Podcasts about Coverity

On this episode of The Kara Goldin Show, Ben Chelf, Co-founder and CEO of Sol Reader, joins us to discuss how he's transforming the way we read in the digital age. Sol Reader, Ben's innovative company, has created a unique VR e-reader designed to offer a healthier and more immersive alternative to traditional screen time. With a strong background in technology and entrepreneurship, including his success with Coverity, Ben shares the key lessons he's learned about building products that prioritize both innovation and user well-being.Ben dives into the challenges of blending VR technology with e-reading, the inspiration behind Sol Reader, and how his role as a father motivated him to create something that encourages healthier digital habits. He also shares valuable insights on digital hygiene, balancing mission with innovation, and how Sol Reader aims to shape the future of reading for all generations. This conversation is packed with actionable lessons on entrepreneurship, tech, and pushing boundaries. Don't miss it! Tune in now on The Kara Goldin Show! Are you interested in sponsoring and advertising on The Kara Goldin Show, which is now in the Top 1% of Entrepreneur podcasts in the world? Let me know by contacting me at karagoldin@gmail.com. You can also find me @‌KaraGoldin on all networks. To learn more about Ben Chelf and Sol Reader:https://www.linkedin.com/in/benchelf/https://x.com/bchelf/https://www.instagram.com/bchelf/https://www.instagram.com/solreader_/https://www.solreader.com/ Sponsored By:Cymbiotika - Go to Cymbiotika.com/Kara for 20% off plus free shipping on your subscription order.Ramp - Get two hundred fifty dollars when you join Ramp. Go to Ramp.com/KARAGOLDINShipStation - Get a 60-day free trial at ShipStation.com/KARA. Thanks to ShipStation for sponsoring The Kara Goldin Show!JLo Beauty - Head to JLOBeauty.com/KaraGoldin for a SPECIAL GIFT of FOUR FREE Masks and FREE Shipping.Shopify - Sign up for your one-dollar-per-month trial period at Shopify.com/karaCIBC Innovation Banking Podcast - Tune in today to the CIBC Innovation Banking Podcast—wherever you get your podcasts. Check out our website to view this episode's show notes: https://karagoldin.com/podcast/604

https://www.soundingboardinc.com/ I spent two decadescoaching public and private company CEO's and executives, before foundingSounding Board in 2016. It's been myabsolute pleasure to coach executives at both Fortune 100 companies and venturebacked growth companies like Intellikine, Tapjoy, Coverity, Achaogen,10xGenomics, Revance, Chevron Corporation, Sprint/Nextel, Citibank, Haas Schoolof Business, UC Berkeley. My decision tostart Sounding Board was born from these beliefs of mine: 1. 85% ofleadership coaching goes toward the C-suite, but those execs always told methey wished they had this kind of leadership development earlier in theircareer. 2. Managing andreporting on the coaching process can be done far better and more affordablywith great technology than without. You can reach many more leaders with greatsoftware backing you up. 3. Leaders are madethrough failure. The job of a coach is to provide a trusted space to say thehard things, the difficult things, that encourage leaders to bring themselvesto the next level of maturity and development. I'm interested inconnecting both with amazing executive coaches who can grow leaders, and withHR professionals who have a mandate to spread their leadership developmentefforts more widely throughout their organization. Author ofLeadership Revolution: The Future of Developing Dynamic Leaders. Co-founder,President at Sounding Board - Coaching and Mentoring Software and Services toManage, Scale and Measure your Leader Development. Develop DynamicLeaders Now! Well into the 21st century, organizations still rely on leadershipmodels and development techniques based on outdated methodologies . It's timeto revolutionize leadership development. Drawing on over 25 years of coachingexperience, Lori Mazan, co-founder and Chief Coaching Officer of SoundingBoard, offers talent development, learning leaders, managers, and executives apractical strategy guide for shaping the next generation of leaders.

Beyang sits down with John Kodumal, CTO and co-founder of LaunchDarkly. LaunchDarkly is a SaaS feature management platform for developers that allows them to iterate and get code into production quickly and safely by separating feature rollout and code deployment. John begins by talking about his first experiences with computers and programing in the 80s, including teaching himself to us a Dvorak keyboard in the first grade, experimenting with BBS in elementary school, and programming his TI-92 in BASIC to make a shell program so that he could use Reverse Polish Notation (RPN) on it in high school. John shares how he pursued his interest in programming languages throughout higher education and then discusses his employment experiences at Coverity and Atlassian. He talks about how the lessons and experiences from his prior jobs ultimately led him to found LaunchDarkly in 2014 with former classmate, Edith Harbaugh. John dives into how did he first got into feature toggles and feature flags, and then talks about the engineering challenges LaunchDarkly has encountered. John concludes by sharing how he has witnessed LaunchDarkly impact the developer experience and the ongoing, transformational benefits of utilizing their feature management platform.Sourcegraph: https://about.sourcegraph.com 

Jaimie Buss, CRO of the e-learning platform Articulate, had an epiphany several years ago. While trying to simultaneously give her toddler a bath and catch up on work emails, some water splashed on her computer. After initially snapping at her son, she realized the importance of being “unapologetically present” with not only her family at home but her colleagues at work. Since this experience, she has drawn clear boundaries between the two.In this episode, Jaimie and Joubin talk about the leadership lesson she learned from her father; her discipline in all things, including Peloton workouts; her secret weapons of hard work and preparation; what Jaimie learned from some short stints at startups after already having career success; what she learned from three years in venture capital, and everything that changed in her time away; what it means to be “unapologetically present,” at home and at work; and Jaimie's return to startups, first at Zendesk and now at Articulate.In this episode, we cover: The difference between a poorly-run coffee shop an a well-run one (03:35) Why you should acknowledge your team's day-to-day accomplishments (07:26) Focusing on single tasks and how Jaimie manages her routine (09:52) The downshift from rapid growth at VMWare to rocky stints at Coverity and Meraki (20:43) Why she put her operating career on pause to go work for Andreessen Horowitz (28:10) There's no easy, just “different kinds of hard” (38:10) Why Jaimie went back to startups with Zendesk, where she stayed for more than five years (44:00) Why she joined Articulate, making incremental improvements rather than extreme changes (51:04) The most important questions Jaimie and Articulate's execs asked each other in the interview process (57:30) Links: Connect with JaimieLinkedIn Connect with Joubin Twitter LinkedIn Email: grit@kleinerperkins.com  Learn more about Kleiner Perkins

Robert Seacord, author of Effective C, The CERT C Coding Standard and Secure Coding in C and C++, discusses why the C programming language can be insecure, the top 5 security issues and the tools and techniques you can employ to write secure code in C.

Jaimie Buss is the SVP of Commercial Sales, North America at Zendesk. Jaimie is a veteran sales leader with experience selling everything from SaaS to virtualization, storage, and networking.  During her first 4-years at Zendesk, she was VP of North America and led SDR/BDR, SMB, Commercial, and Enterprise sales. During her 20+ year sales career, she has held sales and leadership positions at Andreessen Horowitz, VMware, Coverity, Meraki, Coraid and Inktomi.  In this episode we talk about Jaimie’s competitive nature, how she created a brand for herself, and the misperception that one needs to be an extreme extrovert to be good in sales. She also shares about the strategies she uses for surveying her team on engagement, her views on various leadership styles, and the importance of product led growth.I hope you enjoy the show.Full transcript available here. Get full access to Operators at delian.substack.com/subscribe

