Nearly a year ago, I wrote about an emerging trend I observed with some of the bounty researchers I was interacting with. This screed can be considered an extension of that article. There an emerging trend I’m noticing - I’ve been receiving more messages like the following: Hey , I found Security Vulnerability in your web application ,which can damage site as well as users too.For security purpose can we report vulnerability here,then will i get bounty bounty reward in PayPal or Bitcoin for Security bug ? ...

Configuring Spacemacs Go layer and environment variables on macOS

Acknowledgment of the book I just finished reading [Jordan Peterson’s “12 Rules for Life:An Antidote to Chaos”](http://a.co/fjIjHzX “Jordan Peterson: “12 Rules for Life:An Antidote to Chaos””) and I can not say enough good things about this book. As the subtitle implies, this book deals with helping the reader create order out of the chaos of life. There are brilliant ideas Peterson puts forth which I already knew, but couldn’t articulate, and the effectiveness of Peterson’s words shocked me. They summarily captured these complex thoughts and almost tamed them so that the reader might understand them. ...

Update: 2018-08-10 Shortly after writing this post, I switched to Spacemacs develop branch - cd ~/.spacemacs && git checkout develop This upgraded my Spacemacs to version [email protected]. This had the unexpected side effect of changing several of the key bindings below. Settinm schedules and deadlines - now require a prefix of SPC m d before entering your selection (d for deadlines, s for scheduling) Sparse trees - keybind moved to SPC m s s Archive tree - keybind moved to SPC m s A (I didn’t cover this in my original article, but this is how I archive DONE tasks) Show all TODO and deadlines - keybind moved to SPC m s s t and SPC m s s d Introduction This is a basic overview of org-mode inside of Spacemacs. ...

In a post from 2015,, I write about some of the “Security 101” issues I considered to be fundamental. Since 2015, I’ve been exposed to several environments where I have seen the same basic security fails. In addition to my previous Security 101 items (2FA, avoiding password reuse, using a password manager, being mindful of what gets posted on social media, and inspecting email links) I would like to add the following new items to my “Security 101”: ...

I found this DevTube on HackerNews the other day and I want to save it for later.

Towards a working LISP environment on macOS

I found this MacOS Open Source apps list on HackerNews the other day and I want to save it for later.

I’m so far behind the times, it’s sad. Burp Suite gained the ability to perform static analysis on JavaScript libraries back in 2014. Some sites and authors have already blogged about what their approach is for implementing this.I’d like to echo Lukas’s method, but with an easier setup. Simply navigate to the local directory containing the app and serve it using Python’s built-in HTTP server. python2 syntax: python -m SimpleHTTPServer <port> python3 syntax: python3 -m http.server <port> Navigate to the served content in your browser with burp proxy configured and spider/scan the site as usual - static analysis results will appear in the scan results pane. ...

The Problem Secure file sharing using AWS S3: I upload a file to an S3 bucket with restricted permissions The client downloads the file and processes it The client uploads the results to the S3 bucket I download the processed file and the transaction is complete I thought setting the permissions on the bucket would be enough. I was wrong. The Setup I use a federated login to AWS and assume a role under a corporate account. I created an S3 bucket that would be used for filesharing with one object called “Delivery” (for files received from the client) and one object called “Submissions” (for files I’m sharing with the client). ...