Podcasts about errr

In this episode, I'm explaining What I Learnt From: Reduce Change to Increase Improvement by Viviane Robinson. This is the third episode that sees me go through my annotations and notes for a book that explores an area of English teaching or leadership.This time, it's a text that I was actually assigned as part of a Masters I did a few years ago. Amidst all the theoretical reading, Viviane Robinson's writing jumped out as instantly practical and so resonant when considering my own experience with leadership. I subsequently listened to a brilliant episode she did with Ollie Lovell for the ERRR, which brought all of its ideas to life. As always with these books, I really recommend you take a look by purchasing for your department or self but particularly if you're someone with middle leadership or management aspirations or responsibilities. Expect to hear: What the bypass and engagement approach to improvement areWhat a theory of action isHow to have constructive problem talkHow to respectfully inquire into others' theory of actionAnd finally, the four phases of theory engagement that lead to lasting changeIf you want to be kept up to date on when educational chat like this happens, then be sure to subscribe to the podcast and/or follow me on Twitter @chrisjordanhkLinks:Reduce Change to Increase Improvement by Viviane RobsinsonOllie Lovell's interview with Viviane Robinson on the ERRR

This episode we're speaking with Benjamin Riley. Ben is the founder of Cognitive Resonance, a think-and-do tank devoted to helping people to understand human cognition and generative AI. Previously, Ben founded and led Deans for Impact, a US-based nonprofit organization that works to improve initial teacher education using cognitive science. As Ben says, he likes to get people thinking, about thinking!This ep goes much wider in scope than usual. But I feel that's fitting given the unique point we're currently at in global politics. Hope you find it interesting at the very least!Full Show notes at https://www.ollielovell.com/benriley/

Errr….This one gets pretty heated. But we're all still friends! We think. And Moynihan is now sober and his blood sugar is back to normal, so there's that too. Either way, hats off to Batya for braving another episode with three people who disagree with her on pretty much everything. We talk Tariffs, Trump, lawfare, Ukraine, and everything in between. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.wethefifth.com/subscribe

Host Ollie Lovell speaks with Alex Evans, Deputy Headteacher at St Luke's Church of England School about the St Luke's change journey that moved the school from the bottom 20% of schools nationally, to the top 20%, within 4 years. This is a story of systematic instructional and curricular change, leveraging the power of Instructional Coaching. Full show notes at www.ollielovell.com/alexevans

In this episode, host Ollie Lovell speaks with the worlds most popular Parenting author, Steve Biddulph, on his new book, 'Wild Creature Mind'. This discussion explores the roots of our anxieties, with important implications in particular for how we support young people (and anyone close to us) at crucial times in their lives.Full show notes at: https://www.ollielovell.com/stevebiddulph/

In this episode of the ERRR Podcast, renowed mathematics education David Morkunas describes the ins and outs of writing high quality mathematics lessons, and particularly how these principals are embedded into the Explicit Mathematics Program. Full show notes at www.ollielovell.com/davidmorkunas

This week, JD & Steve dove into the Skeleton Crew season finale, unpacking the moments that wrapped up this new Star Wars series. The duo also covered the latest breaking news from Star Wars, comics, video games, and movies! Show Links: Comics Den Premiere - https://www.youtube.com/@dingusden Nintendo Switch 2 Trailer - https://bit.ly/4gapbtE #rebelrockradio #popculture #starwars #skeletoncrew #starwarspositivity #starwarsisforeveryone #podcast #squirrelmode Follow us at https://bio.link/rebelrockradio

In this episode, host Ollie Lovell speaks with acclaimed school principal Steve Capp to hear what it takes to turn around not one, but two primary schools. Steve shares countless pearls of wisdom on everything from pedagogy to management. Full show notes at www.ollielovell.com/stevecapp

Chris Santilli joins us to talk about all of the wild secrets at the world's most popular swinger resort, Hedonism II! https://hedonism.com/ Chris literally wrote the book on it, and has been to Hedo more than 70 times! Also this week... We've been ranked as one of the top podcasts in the world, so thank YOU... Errr... Spank you! - Sex Things To Aspire To In 2025 - Hot Sex In The Media - This week's Sex In The News - Your kinky confessions - We help a listener whose sex life is struggling - Gen Z and "dogs out" - New ways women masturbate - New Sex Facts! Sue McGarvie online: www.sexwithsue.com John Mielke online: www.milkmanshow.com (Fetlife: Megahurts) Our website: www.turnedonpodcast.com And our sponsor: www.edenfatasys.com

In the S4 Finale of the PRP, Adam reconnects with uniquely decorated marathoner, Detroit-based global running icon & community cultivator, brand collaboration debonair and papa bear extraordinaire Tommie Runz who has been preparing for the Pyramids Half Marathon on Saturday December 14th, 2024. Erin & Thomas Bailey, emerging bowling aces, aspiring artists and Tommie's beloved children join the show to offer their take on all things Abbott World Majors, zoology and of course, great grandma Ethel. The familial candor of this conversation offers a refreshing balance to Tommie's typical playful bravado as the squad reflects on what has been an undeniably historic year for the legend that is Tommie Runz. In 2024, Tommie had the ridiculous audacity, bootstrap strategy & distinct privilege to run all 6 Abbott World Majors in the same year - a triumph that is uniquely his and very few in the world have ever accomplished. As exciting as the individual accolades have been, and as significant as it is for the world to witness Black excellence emerge from Detroit in such an exciting new way, Tommie shares some key “now what” insights into his mindset moving forward. From the personal connections he's made, to the creative skillset he's mastered to the brand network he's assembled, learn how & why Tommie is now more than ever distinctly positioned to leverage his running journey to inspire, enable and amplify others in his community to follow in his footsteps and break barriers of their own. Things get vulnerable when the family rates Tommie's parenting skills on a scale from 1-10 which rouses some rumination about how the birth of his daughter served as a major life catalyst. No matter the endeavor, Tommie's perpetual desire to better himself through diligence, open-mindedness & authenticity within his own story remains constant. To his kids, his family, his friends and his greater community, the Runz message is clear; share your story, be yourself, and most importantly - the less people look like you in the spaces you show up in, the more that space needs you in it! Errr were the Bailey kids bowling in the womb?? Knox's proverbs?! Never say never?? Max & Ruby?! Usain Bolt??! Osaka temples, bald eagles and pyramid port-a-potties, oh my! This and so much more in this reflective, historic and inspiring episode of the PRP! --- Support this podcast: https://podcasters.spotify.com/pod/show/preracepodcast/support

Le seul podcast qui aborde avec passion l'underground français. Un beatmaker d'exception avec 11 artistes de fou, que demander de plus ! Lyele arrive avec un 14 titres aux sonorités trap principalement et des guests comme La Fève, Sonny Rave ou encore Tiakola. Un avis cependant partagé entre Zak' et Stan.Si vous appréciez notre contenu, n'hésitez pas à mettre 5 étoiles. Merci

Professor Jonathan Sharples from the Education Endowment Foundation shares insights and practical advice regarding how to help educational programs and initiatives to have maximum impact in your school or organisation. Full show notes at www.ollielovell.com/jonathansharples