Karen Kingston: FDA Letter Warns of Unknown JAB Side Effects, Shedding, Birth Defects & Death!The Rightside with Doug Billings- RumbleDoug Billings 0:00  Hey folks, Gary Duncan here with remnant revolution. Just had to get this episode out. I want you to listen to a replay of the Doug Billings show called The right side. He interviews his guest is Karen Kingston. She is a former Pfizer employee and very well known and educated in the vaccine industry she has provided she's providing patents and revealing the ability to isolate private individual information within these vaccines. Okay, these vaccines contain tracking technology. It's crazy, right? Last year's conspiracies are this year's truth gets a little in the weeds on technology, but all the documentation will be in the show notes. Check out right savage Doug Billings. This is an episode you need to listen to. Just just going you'll find it pretty easily. Great episode. Just had to get it out. Wake up church, there's a war going on for the soul of our country where the lies of the demonic control the narratives of our culture. Join your host Gary Duncan, in search of the kingdom warriors of our time, those not afraid to speak up and walk out the word of God in the face of evil. Get ready for a supernatural impartation a spiritual download of faith and fire into your life. Welcome to the remnant revolution 1:26  hi everybody welcome to the right side it's time for Karen Kingston she is becoming you know what I call a rock star in the world of awakening America to the components the recipe and the ingredients of the jab in all of the dangers and where we should really be focused in our efforts to confront this thing. Karen is just freshly back from the Brad Barton event in Kentucky I heard it was an extraordinary event she got to to meet and speak with privately General Michael Flynn which is good she's uh she's really someone ladies and gentlemen who I I'm really proud to have her on the show. I'm I'm honored that she chose this show to break all of the news that we're hearing now really in not only the the new media out there, but in the mainstream as well. She's her news and her her, her opinions are beginning to seep into the mainstream, which is where they need to be truly So having said all of that, and Karen Hi, my friend, welcome back. Hi, dad, thanks so much for having me back. It seems like forever since we chatted and we missed you. And in Kentucky, for sure. Thank you. And it was awfully nice of you. I 2:34  saw a little bit of your speech and heard about it rather. And it was awfully nice of you to to give a shout out to me in this show. And look, you know, I just admire the heck out of you. You you are you're bringing light to a dark time. And God is with you. I appreciate you. Thank you. Thank you so much. So we did call it here. Let's set the table a little bit we want to talk about, you know, ladies and gentlemen, our show that we did a couple of weeks ago about you know, checkmate, we win. Pfizer's got to now come forward with the ingredients of the jab, we're going to get there. We're going to explain Karen's going to explain where we are with that. But first, Karen, you know, a little pat on the back to both of us because a couple of months ago, you came on this show, and broke to the world, that the jab, the COVID jab that we're being that's being thrust upon us, is really the culprit behind and causing the Delta variant that's in the news today. Congratulations. We called it and now the mainstream is admitting that it's the truth. Yeah, absolutely. I mean, all the data from the FDA filings and specifically their 2015 document called gene based therapies, talks about the fact that if you inject someone with synthetic RNA that's going to produce a spike protein, that that spike protein is a pathogenic virus. So we call that saying like, Look, people that are being injected, they're actually producing the COVID, the COVID-19 variant called the delta and and over the last couple of weeks, I have been pleading on the media for healthcare providers to come forward and speak the truth about who they're seeing in the hospitals. And they're saying the people in the hospitals are the ones and we've gotten one or two doses, and they're having these mild carditis they're having respiratory failure. They're having kidney problems and they're calling it the Delta variant and they said make no mistake, this is from the injection so we we did we called it but again, the FDA laid it out for us and it was you know, it was just inevitable as a matter of time. 4:36  You know, Karen also is the world and is we in this country have begun to face 4:43  these mandates these unconstitutional maddening mandates that are being thrust upon us. We You and I were discussing just prior to coming on the air here that, you know, people are emailing you, they're emailing me, they, they want letters, they want templates. They want something to show that look, this thing is dangerous. I 5:00  Don't want to take it, you have no right to inject it into me, you know, 5:05  informed consent becomes an issue and people wonder about that. You pointed out also on this show that the content of the FDA letter itself admits, you know, Pfizer, you know, in or the FDA rather admitted they don't know, they don't know what's what this thing is going to do to us that shouldn't that be enough to shut this entire thing down? I believe so. I mean, the approval letter states that they don't know the long term, short term or long term effects of this vaccine on on on people's overall health and risk of permanent injury and risk of death. So they have about 10 studies where they talk about the need to track mild carditis in subjects who are injected everywhere from the age of five years of age and older, they talk about tracking sequentially of disease. And in these subjects who are young, healthy teenagers and adults, and Sequoia disease for mild carditis. That's a fancy word for congestive heart failure, that means your heart is failing. So they don't know if your heart is going to fail in two weeks, two years or five years. And what that means is as your left ventricle can't push blood into your body, you can no longer perform everyday activities. If you're in our military, then you cannot perform the duties that you need to protect and serve our country. If you are a young parent, then you may not be able to keep up with your toddler. And if you are a young teenager, it means you may not be able to play sports. And it was a qualia of disease eventually ends in death. 6:44  absolutely shocking. Not surprising, given who this is all coming from with the Fauci and the Bill Gates Foundation, the FDA itself, the CDC, highly, highly suspicious organizations and it doesn't surprise me to hear you say these things, although it doesn't alleviate the shock and now, okay, so you and I, you have come on this show, you've broke this news. months ago, we are on the cutting edge, we're out in front of this tsunami of nonsense and and danger. And you've been the siren that is sounded the alarm. Now the mainstream media though, Karen, you know, you and I also talked about graphene oxide, we were the first to bring that out into the attention of the American people into the world. And now it looks as though and you'll have to explain to us how that the mainstream media is now and Pfizer and other organizations and the FDA, God knows who else they're going to begin to as you warn us to normalize graphene oxide a deadly component to human beings. Yeah, I believe that's what's going to happen again, I'm inside the industry. I know some of the major investors and we were talking about, you know, people that can manage up to 50 billion 100 billion dollar portfolios. So what they're willing to do is basically fall on the sword for graphene oxide. So when Pfizer got the FDA approval for the graphene oxides going to come out as as in as it was in the vials, right. Whether Pfizer says it truthfully, and follows on the sword with moderna, or they lie about it, they will be caught because people have the vials and we show there's graphene oxide in there, I believe they're willingly going to fall on the sword. And right now they're negotiating you know, what they're willing to be charged with, because of the graphene oxide under the EU way. So forget coming into the right now but Coverity they start inspecting the vials, but under the EU a, there was no good manufacturing processes that were being followed. So that includes the supply chain management. So it's very easy for moderna and fire him to be like, Oh, well, somehow or another along the supply chain management, someone slipped in toxic levels of graphene oxide, that that maybe explains these deaths that we weren't expecting to see. And there are lethal levels, but that's not our fault. Oh, and by the way, low levels are pretty good for you. They're bacterial Seidel, they kill viruses, etc, etc. But what they they're willing to do that and a trillion dollar fine is nothing. Because what the UAE did what the CDC did, and what the FDA did is they took a very dangerous class of products called gene therapies, whether they're mRNA, silencing RNA, car T cell therapies, complimentary DNA, these are dangerous therapies used in end stage cancer, and they call them vaccines. The only thing that everyone cares about whether they're the venture capitalists or the Big Pharma is they want to keep that vaccine category, meaning that they can inject you with these dangerous gene therapies for to prevent any type of disease, whether it's cancer, whether it's all climbers, whether it's dementia, whether it's ADHD, and so that's what they want to hold on to tomorrow. 10:00  Fourth, this $50 trillion market. And these injections in and of themselves will also cause some rare immune mediated diseases that are also very expensive to treat. So they just created themselves a large, many times over a multi trillion dollar market. Okay, Karen, so we're up against a break, I want to set the table for our next series of conversations on this for the audience. So, ladies and gentlemen, Karen and I are going to address the emails that we've received about your inquiries into this two week window of time. You'll recall that she and I did a story a few weeks ago, entitled, you know, checkmate, we win Pfizer has now got to, you know, tell us and come forward with the ingredients of the jab, we're going to explain what they're doing, as she was just alluding to, behind the scenes negotiations, and so forth. We'll talk specifically about those emails. As we continue our discussion with Karen Kingston. Bye, everybody. Welcome back to the right side with Doug Billings, where we engage in determined prayer and determined patriotism every day here on the program, with my friend, Karen Kingston, and we were talking about kind of looking back over the things that she and I have called, she really has broken some of the most major stories about the ingredients of the jab in the world. And she's chosen to do so on this program. So we were we were reflecting on that. And Karen, let me bring you in here. Now, when we, when we were talking before the break, we were setting the table to remind the audience members who had contacted us about the last show that we did about Pfizer now being how they would have been now forced to tell us what's in this thing, what's in the jab. And a lot of people wondering, Well, where's that news? Release? What's going on there? So can you just shine some more light on that? Let's explain to the folks where we are in that process. Why they haven't seen anything yet. But what what what Pfizer is doing behind the scenes, perhaps? Sure, let me share my screen and go straight to the letter. for everyone. An important point is they had to share with the FDA what's in the products, they did not necessarily need to have to have to share that with us. They have to share it with the American people, once co Murti which is the branded product is available on the market. So let me explain what the letter says why it's confusing. While it's why it's intentionally confusing, and why again, this is mandates by memo, which is unlawful, illegal malfeasance, and abusive and American people need to stand up. So this letter says that they got an approval for the vaccine. And they say it's associated with these two clinical trials down here, if you go to clinical trials.gov. These trials are not just the phase three trial, which has what's called bn t 162. b, which is the 30 micrograms of mRNA. These trials have about a dozen different variations, including different dosages of what we know as bn, t 162. b, which is the mRNA that produces PS to spike protein. And we talked about that, that's not the source code to spike protein. It's a new spike protein that causes inflammation in your heart, lungs, and kidneys. But the neutralizing antibodies from source code to bounce off of it like bullets on Superman, so it doesn't stop you from getting infected from source code to. They also have another version called 161. That has different receptor binding domains. Again, this is just causing more variance, and more what they call reactogenicity. Some more inflammation, it's just making the pandemic, the disease more deadly. They also have another one that was for the South African variant that they started injecting and people they developed in April start injecting people in May. Again, this is really ironic, because the South African variants didn't even come to market until January 2021. But in May of 2020, they're injecting people with vaccines for this variant. So I think that's more evidence that this is you know, we don't really know what was approved and what where the FDA was being I think 14:13  I just in genuine I don't know if that's the right word is they sent out a reissue their ua letter on August 23. And what they said when they they approved co modernity on August 23. And then they reissued the UA to Pfizer and biontech. And on page two, paragraph three, they say ko modernity is the same formulation as the Pfizer biotech COVID-19 vaccine and can be used interchangeably. Well, how did they know that they never looked at any one of the vials that are in the market, and they hadn't looked at any of the vials yet for Pfizer comorbidity. Again, this is mandated by memos and people making stuff up. So it's completely unlawful. 14:57  But just to reiterate what I 15:00  had said they this is the thing. They're not allowed to distribute any of the lots of humanity until CBR. approves it. Unfortunately, the two top people at CBR for vaccines resigned the day of this approval. So that's also a problem, isn't them? And they? Yeah, I know isn't that convenient, and they helped us to submit product deviations. So this is when the graphene oxide is going to come out. 15:26  So they have to submit product deviations in the product. And within 14 days, submit that including serious adverse events. So if now they're inspecting the vials, and they're saying, hey, there's graphene oxide in here, they can again, blame it on the supply chain management issue. And then say, it's not our fault. And under the EPA, they have no liability. And nobody was in charge of inspecting the product for what was in the product, the quality, the consistency, or even where it was manufactured. This stuff could have been manufactured, manufactured by the Chinese Communist Party. We don't know. Nobody knows. That's the truth. 16:03  And then, and here's some more evidence that maybe alludes to that is that this is from Pfizer biotech, the biotech meeting in January this year, they were committed to over $1 billion doses, you can see the second bullet 30 to 40% of the gross profit shares with Fossum pharma in China. They're six manufacturing sites for Pfizer and biontech. And then these are also contract manufacturing organizations. We don't know if there's dozens of them or hundreds of them around the world that finished the lipid nanoparticle and all finished capacity. So again, what's in who's putting the final MPs in there, the pegylated lipids, what's in them? According to the patents, it looks like it's harder gel and graphene oxide and people that are making themselves into walking you in magnets? Yeah, I know. So 16:52  did that just go through? Yeah. So for people who want to say no way, can you force me to put myself or my child at risk for permanent injury or death? Show them this letter. This is this is part of the FDA approval letter. It says that the data they've collected so far right is alarming. But it's not sufficient to assess the known serious risk of myocarditis, pericarditis, and subclinical mild carditis. So those children are being sent home from hospital say, they just took ibuprofen, it's a mild case of mild carditis. That is a big lie, their left ventricles inflamed and they are going to be suffering from heart failure at a very young age, it's going to affect their ability to perform everyday activities, sports, and eventually it can lead to death. So again, that's a huge lie. So they need to follow up on that. Here's another study that just says that they need to do a five year study, or sorry, this is a no yeah, five year four year study for mild carditis. This I really wanted to call attention to here's a five year study for pediatric patients in mild carditis How dare you tell me to you can inject a 12 year old child or a 19 year old college student or anyone in our military that you know, that is 1819 years old, and that you don't know what kind of damage you're going to be doing to their heart long term. Here, there's a study for ages five through 15 years of age, the CDC is rearing up to make this available for children now five to 11. And we're saying we don't know how, what kind of damage we're going to do to your children's hearts, if they're at five, you know, what kind of damage are they going to have at the age of six and are they going to live to see the age of seven, they don't know, going on the third dose. This is this is about the the booster shots. They don't know if this is going to cause mild carditis and in adults under the age of 30. The next one is really alarming. This is the shedding This is for women who are pregnant and have given birth to newborns. This is seeing whether or not there's birth defects in their babies, or if the newborns develop birth defects. When they are exposed to people who are vaccinated, these pregnant women aren't even injected. This is test to test for birth defects if a woman is around a person who was vaccinated. This is a highly deadly dangerous product. I don't understand that people don't see it as a bio weapon. It can only poison harm, permanently injure and kill people and cause dirt birth defects to our children and cause disease in our children and potentially death. Lastly, here's another one where they want to study a lower dose of the mRNA. Right now, comorbidity has 30 micrograms, and they're like, well, that's probably kind of high for someone that's under the age of 30. So between 12 and 30, because of immunogenicity, well, what's immunogenicity. The FDA defines it as it is basically your body overreacting to the vaccine and having an overreaction that causes serious permanent injury or 20:00  immune diseases, genetic disorders and death. 20:05  Karen, it 20:06  should be enough to say how No, right? Well, we're going to, it's chilling, it's frightening. And look, you I have said, ever since I've met you, and have spoken to you about this, this stuff. 20:21  Yeah, I'll give you a chance. There we are. Ever since you and I met I have called this the this entire story everything's from the the patenting of this jab, the the ingredients creating it, and so forth. The the it is the single most evil story in the history of mankind, what they have been doing. And I stand by that every time I talk to you, I am more and more convinced that those words as scary as they are, are true. This is the most evil story that's been thrust upon all of us in the history of our species. And it has got to be stopped, we're going to put these letters on our website, ladies and gentlemen, you know that it Doug billings.us, Karen has her own tab over there. It's not it's kind of like having your own tab at the bar, although it's a better tab and you get more information from it. And we we will have this letter up there. And you all email Karen and I for these templates in these letters, please use this, please refer to it and use it as you see fit and adapt it to your own specific situation. Karen, 21:28  thank you, you continually leave me speechless. Thank you for coming on the show. Thank you, and I agree with your dog 100%. This isn't just the war of our lifetime. This is the war of humanity. Nothing so depraved and evil has ever been brought on this world ever, ever. I mean, the infection causes a horrible diseases, horrible death. I mean, it's not the way God intended you to live your life, our days are all numbered by God and to be injected with this. And to think that you may have permanent disability, you may have permanent brain damage, you may not be able to function or walk or get out of bed, you may lose the ability to eat, you may lose the ability to control your body, you know, your all of your bodily functions. And that's how you're going to live your last days. And we didn't even and we didn't even touch on the fact that they're not concerned about eliminating this virus. In fact, the jab perpetuates the virus and there's a whole other dates of the virus and the end, the new variants that are coming from the vaccines are much more harmful to children SARS code to didn't do anything to children. So children are getting sick from this. Children are dying from variants. So I, I agree with you, it's the war of humanity, and we need to speak up and shed light on the truth. And I pray and hope that people, regardless of their political views, can see the truth for what it is to our own governments documents. You bet, Karen, again, thank you, ladies and gentlemen, Karen Kingston with us today, please do your research thoroughly. Check out these letters that we haven't done billings.us there's templates over there. Thank you very much, Karen. We love you. We appreciate you. Thanks again for listening to this episode of remnant revolution. If you liked what you heard, please leave a comment and rating in iTunes and Google Play. This helps us get heard by more people. And don't forget to share the podcast with your friends and family. Be sure to visit WWW dot remnant revolution.org to join the conversation, access the show notes and keep up to date on important events and programming. To catch all the latest from me. You can follow me on Instagram at remnant revolution. Until next time, armor up, stand up and speak up.     

