🔒 I got to announce that I’m expanding my team today. Feel free to refer people or apply! #ProdSec #AppSec
“Adversity is such a wonderful teacher”
-Jyotirmoy Sarkar, sharing his story today 🕊
🔒 Product Security? Application Security? Software security? What do you call it these days?
There’s a topic I’m tentatively calling “Stand for Something”. It’s about the weakening of “filtering and alignment” capabilities in modern society.
I appreciated this episode of the Peter Attia Drive as their latest masterclass in insulin resistance.
The consistent advice is to cut out fructuose and reduce glucose (simple carbs) until in tolerance.
But exercise really does matter. It affects how muscles dispose of glucose.
Beautiful Trouble updated their toolkit.
With the new toolkit you can slice and dice depending on what you are considering, and also create pdfs from your favorites.
This is a nice online companion to the deck of cards.
🔒 Opinion: the OWASP Cheat Sheet Series is the most underappreciated OWASP project.
Before you post out pithy quotes today, try to understand more fully what King fought for, instead of using his own words to soften his points.
Then, together with the Beloved Community, wage nonviolence against the triple evils of poverty, racism, and militarism.
I was restless this morning and up early…so I started to pull together my accumulated notes on sleep: here in my digital garden experiment
Resilient 📚 Review: I Am Not Your Enemy by Michael T. McRay
⭐️⭐️⭐️⭐️ Highly Recommended
Nobody is surprised, but it’s still sad.
And if you are getting together:
“do pickup of groceries, rather than going grocery shopping in the store”
“Making sure you’re practicing really good hand hygiene”
“if you can get tested, you should”
“A 14-day quarantine period could prevent transmission — especially for asymptomatic cases.”
As Trump’s creditors hope to salvage more from his outstanding obligations, these last months of the presidency could be even more swampy than the rest.
So: let’s help each other endure the death throes of this administration. Practice compassion. Engage in mutual aid. Offer sanctuary and healing. Make plans and build support systems for a freer, healthier, brighter future.
Masks are such an easy, powerful way to reduce the number of lost lives, both directly from the virus, and indirectly from financial impacts. Wear them, please.
I appreciated this opinion from Sarah Smarsh in The Guardian:
📚 Now Reading: Regenerative Agriculture by Richard Perkins
You may have heard me talk about watersheds, before. In this post on Resilient, I share how to identify a watershed, and propose a thought experiment of considering watersheds as our political unit.
published on #Resilient: Ethical Explorer Pack
“While we are relieved that our church home mostly survived the inferno in the lot next door, we affirm that we would rather lose 100 buildings than one more life to police violence.”
Resilient: Landlord Tech Watch
“Since 2007 the mean temperature in summer has flipped from below freezing to above it. The consequences will be felt far beyond the north.”
“I’m so sorry, but I’m avoiding shared indoor spaces unless it’s an emergency.”
Yet another good reason to wear a mask: “Homeland Security fears widespread mask-wearing will break facial recognition software”. Help your fellow humans.
Added How to Invent Everything to my #Resilient booklist. 📚 I love this book so much. Informative and hilarious. ⭐️⭐️⭐️⭐️⭐️
As someone with an interest in insect protein (for issues of sustainability and ethics) this talk from the Long Now was very interesting to me. 🎙
I still have a ways to go, but did some good work on my Resilient booklist this morning.
Another great one from James Clear
Here’s a great podcast intro to Restorative Justice, includes shoutouts to Howard Zehr and Mennonites, which is, unsurprisingly, how I got introduced to the concept in a more concrete way.
This well-written and detailed post helps clarify the riskiest exposure cases. It seems like our focus has been too much on surfaces and not enough on shared breathing spaces.
Please mask up and avoid the riskiest scenarios.
good reporting from Krebs on Security:
This is one of the best podcast episodes I’ve ever heard 🎙. I took many notes and will be organizing them to produce a writeup at Resilient.
Waging Nonviolence published 7 things to do instead of hoarding toilet paper. Good list!
Coping with Covid a writeup at Resilient
what will happen when the crisis passes?…it’s worth asking yourself now…how you might change your behavior….But it’s also worth asking if we are willing to allow governments and corporations to return to business as usual.
from America Is a Sham
Thinking about the confluence of quarantine, Lent, spring break, climate change, & other events.
What have you been learning and evaluating about your rhythms, habits, priorities, & schedule? Are you finding things that weren’t necessary, aligned with your values, etc.?
What’s been harder? What’s been easier? What’s important to you?
I started Cal Newport’s 📚 Deep Work and it has me pondering something.
As expected (since I really enjoyed Digital Minimalism), though I have just started, I am appreciating the book. However, his early focus on productivity is concerning to me. Often, we think of productivity as the One True Measurement ™ of success, and I’m not sure that’s right.
While effectiveness (towards whatever goal(s) you set) is important, it leaves out factors such as quality, value, repeatability, learning, etc. You could argue that we should build those into the measurements of productivity, but I’d argue we often don’t.
Perhaps my disagreement is due to me being philosophically less of a consequentialist and more of a deontologist or virtue ethicist. In my way of thinking, it’s better to do right with less immediate output than to crank out good output that may be short-sighted.
What about you?
edited to add: Cal addresses this a somewhat when he gets into “busyness” being a (bad) proxy for “productivity”.
Another great decision-making question from James Clear’s newsletter:
“Will this cost me time in the future or save me time in the future?”
When information is crowdsourced, new avenues of manipulation arise. Consider this hack of driving directions as an example.
Software Assurance Maturity Model v2 is live! #appsec #OWASP #SAMM #OpenSAMM
burning by Lunarbaboon
Recently finished 📚 Immunity to Change by Robert Kegan & Lisa Laskow Lahey. ⭐️⭐️⭐️ Recommended for complex vertical/psychological development. Good companion to The Map by Keith M. Eigel & Karl W. Kuhnert. Immunity is more promotional but also has more how-to guidance.
