Charity Majors, a woman I follow on twitter and have a ton of respect for, got a lot of flack for this blog post. She framed it ‘problematic advice,’ and I sympathize with that. Despite being in the tech industry for a long time, I’ve also often avoided saying too much publicly on the topic of diversity because of my hesitancy to be ‘problematic.’ Partly is because: there’s just no clear answers, and I have no desire to derail the progress that others do. It’s hard to write anything nuanced on the internet.

I’ve had my take on Charity’s post…

Debugging is a skill you must employ when writing software and yet requires a uniquely different type of mindset. Software engineering (for most code) is largely process oriented, debugging is often non-linear and looks like it’s intuition oriented. But there is process.

My #1 Rule in debugging is: Believe No One.

It’s so easy to follow a wrong assumption when you are listening to another developer who has been debugging something to no avail who is sure the “error is in how we do foobar so we just need to change it to encode correctly” or “it’s a race condition…

I have Linux on my phone right now (I’ve finally switched from Apple -> Android). My terror of malware aside, it’s a delightful experience. I see people using Linux on their desktops/laptops, and it JUST WORKS.

This continues to amaze me. In the 90s, back when I started using Linux, one did not simply ‘install’ Linux.

I ran Linux as my desktop throughout high school (dual-booted) and, along with a brief stint with NetBSD, as my primary OS in college. Thinking back, I’m not sure why, other than a) I was cheap, and b) it was what the other cool…

Earlier today, someone posted a blog about their experiences auditing an NQ Vault, an Android app that claimed to be “a safe place to store your private data.” The result was not pretty.

TLDR: basically it turns out the encryption the app was using was, how shall we say, less than effective (using a 1 byte ‘key’ XOR’d over the first 128 bytes).

As developers in this freshly security-conscious world, what lessons can we learn from this?

1. Encryption is still too hard for developers.

One of the first thoughts that came to mind was this: with all of the effort involved in constructing this custom ‘encryption’ scheme…

who to hire for your startup, and why

I’m going to to talk about two archetypes I’ve observed over my career as a developer, the Hacker (the programmer kind, not the software breaking kind) and the Engineer.

How to Spot a Hacker

Hackers get shit done, and fast. It may not be the most elegant or scalable solution, but it comes to life, and it works, and it solves a problem or is just something cool.

Hackers value source code over support or documentation. Hackers thrive in open source. This also makes them fearless. They have the attitude: if you have the source code, you can fix any problem you encounter. …

a summary and line by line overview

Recently, an interesting Docker exploit was posted (http://stealth.openwall.net/xSports/shocker.c) that demonstrates an information leak where a Docker container can access some privileged filesystem data where it shouldn’t. As I was just discussing the relative merits of using Docker, and how security is often quoted as one of them, I thought it would be interesting to dissect exactly how this exploit works by looking at a bit of the code.

The core problem is misconfigured permissions (CAP_DAC_READ_SEARCH) that are granted to the container process, and illustrates how container-level virtualization can be tricky to configure. …

I sent an email out to @all at Threat Stack, and I thought it would be worth cleaning up to post here…

“Noble Vision”

I heard a CEO mention this concept during a Tech Stars talk then ran into it again reading some awesome articles on Harvard Business Review (e.g. http://blogs.hbr.org/2014/05/managing-a-negative-out-of-touch-boss/).

Quote from article:

You can do this by asking about the core purpose of the organization, or even its noble vision. “What is our purpose?” Not, “how are we doing?” but “why do we exist and how do we serve our organization and society?”

Nate asked this recently in…

This article was inspired as a reaction to this WAPO article: http://www.washingtonpost.com/blogs/the-switch/wp/2014/02/27/heres-what-its-like-to-be-a-booth-babe-at-cybersecuritys-biggest-conference/?tid=pm_business_pop

You think it’s frustrating to be a booth babe? You know nothing, Washington Post.

I spent some time this past week managing my startup’s RSA Conference booth. We’re not a huge company (yet!) so many of us are pitching in, marketing, selling, and demoing.

If you ever wanted to know why booth babes are poison to diversity in this industry, let me tell you first hand.

So, I’m literally the most technical person manning our RSA booth. (look up my bio, I’m worked in development/research/etc for infosec companies…

#1: solve micropayments for content

This is likely the first in a series of thoughts I have for startup ideas. I am, in many cases, not a subject-matter-expert, and am talking out of my ass. Is the idea valuable? Maybe. But it’s all about the execution.

You know what is annoying? Watching ads or being stuck behind an annoying paywall that was me to give out yet another credit card number and fill out another sign up form for yet another website.

It’s 2014, and it’s surprising to me that no one’s solved this problem. I would gladly pay 10-50 cents to read a single New York Times article even though I have no intention of ever signing up for a subscription, or pay some change to click through a 30-second video ad I am likely muting anyway.

Let me pay…

yes and no

I’m not talking about sight-reading

Sight-reading is not at all like reading code. By sight-reading, I mean the ability to look at a score and perform it on-demand. Sight reading is largely a factor of how much time you have practiced at recognizing patterns, it is a linear process from ‘a’ to ‘b’ and transferring the patterns into motions that generate sounds.

When you’re first learning music, this is what you do: translates dots and lines to motions that make music happen.

But that’s not the only way to read music

Being able to read through and perform a piece…

Jen Andre

Jen writes about security & software stuff. http://jenpire.com. Twitter: @fun_cuddles

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store