Why I didn't budget for a penetration test in 2024
BLUF Competing priorities, cost-consciousness, and lower-hanging security fruit were the reasons penetration didn’t make it into my AOP this year. I’m not in a highly regulated environment, though, so if regular penetration testing is a requirement, then your options are limited, but here are some things to consider. Analysis Each offensive security consultancy and penetration tester has their own methodlogy. Penetration testing isn’t guaranteed to find your most prevalent vulnerability, nor your most difficult, movie-plot security threat....
The XZ Utils Vulnerability
CVE-2024-3094 highlights the strengths and weaknesses of Open Source.
On Software Predictability
Life’s busy. Also, it’s hard. Software that breaks compatibility or predictability makes life harder. Returning to a project after years off requires re-orientation of architecture and tooling. Although difficult, it’s a fair assumption to make that one should need to re-orient on an architecture: understanding where everything goes is natrual. The tooling, on the other hand, should remain stable. Familiar. Predictable. Imagine moving out of your childhood room to attend university or join the military....
Life Management System Comparison
I describe how Pillars, Pipelines, and Vaults is the best Life Management system I’ve found
Add MFA to Fedora with Yubikey
Add MFA to sudo and gnome in Fedora using a Yubikey and authselect
Grabbag
RMS, Dan Kaminsky, FLoCS, Fedora
Use AWS Config To Hunt Public S3 Buckets
This post covers using AWS Config as a starting point to find public s3 buckets in your organization.
Set Security Headers using Cloudflare Workers
This article covers previous work and introduces a warning
Aws S3 Cloudfront Cloudflare Https
This post covers increasing security for a static site hosted on s3 using cloudfront and cloudflare
Blacklight Privacy Tool
Today on my Mastodon feed, several folks were discussing a new tool by TheMarkup called Blacklight. This tool is billed as a “real-time website privacy inspector” that showcases the ad and tracking tech deployed by a website. I shared this tool with several colleagues and it engendered a stimulating conversation surrounding company commitment to privacy. I argued during this conversation that it would be worse for a company to claim to value customer privacy and then have Blacklight reveal otherwise, than to have made no such claim in the first place....
Using Local Fonts - Hugo Academic Theme
The fresh new look of this site is provided by the Academic Hugo Theme. Because I value your privacy just as I value my own, I needed to modify this theme to not make use of Google Web Fonts because use of this service enables Google to further track users. In this guide, I’ll add the Montserrat font by Julieta Ulanovsky as the heading font for this blog: TL;DR - Recap...
Thoughtful Birthday Present
When my Dad turned 70, I couldn’t decide what to get him. He claimed to not want anything leaving me in a bind. I thought for days about what to get him and the idea I finally settled on seemed inadequate to me, but it wound up being a hit: I presented him with a hand-written book containing 70 memories of him throughout my life. He got emotional over this gift, and for a man as stoic as he is, this was a surprise....
A Fresh Look
I’ve updated this site’s appearance with a new hugo blog theme
Fingerprinting Privacy: Brave vs Firefox
Brave and Firefox bill themselves as privacy champions. How do they fare at fingerprinting protection?
Find Resources With AWS Config
Use AWS Config to locate AWS resources
Joining the FSF
I’ve joined the Free Software Foundation and so should you!
One Month With Mastodon
I’ve switched to Mastodon and so should you.
Moving From Macos to Linux
I’ve adopted Linux on the desktop. Here’s how I adapted my macOS workflow…
Compiling Emacs 27 on macOS
The easy way to compile Emacs 27 on macOS using Homebrew
How to Securely Configure CloudFlare with S3
This post covers how to secure an S3 bucket serving content through Cloudflare