I liked Malcolm Gladwell’s 📚 Talking to Strangers, but I liked this podcast of him talking about the topic even better. He was more cutting, witty, etc. Great dynamic between Ezra and Malcolm on the show.
‘King was arrested 29 times in his short life. Many of those times, he was charged with “disturbing the peace.”’
From “Why we need to move closer to King’s understanding of nonviolence” from Waging Nonviolence.
What are the tech companies that are doing the most harm? What would be your top 5? Here is Slate’s list.
“The kingdom of heaven is in a basement”
Parables of the Kingdom: a poem from Isaiah Lewis from Mercy Community Church it Atlanta, Georgia.
“It’s very easy to come up with superficially persuasive arguments that can justify just about anything. The job of an intelligent populace is to see whether those arguments can actually withstand scrutiny.”
📚 Finished Power of Now by Echkhart Tolle. ⭐️⭐️
Awesome new shirt & bag for sustaining members of Waging Nonviolence, along with the description behind each icon.
We’re seeing more like this, and it’s excellent subversive action like Jesus’s examples of: turning the other cheek, carrying the extra mile, or stripping off and giving your clothes. Church nativity scene puts the holy family in cages.
⭐️⭐️⭐️⭐️ Finished Reading 📚 How to Change Your Mind by Michael Pollan
Did you (or are you planning to) engage in an alternative activity to Black Friday and Cyber Monday? Please share. #OptOutside #BuyNothingDay
I added a new resource to my Security Thinking for Big Data reference. “A Practical Way to Include an Ethics Review in Your Development Processes” from Laminar Group.
Links for Resilience #5, with “Coercion-Resistant Design”, horseshoe crabs, seaweed for cows, and more.
Sunday quote courtesy of readwise:
Fort Collins Mennonite Fellowship regains the right to provide storage lockers to homeless in their community. What if more Christians fought for the ability to help people, instead of the ability to harm them?
TIL: Indianapolis has the second highest number of evictions, second only to NYC (statistic courtesy of Eviction Lab and Family Promise of Greater Indianapolis)
Who’s surprised these newfound alt-right free speech warriors aren’t coming to the defense of meat-alternative producers? “officials in nearly 30 states have proposed bills to prohibit companies from using words such as meat, burger, sausage, jerky or hot dog”
The latest Links for Resilience newsletter is out, featuring stories on Security, Sustainability, Society, and Self.
I’m back from #GenCon19, so I released a podcast about Games! Available now for subscribers of Resilient.
How to tie any knot: Animated Knots
“Life Tip: when deciding whether to keep something, imagine it as a human friend.” from SMBC
I started a “stress note” in my Notes app where I keep a list of whatever I’m anxious about. Anytime I add something new I reread my past worries and if they no longer matter (which is usually the case), instead of deleting them I apply the strikethrough style. There is something very calming and self-affirming in doing this, and as the list grows I actually find it very beautiful to look at.
from Cool Tools
Have any of you already played Bloc by Bloc?
Churchwide Statement on the Abuse of Child Migrants passes near-unanimously (2 of 495 dissent) #MennoCon19
“Immigrants Avoiding Deportation at Churches Face Big Fines” A couple of these sanctuary churches mentioned are Mennonite churches. #MennoCon19
As I read this post about “Calm Technology”, an annoying subscribe popup happened right as I got to the “annoying notifications” spot on the chart. There’s also an obnoxious banner running through the whole article. Unacceptable. Change has to start with oneself.
Happy Juneteenth. May we never give up on freedom and justice.
I had some folks ask for more details about my Digital Declutter experiment. That podcast episode is now up for subscribers of Resilient. #resilient
Confronted with the reality of a monitored world, people make the rational decision to make the best of it. That is not consent.
Another great essay from Maciej #resilient
🔗 Links for Resilience #2. Reading for security, society, sustainability, and self.
for Resilient, I interviewed Curtis Brazzell for his Kickstarter project “M is for Malware”. Check it out!
My latest Resilient newsletter is out: Links for Resilience, where I share articles, quotes, and comments about security, society, and self.
“If I were wrong, what would I see?”
Great question from Margaret Heffernan on the Knowledge Project.
I also like the distinction between “power as orchestration” and “power as domination”. Lots of good items on this episode.
“countering consumerism must start from more robust secular (or religious) theodicy: the building of meaning structures, communities of meaning, that lie outside the realm of the market; and that offer credible answers to the deep foundational questions that continue to haunt us”
“A tech movement spurred by visions of libertarian empowerment and progressive uplift has instead fanned a global resurgence of populism and authoritarianism.”
Join us tonight at OWASP Indianapolis! I am reprising my talk about about Big Data and AI Security. #owasp #ai #security #bigdata #indianapolis
I’d love to hear your thoughts on this Global Youth Learning Framework from Institute for the Future. #Resilience #Learning
This episode of the Knowledge Project has even more great parenting and development insights than the last one I shared.
Excellent episode of the Knowledge Project: Peaceful Parenting. I’m not a parent and I still got a ton out of it.
Accurate: Life Online
“Solitude Deprivation: A state in which you spend close to zero time alone with your own thoughts and free from input from other minds.”
Google has shared ClusterFuzz.
“ClusterFuzz is a scalable fuzzing infrastructure which finds security and stability issues in software.”
Another approach to app Threat Modeling: Threat Modeling as Code
Last chance to register for my talk re: Agile Security and DevSecOps
Come join me next week? Northside Meetup: Agile Security and DevSecOps w/ Todd Grotenhuis - Meetup