๐ณ๏ธ This is going to ruin my reputation, but I’m actually gonna try to watch this debate because:
- There’s a slight chance they might actually discuss policy that they can do something about
- Tim Walz seems like a decent human being, which is highly irregular for a politician of this level
Update: I regretted it immediately.
๐ถโฝ๏ธ American Arson had to cancel a show because the U14 women’s soccer team the singer coaches made it to the quarterfinals…and now I like them even more.
Ripe mango: tastes like heaven
Unripe mango: tastes likeโฆbell peppers?
Thereโs something deeply magical that happens when you reach a patch of pine needles.
๐๏ธ
Them: donโt forget orthodoxy
Me, to myself: donโt forget orthopraxy
Explainer: we can be less sure about all the mysteries of the universe, but many traditions (mine included) have some more explicit examples and about how to be.
(Not to mention that doxes are usually picking parts to be ortho.)
note to self: cmd+space stopped working for me on Sequoia
Industry colleague:
I was able to get NIST updated five times before I could get our corporate policy updated
๐ The opportunity: application threat modeling & secure design review is one of the highest value appsec/prodsec activities, but is hard to implement efficiently and at scale.
A bad solution: provide a long list of controls that need to be checked each time
A better solution: generate relevant security requirements automatically based on whatโs being built
Met with primesec yesterday, and this is what they are trying to do! They are using LLM to read whatโs in your user stories (etc.), summarizing the work for the security team, and injecting specific security control requirements.
If this catches even a small portion of the real requirements, it would be a major uplift for teams both from a security and efficiency perspective. Looking forward to checking it out.
My driverโs favorite (?) jam came on and he started pumping the break pedal to to the music.
At least we were at a stoplight?
(It was โGonna Make You Sweatโ aka โEverybody Dance Nowโ by C&C Music Factory)
๐ Met with the folks from Pangea yesterday.
Looks like it could be an interesting solution for:
- small developer orgs that don’t have time or expertise to deal with common security needs
- large developer orgs that need consistency, scale, and governance of their security capabilities
๐ Just left Silicon Valley Bank.
Did not know they still existed!
Are there micro.blog themes well-suited to the single-page sites?
(E.g. use the “site title” instead of my username, don’t try to add a “follow on micro.blog” etc.)
Do the right thing
Even if other people don’t
h/t [@ayjay](https://micro.blog/ayjay)โContent Creatorโ is a title that inadvertently tells on itself. Itโs a tacit admission that the nature of the โcontentโ is meaningless and it exists to fill space. Might as well call yourself โStuff Makerโ or โThing Doer.โ
Iโm at AppSec San Francisco this week.
Mute that โ๐โ tagmoji if you donโt want to hear about it.
Send me a message if you want to meet up.
Vision Zero in Indianapolis is not off to a good start. Per the ordinance, the Vision Zero Task Force was supposed to hold their first (public) meeting by October 1st. Imagine our surprise when we learned that the Task Force met yesterday, in private instead. Not only that, but the members of the Task Force are still unknown as they have not yet been announced.
We demand transparency from the Vision Zero Task Force.
#IndyPedestrianSafetyCrisis #Indianapolis #Indiana #HoosierMast #HoosierSocial