shortridge

shortridge, 7 months ago to webassembly

I’m finishing up my slides for #Wasm Day at #Kubecon and my brain invented this for a soundtrack while I work:

“I kissed Wasm and I liked it /
the taste of her memory sandbox”

couldn’t even dignify my existence with a rhyme

shortridge, 7 months ago to opensource

This Thinky Thinky Thursday, I'm publishing my response (with frequent co-conspirator @rpetrich) to the U.S. Government's RFI on Open-Source Software Security: https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/

This moment in spacetime is a critical juncture in software, not just #OSS, and we feel privileged to submit our recommendations for the requesting agencies to consider as they traverse software security challenges.

Direct link to the response PDF: https://kellyshortridge.com/papers/ONCD-2023-0002-Shortridge-Sensemaking.pdf

#OpenSource #cybersecurity #resilience

shortridge, 7 months ago to drawing

that feeling when you fumble the big Prismacolor Premier box and all your meticulously ordered colored pencils crash into a heap like polychromatic pine straw 🫠

#drawing (is there anyone else??)

shortridge, 7 months ago to Halloween

🎶 Cause I’m just Ken
Anywhere else I’d be admin
Is it my destiny to live and die a life of prod fragility?
I’m just Ken
Where they see blips I see a trend
What will it take for them to see the bro behind the Go
And log for me?
🎶

#halloween

a photo of me standing against a brick wall wearing a costume based on the character Ken from the Barbie movie. I have my glasses pulled down under my eyes as if to say Hey world git check me out. I am absolutely feeling the Kenergy with my lightning bandana and matching lightning pants. My left hand is slung over my fanny pack, which is emblazoned with Ken in Metallica font. My black fringe leather vest is blowing in the crisp autumn breeze, but my icy blonde bangs are staying in place. A horse pendant rests on my chest because Ken is a total horse bro. I'm standing next to my chrysanthemums and a pumpkin I picked from a real pumpkin patch, along with approximately fifty bablillion other pumpkins. The overall look communicates Ken you believe how cool I am? Will anyone ever be this cool again? It belies my secret hope that Barbie checks out my chiseled abs.

shortridge, 7 months ago to random

my frequent co-conspirator @rpetrich is dropping some knowledge bombs about system call sandboxing at #ADDO2023

the tl;dr of the problem with the status quo with syscall sandboxing is:

1. it's really difficult to figure out exactly what syscalls a program needs
2. it's especially difficult to achieve this at scale, making it non-viable in many prod environments

but we need something to isolate unwanted program behavior given how densely we're packing workloads these days, so what do we do?

shortridge, 7 months ago to security

hello fediverse, for this edition of Thinky Thinky Thursday here is my extravagantly long philosophical essay on what the word #security means: https://kellyshortridge.com/blog/posts/what-does-the-word-security-mean/

I trace it from its root as "securus" in Ancient Greece through to "securitas" in the Roman Era to Thomas Hobbes then conclude in the modern era.

The tl;dr is wow is traditional #cybersecurity ever wayward from what security is supposed to mean and no wonder #software security is suffering; we can and should do better.

enjoy xx

shortridge, 7 months ago to random

tomorrowwww (Thursday Oct 26) at 13:30 ET / 17:30 GMT you can catch me live on the All Day DevOps virtual stage and ask me all your Qs about #resilience + chaos + secure by design — really I just love questions

I’m presenting on how eng teams can extend their existing practices towards Continuous Resilience as well as a few new opportunities for #inspo

It’s ✨ free ✨ and you can admire my trippy stable diffusion backgrounds along with my thot lederhosen

Register here: https://www.alldaydevops.com/addo-speakers/kelly-shortridge

shortridge, 7 months ago to security

Secure by Design and by Default is a big call to action right now, in the news, etc.

But @aloria was already pioneering these efforts back in 2016. Kelly is the one who ensured Tumblr blogs had HTTPS enabled by default, so users didn’t have to think about #security (as it should be everywhere).

She led #cybersecurity history in so many ways, but today I ask you to honor her memory by reading about this wonderful, indelible mark she left on our world: https://techcrunch.com/2016/11/29/tumblr-finally-makes-ssl-connections-the-default-for-new-blogs/

shortridge, 7 months ago to Cybersecurity

hello fediverse, here's my new infographic comparing two dynamics we can nurture when doing #cybersecurity things: security theater vs. #resilience

it's meant as a handy reference to validate that your org's security efforts are nurturing resilience rather than fomenting theater (and I don't mean writing your design docs in iambic pentameter, that's fine)

imo security theater is one of the core pillars holding up the status quo of security-as-gatekeeper... so let's do resilience instead <3

shortridge, 7 months ago to random

wanting to learn some nerdy things tomorrow (Wednesday the 18th) at 11:05 ET / 08:05 PT?