De La Fève à Tiakola en passant par Steban, Lyele est un producteur qui adore créer un univers musical soigné auprès des artistes avec qui il travaille. Depuis quelques années, son talent est de plus en plus plébiscité dans la sphère des producteurs français. Puisant ses influences dans tous les pans de la culture hip-hop, il cotoie notamment les pointures du milieu comme Tarik Azzouz et Ikaz Boi, rien que ça. Voici quelques uns de ses plus beaux travaux : ERRR, 24, BIGLAF mais également l'EP "X" de Tiakola, le hit "PONA NINI" et plus récemment, le morceau "D BLOCK AFRIQUE" sur le dernier album de Dinos. Celui qui nous dira "avoir la bougeotte" vient de réaliser ce qu'il avait en tête depuis ses débuts : lancer son premier projet en tant que producteur. Naît alors BAKED, une belle pièce réunissant de nombreux artistes talentueux venus d'horizons différents. On a pu discuter de sa création avec lui, de sa signature dans le label Walone mais aussi de ses voyages à Atlanta, de sa vision du métier et de son envie de liberté, qu'il a pu mettre en avant récemment au Palais de Tokyo. 45 minutes de discussion et d'extraits musicaux pour apprendre à connaître Lyele à tous les niveaux.Journaliste : Simon Dangien | Producteur : Robin Riccitiello | Mixé par Manuel Lormel |Abonnez vous aux podcasts Konbini pour ne rater aucun épisode ! ► https://audmns.com/TRTQAeu

In S4Ep22 of the PRP, Adam jibber jabbers with emerging long distance runner, proud Huron 100 Pioneer, aspiring mountain adventurer and all around good vibes ambassador Nick Insley who has been preparing for the JFK 50 Mile on Saturday November 23rd, 2024. Sarah Insley, blossoming run for fun enthusiast, curious yogi and Nick's big sister joins the show to offer her take on all things troll lore, Kirkland ‘za and of course, privileged pooping.  The siblings regale the PRP listenership with the tale of how they both rediscovered running as adults (kinda together but also kinda separately) after each having mixed relationships with the sport as kids. For Sarah, her relationship with movement has been one of finding joy & building self confidence while also discovering a zen space to help quiet the anxiety of her everyday life. For Nick, running has provided a conduit for discipline and personal growth through learning when is best to push through and troubleshoot difficult situations vs understanding when is best to step back and take a breath.  Things get vulnerable when both Nick & Sarah reflect on how each of their unique personalities have bled into the way they've cultivated their kinship with the sport. As much as they both love to race, running is starting to take on a new form of significance in their lives as they start to discover the value of running beyond the bib. Whether that be the day to day value of getting some fresh air and movement in, to designing their own long distance routes and running them solo, to pushing their limits chasing established FKT's - one thing is for certain; the Insley's are not afraid to march to the beat of their own drum and you better believe that this brother and sister duo is just getting started! Wait, HOW long has the JFK50 been around?! Just how in depth is Sarah's snack research?! What exactly is the trifecta of half marathons? Errr was Nick in the Jr Olympics?! Slippin discs?? Yoga by candle light? Ok, what exactly is the vest of shame?! How bad does Nick want to be Mike Anderson Jr?! Recess kids?! Refined pallets? Pacer tests, red velvet cake and Strava bromancing oh my! This and so much more in this amusing, encouraging and thought provoking episode of the PRP. Explain that Strava section: Nick's Strava Activity Sarah's Strava Activity Sponsors ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Ann Arbor Running Company⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Recorded Thursday November 21st @ 5PM EST  --- Support this podcast: https://podcasters.spotify.com/pod/show/preracepodcast/support

In S4Ep21 of the PRP, Adam chops it up with blossoming marathoner, enthusiastic do-it-all socialite, dedicated youth basketball coach and emerging community huncho Silas Cox, who has been preparing for the New York City Marathon on Sunday November 3rd, 2024. Rashard Jones, established & well connected local legend, beloved running community philanthropist and one of Silas' mentors rejoins the show to offer his take on all things leadership, art and of course Silas's unique approach to race preparation.  This outstanding episode is jam packed with laughs and touches on all things from art, to representation, to leadership to Drake vs. Kendrick. A clear thread throughout the conversation, however, is the profound significance of bringing people together. Tap in to learn how the local Michigan running scene is leading the charge and going the extra mile (pun intended) to integrate, unite and foster a dynamic super community that is both thriving and welcoming.  Things get vulnerable when Silas reflects on his recent rise to leadership in the sport and provides Rashard with praise for showing him the ropes and teaching him that a true sense of belonging can only happen when we present our authentic and imperfect selves to those around us. What started as a way to simply shed some pounds has become an expression of creativity, an outlet for human connection and a way of finding & accepting himself more powerful than he ever conceived possible.  From one of few - to leaders of many, these established hunchos share some profound insight on the contributions we are ALL responsible for making when it comes to fostering community. Ask not what your squad can do for you, but rather, what can you do for your squad? Errr what does the term huncho actually mean?! Ummm, has Silas never been to NY before?? Is Rashard the king of multi-tasking?! What exactly did Lance Woods tell Silas about running that he'll never forget? Best not take credit if you're not willing to take the blame! Pop tarts, out & backs, and Young Money all at Urbranrest on a Tuesday oh my?!

 This and so much more in this hilarious, enlightening and encouraging episode of the PRP! Explain that Strava section: Silas's Strava Activity Sponsors ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Ann Arbor Running Company⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Recorded Tuesday October 29th @ 6PM EST  --- Support this podcast: https://podcasters.spotify.com/pod/show/preracepodcast/support

In S4Ep20 of the PRP, Adam symposiums with blossoming all distance runner, passionately unique cinematographer & digital creator, altruistic combat veteran and papa bear extraordinaire Joshua Hubbard who has been preparing for the Marine Corps Marathon on Sunday October 27th, 2024.  Tap in to learn more about the origins of Joshua's running journey as the lads discuss why his experiences both as a military veteran and as an artist have shaped his outlook on the sport. Whether he is out for a fun run, filming content for his YouTube channel or pushing towards some kind of lofty goal, Joshua's perpetual permeation to uplift others along the way is distinctive and inspiring. Things get vulnerable in a very real way when Joshua opens up about his experience as a combat veteran and delves deep into the numerous challenges that veterans face. From struggling to reconnect with societal norms, to survivors guilt, to hesitation to seek the help they need, to suicide - the list of obstacles for those who have served this country is long, intimidating and disheartening. Although the realities that lie ahead for those who transition from soldier to civilian are harsh, learn how Joshua has leveraged his love for the digital arts and his new found love for running to help provide him an outlet to reflect on what's important moving forward. The impact he leaves on his family, the military community, the running community, and all others who are part of his story remains paramount in his pursuit to find and maintain the best version of himself. Running for a reason - a phrase Joshua has coined and made his ethos when approaching the sport, and a practice he hopes to be lifelong with aims of being qualitative rather than quantitative. Errr, just how much does Joshua love a good run streak?! The Murph?? Ummm is Joshua the most photogenic runner in all of Michigan?! What the hell are go-fasters?? The vlog-verse?! Wait wait wait… did Joshua run his first two marathons WITHOUT pooping beforehand?! Devil dogs, Liverpool & micro-influencers, oh my! This and so much more in this unique, educational & galvanizing episode of the PRP! Explain that Strava section: Joshua's Strava Activity Sponsors ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Ann Arbor Running Company⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Recorded Wednesday October 23rd @ 5:30PM EST  --- Support this podcast: https://podcasters.spotify.com/pod/show/preracepodcast/support

