause a few days ago I saw a question on quora the first time (i don't have a quota account) and it suggested me to login with Google(I didn't), a few days later (today) I got an email asking if I'm still interested in that question...

I visit quota once, I didn't login or gave my info and I now I'm tracked.
That's crazy.... It only took 20s on the website.

Added a NVMe to my gaming system. The difference in loading time is simply amazing. 1TB also seems sufficient for my „recently playing“ library, old SSD array remains as storage for „I might want to play those games“

10 days San Francisco are not that much when you are in meetings for 7-10 hours a day. Looking forward to getting some work done again :)

Vendor calls where the vendor starts with „we solve all problem you have with $x“ where they don’t even know what problems we have. Is it legitimate to just hang up at this point?

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.