shortridge

shortridge, 4 months ago to Cybersecurity

#cybersecurity zealots often shame humans for writing down their passwords, but as someone who just had to excavate the digital remains of a loved one who died suddenly:

please write down your credentials somewhere a trusted human can find them, especially your phone passcode and any primary passwords (like for email accounts, password manager, etc.)

the humans who care about you will need that access for many reasons; a "badass" threat model will only add helplessness to their grief

shortridge, 6 months ago to random

I’m still reeling from learning last week that floppy disks were literally floppy.

ppl in the 80s were really living in a magnetpunk world and acting like it’s nbd rather than actual fucking wizardry

shortridge, 3 months ago to random

in case there are other nerds out there who haven’t yet read this classic, behold “the case of the 500-mile email” https://www.ibiblio.org/harris/500milemail.html

I adore the “absurd computer-borne mysteries” genre and kindly ask for more content from the annals of y’all’s careers

shortridge, 6 months ago to random

hello fedimortals, what are the most beautiful computer things to you — whether in the realm of #software, #hardware, #networks, #distsys, etc.?

what pleases your aesthetic senses? what feels poetic? what fills you with awe, wonder, or excitement?

serious answers preferred 🖤

shortridge, 4 months ago to Cybersecurity

I’m in a reflective mood this week and it’s kind of wild to me that I’m known as a “provocateur” in #cybersecurity for takes like:

💡 don’t shame victims

💡 UX matters, a lot

💡we should understand what we’re supposed to protect

💡 if someone clicking a thing on the thing-clicking machine leads to security failure, they are not the foolish one

💡 the best things a security program can invest in aren’t in the RSAC vendor hall

💡 maybe we should start actually proving outcomes??????????

¯_(ツ)_/¯

shortridge, 3 months ago to random

hello fediverse, it’s the weekend in most places and I know you’re doing some nerd shit (which isn’t limited to computers!)

please share your nerdy hobby projects with me so we can all share in some wholesome dopamine harvesting ✨

things that count in my mind: computers, gardening, knitting, metalworking, flower arranging, glassblowing, felt needling, organizing, woodworking, scrapbooking, elaborate cat castle building, house DIY projects, basically anything with niche interest + skillset

shortridge, 7 months ago to Cybersecurity

hello fediverse, here's my new infographic comparing two dynamics we can nurture when doing #cybersecurity things: security theater vs. #resilience

it's meant as a handy reference to validate that your org's security efforts are nurturing resilience rather than fomenting theater (and I don't mean writing your design docs in iambic pentameter, that's fine)

imo security theater is one of the core pillars holding up the status quo of security-as-gatekeeper... so let's do resilience instead <3

shortridge, 6 months ago to random

my frequent co-conspirator @rpetrich is dropping some knowledge bombs about system call sandboxing at #ADDO2023

the tl;dr of the problem with the status quo with syscall sandboxing is:

1. it's really difficult to figure out exactly what syscalls a program needs
2. it's especially difficult to achieve this at scale, making it non-viable in many prod environments

but we need something to isolate unwanted program behavior given how densely we're packing workloads these days, so what do we do?

shortridge, 5 months ago to Signal

is anyone else experiencing the problem of Signal just like… eating messages? I will send a message, then come back to the #signal app some minutes later and the message isn’t there at all

never happened until recently

shortridge, 6 months ago to random

what’s the professional but not-totally-desanitized way to say “a clusterfuck”?

as in, “It means we can realize the ambitious vision of polyglot systems without it being a clusterfuck.”

shortridge, 6 months ago to Halloween

🎶 Cause I’m just Ken
Anywhere else I’d be admin
Is it my destiny to live and die a life of prod fragility?
I’m just Ken
Where they see blips I see a trend
What will it take for them to see the bro behind the Go
And log for me?
🎶

#halloween

a photo of me standing against a brick wall wearing a costume based on the character Ken from the Barbie movie. I have my glasses pulled down under my eyes as if to say Hey world git check me out. I am absolutely feeling the Kenergy with my lightning bandana and matching lightning pants. My left hand is slung over my fanny pack, which is emblazoned with Ken in Metallica font. My black fringe leather vest is blowing in the crisp autumn breeze, but my icy blonde bangs are staying in place. A horse pendant rests on my chest because Ken is a total horse bro. I'm standing next to my chrysanthemums and a pumpkin I picked from a real pumpkin patch, along with approximately fifty bablillion other pumpkins. The overall look communicates Ken you believe how cool I am? Will anyone ever be this cool again? It belies my secret hope that Barbie checks out my chiseled abs.

shortridge, 2 months ago to random

some days it feels like if I read one more sentence putrefied by passive voice, my brain will implode.

they do not warn liberal arts majors of this hazard before entering the tech industry.

shortridge, 8 months ago to nyc

Twitter I can instantly find other humans’ pics of the double rainbow that blessed us in #nyc earlier.

