๐Ÿ—ณ๏ธ This is going to ruin my reputation, but I’m actually gonna try to watch this debate because:

  1. There’s a slight chance they might actually discuss policy that they can do something about
  2. Tim Walz seems like a decent human being, which is highly irregular for a politician of this level

Update: I regretted it immediately.

๐ŸŽถโšฝ๏ธ American Arson had to cancel a show because the U14 women’s soccer team the singer coaches made it to the quarterfinals…and now I like them even more.

In Your Future

Ripe mango: tastes like heaven

Unripe mango: tastes likeโ€ฆbell peppers?

Thereโ€™s something deeply magical that happens when you reach a patch of pine needles.

๐Ÿ•Š๏ธ

Them: donโ€™t forget orthodoxy

Me, to myself: donโ€™t forget orthopraxy

Explainer: we can be less sure about all the mysteries of the universe, but many traditions (mine included) have some more explicit examples and about how to be.

(Not to mention that doxes are usually picking parts to be ortho.)

note to self: cmd+space stopped working for me on Sequoia

this was the solution

Industry colleague:

I was able to get NIST updated five times before I could get our corporate policy updated

๐Ÿ”’ The opportunity: application threat modeling & secure design review is one of the highest value appsec/prodsec activities, but is hard to implement efficiently and at scale.

A bad solution: provide a long list of controls that need to be checked each time

A better solution: generate relevant security requirements automatically based on whatโ€™s being built

Met with primesec yesterday, and this is what they are trying to do! They are using LLM to read whatโ€™s in your user stories (etc.), summarizing the work for the security team, and injecting specific security control requirements.

If this catches even a small portion of the real requirements, it would be a major uplift for teams both from a security and efficiency perspective. Looking forward to checking it out.

My driverโ€™s favorite (?) jam came on and he started pumping the break pedal to to the music.

At least we were at a stoplight?

(It was โ€œGonna Make You Sweatโ€ aka โ€œEverybody Dance Nowโ€ by C&C Music Factory)

๐Ÿ”’ Met with the folks from Pangea yesterday.

Looks like it could be an interesting solution for:

  • small developer orgs that don’t have time or expertise to deal with common security needs
  • large developer orgs that need consistency, scale, and governance of their security capabilities

๐Ÿ”’ Just left Silicon Valley Bank.

Did not know they still existed!

Are there micro.blog themes well-suited to the single-page sites?

(E.g. use the “site title” instead of my username, don’t try to add a “follow on micro.blog” etc.)

Do the right thing

Even if other people don’t

โ€œContent Creatorโ€ is a title that inadvertently tells on itself. Itโ€™s a tacit admission that the nature of the โ€œcontentโ€œ is meaningless and it exists to fill space. Might as well call yourself โ€œStuff Makerโ€ or โ€œThing Doer.โ€

h/t [@ayjay](https://micro.blog/ayjay)

Iโ€™m at AppSec San Francisco this week.

Mute that โ€œ๐Ÿ”’โ€ tagmoji if you donโ€™t want to hear about it.

Send me a message if you want to meet up.

Vision Zero in Indianapolis is not off to a good start. Per the ordinance, the Vision Zero Task Force was supposed to hold their first (public) meeting by October 1st. Imagine our surprise when we learned that the Task Force met yesterday, in private instead. Not only that, but the members of the Task Force are still unknown as they have not yet been announced.

We demand transparency from the Vision Zero Task Force.

#IndyPedestrianSafetyCrisis #Indianapolis #Indiana #HoosierMast #HoosierSocial