In this episode, Dr. Jennifer Buckingham describes key instructional and policy differences between the UK, Ireland, and Australia, and how these contribute to differing literacy levels and achievement on international tests such as PISA and PIRLS. Jen and Ollie discuss a multitude of factors including curriculum, instruction, initial teacher education, assessment, school inspections, as well as the all important culture and demographics. Full show notes at https://www.ollielovell.com/jenbuckingham/

Caitlin and Alan find Portland Row has changed. Lucy's room has George's clothes everywhere, Lockwood wants Lucy to explore Jessica's forbidden room, and the first Type Two we met is now named Abigail Ward. Errr actually no. No she is not. We also learn that being 40 is ancient and obviously it is good that Lockwood is opening up to Holly. Obviously.Dis is a thing from the 1980s and 90sBattenberg Cake is an English cakey thingShamanism is a blanket term for religious practices n “primitive” societiesThe video of grandma who “yearns for the urn”New Guinea is an Oceania thingFollow Caitlin on Instagram @inferiorcaitreadsFollow the show on Twitter @LockwoodPodcastOur theme music is “Magic Escape Room” by Kevin MacLeod at incompetech.com. It is licensed under a Creative Commons by Attribution 3.0 agreement.If you want to reach out please send an email to contact@hallowedgroundmedia.com or visit our Contact page.

This episode we're speaking with Ron Berger. Ron was a public school teacher and master carpenter in rural Massachusetts for over 25 years and is now a well-known national and international keynote speaker focused on inspiring a commitment to quality, character, and citizenship in students. He is the Senior Advisor at EL Education, a nonprofit school improvement organization that partners with public schools and districts across America, leads professional learning, and creates open educational resources. In this episode, Ron and I go in-depth into the idea of an ethic of excellence, and discuss, perhaps even debate, some of the ins and outs of the use of projects, assessments, and more. Full show notes at: https://www.ollielovell.com/ronberger

In S4Ep16 Pt1 of the PRP, Adam reconnects with seasoned marathoner, established cofounder of WeRun313, passionate local philanthropist and spiritual guru extraordinaire Joe Robinson who has been preparing for the Berlin Marathon on Sept 29th, 2024. Knox Robinson, legendary long distance runner, global cultural icon, remarkable vibe prescriber and Joe's running mentor joins the show to offer his take on all things bananas, race prep and of course, the running culture that is booming in Detroit!  In a refreshing change of pace from traditional PRP episodes, the fellas link up out on Belle Isle 8 weeks out from race day to discuss what peak training is going to look like for Joe over the next couple months. Knox provides some key insight into his unique coaching philosophy and explains why his ad-lib style (that he picked up while training in Ethiopia with some of the best runners in the world) is truly a battle tested strategy for unlocking the best performances from his athletes. Just how far out does Knox let Joe see what the plan is? Not weeks, not days, not hours… we're talking minutes, people. A practice that has forced Joe to be prepared for any workout, any run, any level of output at any given time. When you're training with Knox it's best to not ask questions and you had better show up everyday with an open mind, ready to rumble.
 Things get vulnerable when Knox illustrates the deeply significant role WeRun313 is serving for its local community. For Detroit to see this version of itself, for black excellence to be at the forefront of cultural, economical and spiritual growth at such a staggering rate is something truly profound. From running, to community support, to philanthropy and beyond; Joe, Lance and everyone who has climbed aboard the WeRun313 rocket ship has made it unequivocally clear - not only do they belong, but they are leading the game, and you best believe, these cats are just getting started!!
 What's the difference between hope & faith?? Errr does Joe low key abuse voice notes?! Did the ice cream lady just tell Knox he has chicken legs?! We out here recording on wax! Park vibes! African Game?! Mt Kilimanjaro?! Natural wine, psychedelics, free jazz & queer theory oh my!

 This and so much more in this inspiring, encouraging and amazing episode of the PRP! Sponsors ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Ann Arbor Running Company⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Recorded Saturday August 3rd @ 2:00PM EST  --- Support this podcast: https://podcasters.spotify.com/pod/show/preracepodcast/support

In this episode, usual ERRR host Ollie Lovell has a recent maths lesson that he taught pulled apart by fellow edu-podcaster Craig Barton. Craig ask's Ollie a huge number of questions about this recent demonstration lesson, asking Ollie about different pedagogical decisions he made, and what he might do differently next time. For those looking for a truly in-depth discussion about teaching and learning, this is it! Full show notes at: https://www.ollielovell.com/craigbarton4/

Adam Boxer is a chemistry teacher in North London, he writes about science education, cognitive science, evidence-based education, and many other important topics. He's an extremely popular on teacher social media and has had a huge impact on education both locally and internationally through his writings, books, podcast, and talks.  I've followed Adam for a long time and have always found his writing to be extremely logical, practical, and well thought out. His book, Teaching Secondary Science, is a must-have for anyone who is keen for a great overview of a structured and systematic approach to teaching high school science, and I can highly recommend Adam's other outputs too.  This podcast was prompted when I recently explored a fantastic bit of edtech initiated by Adam, Carousel, which is an excellent knowledge management platform to help students to learn and master key knowledge that is fundamental to their success. Off the back of that, I was really keen to get Adam onto the podcast to discuss how he uses the first 10 minutes of a lesson to embed such knowledge… and I'm so glad I did! I hope you love it too See full show notes at www.ollielovell.com/adamboxer

Expert PD designer Harry Fletcher-Wood shares wisdom on what it takes to design truly deep and impactful PD for teachers. See all the show notes at www.ollielovell.com/harryfletcherwood3

Your specters of specificity are back — and they see dead people. Jordan and Alex set their sights on M. Night Shyamalan's masterpiece that balances horror with deeply emotional storytelling. You'll learn all about the time we almost got a future Arrested Development star in the lead, why Bruce Willis was forced into his part, and the sting of clever clues sprinkled throughout the movie that point to its iconic twist ending. (Errr, spoiler alert?) Alex shares his own experience with ghosts, Jordan talks about the time he partied with Haley Joel Osment in college, and they also go long on all the ways Donnie Wahlberg put himself through hell for his brief (but important!) role. You'll definitely laugh, you'll possibly cry, but hopefully you won't vomit like Mischa Barton. See omnystudio.com/listener for privacy information.

