After 13 years, I deleted my Evernote account. I wish them well in rebuilding their business, because the company I work for is treading similar ground. It’s funny because I think our companies suffered from the same decline: market creation, overlong self-congratulation, lag in response to competition pivoting to novel and compelling features. The difference between Evernote and the company I work for is they seem keen to raise prices on existing consumers instead of chasing growth with a lower barrier to entry....

BLUF Competing priorities, cost-consciousness, and lower-hanging security fruit were the reasons penetration didn’t make it into my AOP this year. I’m not in a highly regulated environment, though, so if regular penetration testing is a requirement, then your options are limited, but here are some things to consider. Analysis Each offensive security consultancy and penetration tester has their own methodlogy. Penetration testing isn’t guaranteed to find your most prevalent vulnerability, nor your most difficult, movie-plot security threat....

CVE-2024-3094 highlights the strengths and weaknesses of Open Source.

Life’s busy. Also, it’s hard. Software that breaks compatibility or predictability makes life harder. Returning to a project after years off requires re-orientation of architecture and tooling. Although difficult, it’s a fair assumption to make that one should need to re-orient on an architecture: understanding where everything goes is natrual. The tooling, on the other hand, should remain stable. Familiar. Predictable. Imagine moving out of your childhood room to attend university or join the military....

I describe how Pillars, Pipelines, and Vaults is the best Life Management system I’ve found

Add MFA to sudo and gnome in Fedora using a Yubikey and authselect

RMS, Dan Kaminsky, FLoCS, Fedora

This post covers using AWS Config as a starting point to find public s3 buckets in your organization.

This article covers previous work and introduces a warning