Posts by shortridge@hachyderm.io
(DIR) Post #AbL1EQQrOQk7KwARCS by shortridge@hachyderm.io
2023-10-31T17:05:59Z
1 likes, 0 repeats
đ¶ Cause Iâm just KenAnywhere else Iâd be adminIs it my destiny to live and die a life of prod fragility?Iâm just KenWhere they see blips I see a trendWhat will it take for them to see the bro behind the GoAnd log for me? đ¶ #halloween
(DIR) Post #AbqCJJJ0lTgWXk3Wee by shortridge@hachyderm.io
2023-11-15T19:52:11Z
1 likes, 1 repeats
đ¶ I checked her out, it was a Friday nightI used dark mode to get the feelinâ rightWe started coding C, and shared some memoryBut then I tried concurrent readsAnd thatâs about the time she threw a fault at meNobody likes you when your memoryâs freeand are still pointing to that address spaceWhat the hell is SIGSEGV?My friends say I should memory safeWhatâs my page again?Whatâs my page again? đ¶#memorysafety
(DIR) Post #Ac4Sot95sgLA9iw40W by shortridge@hachyderm.io
2023-11-22T16:17:39Z
1 likes, 0 repeats
Iâm still reeling from learning last week that floppy disks were literally floppy.ppl in the 80s were really living in a magnetpunk world and acting like itâs nbd rather than actual fucking wizardry
(DIR) Post #Ac4SozQgWBybe1DCG8 by shortridge@hachyderm.io
2023-11-22T16:18:33Z
0 likes, 0 repeats
this was basically me last week at dinner with my Fastly colleagues who bequeathed this knowledge to me
(DIR) Post #AcyK4eK6kLi4AhqEOe by shortridge@hachyderm.io
2023-12-18T17:48:43Z
1 likes, 7 repeats
Wasm3 is sadly entering a minimal maintenance phase because the maintainerâs home was destroyed by Russian forces in the ongoing invasion of Ukraine. But, Volodymyr will still be reviewing and accepting PRs, so this is a great opportunity to support him, the #wasm community, and the Ukrainian #OSS community by making contributions: https://github.com/wasm3/wasm3
(DIR) Post #AdO4qnYDTpCCdZTbCS by shortridge@hachyderm.io
2023-12-31T23:19:41Z
0 likes, 1 repeats
an LLVM to Excel spreadsheet compiler, truly what dreams are made of: https://belkadan.com/blog/2023/12/CellLVM/it also reminded me of my investment banking days when I would crash Excel with iterative calculations (âbrĂžether clippĂ« may I have the lööpsâ)ty for this gift to the world @jrose and P.S. I want to see the CSV alignment chart đ#compilers #llvm #excel
(DIR) Post #Ahz8rE6qdKadWNtf7o by shortridge@hachyderm.io
2024-05-17T14:38:53Z
0 likes, 0 repeats
tired: too many browser tabs wired: the system is struggling to absorb and regenerate from anthropogenic stresses
(DIR) Post #AiQ2LOIVrhbrOahv60 by shortridge@hachyderm.io
2024-05-30T13:29:08Z
0 likes, 0 repeats
This is happening in just over an hour â canât wait to deliver possibly my most unhinged, eccentric talk yetmy goal is to inspire software engineers that supplanting cyber orthodoxy with #resilience is entirely possible âšBook signing + Q&A + Chaos Kitty stickers will follow the talk#CraftConfhttps://hachyderm.io/@shortridge/112359866471330046
(DIR) Post #AiQ2LRNaPIRyxC6Vv6 by shortridge@hachyderm.io
2024-05-30T13:49:23Z
0 likes, 0 repeats
Just kidding, I left the stickers in my hotel room đ
(DIR) Post #Ak5aWCD1iOIO1VRKqW by shortridge@hachyderm.io
2024-07-19T11:55:17Z
1 likes, 1 repeats
and this is why we need to stop absolving *commercial* cybersecurity vendors of software quality concerns.there should be multiple checks preventing this type of broken content in an update. how did they allow it to ship to so many machines all at once?#crowdstrike
(DIR) Post #Ak5aWFYPHMBEOgSx5U by shortridge@hachyderm.io
2024-07-19T11:57:52Z
0 likes, 0 repeats
this is why Iâve side eyed any federal document about software #security, quality, or #resilience that demonizes open source software while touting the virtues of commercial cybersecurity productsas if those products arenât notorious for deep access + flimsy qualityâŠIâve written about this concern in two separate RFIs to CISA et al (with co-conspirator @rpetrich)1) on OSS security https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/2) on secure by design https://kellyshortridge.com/blog/posts/rfi-secure-by-design-response/ #crowdstrike
(DIR) Post #Ak5aWIRmWRfBN0OCg4 by shortridge@hachyderm.io
2024-07-19T11:59:20Z
0 likes, 0 repeats
^ In our RFIs, we note that commercial security software is often a boon for attackers given its deep access + poor qualityindeed, much of it resembles malware in functionality. in the #Crowdstrike case now, itâs poorly written malware. âSkidiotâ shit, as a friend would sayâŠFor all the ballyhooing about open source, why donât we take the security of commercial security software more seriously?