My guest today is Yaniv Sarig, President and Chief Executive Officer of Mohawk Group, Inc. since 2018, is also the Co-Founder of the Group, in 2014. Prior to co-founding Mohawk, Mr. Sarig led the Financial Services Engineering department at Coverity, a leading software startup providing code quality and security solutions for top financial institutions and hedge funds in New York including NYSE, Nasdaq, JPMC and Barclays, from April 2012 to April 2014. Before joining Coverity, Mr. Sarig held lead technical roles at Bloomberg from October 2011 to April 2012 and EPIQ Systems, Inc. (Nasdaq: EPIQ), a legal process outsourcing company, from February 2006 to October 2011. Prior to moving to New York City, Mr. Sarig lived in Israel where he held various software engineering roles at startups from various industries including companies involved in digital printing solutions and military navigation systems. Mr. Sarig also served in the IDF Special Forces from November 1995 to November 1998, where he obtained the rank of Sergeant First Class. Mr. Sarig holds a Bachelor of Science in Computer Science from Touro College, is fluent in English, French, Hebrew and C++.     In this episode I'm going to introduce you to one of the ultimate dealmakers, Yaniv Sarig, the CEO of Mohawk Group. His company is valued at over a billion dollars based on one incredibly powerful idea:    use software and AI to help launch e-commerce products. Yaniv's software and AI technology finds wide-open e-commerce niches then stuffs an exciting new product into that niche before anyone else can even blink. Mohawk runs test launches, identifies market demand and creates new products faster than you think is possible. Then Mohawk owns that market, and starts looking for the next one.  I've learned a lot about dealmaking from Yaniv, and I'm sure you will too, because while his software does a lot of the heavy lifting, ultimately it's Yaniv's dealmaking skills that make all this possible, to the tune of a billion dollars. Watch this episode and learn from a master. Enjoy!  Oren       

