I’m not in the mood for doom scrolling, but the the internet is justifiably gloomy at the moment.

I’ll just slip away for the moment and come back when I have a bigger appetite for outrage.

Just watched the movie “Finch”, starring Tom Hanks as the title character.

At some point, his naive robot companion asks, “What is trust?”

It’s a beautiful philosophical question, but also seems to me that he forgot to build a permissions system for his computerized friend.

In fairness, I was never alone in this struggle. We have an excellent Product Manager who was in the same position. Not responsible for Engineering Management, but also left to fill some of the gap.

I deeply appreciate his help and perspective in getting us to this next level, where we can grow our team and mature as an organization.

Show thread

As a Tech Lead who worked without the support of an Engineering Manager… I deeply appreciate now having a Director of Engineering who is filling that gap.

For my own growth, I got a chance to explore management without being a manager. But it was too much to fill both roles.

I hardly got to make any code contributions over the last year, now I’m hopefully making up for lost time.

I took some time last night to investigate and make sure there wasn’t anything logged into my mail provider and actually sending as me. Also cleaned up my SPF and DKIM records. Maybe that will help? 🤷‍♂️

Show thread

I think it might be time to put an actual mailbox service behind my personal domain.

I’ve been using mailgun with a catch-all rule, but I’m grandfathered into that so I can’t change a lot of settings I originally could have.

The tipping point is that I’ve been getting “unsubscribe” spam to my inbox behind that. Either these are legit and someone is spoofing my domain, or the unsubscribe message *is* the spam. But they’re hard to filter out when they redirect from a wildcard.

Was following this one when the news hit about Heroku. Wow, did this breach ever go wide when I turned my back.

Received notification yesterday that my NPM private package metadata was accessed. Fortunately it’s all personal projects and I never put credentials in my packages.

github.blog/2022-05-26-npm-sec

On a related note, is there an iOS Mastodon client with good translation support?

Show thread

Waking up to the Mastodon federated timeline full of French and German content kinda reminds me of when I used to listen to our local jazz station, and they’d play the report from the BBC world service.

I kinda like exposing myself to something a little different, but I don’t know the least bit about what’s going on over there.

I have an urge to buy an oscilloscope.

I’ve wanted one since high school computer engineering. I’ve never had access to one, but would have actual use for it - on rare occasions.

Can’t decide if I should:

1. Suppress this wasteful urge to buy something I can do without.
2. Buy a cheap one just to try it out. Risk not being good enough when I really need it.
3. Buy a good one and be satisfied for life.

In Nuclear power plants, there’s a physical rule that makes a risk of failure a constant presence. The core must be cooled. Failure to cool the core leads to meltdown.

In security, there’s a similar physical law. All software has defects, which will be found after installation. Some defects can be exploited. Keeping a system patched is like the security equivalent of cooling the reactor.

Trying out some PETG, probably this weekend. I’ve had issues with some parts on my rover, in PLA.

Some components require screws to be installed at rather high torque, and it tends to pull threaded inserts out of the parts.

I’m slightly concerned that the higher print temps and extremely hygroscopic nature of the material might not be worth the strength gains. It could be better to redesign the parts to reduce strain.

Apple provides an extravagant toolkit to repair iPhones, probably to deter people from actually using it. Is it wrong that I want to try this anyway?

hackaday.com/2022/05/27/the-hu

I have quite a few micro SD cards sitting around because of all the Raspberry Pi’s in the house.

I was having trouble telling them apart, so I used some paint markers I already had lying around to colour code them.

Paint adheres much more permanently than marker, and it doesn’t take much just to tell them apart.

With all the Raspberry Pi projects I run, I'd say I go through SD Cards like candy.

But that wouldn't be true.

I buy SD cards way more often than candy.

It's the little things in life...

Like having enough Linux boxes in the house to do a quick AB test and find out if a Kernel upgrade might have the driver for a USB device.

Interestingly, they have kind of accepted lost pieces in games like chess. I think, because they can rationalize that the loss is either a calculated trade, or an error in strategy.

It doesn’t seem right to them when there’s no defense.

Show thread

Today I learned that while my kids (8 and 9) have matured enough to enjoy a good strategy game, they will not tolerate the injustice of game rules that encourage other players stealing from them.

We played “Trash Pandas”, and stealing comes up *a lot*. It’s one of six routine actions in the game.

They had no problems with dice rolls going badly, but being stolen from crossed a line. Especially when they were down to a small number of cards.

Firing up my 3D printer after a busy couple of weeks. Haven’t had it plugged in since I redid the shelves in my office.

No actually prints planned, today. Just running it through calibration routines. Next week, maybe I’ll work on the arm for the rover and will need it.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.