I’m presenting “Watering the Roots of Resilience—Learning from Failure with Decision Trees" virtually as part of the O’Reilly Security Superstream https://www.oreilly.com/live-events/security-superstream-devsecops/0636920090132/0636920090131/

We’ll cover the Resilience Potion Recipe™, how humans are the mechanism for adaptation in software, mental models, resilience stress tests, and how to use decision trees to support all these #resilience things.

Hope to see you there 🖤

shortridge, 8 months ago to Cybersecurity

new post: the SUX Rule for safer code https://kellyshortridge.com/blog/posts/the-sux-rule-for-safer-code/

it’s short for Sandbox-free - Unsafe - eXogenous. If your code does all three of:

• running without a sandbox
• written in an unsafe language
• processing exogenous inputs

it’s certain your code SUX.

it’s basically me tweaking Chromium’s excellent Rule of Two because it conflicts with Star Wars lore (among other reasons I describe)

#cybersecurity #memorysafety

shortridge, 8 months ago to random

awesome paper by @dykstra & compatriots that audits three compliance standards (including PCI) to see if there are security gaps even if you’re 100% compliant.

The answer is yes, there are gaps even with perfect compliance — and they back it up with thorough evidence and analysis that is well worth reading: https://josiahdykstra.com/wp-content/uploads/2020/02/NDSS2020_Compliance_Cautions.pdf

#compliance #cybersecurity

shortridge, 8 months ago to random

always love getting called a Senior Principle Engineer, rightly reflecting my esteemed status of being a fundamental, foundational — and dare I say iconoclastic — truth of reality

shortridge, 8 months ago to random

this has been a devastating fall from grace to watch from afar… Ariely was one of the behavioral economists that inspired me to pursue it https://www.newyorker.com/magazine/2023/10/09/they-studied-dishonesty-was-their-work-a-lie

this natural meta “experiment” about dishonesty is almost Shakespearean. A man makes his career on the study of dishonesty — claiming people need only a small reminder to be decent — yet egregiously “fudges” facts to get there.

Truth continues to outwit fiction.

shortridge, 8 months ago to Cybersecurity

The etymology of “aware” is rooted in being “wary” of something and I agree, this month we should be very wary of #cybersecurity as an industry.

shortridge, 8 months ago to random

OH: “whenever someone says they’re going to rewrite the manifest I think of Ted Kaczynski”

shortridge, 8 months ago to random

I got up to refill my water glass and my cat somehow added 800+ slides to my keynote draft

shortridge, 8 months ago to firefox

so, firefox doesn't seem to record when you try to visit a URL but it results in an error (Chrome does seem to record as part of your history) -- does anyone know why #firefox doesn't?

shortridge, 8 months ago to Cybersecurity

it’s rare I meet someone in tech who has a kindred philosophy / literary bent, so I had a blast chatting with the Scaling Tech hosts about my book recently

David totally picked up what I was throwing down when writing the book and it sparked much joy in my icy heart. Give it a watch/listen: https://scalingtechpod.com/kelly-shortridge-on-security-chaos-engineering-and-resilience-scaling-tech-podcast-ep23/

#resilience #chaosengineering #softwarequality #cybersecurity

shortridge, 8 months ago to FF

can I get a follow Friday of distributed systems nerds who frequently talk about or boost distsys nerd shit?

bonus points for talking about Wasm

#ff

shortridge, 8 months ago to random

love prepping a keynote where I have a slide that just says

BRAINS

🧟

shortridge, 9 months ago to nyc

Twitter I can instantly find other humans’ pics of the double rainbow that blessed us in #nyc earlier.

I cannot find any via Mastodon. I tried all the forms of search on here I know. Maybe I am doing something wrong but “how quickly can I find more rainbows” is a very important metric!

shortridge, 9 months ago to iPhone

any leaks on whether the new #iphone will let you disable postprocessing or else has postprocessing that doesn’t make you look like a grainy, microwaved zombie in every lighting condition except perfect golden hour light?

shortridge, 9 months ago to random

new IaaS offering just dropped

shortridge, 9 months ago to random

increasingly feeling the urge to breathe magic back into the machines