Yaniv Sarig is Co-Founder and CEO of The Mohawk Group. Prior to co-founding Mohawk, Yaniv led the Financial Services Engineering department at Coverity, a leading software startup providing code quality and security solutions for top financial institutions and hedge funds in New York including NYSE, Nasdaq, JPMC and Barclays, from April 2012 to April 2014. Before joining Coverity, Mr. Sarig held lead technical roles at Bloomberg from October 2011 to April 2012 and EPIQ Systems, Inc. (Nasdaq: EPIQ), a legal process outsourcing company, from February 2006 to October 2011. Prior to moving to New York City, Mr. Sarig lived in Israel where he held various software engineering roles at startups from various industries including companies involved in digital printing solutions and military navigation systems. Mr. Sarig also served in the IDF Special Forces from November 1995 to November 1998, where he obtained the rank of Sergeant First Class. Mr. Sarig holds a Bachelor of Science in Computer Science from Touro College, is fluent in English, French, Hebrew and C++.

View the full video interview here. How software is changing Consumer Packaged Goods (CPG) forever with Yaniv Sariq, Co-Founder and CEO @ The Mohawk Group. Yaniv Sarig has served as a director and our President and Chief Executive Officer since September 2018, is a co-founder of Mohawk Opco and has served as a director and President and Chief Executive Officer since June 2014. Prior to co-founding Mohawk, Yaniv led the Financial Services Engineering department at Coverity, a leading software startup providing code quality and security solutions for top financial institutions and hedge funds in New York including NYSE, Nasdaq, JPMC and Barclays, from April 2012 to April 2014. Before joining Coverity, Yaniv held lead technical roles at Bloomberg from October 2011 to April 2012 and EPIQ Systems, Inc. (Nasdaq: EPIQ), a legal process outsourcing company, from February 2006 to October 2011. Prior to moving to New York City, he lived in Israel where he held various software engineering roles at startups from various industries including companies involved in digital printing solutions and military navigation systems. Yaniv also served in the IDF Special Forces from November 1995 to November 1998, where he obtained the rank of Sergeant First Class. He aholds a Bachelor of Science in Computer Science from Touro College, is fluent in English, French, Hebrew and C++.

Modern end-user computing platforms such as smartphones (e.g., Android and iOS)and smart home systems (e.g., SmartThings and NEST) provide programmable interfaces for third-party integration, enabling expressive and popular functionality that is often manifested in applications, or ​apps.​ Thus, for the last decade, designing security systems to analyze ​apps for vulnerabilities or unwanted behavior has been a major focus within the security community. This approach has continued well into the smart home, with researchers developing systems inspired by lessons from Android security to inspect ​IoT apps developed for popular platforms such as SmartThings. However, emerging characteristics of smart home ecosystems indicate that IoTapps may not represent automation in real homes, and may even be unavailable in the near future. That is, while API misuse by third-party developers is an important problem, the approach of ​analyzing/instrumenting IoT apps may not offer an effective or sustainable solution.In this talk, I will describe the challenges for research in the backdrop of the unsuitability of IoTapps for practical security analysis, and motivate three alternate research directions. First, I will describe the need to develop an alternative artifact for security analysis that is representative of automation usage in the wild. To this end, I will introduce Helion, a system that uses statistical language modeling to generate natural ​home automation scenarios​, i.e., realistic event sequences that are closely aligned with the real home automation usage in end-user homes,which can be used for security or safety analysis. Second, I will illustrate the need to improve the security of mobile companion apps, which often form the weakest link in smart home deployments, and the important position of security analysis/compliance tools in ensuring the development of secure companion apps. To this end, I will present the mSE framework, which automatically and rigorously evaluates static program analysis-based security systems using mutation testing. Our work on mSE (and its successor, MASC) culminated in the discovery of critical security flaws in popular tools such as FlowDroid, CryptoGuard, Argus, and Coverity that affect the reliability and soundness of their analysis. Finally, I will conclude the talk by describing our current efforts to build ​system-level defenses into IoT platforms that are agnostic to IoTapps, i.e., independent of their visibility or mutability, thereby potentially providing a lasting solution to API misuse by third-party developers. About the speaker: ​Adwait Nadkarni is an Assistant Professor in the ​Department of Computer Science​, and director of the ​Secure Platforms Lab (SPL) at ​William & Mary​. Prof. Nadkarni's primary research domain is security and privacy, with a focus on emerging platforms, and the areas of operating systems and software security. Prior to joining William & Mary, Prof. Nadkarni earned his Bachelor of Engineering (BE) in Computer Engineering from the ​University of Mumbai in July 2011, followed by his Ph.D. and M.S. in Computer Science from the ​Computer Science Department at the ​North Carolina State University in May 2017 and December 2012respectively, both with ​Dr. William Enck​. At NC State, Prof. Nadkarni was a founding member of the ​Wolfpack Security and Privacy Research (WSPR) Lab​, and served as its Lead Graduate  Student until May 2017.