(DIR) Post #Ak5aWLZKuoUN3IwmMy by shortridge@hachyderm.io
2024-07-19T12:00:57Z
0 likes, 0 repeats
so, how do we plan to zero trust the zero trust software?and do we call this a cybersecurity attack? it is an attack by the cybersecurity industry on our nationâs infrastructure, after all⊠#Crowdstrike
(DIR) Post #Ak5cXAaJRKeFBPvKpk by shortridge@hachyderm.io
2024-07-19T13:20:16Z
0 likes, 1 repeats
okay people, stop with the đđ„șđ but crwd is just an itty babby donât be meeeanthey are a grown ass commercial software vendor who has known, for years, by design, that they effectively deliver a rootkit into enterprise systems and, often, critical infrastructureagain, if you have the energy to shame OSS contributors for their mistakes, but make excuses for large commercial vendors: maybe what you seek is punching down, not making the software ecosystem better https://hachyderm.io/@shortridge/112813022742284016
(DIR) Post #AkA4UiWqM3uswGlAGm by shortridge@hachyderm.io
2024-07-21T15:02:53Z
1 likes, 2 repeats
tl;dr of the current crowdstrike incident discourse:cyber bro in wrinkly chinos: âactually, modern software practices do not work, pls stop bullying the c-suite of an $80bn corporationâtrans furry platform dev: âbitch u live like this????? I donât sandbend compilers for u losers to skip unit testsâ
(DIR) Post #AkA4UjcYIK4qKGREo4 by shortridge@hachyderm.io
2024-07-21T15:16:32Z
1 likes, 0 repeats
itâs kind of funny seeing the dynamic Iâve lived when speaking at conferences the past ~5 years play out at scale nowcyberpro bros adamantly refuse to believe modern software practices can workand platform engineers / SREs are dumbfounded upon learning how behind cybersecurity is as an industry
(DIR) Post #AkA4UlC2Rs3bCc35l2 by shortridge@hachyderm.io
2024-07-21T16:00:33Z
0 likes, 0 repeats
@bynkii the irony is, the security leaders I know who _do_ adopt modern engineering practices and think in terms of software resilience all seem⊠way more chill? like they actually love their work, feel fulfilled, burn out less, are more respectedsometimes feels like a lot of traditional infosec selected for self-sabotaging / perpetual victim vibes. itâs a crappy way to live.
(DIR) Post #AkA4UnCoxvs5RcQkFs by shortridge@hachyderm.io
2024-07-21T15:17:32Z
1 likes, 0 repeats
Iâm especially tickled that cyberpro bros have always haaaated when I said outages are way worse in terms of business impact than the vast majority of cyberattacksand that cybersecurity problems really arenât as hard relative to other software concerns as they pretend they are⊠(see also: https://kellyshortridge.com/blog/posts/cybersecurity-isnt-special/)
(DIR) Post #AkA4UpwGnvPlv9i4NE by shortridge@hachyderm.io
2024-07-21T15:21:54Z
1 likes, 0 repeats
Iâve long felt that if the software engineering world realized:1) how accessible cybersecurity actually is in terms of an understanding of what matters in practice2) how dreadfully behind the cybersecurity industry is in terms of basic practices, understanding of systems, etc. immense outrage would foment at large, and perhaps real change demandedthereâs a reason why infosec pros present the problems as arcane and inaccessible, why they protect their own and knit tight cliquesâŠ
(DIR) Post #AkA4Ut84wTdvoeG2hE by shortridge@hachyderm.io
2024-07-21T15:26:33Z
1 likes, 0 repeats
P.S. probably my primary goal with writing my book was to address both 1 & 2 above ^reveal to platform engineers & SREs how very capable they already are to solve cybersecurity challengesand to teach cyberpros how software works, a crash course in software delivery practices, all the opportunities they overlook while drooling over the RSAC vendor hall, etc.shameless plug: https://securitychaoseng.com/