In this episode we speak with Greg Ashman about what it takes to create a high performing school like Ballarat Clarendon College, Victoria's highest performing school. We touch on important factors including shared student expectations, effective professional learning, shared and prescriptive lesson plans, effective data use, and much more. Full show notes at www.ollielovell.com/gregashman

In S4Ep10 of the PRP, Adam gets educated by blossoming long distance runner, emerging entrepreneur and DPT extraordinaire, Eliana Lin who has been preparing for the Bayshore Half Marathon on Saturday May 25th, 2024. Austin Lin, former track aficionado, aspiring PhD candidate and Eliana's better half joins the show to offer his take on all things strength, business hustle and bananas.  Rubber meets the road immediately in this unique sode as the PRP listenership is enlightened with the origin stories of Up & Running Performance, Ann Arbor's newest strength and physical therapy gym, owned and operated by both Eliana and Austin. Eliana discusses the intricacies of navigating the fine line between being both a healthcare provider and an entrepreneur and provides some amazing insight for athletes about how to traverse the early onset of potential injuries. 
 Things get vulnerable when Eliana reflects on the reality she has been faced with - launching a new business venture while training for a race. Naturally, bandwidth for good, consistent training has been low as has been working tirelessly to build the early stages of a successful business brick by brick. Although she'd love to beat her half marathon time from Bayshore last year, Austin is quick to remind her that she's made the right decision to prioritize getting Up & Running Performance, well, up and running. A good reminder for us all about the seasons of life and that it's ok, and in fact healthy, to prioritize other passions and endeavors outside of the performance world from time to time. Embrace life and race with what ya got in the tank, you'll probably end up having more fun that way anyways.  We team no swass up in da house, say whaaa?! B-day blasting?? What on earth is a strength hall pass and how can you earn one?!  What the hell does calorie to coin mean?! Texas Instruments?? Podcasting in the shower?! Errr, soooo, what are we? Blankets in the summer?! Nanner trinkets?? Pole vaulting, rigatoni and rom coms oh my!  This and so much more in this educating, revealing and good vibes episode of the PRP! Explain that Strava section: Eliana's Strava Activity Austin's Strava Activity Sponsors ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Ann Arbor Running Company⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Recorded Wednesday May 22nd @ 3:00PM EST  --- Support this podcast: https://podcasters.spotify.com/pod/show/preracepodcast/support

On this episode Ryan and I give our take on the 8th installment of Friday the 13th Jason takes Manhattan

“Paul Kamenar, Legal Expertise On NY Lawfare” “The Lunatics On The Left, De Niro Unleashed” “Democrats Look To Legalize Crime In Boston” “Auctioning Graceland / Dropped The Ball, Errr, Charges”

Episode 177 and we covering it ALL! From Dodgers dominance to Drake vs Errr body. From Will Bron & Jimmy go packing to Denver & Cleveland potentially getting swept!! Tap In!! --- Send in a voice message: https://podcasters.spotify.com/pod/show/michael-c-stafford-jr/message

In this episode, Dr. Jordana Hunter & Nick Parkinson from the Grattan Institue discuss lessons from their trip to New York and England to visit 7 multi-school organisations, groups of schools working together under common governance and structures to the benefit of students.

Headlines and Mariners Yes, the Mariners should spend more and it's frustrating to everyone, but don't let it ruin what's actually happening on the mound each night ABCs of the Mariners - V: is for valuable- Mike Trout, the Angels most valuable player is out again, will have knee surgery - W: is for Woodworth- Pete Woodworth's magic continues as this Mariners' pitching staff continues to impress. We expected it from the starters, but Speier, Voth and company? Reckless at Breakfast: Chuck can deal with a draft of mortar, but please do not lose sight of the bricks. It seems we saw the Seahawks new philosophy in their draft picks and it's all about establishing the mentality of the team moving forward. John and Mike were looking for a specific type of player- violent, physical.. that's how nearly every player the Hawks drafted was described.

Regents Professor Karen Harris shares insights from over 50 years of writing instruction and refining the Self Regulated Strategy Development (SRSD) method of teaching writing. Host Ollie Lovell applies what he's learnt from reading Karen's book to share a demo lesson of teaching using the SRSD approach, and Karen provides valuable feedback! Full show notes with all resources at www.ollielovell.com/karenharris

This is a free preview of a paid episode. To hear more, visit wethefifth.substack.comLast month's “Second Sunday” broadcast was fun, boozy, and…almost lost. We won't point any fingers—though they might be jabbed in the direction of a certain someone during the recording—but through a Peter Jackson-like audio excavation, it was saved. Was that a good thing? Errr…who knows. And so, with a few nips and tucks, here she is! And we'll be back…

Ollie Lovell · ERRR088. Kristian Still on Test-enhanced Learning Kristian Still is a deputy head academic with over 20 years'… The post ERRR #088. Kristian Still on Test-enhanced Learning appeared first on Ollie Lovell.

Ken and Seth comment on their recent use of the same passwords across multiple organizations. Errr, or wait. That's administrators in some instances, according to recently published analysis from Lares. Will we ever get over passwords or are we doomed to repeat the past? In other news, GitHub Copilot may be (one of) the culprit(s) for the enshitification of code, based on a published paper from GitClear. Or it might just be that organizations and developers should have coding standards. Or maybe it's not that deep. Come join us and chat about it.

Ollie Lovell · ERRR087 Arran Hamilton and Dylan Wiliam on Making Room for Impact (De-implementation) Arran Hamilton is group director… The post ERRR #087. Arran Hamilton and Dylan Wiliam on Making Room for Impact (De-implementation) appeared first on Ollie Lovell.

At the end of the month I am running a ShadowDark game for a group of kids. The group is somewhere between 6 and 12 and I only have 90 minutes. Errr, no problem?

After three whole weeks off, it's Dave's first day back of 2024, and he's back with a BANG! He's telling us all about his time on The Weakest Link this weekend. AND, the team reminisce on previous Absolute Radio You competitors.

Ollie Lovell · ERRR #086. Gwyn Ap Harri on Building, Breaking, and Fixing a World Famous School This episode we're… The post ERRR #086. Gwyn Ap Harri on Building, Breaking, and Fixing a World Famous School appeared first on Ollie Lovell.

Ollie Lovell · ERRR085 Jeff Robin on Teaching Like an Artist This episode we're speaking with Jeff Robin. ​​​Jeff is… The post ERRR #085. Jeff Robin on Teaching Like an Artist appeared first on Ollie Lovell.

Ollie Lovell · ERRR084. Sarah Cottingham on Ausubel's Meaningful Learning This episode we're speaking with Sarah Cottingham. Sarah is a… The post ERRR #084. Sarah Cottingham on Ausubel's Meaningful Learning appeared first on Ollie Lovell.

Ollie Lovell · ERRR083b Sam Gibbs on Concept-led Curriculum (Part 2) Sam Gibbs continues to speak with Ollie about the… The post ERRR #083b. Sam Gibbs on Concept-led Curriculum appeared first on Ollie Lovell.

Ollie Lovell · ERRR083a. Sam Gibbs on Concept-led Curriculum  Sam Gibbs is Trust Lead for Curriculum and Development at The… The post ERRR #083a. Sam Gibbs on Concept-let Curriculum appeared first on Ollie Lovell.

Ollie Lovell · ERRR082. Kelly Tatlock on Creating Knowledgable and Independent Learners Kelly Tatlock is an Assistant Headteacher in charge… The post ERRR #082. Kelly Tatlock on Creating Knowledgeable and Expert Learners appeared first on Ollie Lovell.

Ollie Lovell · ERRR081. Bill Louden on Reforming Teacher Education This episode we're speaking with Bill Louden. Bill has led… The post ERRR #081. Bill Louden on Reforming Initial Teacher Education appeared first on Ollie Lovell.