Modern end-user computing platforms such as smartphones (e.g., Android and iOS)and smart home systems (e.g., SmartThings and NEST) provide programmable interfaces for third-party integration, enabling expressive and popular functionality that is often manifested in applications, or ​apps.​ Thus, for the last decade, designing security systems to analyze ​apps for vulnerabilities or unwanted behavior has been a major focus within the security community. This approach has continued well into the smart home, with researchers developing systems inspired by lessons from Android security to inspect ​IoT apps developed for popular platforms such as SmartThings. However, emerging characteristics of smart home ecosystems indicate that IoTapps may not represent automation in real homes, and may even be unavailable in the near future. That is, while API misuse by third-party developers is an important problem, the approach of ​analyzing/instrumenting IoT apps may not offer an effective or sustainable solution. In this talk, I will describe the challenges for research in the backdrop of the unsuitability of IoTapps for practical security analysis, and motivate three alternate research directions. First, I will describe the need to develop an alternative artifact for security analysis that is representative of automation usage in the wild. To this end, I will introduce Helion, a system that uses statistical language modeling to generate natural ​home automation scenarios​, i.e., realistic event sequences that are closely aligned with the real home automation usage in end-user homes,which can be used for security or safety analysis. Second, I will illustrate the need to improve the security of mobile companion apps, which often form the weakest link in smart home deployments, and the important position of security analysis/compliance tools in ensuring the development of secure companion apps. To this end, I will present the mSE framework, which automatically and rigorously evaluates static program analysis-based security systems using mutation testing. Our work on mSE (and its successor, MASC) culminated in the discovery of critical security flaws in popular tools such as FlowDroid, CryptoGuard, Argus, and Coverity that affect the reliability and soundness of their analysis. Finally, I will conclude the talk by describing our current efforts to build ​system-level defenses into IoT platforms that are agnostic to IoTapps, i.e., independent of their visibility or mutability, thereby potentially providing a lasting solution to API misuse by third-party developers.

WISP.org PSA at 35m56s - 37m 19s   Agenda:Bio/background Why are you here (topic discussion) What is the Linux Security Summit North America https://grsecurity.net/   Questions from the meeting invite:   This only affects people who want to use a custom kernel, correct? This doesn’t affect you if you are running bog-standard linux (debian, gentoo, Ubuntu) right? What options do people have in cloud environments?   Does the use of microservices make grsecurity less worthwhile?   You mentioned ARM 64 processors in your first slide as making  significant security functionality strides. With Apple and Microsoft going to ARM based processors, what are some things you feel need to be added to the kernel to shore up Linux for ARM, since some purists enjoy an Apple device with Linux on it? https://www.youtube.com/watch?v=F_Kza6fdkSU - Youtube Video   https://grsecurity.net/10_years_of_linux_security.pdf -- pdf slides   https://lwn.net/Articles/569635/ - Definition of KASLR    LTS kernels moved from 2 years to 6 years - why? 6 years is pretty much “FOREVER” in software development.  Patches get harder to backport, or worse; Could introduce new vulnerabilities Project Treble: https://www.computerworld.com/article/3306443/what-is-project-treble-android-upgrade-fix-explained.html   LTSI: https://ltsi.linuxfoundation.org/   4.4 XLTS is available until Feb2022 -  If fixes and all bugs haven’t been backported (1,250 security fixes aren’t in the latest stable 4.4 kernel) What are the “safe” kernels? Has anything changed since the presentation you gave earlier in July 2020    Syzkaller Let’s discuss Slide 27 (what are those tems?) “Is it improving code quality, or Is it making people lazier and more reliant on a tool to check code?” Slide 29 audio, you mention that you use Syzkaller… why do you use it?   Exploitation Trends Attackers still don’t care about whether a vulnerability has a CVE assigned or not Don’t many vulnerabilities require some work to get to the kernel? And why should they work to get to the kernel?   https://www.bleepingcomputer.com/news/security/rewards-of-up-to-500-000-offered-for-freebsd-openbsd-netbsd-linux-zero-days/ 500K IF the kernel vuln affects major distros (Centos, Ubuntu) https://resources.whitesourcesoftware.com/blog-whitesource/top-10-linux-kernel-vulnerabilities   Why does Zerodium payout for kernel vulns lower than application vulns? Would it be fair to say that getting root/persistence is all that matters and you don’t need to worry about the kernel to do so?   Many of the new security features are protecting against bad programming practices?  So by adding all these things, who are you securing systems against?  Bad actors, or devs who employ poor coding measures?  Why do you think we see lower adoption rates of security      Problem solving: Halvar Flake: http://addxorrol.blogspot.com/2020/03/before-you-ship-security-mitigation.html   If we have time…    Threat models in a kernel Where do they go in the development lifecycle? If kernel dev is an open environment, what precipitates the need for a kernel mitigation threat model Is there an example somewhere that we can see? What is the format? Methodology? Do you think static code analysis of the kernel is worthwhile at all? Absolutely! We do a lot of it, including via the analysis resulting from compiling with LLVM, as well as via specific static analysis GCC plugins of our own.   OK, what about the large amount of false positives the analyzers generate? Do you get around with your custom plugins? Also do you use the analyzers included with Clang and GCC v.10 or 3rd products? That's usually a property of the analysis itself -- some can have large false positive issues, others not. Ideally we try to limit that for the plugins we write (we just recently added one helpful for some kind of NULL ptr dereferences this week). My understanding is the public now also has access to the Coverity reports for the kernel? As far as GCC versions, yes we test with all versions from 4.5 to 10.   What do you think of proposed XPFO patch? https://lwn.net/Articles/784839/ The performance profile is a big problem, and it doesn't address that the same attack can be performed in a different way that it wouldn't handle (that limitation is also mentioned in the original paper). So we haven't invested in it at all with our own work.   how about git sha-256 security measures ? Not my domain of expertise, but sounds like a good idea.   What is the status of KASLR on non-Intel architectures? ARMv7/v8? It exists there as well, and is shipped in Android. It's also recently been added for PowerPC.   What dynamic analysis/testing tools do you use for the kernel? We have a couple racks of hardware, including some new AMD EPYC2 systems dedicated entirely to testing and syzkaller fuzzing. We have syzkaller in place (along with backports of functionality to improve its functionality/coverage) for all kernels we support, as well as a good mix of physical/VM systems for major distros, and automated build/boot/functionality/regression testing in a number of configs across ARM/ARM64/MIPS/PowerPC/SPARC64/i386/x86_64. Thanks! Do you write your own configs/definitions for syzkaller? Yes, including some changes to the code to have it detect some of our specific kernel message (size_overflow, refcount, RAP, etc)   What do you think about LKRG? Also, does grsec provide any similar runtime protection/detection/security? I think it's a good alternative to some other commercial security products, but it's not what our goal is with grsecurity. I like the author of LKRG, but heuristic-based security is always problematic as you can't perform the checks everywhere they need to be performed, or as often as they need to be performed. When an attacker knows the checks performed (or has a general idea), then it's easy to devise an attack that would bypass it, knowing how computationally complex it would be to detect. So in grsecurity we focus on providing real defense vs just having a chance to detect something after the fact.   Do you plan on implementing RAP on PowerPC Architecture? We haven't seen any commercial interest in it, but RAP is technically architecture-independent. We've done some demos for non-x86 architectures, and also just recently (within the past month or so), released a version for i386.   For how long GRSecurity is planning to support 5.4 LTS and LTS generally? What do you think is a good rule of thumb? We've always generally supported them for 3 years, regardless of upstream's support periods. We have an independent process for performing backports that involves looking at all the upstream commits and other sources of information, regardless of any stable/Fixes tags (basically a manual version of AUTOSEL).   What is your opinion of the recently proposed Function-Granular KASLR series? Not a fan of *KASLR in the kernel in general. It tries to deal with a problem (poorly) that there already exists a much better solution for: CFI.   Could you comment on how well (relative to your x86 detailed knownledge) ARM and PPC security fixes are backported? We have many years of reverse engineering experience (15+ on my end) across multiple architectures. We were the first to develop software-based PXN/PAN for ARM for instance. We've also developed functionality specifically for non-x86 architectures. Within the past 2 years or so, we added POWER9 support for REFCOUNT, and have the physical hardware on site (in additional to qemu-based testing) to perform the work. But yes, our backports cover all architectures we support.   What is your opinion on the use of BPF for security-purposes, i.e. security monitoring and newer approaches like KRSI? Enabling something like BPF solely for the use of security seems like it could backfire, given how invasive it is. As long as it's not controllable by an unprivileged user, I think it's fine. Anything that avoids the hassle of having to upstream something in order to implement some new kind of security check, is a good idea. They'll still be limited by the LSM interface itself, so that would be the next barrier to go. With BTF, there's a lot of possibility there.   Regarding exploiting containers: isn't the issue with containers that they have very poor defaults and that people don't use the features they could? For example: mounting sysfs or procfs into a container or not adjusting seccomp/apparmor (or better(?) selinux) policies? That's a problem, but the crucial problem is the shared kernel among all containers. If you look at past exploits, they've been in things like futex, mremap, waitid, brk, etc, all syscalls that would be allowed in nearly all of the most strict seccomp policies. The granularity of current seccomp policies is really not that great, and any sufficiently complex code will necessarily have exposure to a large part of kernel attack surface.   What do you think about the CIP Projects' focus on CVE tracking (especially for the kernel)? It's a good initiative, but the main problem with the kernel is that most vulnerabilities in the kernel don't get a CVE in the first place. I know for certain that many of the security issues we've tweeted haven't had a CVE assigned. The ones that do are when a distro with the vuln present in their kernel spots it and requests one. Most vulnerabilities in recent kernels especially don't get CVEs requested, because distros aren't shipping them.   What's your opinion on SMACK? Any other reference implementation except Tizen? Haven't used it myself, so no opinion one way or another, sorry Doesn't seem bad at least in terms of number of security fixes backported to it compared to other access control LSMs.   If you disable as many CONFIG_* options in your kernel config have you actually reduced your attack surface or is most of the vulnerable code not in modules? Yes, this is a good approach particularly for upstream kernels. I would definitely recommend compiling your own kernel instead of using default distro configs (from a security perspective). Under grsecurity, we have a feature that makes it actually a good idea to put as much functionality in modules as possible, as they can't be auto-loaded by unprivileged users. So the functionality is there if it's needed across a fleet of systems, without the downsides. TARA analysis performed in Linux Kernel ? I'm not familiar with this, sorry!   Is the poor state of LTS and XLTS security backports found in PPC and ARM as well as (presumably) what you report for x86? It's somewhat of an across-the-board problem   Actually I hoped that you will tell about new cool features that appeared in grsecury. Can you share anything about your new kernel heap hardening? It's called AUTOSLAB, and it's useful both for security (particularly against AEG and UAFs), but also for debugging.  Minimal performance impact, we've had one person mention their system feels faster now, and we actually had a bug in one of our routine benchmarks where the feature got enabled in the "minimal" config, yet still reported better benchmark results in all tests than an upstream kernel.  So a really nice performance profile, with some additional memory wastage in the MEMCG case, but nothing terrible.  Also non-invasive, as it's done through a GCC plugin. Thanks for your talk, Brad! What would make you work for upstream? We offered that already years ago, and none of the companies involved seemed to be interested.  So we're funded directly now by people that benefit from our work.       Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #AmazonSmile: https://brakesec.com/smile  #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel:  http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site:  https://brakesec.com/bdswebsite #iHeartRadio App:  https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Rob and Jason are joined by Botond Ballo and Tom Honermann to discuss what features were added and removed from the C++20 draft paper at the ISO meeting in Cologne.   Botond Ballo is a software engineer at Mozilla, where he has been working on the Firefox web browser's rendering engine for 6 years. He's been attending C++ standards meetings for about the same time, and blogging about them to keep the C++ user community informed about standardization progress. In the committee, his interests include general language evolution, reflection, and tooling. Botond likes to hack on IDEs and other developer tools in his spare time. Offline, you might spot him climbing rocks or reading fantasy novels. Tom Honermann is a software engineer at Synopsys where he has been working on the Coverity static analyzer for the past 8 years. His first C++ standard committee meeting was Lenexa in 2015. He currently chairs the SG16 text and Unicode study group and participates in the SG2 modules, SG13 HMI/IO, and SG15 tooling study groups. His contributions to C++20 include the new char8_t builtin type. A C++ minion with 20 years professional experience. Husband and father of two awesome boys. Botond Ballo @BotondBallo Botond Ballo's Blog Tom Honermann @tahonermann Tom Honermann's Blog Links 2019-07 Cologne ISO C++ Committee Trip Report p1607 - Minimizing Contracts Sponsors Backtrace Announcing Visual Studio Extension - Integrated Crash Reporting in 5 Minutes Hosts @robwirving @lefticus  