I cannot find any via Mastodon. I tried all the forms of search on here I know. Maybe I am doing something wrong but “how quickly can I find more rainbows” is a very important metric!

shortridge, 6 months ago to random

tomorrowwww (Thursday Oct 26) at 13:30 ET / 17:30 GMT you can catch me live on the All Day DevOps virtual stage and ask me all your Qs about #resilience + chaos + secure by design — really I just love questions

I’m presenting on how eng teams can extend their existing practices towards Continuous Resilience as well as a few new opportunities for #inspo

It’s ✨ free ✨ and you can admire my trippy stable diffusion backgrounds along with my thot lederhosen

Register here: https://www.alldaydevops.com/addo-speakers/kelly-shortridge

shortridge, 6 days ago to random

a confession: I’ve battled mourning doves for months, ever since I bought a bird feeder for my garden and they kept draining it in less than a day.

they are allegedly stupid creatures, but that’s just what they want us to think.

I am plausibly an expert in cyber defense, having written a book and academic papers, lectured at federal agencies and F500s alike — yet the doves thwart my every mitigation.

I planned to write a blog post once I won, but my hope for victory further desiccates daily…

shortridge, 3 months ago to security

dear plausibly sentient citizens of the milky way,

I published a cliff notes / cheat sheet / tl;dr guide for you on what the hot topixxx of software #resilience and #security chaos engineering (SCE) mean: https://kellyshortridge.com/blog/posts/security-chaos-engineering-sustaining-software-systems-resilience-cliff-notes/

it’s basically the chapter summaries of my paywalled book repurposed as a public, bite-sized guide for you to devour, absorb, then change-make (or sound smart online, in meetings, at parties, to your cat, etc)

let’s keep trying to modernize #infosec together xx

shortridge, 11 months ago to random

I received an early copy of this year’s Verizon Data Breach Investigations Report (#DBIR) because I'm such a thot leader so I wrote a post with my thots and hot takes about it: https://kellyshortridge.com/blog/posts/kellys-kommentary-on-verizon-dbir-2023/

read it to sound smart to your colleagues or if you actually enjoy empirical data rather than performing the crude rituals of traditional infosec where risks are divined from the musty ether...

thread incoming with tl;dr snippets for mortals with no attention span:

shortridge, 6 months ago to webassembly

Thank you to the lovely mortals who attended my #Wasm Day talk at #KubeCon 🖤

My slides are now up on my site: https://kellyshortridge.com/slides/A-Love-Letter-to-Isolation-Shortridge-Wasm-Day-KubeCon.pdf

If you missed it, my talk was "A Love Letter to Isolation" -- on the beauty of isolation (and modularity) in life, nature, and software, and how the WebAssembly Component Model represents the next big milestone in our love affair with isolation, ushering in a new, better era of software #resilience and #cybersecurity.

Stay tuned for the video & article... xx

shortridge, 8 months ago to random

is anyone building new systems on Oracle DB stuff? (not Java)

like, does it survive just on legacy stickiness and golf courses?

shortridge, 7 months ago to Cybersecurity

new post: the SUX Rule for safer code https://kellyshortridge.com/blog/posts/the-sux-rule-for-safer-code/

it’s short for Sandbox-free - Unsafe - eXogenous. If your code does all three of:

• running without a sandbox
• written in an unsafe language
• processing exogenous inputs

it’s certain your code SUX.

it’s basically me tweaking Chromium’s excellent Rule of Two because it conflicts with Star Wars lore (among other reasons I describe)

#cybersecurity #memorysafety

shortridge, 8 months ago to random

this security awareness training course said: “when compared to other predators and even most mammals, it is surprising we dominated the Earth.”

literally no?? it’s really not surprising given our adaptive, tool-making and energy-exploiting nature due to our weird brains.

and why is my security training course opining on the innate “defensive capabilities” of humans in an ecological context anyway??

shortridge, 4 months ago to Software

software engineers: what’s something you feel your security team is doing right in your org?

and security engineers: what’s something you feel your devs teams are doing right in your org?

#software #cybersecurity

shortridge, 5 months ago to random

probably a hot take, but I really don’t think we need more newsletters in the world. Quality over quantity, pls

shortridge, 7 months ago to random

I got up to refill my water glass and my cat somehow added 800+ slides to my keynote draft

shortridge, 6 months ago to opensource

This Thinky Thinky Thursday, I'm publishing my response (with frequent co-conspirator @rpetrich) to the U.S. Government's RFI on Open-Source Software Security: https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/

This moment in spacetime is a critical juncture in software, not just #OSS, and we feel privileged to submit our recommendations for the requesting agencies to consider as they traverse software security challenges.

Direct link to the response PDF: https://kellyshortridge.com/papers/ONCD-2023-0002-Shortridge-Sensemaking.pdf

#OpenSource #cybersecurity #resilience