Ollie Lovell · ERRR080. Peps Mccrea on Developing Teacher Expertise This episode we're speaking with Peps Mccrea. Peps is an… The post ERRR #080. Peps Mccrea on Developing Expert Teaching appeared first on Ollie Lovell.

Chris Farris, Cloud Security Nerd at PrimeHarbor Technologies, LLC, joins Corey on Screaming in the Cloud to discuss his new project, breaches.cloud, and why he feels having a centralized location for cloud security breach information is so important. Corey and Chris also discuss what it means to dive into entrepreneurship, including both the benefits of not having to work within a corporate structure and the challenges that come with running your own business. Chris also reveals what led him to start breaches.cloud, and what he's learned about some of the biggest cloud security breaches so far. About ChrisChris Farris is a highly experienced IT professional with a career spanning over 25 years. During this time, he has focused on various areas, including Linux, networking, and security. For the past eight years, he has been deeply involved in public-cloud and public-cloud security in media and entertainment, leveraging his expertise to build and evolve multiple cloud security programs.Chris is passionate about enabling the broader security team's objectives of secure design, incident response, and vulnerability management. He has developed cloud security standards and baselines to provide risk-based guidance to development and operations teams. As a practitioner, he has architected and implemented numerous serverless and traditional cloud applications, focusing on deployment, security, operations, and financial modeling.He is one of the organizers of the fwd:cloudsec conference and presented at various AWS conferences and BSides events. Chris shares his insights on security and technology on social media platforms like Twitter, Mastodon and his website https://www.chrisfarris.com.Links Referenced: fwd:cloudsec: https://fwdcloudsec.org/ breaches.cloud: https://breaches.cloud Twitter: https://twitter.com/jcfarris Company Site: https://www.primeharbor.com TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: Welcome to Screaming in the Cloud, I'm Corey Quinn. My returning guest today is Chris Farris, now at PrimeHarbor, which is his own consultancy. Chris, welcome back. Last time we spoke, you were a Turbot, and now you've decided to go independent because you don't like sleep anymore.Chris: Yeah, I don't like sleep.Corey: [laugh]. It's one of those things where when I went independent, at least in my case, everyone thought that it was, oh, I have this grand vision of what the world could be and how I could look at these things, and that's going to just be great and awesome and everyone's going to just be a better world for it. In my case, it was, no, just there was quite literally nothing else for me to do that didn't feel like an exact reframing of what I'd already been doing for years. I'm a terrible employee and setting out on my own was important. It was the only way I found that I could wind up getting to a place of not worrying about getting fired all the time because that was my particular skill set. And I look back at it now, almost seven years in, and it's one of those things where if I had known then what I know now, I never would have started.Chris: Well, that was encouraging. Thank you [laugh].Corey: Oh, of course. And in sincerity, it's not one of those things where there's any one thing that stops you, but it's the, a lot of people get into the independent consulting dance because they want to do a thing and they're very good at that thing and they love that thing. The problem is, when you're independent, and at least starting out, I was spending over 70% of my time on things that were not billable, which included things like go and find new clients, go and talk to existing clients, the freaking accounting. One of the first hires I made was a fractional CFO, which changed my life. Up until that, my business partner and I were more or less dead reckoning of looking at the bank account and how much money is in there to determine if we could afford things. That's a very unsophisticated way of navigating. It's like driving by braille.Chris: Yeah, I think I went into it mostly as a way to define my professional identity outside of my W-2 employer. I had built cloud security programs for two major media companies and felt like that was my identity: I was the cloud security person for these companies. And so, I was like, ehh, why don't I just define myself as myself, rather than define myself as being part of a company that, in the media space, they are getting overwhelmed by change, and job security, job satisfaction, wasn't really something that I could count on.Corey: One of the weird things that I found—it's counterintuitive—is that when you're independent, you have gotten to a point where you have hit a point of sustainability, where you're not doing the oh, I'm just going to go work for 40 billable hours a week for a client. It's just like being an employee without a bunch of protections and extra steps. That doesn't work super well. But now, at the point where I'm at where the largest client we have is a single-digit percentage of revenue, I can't get fired anymore, without having a whole bunch of people suddenly turn on me because I've done something monstrous, in which case, I probably deserve not to have business anymore, or there's something systemic in the macro environment, which given that I do the media side and I do the cost-cutting side, I work on the way up, I work on the way down, I'm questioning what that looks like in a scenario that doesn't involve me hunting for food. But it's counterintuitive to people who have been employees their whole life, like I was, where, oh, it's risky and dangerous to go out on your own.Chris: It's risky and dangerous to be, you know, tied to a single, yeah, W-2 paycheck. So.Corey: Yeah. The question I'd like to ask is, how many people need to be really pissed off before you have one of those conversations with HR that doesn't involve giving you a cup of coffee? That's the tell: when you don't get coffee, it's a bad conversation.Chris: Actually, that you haven't seen [unintelligible 00:04:25] coffee these days. You don't want the cup of coffee, you know. That's—Corey: Even when they don't give you the crappy percolator navy coffee, like, midnight hobo diner style, it's still going to be a bad meeting because [unintelligible 00:04:37] pretend the coffee's palatable.Chris: Perhaps, yes. I like not having to deal with my own HR department. And I do agree that yeah, getting out of the W-2 space allows me to work on side projects that interests me or, you know, volunteer to do things like continuing the fwd:cloudsec, developing breaches.cloud, et cetera.Corey: I'll never forget, one of my last jobs I had a boss who walked past and saw me looking at Reddit and asked me if that was really the best use of my time. At first—it was in, I think, the sysadmin forum at the time, so yes, it was very much the best use of my time for the problem I was focusing on, but also, even if it wasn't, I spent an inordinate amount of time on social media, just telling stories and building audiences, on some level. That's the weird thing is that what counts as work versus what doesn't count as work gets very squishy when you're doing your own marketing.Chris: True. And even when I was a W-2 employee, I spent a lot of time on Twitter because Twitter was an intel source for us. It was like, “Hey, who's talking about the latest cloud security misconfigurations? Who's talking about the latest data breach? What is Mandiant tweeting about?” It was, you know—I consider it part of my job to be on Twitter and watching things.Corey: Oh, people ask me that. “So, you're on Twitter an awful lot. Don't you have a newsletter to write?” Like, yeah, where do you think that content comes from, buddy?Chris: Exactly. Twitter and Mastodon. And Reddit now.Corey: There's a whole argument to be had about where to find various things. For me at least, because I'm only security adjacent, I was always trying to report the news that other people had, not make the news myself.Chris: You don't want to be the one making the news in security.Corey: Speaking of, I'd like to talk a bit about what you just alluded to breaches.cloud. I don't think I've seen that come across my desk yet, which tells me that it has not been making a big splash just yet.Chris: I haven't been really announcing it; it got published the other night and so basically, yeah, is this is sort of a inaugural marketing push for breaches.cloud. So, what we're looking to do is document all the public cloud security breaches, what happened, why, and more importantly, what the companies did or didn't do that led to the security incident or the security breach.Corey: How are you slicing the difference between broad versus deep? And what I mean by that is, there are some companies where there are indictments and massive deep dives into everything that happens with timelines and blows-by-blows, and other times