Michele Bettencourt is the Co-CEO and Founder of He Said/She Said, a film production company and the Executive Producer of the documentary film, “Beautiful Lie” the story of Michele’s transition from Anthony Bettencourt to Michele a non-binary transgender m2f (male to female).  “Beautiful Lie” is scheduled to be released in the summer of 2019 at various film festivals. Michele’s documentary was filmed while she transitioned professionally, and personally, from the President, CEO and Chairman of Imperva, a cyber security software and services company, and from male to non-binary transgender m2f.  Michele is also a musician who wrote, sang and played drums on the rock album entitled “New Normal” available on iTunes. Michele served in those roles since she joined Imperva in 2014.  Prior to working at Imperva, Michele was President, CEO and Chairman of Coverity from 2010 to 2014, replacing the founder.  Michele has worked in Silicon Valley since 1982 when she dropped out of college at the University of Santa Clara where she was majoring in English. She later went back to Santa Clara in her mid-40’s to complete her B.A. in 2006. The post 145: From Successful Silicon Valley CEO to Non-Binary Transgender m2f Filmmaker, Songwriter & Nonprofit Founder w/ Michele Bettencourt, He Said/She Said Productions appeared first on Time4Coffee.

Michele Bettencourt is the Co-CEO and Founder of He Said/She Said, a film production company and the Executive Producer of the documentary film, “Beautiful Lie” the story of Michele’s transition from Anthony Bettencourt to Michele, a non-binary transgender m2f (male to female).  “Beautiful Lie” is scheduled to be released in the summer of 2019 at various film festivals. Michele’s documentary was filmed while she transitioned professionally from the President, CEO and Chairman of Imperva, a cyber security software and services company.  Michele is also a musician who wrote, sang and played drums on the rock album entitled “New Normal” available on iTunes. Michele served in those roles since she joined Imperva in 2014.  Prior to working at Imperva, Michele was President, CEO and Chairman of Coverity from 2010 to 2014, replacing the founder.  Michele has worked in Silicon Valley since 1982 when she dropped out of college at the University of Santa Clara where she was majoring in English. She later went back to Santa Clara in her mid-40’s to complete her B.A. in 2006. The post 144: What It’s Like to Transition at Work & Home to a Non-Binary Transgender Male to Female (m2f) w/ Michele Bettencourt, He Said/She Said Productions [Main T4C episode] appeared first on Time4Coffee.

