I don’t regret the change of career, but sometimes I miss working the fields and tending the woodlot.

And it’s not because it was “simpler.” Anyone who tells you farming is simple hasn’t tried to work 500 acres of hay in a summer, or fix a broken wheel bearing on a full grain wagon across town from home.

No, it wasn’t simple. But staying physically active wasn’t something I needed to think about, and spending time indoors was unusual.

Painting and rearranging my office, I’m reminded of how unique my desk is.

The top is hardwood tulip from the wood lot on my family’s farm, which I left to pursue a career in tech. The sawn boards were given to me by my father, and my brother did all the joinery and staining (he’s a carpenter by trade). I finally got around to building the legs last year.

Today I’m reminded that every day, I sit at a symbol of a lifestyle I gave up to follow another dream.

In my road to learn proper programming, I stumbled upon this great article on the history behind Unicode and its history. Great for newcomers trying to understand character encoding.

Does anyone do Data Flow Diagrams (DFDs) for threat modeling?

Looking at tool options. I’m comfortable with GraphViz, but it can take a bit of tweaking to get sane layouts, and I don’t think I can do nested trust boundaries. Also, not everyone is comfortable with GraphViz because it feels really abstract.

Visio is right out because our team is all Mac and Linux.

Free would be best to start so I don’t have to ask for a budget.

I thought I had a theme worked out, but when I started writing the slides it just didn't seem to work as a talk. Would have made a better blog post.

Delivered my Intro to AppSec talk at DevTricks (presented by Software Niagara).

I'm a little disappointed in my deliver, but for the amount of actual prep work I did, it was ok.

Next time I sign up for a speaking slot at our monthly local meetup, I'm going to prep my talk before I commit to the date. I felt really weak on the preparation this time, and I just didn't allot enough time to explore the idea and find a central theme.

I'm also fortunate that it's only a 20 minute speaking slot, so it's easy to cut out things I'm not confident enough to speak about, and will still have enough content to fill my time.

Working on my "Intro to AppSec" meetup talk for tomorrow night.

Currently pushing through the imposter phase of prep, where I question everything and wonder whether I was ever qualified to write this slide deck.

I'm so glad I've done this enough times to know this is just a healthy part of the process. It's also the part where I begin to learn more about the topic than I would have if I hadn't prepared a talk.

Just rejected invitations to three EU bug bounty programs on . While I appreciate the idea, the arguments brought up by @k8em0@twitter.com got me convinced.


Now that I've learned to identify that moment when I'm reacting on some established idea, it's easier to evaluate whether the basis for the pre-conception is still valid.

Occasionally, it was never valid but was just my own preference for one thing over another where the choice was completely inconsequential. It's almost a delight to re-evaluate those and come away with a fresh perspective on an old idea.

I used to listen to music, view art, or read a story, and think "that's awful"... and just accept that.

Now it captures my full attention and I ask, "Why does it evoke that reaction? Is it bad, or does it just violate my pre-conceptions? Might it be worth changing my mind for?"

I think this is partly a mental trigger I've built from working on a diverse team. When I encountered a suggestion or idea I didn't like, I used to react too quickly without giving it due consideration.

I've been using Molecule for Ansible role testing since I saw a talk about it at AnsibleFest 2017.

I'm curious to see where things go with Molecule since project ownership was handed off to the main Ansible project.

Right after that happened, the IBM acquisition of Red Hat was made public. That's another Ansible community change that I'm going to be watching closely this year. I feel like the project is too big with too many contributors to be ruined by an acquisition, but time will tell.

I also tried to explain how she plays Minecraft on her Raspberry Pi, but the world is running on a server “in the cloud.” At that point she just tuned me out. 🤷‍♂️

I made a Jack-and-the-Beanstalk giant joke, and my 6-year-old daughter laughed and said, “You’re not a giant. Maybe if we had a beanstalk and you lived on a cloud.”

I came back with, “I don’t live on a cloud but I do a lot of work in the cloud.”

She laughed and said, “Don’t be silly! How can you work in a cloud? You don’t fly!”

I agree. Cloud is such a silly term.

Back on the Farm we had about a dozen staff managing our small store and making gourmet sauces and whatnot.

We were pretty sophisticated for an Ag business, with a full 64-port switch, SIP phones running on PoE, and on-premise Asterisk PBX, printer and CNC cutter for producing the labels for our product lines, in-house graphic designer, etc.

So I got to do everything from Database Maintenance to terminating network cable, to home-brew PCB production for custom-built production equipment.

I've been lurking here a while, and realized I never did a proper .

I'm primarily a software developer, and have had a passion for AppSec and InfoSec since writing my first robust login page.

I was a Solo dev, writing line-of-business apps for my family's farm business for years before transitioning to development in a more professional context. After "going pro", I found the get-it-done attitude I picked up working solo lands me a lot of work at the intersection of Dev and Ops.

That said, I find it incredibly bizarre that they want library authors to move their source files around to a new directory when publishing on a semver major. That also seems totally ridiculous. Git does a poor job of tracking changes once a file moves, so it would wreak havoc on the ability to quickly check file history.

Back to playing around with Crypto libraries in Go-lang this afternoon. I spent some time a couple of weeks ago learning the new Go module system, and feel much better about the language now.

Vendoring always felt dirty to me. Very much against the best practices for source control I've learned over the years. I usually avoid committing things that are either generated or published somewhere else.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.