you wind up with the email that shows up one day of, “Security is very important to us. Now, listen to how we completely dropped the ball on it.” And it just makes the biggest description that they can get away with of what happened. Occasionally, you find out oh, it was an open S3 buckets, or they'll allude to something that sounds like it. Does that count for inclusion? Does it not? How do you make those editorial decisions?Chris: So, we haven't yet built a page around just all of the recipients of the Bucket Negligence Award. We're looking at the specific ones where there's been something that's happened that's usually involving IAM credentials—oftentimes involving IAM credentials found in GitHub—and what led to that. So, in a lot of cases, if there's a detailed company postmortem that they send their customers that said, “Hey, we goofed up, but complete transparency—” and then they hit all the bullet points of how they goofed up. Or in the case of certain others, like Uber, “Hey, we have court transcripts that we can go to,” or, “We have federal indictments,” or, “We have court transcripts, and federal indictments and FTC civil actions.” And so, we go through those trying to suss out what the company did or did not do that led to the breach. And really, the goal here is to be able to articulate as security practitioners, hey, don't attach S3 full access to this role on EC2. That's what got Capital One in trouble.Corey: I have a lot of sympathy for the Capital One breach and I wish they would talk about it more than they do, for obvious reasons, just because it was not, someone showed up and made a very obvious dumb decision, like, “Oh, that was what that giant red screaming thing in the S3 console means.” It was a series of small misconfigurations that led to another one, to another one, to another one, and eventually gets to a point where a sophisticated attacker was able to chain them all together. And yes, it's bad, yes, they're a bank and the rest, but I look at that and it's—that's the sort of exploit that you look at and it's okay, I see it. I absolutely see it. Someone was very clever, and a bunch of small things that didn't rise to the obvious. But they got dragged and castigated as if they basically had a four-character password that they'd left on the back of the laptop on a Post-It note in an airport lounge when their CEO was traveling. Which is not the case.Chris: Or all of the highlighting the fact that Paige Thompson was a former Amazon employee, making it seem like it was her insider abilities that lead to the incident, rather than she just knew that, hey, there's a metadata service and it gives me creds if I ask it.Corey: Right. That drove me nuts. There was no maleficence as an employee. And to be very direct, from what I understand of internal AWS controls, had there been, it would have been audited, flagged, caught, interdicted. I have talked to enough Amazonians that either a lot of them are lying to me very consistently despite not knowing each other, or they're being honest when they say that you can't get access to customer data using secret inside hacks.Chris: Yeah. I have reasonably good faith in AWS and their ability to not touch customer data in most scenarios. And I've had cases that I'm not allowed to talk about where Amazon has gone and accessed customer data, and the amount of rigmarole and questions and drilling that I got as a customer to have them do that was pretty intense and somewhat, actually, annoying.Corey: Oh, absolutely. And, on some level, it gets frustrating when it's a, look, this is a test account. I have nothing of sensitive value in here. I want the thing that isn't working to start working. Can I just give you a whole, like, admin-powered user account and we can move on past all of this? And their answer is always absolutely not.Chris: Yes. Or, “Hey, can you put this in our bucket?” “No, we can't even write to a public bucket or a bucket that, you know, they can share too.” So.Corey: An Amazonian had to mail me a hard drive because they could not send anything out of S3 to me.Chris: There you go.Corey: So, then I wound up uploading it back to S3 with, you know, a Snowball Edge because there's no overkill like massive overkill.Chris: No, the [snowmobile 00:11:29] would have been the massive overkill. But depending on where you live, you know, you might not have been able to get a permit to park the snowmobile there.Corey: They apparently require a loading dock. Same as with the outposts. I can't fake having one of those on my front porch yet.Chris: Ah. Well, there you go. I mean, you know it's the right height though, and you don't mind them ruining your lawn.Corey: So, help me understand. It makes sense to me at least, on some level, why having a central repository of all the various cloud security breaches in one place that's easy to reference is valuable. But what caused you to decide, you know, rather than saying it'd be nice to have, I'm going to go build that thing?Chris: Yeah, so it was actually right before the last time we spoke, Nicholas Sharp was indicted. And there was like, hey, this person was indicted for, you know, this cloud security case. And I'm like, that name rings a bell, but I don't remember who this person was. And so, I kind of realized that there's so many of these things happening now that I forget who is who. And so, when a new piece of news comes along, I'm like, where did this come from and how does this fit into what my knowledge of cloud security is and cloud security cases?So, I kind of realized that these are all running together in my mind. The Department of Justice only referenced ‘Company One,' so it wasn't clear to me if this even was a new cloud incident or one I already knew about. And so basically, I decided, okay, let's build this. Breaches.cloud was available; I think I kind of got the idea from hackingthe.cloud.And I had been working with some college students through the Collegiate Cyber Defense Competition, and I was like, “Hey, anybody want a spring research project that I will pay you for?” And so yeah, PrimeHarbor funded two college students to do quite a bit of the background research for me, I mentored them through, “Hey, so here's what this means,” and, “Hey, have we noticed that all of these seem to relate to credentials found in GitHub? You know, maybe there's a pattern here.” So, if you're not yet scanning for secrets in GitHub, I recommend you start scanning for secrets in your GitHub, private and public repos.Corey: Also, it makes sense to look at the history. Because, oh, I committed a secret. I'm going to go ahead and revert that commit and push that. That solves the problem, right?Chris: No, no, it doesn't. Yes, apparently, you can force push and delete an entire commit, but you really want to use a tool that's going to go back through the commit history and dig through it because as we saw in the Uber incident, when—the second Uber incident, the one that led to the CSOs conviction—yeah, the two attackers, [unintelligible 00:14:09] stuffed a Uber employee's personal GitHub account that they were also using for Uber work, and yeah, then they dug through all the source code and dug through the commit histories until they found a set of keys, and that's what they used for the second Uber breach.Corey: Awful when that hits. It's one of those things where it's just… [sigh], one thing leads to another leads to another. And on some level, I'm kind of amazed by the forensics that happen around all of these things. With the counterpoint, it is so… freakishly difficult, I think, for lack of a better term, just to be able to say what happened with any degree of certainty, so I can't help but wonder in those dark nights when the creeping dread starts sinking in, how many things like this happen that we just never hear about because they don't know?Chris: Because they don't turn on CloudTrail. Probably a number of them. Once the data gets out and shows up on the dark web, then people start knocking on doors. You know, Troy Hunt's got a large collection of data breach stuff, and you know, when there's a data breach, people will send him, “Hey, I found these passwords on the dark web,” and he loads them into Have I Been Pwned, and you know, [laugh] then the CSO finds out. So yeah, there's probably a lot of this that happens in the quiet of night, but once it hits the dark web, I think that data starts becoming available and the victimized company finds out.Corey: I am profoundly cynical, in case that was unclear. So, I'm wondering, on some level, what is the likelihood or commonality, I suppose, of people who are fundamentally just viewing security breach response from a perspective of step one, make sure my resume is always up to date. Because we talk about these business continuity plans and these DR approaches, but very often it feels like step one, secure your own mask before assisting others, as they always say on the flight. Where does personal preservation come in? And how does that compare with company preservation?Chris: I think down at the [IaC 00:16:17] level, I don't know of