GUEST BIO: Eric Lippert is a programmer who builds tools for other programmers.  He’s worked on Visual Basic, JavaScript and C# at Microsoft, designed code analyzers at Coverity, and is now working on a variety of programming language design problems at Facebook. EPISODE DESCRIPTION: Phil’s guest on today’s show is Eric Lippert. His career has been a long and varied one. He was a Principal Developer at Microsoft and a member of the C# language design team. Eric was also involved in the design and implementation of VBScript, JScript, Windows Script Host and Visual Studio Tools for Office. Over the years, Eric has published and edited numerous programming books and is now working at Facebook. KEY TAKEAWAYS: (01.00)­­­ – Phil asks Eric to expand on his brief introduction. Eric said that he studied computer science and maths at the University of Waterloo. There they run a co-operative education system where you study for 4 months and work for 4. He was an intern at Wacom and Microsoft. When he left Microsoft he went to work at Coverity. He is now working on developer tools at Facebook. (3.39) – Phil asks Eric for a unique IT career tip. When Eric was a young developer at Microsoft his manager told him to “find a source of questions and learn to answer them”. He put that advice to work straight away and read every question in the JavaScript group. If someone asked a question that related to his area that he did not know the answer to, he would go away and find out. That taught him to answer queries concisely, which in turn honed his own knowledge. (5.54) – Can you tell us about your worst IT career moment and what you learned from the experience? Eric says it was probably the morning he woke up to the headline “Worst Security Flaw Ever Found in Internet Explorer”. Eric had worked on the piece of code that was involved in the issue. At first, he thought that he may have made the error. It turned out that his code had been changed and that change had not been properly reviewed, so the potential weakness was not found. The security flaw was nowhere near as serious as reported by the press. It would have required a virtually impossible hack to be executed in order to take advantage of the flaw. After that, a much stronger culture of code reviews was put into place. (9.17) – Phil says to Eric - Can you maybe take us through your career highlights or greatest success? Eric says there were two. The first was his work on a new version of VisualStudio. They met the completion target date and every single planned feature was included in the release. His other highlight was being involved in the “from scratch” C sharp rewrite. That massive project was also successfully completed and shipped. C sharp now has over 5 million lines of code, it is truly huge. (14.42) – Looking to the future Phil wants to know what excites Eric about the IT industry. Eric says it is the fact that we have still only really scratched the surface. There are so many features that can still be added to the various languages. For example, we can take features from programming languages and add them to production languages which would immediately raise the bar. We want to be able to write programs that can reason naturally about all kinds of probabilistic things and we are getting there. There is still a ton of stuff to do in the programming languages and tools space. (17.43) – What first attracted you to a career in IT? Eric started programming before he owned a computer. He would write them out on paper and type them into the school’s Commodore PET. He had intended to study either mathematics or physics. But, he soon realized that he was not good at physics. He was much better at computer programming and enjoyed it, plus he could work while studying IT. (19.22) – What is the best career advice you have been given? Eric reiterated the advice to find a source of questions and answer them. But, he added that it was important to learn how to write well. Learn how to be concise and convince people that you’ve written correct code. To do that you need to write convincingly. (20.29) if you were to begin your IT career again, right now, what would you do? Eric says he would study statistics. Much of the machine learning and probabilistic programming is about understanding statistics. With differential programming there is even calculus involved, something Eric never expected to see. (21.27) – What objectives are you focusing on now Eric? He responded by saying, "Building cutting-edge tools and helping real developers to get real stuff done". The same focus he had at the start of his career. (21.30) – What would you consider to be your most important non-technical skill? Being able to communicate effectively, it is crucial. (22.57) - Eric, can you share a parting piece of career advice with the IT Career Energizer audience. Know your tools. I get pitched features for tools and programming languages that already exist. It shows that a lot of people do not know their tools well. It also indicates that the tools are not as discoverable as they should be. Users need to dig in and understand them better and tool providers need to make their tools more discoverable. BEST MOMENTS:  (2.18) ERIC – “I have a keyboard on my desk that is older than my intern.” (4.09) ERIC – “Find a source of questions and learn to answer them”  (9.27) ERIC – “I want to ship actual code that solves actual developer’s problems” (14.34) ERIC – “It’s immensely satisfying to build something really, really big that actually works.” (17.25) ERIC – “Every time you build a tool, you magnify your impact across the entire industry.” (20.54) ERIC - “So much of machine learning and probabilistic programming is about understanding statistical concepts.” CONTACT ERIC LIPPET: Twitter: https://twitter.com/ericlippert @ericlippert LinkedIn: https://www.linkedin.com/in/eric-lippert-a3893485/ Website: https://ericlippert.com

Paul Holland is a partner at Foundation Capital and an expert in venture capital, taking startups from zero to $110M. He's also the producer of a critically acclaimed documentary and a champion of living a 'green' lifestyle. Three Things We Learned Environmental awareness is the future About the time Paul was preparing to build a new home, he attended a TED Talk by Bill McDonough, a leader in LEED design, technology and construction. His focus became environmentally regenerative design LEED for Home. His home "Tah.Mah.La" is the greenest home in America. Paul sees the future of green and how the current mindset of water and conservation has to change to save the land as we know it. Taking a chance can pay off Paul is lucky enough to own a part of Netflix. Around 2003 his buddy, one of the sharpest software minds of our generation was mailing DVD's from him home. He wanted a business he could easily run from his house in Santa Cruz. Many of the smart minds around him considered it a hokey business but we all know now what Reed Hastings built and 'the rest is history'. Who you associate with is important Paul says it's important to associate with really successful people. But it's not always easy. A lot of the time, those people are not the ones you are socially comfortable with. He was fortunate and smart enough himself to associate with successful people and those early connections led him to his current place in life. Now where he's at, the Silicon Valley, it's a way of life and people are very comfortable combing social and commerce. It's become the way of life there. Paul Holland is a partner at Foundation Capital where he invests in IT, consumer, and digital energy sectors. Paul currently serves on the boards of Homesuite, Peerspace, SkyCure, Dreambox Learning, KiK and InsideView. Past investments include Chegg (CHGG), MobileIron (MOBL), Coverity (acquired by Synopsys), Averail (acquired by MobileIron), Conformia (acquired by Oracle), Ketera (acquired by Rearden Commerce), RouteScience (acquired by Avaya), Talking Blocks (acquired by Hewlett-Packard), and TuVox (acquired by West). Before Foundation Capital, he worked at -- and helped take public -- two software start-ups, Kana Communications with Mark Gainey, and Pure Software with Reed Hastings. His two start-ups ended up being worth over $13 billion in aggregate. He's also the past president of the Western Association of Venture Capital. Paul is co-executive producer of Something Ventured, a critically acclaimed documentary on the origins of the venture capital industry. http://foundationcapital.com http://www.tahmahlah.com/

John Kodumal is CTO and Co-Founder of LaunchDarkly, a continuous delivery platform. John was a development manager at Atlassian, where he led engineering for the Atlassian Marketplace. Prior to that he was an architect at Coverity, where he worked on static and dynamic analysis algorithms. He has a Ph.D. from UC Berkeley in programming languages and type systems, and a BS from Harvey Mudd College.