anybody who has not gotten a job because they had Equifax on their resume back in, what, 2017, 2018, right? Yes, the CSO, the CEO, the CIO probably all lost their jobs. And you know, now they're scraping by book deals and speaking engagements.Corey: And these things are always, to be clear, nuanced. It's rare that this is always one person's fault. If you're a one-person company, okay, yeah, it's kind of your fault, let's be clear here, but there are controls and cost controls and audit trails—presumably—for all of these things, so it feels like that's a relatively easy thing to talk around, that it was a process failure, not that one person sucked. “Well, didn't you design and implement the process?” “Yes. But it turned out there were some holes in it and my team reported that those weren't there and it turned out that they were and, well, live and learn.” It feels like that's something that could be talked around.Chris: It's an investment failure. And again, you know, if we go back to Harry Truman, “The buck stops here,” you know, it's the CEO who decides that, hey, we're going to buy a corporate jet rather than buy a [SIIM 00:17:22]. And those are the choices that happen at the top level that define, do you have a capable security team, and more importantly, do you have a capable security culture such that your security team isn't the only ones who are actually thinking about security?Corey: That's, I guess, a fair question. I saw a take on Twitter—which is always a weird thing—or maybe was Blue-ski or somewhere else recently, that if you don't have a C-level executive responsible for security with security in their title, your company does not take security seriously. And I can see that past a certain point of scale, but as a one-person company, do you have a designated CSO?Chris: As a one-person company and as a security company, I sort of do have a designated CSO. I also have, you know, the person who's like, oh, I'm going to not put MFA on the root of this one thing because, while it's an experiment and it's a sandbox and whatever else, but I also know that that's not where I'm going to be putting any customer data, so I can measure and evaluate the risk from both a security perspective and a business existential investment perspective. When you get to the larger the organization, the more detached the CEO gets from the risk and what the company is building and what the company is doing, is where you get into trouble. And lots of companies have C-level somebody who's responsible for security. It's called the CSO, but oftentimes, they report four levels down, or even more, from the chief executive who is actually the one making the investment decisions.Corey: On some level, the oh yeah, that's my responsibility, too, but it feels like it's a trap that falls into. Like, well, the CTO is responsible for security at a publicly traded company. Like, well… that tends to not work anymore, past certain points of scale. Like when I started out independently, yes, I was the CSO. I was also the accountant. I was also the head of marketing. I was also the janitor. There's a bunch of different roles; we all wear different hats at different times.I'm also not a big fan of shaming that oh, yeah. This is a universal truth that applies to every company in existence. That's also where I think Twitter started to go wrong where you would get called out whenever making an observation or witticism or whatnot because there was some vertex case to which it did not necessarily apply and then people would ‘well, actually,' you to death.Chris: Yeah. Well, and I think there's a lot of us in the security community who are in the security one-percenters. We're, “Hey, yes, I'm a cloud security person on a 15-person cloud security team, and here's this awesome thing we're doing.” And then you've got most of the other companies in this country that are probably below the security poverty line. They may or may not have a dedicated security person, they certainly don't have a SIIM, they certainly don't have anybody who's monitoring their endpoints for malware attacks or anything else, and those are the companies that are getting hit all the time with, you know, a lot of this ransomware stuff. Healthcare is particularly vulnerable to that.Corey: When you take a look across the industry, what is it that you're doing now at PrimeHarbor that you feel has been an unmet need in the space? And let me be clear, as of this recording earlier today, we signed a contract with you for a project. There's more to come on that in the future. So, this is me asking you to tell a story, not challenging, like, what do you actually do? This is not a refund request, let's be very clear here. But what's the unmet need that you saw?Chris: I think the unmet need that I see is we don't talk to our builder community. And when I say builder, I mean, developers, DevOps, sysadmins, whatever. AWS likes the term builder and I think it works. We don't talk to our builder community about risk in a way that makes sense to them. So, we can say, “Hey, well, you know, we have this security policy and section 24601 says that all data's classifications must be signed off by the data custodian,” and a developer is going to look at you with their head tilted, and be like, “Huh? What? I just need to get the sprint done.”Whereas if we can articulate the risk—and one of the reasons I wanted to do breaches.cloud was to have that corpus of articulated risk around specific things—I can articulate the risk and say, “Hey, look, you know how easy it is for somebody to go in and enumerate an S3 bucket? And then once they've enumerated and guessed that S3 bucket exists, they list it, and oh, hey, look, now that they've listed it, they know all of the objects and all of the juicy PII that you just made public.” If you demonstrate that to them, then they're going to be like, “Oh, I'm going to add the extra story point to this story to go figure out how to do CloudFront origin access identity.” And now you've solved, you know, one more security thing. And you've done in a way that not just giving a man a fish or closing the bucket for them, but now they know, hey, I should always use origin access identity. This is why I need to do this particular thing.Corey: One of the challenges that I've seen in a variety of different sites that have tried to start cataloging different breaches and other collections of things happening in public is the discoverability or the library management problem. The most obvious example of this is, of course, the AWS console itself, where when it paginates things like, oh, there are 3000 things here, ten at a time, through various pages for it. Like, the marketplace is just a joke of discoverability. How do you wind up separating the stuff that is interesting and notable, rather than, well, this has about three sentences to it because that's all the company would say?Chris: So, I think even the ones where there's three sentences, we may actually go ahead and add it to the repo, or we may just hold it as a draft, so that we know later on when, “Hey, look, here's a federal indictment for Company Three. Oh, hey, look. Company Three was actually this breach announcement that we heard about three months ago,” or even three years ago. So like, you know, Chegg is a great example of, you know, one of those where, hey, you know, there was an incident, and they disclosed something, and then, years later, FTC comes along and starts banging them over the head. And in the FTC documentation, or in the FTC civil complaint, we got all sorts of useful data.Like, not only were they using root API keys, every contractor and employee there was sharing the root API keys, so when they had a contractor who left, it was too hard to change the keys and share it with everybody, so they just didn't do that. The contractor still had the keys, and that was one of the findings from the FTC against Chegg. Similar to that, Cisco didn't turn off contractors' access, and I think—this is pure speculation—I think the poor contractor one day logged into his Google Cloud Shell, cd'ed into a Terraform directory, ran ‘terraform destroy', and rather than destroying what he thought he was destroying, it had the access keys back to Cisco WebEx and took down 400 EC2 instances that made up all of WebEx. These are the kinds of things that I think it's worth capturing because the stories are going to come out over time.Corey: What have you seen in your, I guess, so far, a limited history of curating this that—I guess, first what is it you've learned that you've started seeing as far as patterns go, as far as what warrants inclusion, what doesn't, and of course, once you started launching and going a bit more public with it, I'm curious to hear what the response from companies is going to be.Chris: So, I want to be very careful and clear that if I'm going to name somebody, that we're sourcing something from the criminal justice system, that we're not going to say, “Hey, everybody knows that it was Paige Thompson who was behind it.” No, no, here's the indictment that said it was Paige