This week on the show, we'll be talking with Peter Toth. He's got a jail management system called "iocage" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up. This episode was brought to you by Headlines FreeBSD on Olimex RT5350F-OLinuXino (https://www.bidouilliste.com/blog/2015/07/22/FreeBSD-on-Olimex-RT5350F-OLinuXino) If you haven't heard of the RT5350F-OLinuXino-EVB, you're not alone (actually, we probably couldn't even remember the name if we did know about it) It's a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM This blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment In part two of the series (https://www.bidouilliste.com/blog/2015/07/24/FreeBSD-on-Olimex-RT5350F-OLinuXino-Part-2), he talks about the GPIO and how you can configure it Part three is still in the works, so check the site later on for further progress and info *** The modern OpenBSD home router (https://www.azabani.com/2015/08/06/modern-openbsd-home-router.html) In a new series of blog posts, one guy takes you through the process of building an OpenBSD-based gateway (http://www.bsdnow.tv/tutorials/openbsd-router) for his home network "It's no secret that most consumer routers ship with software that's flaky at best, and prohibitively insecure at worst" Armed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless This guide also covers PPP and IPv6, in case you have those requirements In a similar but unrelated series (http://jaytongarnett.blogspot.com/2015/07/openbsd-router-bt-home-hub-5-replacement.html), another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge He also has a separate post (http://jaytongarnett.blogspot.com/2015/08/openbsd-l2tpipsec-vpn-works-with.html) for setting up an IPSEC VPN on the router *** NetBSD at Open Source Conference 2015 Kansai (https://mail-index.netbsd.org/netbsd-advocacy/2015/08/10/msg000691.html) The Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference They had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event Last time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k They had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it And what conference would be complete without an LED-powered towel *** OpenSSH 7.0 released (https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034289.html) The OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code SSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled The syntax for permitting root logins has been changed, and is now called "prohibit-password" instead of "without-password" (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now If you're using an older configuration file, the "without-password" option still works, so no change is required You can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications Various bug fixes and documentation improvements are also included Aside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users In the next release, even more deprecation is planned: RSA keys will be refused if they're under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled *** Interview - Peter Toth - peter.toth198@gmail.com (mailto:peter.toth198@gmail.com) / @pannonp (https://twitter.com/pannonp) Containment with iocage (https://github.com/iocage/iocage) News Roundup More c2k15 reports (http://undeadly.org/cgi?action=article&sid=20150809105132) A few more hackathon reports from c2k15 in Calgary are still slowly trickling in Alexander Bluhm's up first, and he continued improving OpenBSD's regression test suite (this ensures that no changes accidentally break existing things) He also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging Renato Westphal sent in a report (http://undeadly.org/cgi?action=article&sid=20150811171006) of his very first hackathon He finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network Philip Guenther also wrote in (http://undeadly.org/cgi?action=article&sid=20150809165912), getting some very technical and low-level stuff done at the hackathon His report opens with "First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking." - not exactly beginner stuff There were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well *** FreeBSD jails, the hard way (https://clinta.github.io/freebsd-jails-the-hard-way) As you learned from our interview this week, there's quite a selection of tools available to manage your jails This article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf Unlike with iocage, ZFS isn't actually a requirement for this method If you are using it, though, you can make use of snapshots for making template jails *** OpenSSH hardware tokens (http://www.tancsa.com/mdtblog/?p=73) We've talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client and server? This blog post will show you how to use a hardware token as a second authentication factor, for the "something you know, something you have" security model It takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd Most of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too *** LibreSSL 2.2.2 released (http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt) The LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes At the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don't want in a crypto tool...) and much more SSLv3 support was removed from the "openssl" command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it'll be removed completely Various other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc It'll be in 5.8 (due out earlier than usual) and it's in the FreeBSD ports tree as well *** Feedback/Questions James writes in (http://slexy.org/view/s216lrsVVd) Stuart writes in (http://slexy.org/view/s20uGUHWLr) ***

This week, Dave and Gunnar talk about: computers that think, computers that think they’re thinking, and people that think computers are people. Gunnar is a Trello addict The Mother of all Web Tracking Catalogs. I think we’re done now. Housewarming gift via Heat template: Germans get free heating from the cloud BrowserStack gets utterly humiliated ChatOps is just thrilling User modeling with Watson That Time 2 Bots Were Talking, and Bank of America Butted In The ultimate weapon against GamerGate time-wasters: a 1960s chat bot that wastes their time Lauren and her juggling app mentioned on Gizmodo and Lifehacker UK GCN wins Gunnarbait of the week Preceded by this article on DHS and Coverity. Succeeded by Dave’s article 6 tips for adopting open source published on GCN RHEL Atomic beta now out! Dave keeps the SELinux on in the Docker docs OpenShift Enterprise 2.2 is out, with Fuse and A-MQ Messaging cartridges (xPaaS!) and CloudForms integration https://install.openshift.com/ is mind-blowing. Red Hat Enterprise Linux 6.5 to 6.6 risk report Google Cloud Platform says: “Red Hat has contributed tirelessly to almost every component of the stack and has been instrumental in shaping and improving the overall production readiness of Kubernetes.” Not my circus, not my monkey: Idioms of the World HT Bob St. Clair and related: Management Time: Who’s Got the Monkey?  Cutting Room Floor Cat Math What Happens When A Photographer Secretly Takes Over A Town’s Surveillance Camera Software-Defined Talk Podcast We Give Thanks Bob St. Clair for monkey management tips

Asiat: - LinuCast kunniamainittu vuoden Linux-tekijä-palkintojenjaossa - Red Hat teki jälleen loistavan tuloksen - Miten GNOME ja KDE kuluttavat rahojaan - Microsoft lanseerasi avoimen koodin säätiön - Microsoft julkaisi avoimen lähdekoodin käyttöjärjestelmän - Barrelfish - Linux 2.6.32-rc1 julkaistu - Torvalds: Linux-ydin on "paisunut ja valtava" - Coverity julkaissut jälleen arvion Linuxin lähdekoodin laadusta - Theora 1.1 (Thusnelda) julkaistu - GNOME 2.28 julkaistu - BeOS tekee paluun avoimen koodin Haikuna - Avoimen koodin ohjelmiin suomennetaan ohjeita - Aikatauluongelmien kanssa rypeneen X Server -projektin kehittämiseen tulossa muutoksia - Esimakua tulevasta Qt 4.6 julkaisusta - Boot over HTTP - Norja siirtyy avoimiin standardeihin Puhumassa: - Henrik - Ninnnu - Sakari Nylund

This episode is a discussion with Jonathan Aldrich (Assistant Professor at CMU) about static analysis. The discussion covered theory as well as practice and tools. We started with an explanation of what static analysis actually is, which kinds of errors it can find and how it is different from testing and reviews. The core challenge of such an analysis tool is to understand the semantics of the program and reduce its possible state space to make it analysable - in effect reconstructing the programmer's intent from the code. The user can "help" the tool with this challenge by using suitable annotations; also, languages could do a better job of being analysable. The conceptual discussion was concluded by looking at the principles of static analysis (termination, soundness. precision) and how this approach relates to model analysis. The second more practical part started out with a discussion of how Microsoft successfully uses static analysis in their Windows development. We then discussed some of the tools available; these include Findbugs, Coverity, Codesonar, Clockwork, Fortify, Polyspace and Codesurfer. To conclude the discussion of tools, we discussed the commonalities and differences with architecture visualization tools as well as metrics and heuristics. Part three of the discussion briefly looked at how to introduce static analysis tools into an organization's development process and tool chain. We concluded the discussion by looking at situations where static analysis does not work, as well as at the FLUID research project at CMU.

This episode is a discussion with Jonathan Aldrich (Assistant Professor at CMU) about static analysis. The discussion covered theory as well as practice and tools. We started with an explanation of what static analysis actually is, which kinds of errors it can find and how it is different from testing and reviews. The core challenge of such an analysis tool is to understand the semantics of the program and reduce its possible state space to make it analysable - in effect reconstructing the programmer's intent from the code. The user can "help" the tool with this challenge by using suitable annotations; also, languages could do a better job of being analysable. The conceptual discussion was concluded by looking at the principles of static analysis (termination, soundness. precision) and how this approach relates to model analysis. The second more practical part started out with a discussion of how Microsoft successfully uses static analysis in their Windows development. We then discussed some of the tools available; these include Findbugs, Coverity, Codesonar, Clockwork, Fortify, Polyspace and Codesurfer. To conclude the discussion of tools, we discussed the commonalities and differences with architecture visualization tools as well as metrics and heuristics. Part three of the discussion briefly looked at how to introduce static analysis tools into an organization's development process and tool chain. We concluded the discussion by looking at situations where static analysis does not work, as well as at the FLUID research project at CMU.

This episode is a discussion with Jonathan Aldrich (Assistant Professor at CMU) about static analysis. The discussion covered theory as well as practice and tools. We started with an explanation of what static analysis actually is, which kinds of errors it can find and how it is different from testing and reviews. The core challenge of such an analysis tool is to understand the semantics of the program and reduce its possible state space to make it analysable - in effect reconstructing the programmer's intent from the code. The user can "help" the tool with this challenge by using suitable annotations; also, languages could do a better job of being analysable. The conceptual discussion was concluded by looking at the principles of static analysis (termination, soundness. precision) and how this approach relates to model analysis. The second more practical part started out with a discussion of how Microsoft successfully uses static analysis in their Windows development. We then discussed some of the tools available; these include Findbugs, Coverity, Codesonar, Clockwork, Fortify, Polyspace and Codesurfer. To conclude the discussion of tools, we discussed the commonalities and differences with architecture visualization tools as well as metrics and heuristics. Part three of the discussion briefly looked at how to introduce static analysis tools into an organization's development process and tool chain. We concluded the discussion by looking at situations where static analysis does not work, as well as at the FLUID research project at CMU.