Thompson that was, you know, indicted for this Capital One sort of thing. All the data that I'm using, it all comes from public sources, it's all sited, so it's not like, hey, some insider said, “Hey, this is what actually happened.” You know? I very much learned from the Ubiquiti case that I don't want to be in the position of Brian Krebs, where it's the attacker themselves who's updating the site and telling us everything that went wrong, when in fact, it's not because they're in fact the perpetrator.Corey: Yeah, there's a lot of lessons to be learned. And fortunately, for what it's s—at least it seems… mostly, that we've moved past the battle days of security researchers getting sued on a whim from large companies for saying embarrassing things about them. Of course, watch me be tempting fate and by the time this publishes, I'll get sued by some company, probably Azure or whatnot, telling me that, “Okay, we've had enough of you saying bad things about our security.” It's like, well, cool, but I also read the complaint before you file because your security is bad. Buh-dum-tss. I'm kidding. I'm kidding. Please don't sue me.Chris: So, you know, whether it's slander or libel, depending on whether you're reading this or hearing it, you know, truth is an actual defense, so I think Microsoft doesn't have a case against you. I think for what we're doing in breaches, you know—and one of the reasons that I'm going to be very clear on anybody who contributes—and just for the record, anybody is welcome to contribute. The GitHub repo that runs breaches.cloud is public and anybody can submit me a pull request and I will take their write-ups of incidents. But whatever it is, it has to be sourced.One of the things that I'm looking to do shortly, is start soliciting sponsorships for breaches so that we can afford to go pull down the PACER documents. Because apparently in this country, while we have a right to a speedy trial, we don't have a right to actually get the court transcripts for less than ten cents a page. And so, part of what we need to do next is download those—and once we've purchased them, we can make them public—download those, make them public, and let everybody see exactly what the transcript was from the Capital One incident, or the Joey Sullivan trial.Corey: You're absolutely right. It drives me nuts that I have to wind up budgeting money for PACER to pull up court records. And at ten cents a page, it hasn't changed in decades, where it's oh, this is the cost of providing that data. It's, I'm not asking someone to walk to the back room and fax it to me. I want to be very clear here. It just feels like it's one of those areas where the technology and government is not caught up and it's—part of the problem is, of course, having no competition.Chris: There is that. And I think I read somewhere that the ent—if you wanted to download the entire PACER, it would be, like, $100 million. Not that you would do that, but you know, it is the moneymaker for the judicial system, and you know, they do need to keep the lights on. Although I guess that's what my taxes are for. But again, yes, they're a monopoly; they can do that.Corey: Wildly frustrating, isn't it?Chris: Yeah [sigh]… yeah, yeah, yeah. Yeah, I think there's a lot of value in the court transcripts. I've held off on publishing the Capital One case because one, well, already there's been a lot of ink spilled on it, and two, I think all the good detail is going to be in the trial transcripts from Paige Thompson's trial.Corey: So, I am curious what your take is on… well, let's called the ‘FTX thing.' I don't even know how to describe it at this point. Is it a breach? Is it just maleficence? Is it 15,000 other things? But I noticed that it's something that breaches.cloud does talk about a bit.Chris: Yeah. So, that one was a fascinating one that came out because as I was starting this project, I heard you know, somebody who was tweeting was like, “Hey, they were storing all of the crypto private keys in AWS Secrets Manager.” And I was like, “Errr?” And so, I went back and I read John J. Ray III's interim report to the creditors.Now, John Ray is the man who was behind the cleaning up of Enron, and his comment was “FTX is the”—“Never in my career have I seen such a complete failure of corporate controls and such a complete absence of trustworthy information as occurred here.” And as part of his general, broad write-up, they went into, in-depth, a lot of the FTX AWS practices. Like, we talk about, hey, you know, your company should be multi-account. FTX was worse. They had three or four different companies all operating in the same AWS account.They had their main company, FTX US, Alameda, all of them had crypto keys in Secrets Manager and there was no access control between any of those. And what ended up happening on the day that SBF left and Ray came in as CEO, the $400 million worth of crypto somehow disappeared out of FTX's wallets.Corey: I want to call this out because otherwise, I will get letters from the AWS PR spin doctors. Because on the surface of it, I don't know that there's necessarily a lot wrong with using Secrets Manager as the backing store for private keys. I do that with other things myself. The question is, what other controls are there? You can't just slap it into Secrets Manager and, “Well, my job is done. Let's go to lunch early today.”There are challenges [laugh] around the access levels, there are—around who has access, who can audit these things, and what happens. Because most of the secrets I have in Secrets Manager are not the sort of thing that is, it is now a viable strategy to take that thing and abscond to a country with a non-extradition treaty for the rest of my life, but with private keys and crypto, there kind of is.Chris: That's it. It's like, you know, hey, okay, the RDS database password is one thing, but $400 million in crypto is potentially another thing. Putting it in and Secrets Manager might have been the right answer, too. You get KMS customer-managed keys, you get full auditability with CloudTrail, everything else, but we didn't hear any of that coming out of Ray's report to the creditors. So again, the question is, did they even have CloudTrail turned on? He did explicitly say that FTX had not enabled GuardDuty.Corey: On some level, even if GuardDuty doesn't do anything for you, which in my case, it doesn't, but I want to be clear, you should still enable it anyway because you're going to get dragged when there's inevitable breach because there's always a breach somewhere, and then you get yelled at for not having turned on something that was called GuardDuty. You already sound negligent, just with that sentence alone. Same with Security Hub. Good name on AWS's part if you're trying to drive service adoption. Just by calling it the thing that responsible people would use, you will see adoption, even if people never configure or understand it.Chris: Yeah, and then of course, hey, you had Security Hub turned on, but you ignore the 80,000 findings in it. Why did you ignore those 80,000 findings? I find Security Hub to probably be a little bit too much noise. And it's not Security Hub, it's ‘Compliance Hub.' Everything—and I'm going to have a blog post coming out shortly—on this, everything that Security Hub looks at, it looks at it from a compliance perspective.If you look at all of its scoring, it's not how many things are wrong; it's how many rules you are a hundred percent compliant to. It is not useful for anybody below that AWS security poverty line to really master or to really operationalize.Corey: I really want to thank you for taking the time to catch up with me once again. Although now that I'm the client, I expect I can do this on demand, which is just going to be delightful. If people want to learn more, where can they find you?Chris: So, they can find breaches.cloud at, well https://breaches.cloud. If you're looking for me, I am either on Twitter, still, at @jcfarris, or you can find me and my consulting company, which is www.primeharbor.com.Corey: And we will, of course, put links to all of that in the [show notes 00:33:57]. Thank you so much for taking the time to speak with me. As always, I appreciate it.Chris: Oh, thank you for having me again.Corey: Chris Farris, cloud security nerd at PrimeHarbor. I'm Cloud Economist Corey Quinn and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry, insulting comment that you're also going to use as the storage back-end for your private keys.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Ollie Lovell · ERRR079. Daniel Willingham on How to Study This episode we're speaking with Daniel Willingham. Dan is Professor… The post ERRR #079. Daniel Willingham on How to Study appeared first on Ollie Lovell.

What actually happens behind the microphone?  Errr, it's all just a blur to me.  

When the lights go down and visitors head home, the museum comes to life! Errr… maybe no one's quite alive, but they sure are actively haunting the Merchant's House Museum and the Louvre! Tickets to our LIVE DIGITAL EXPERIENCE available on Thursday!!! https://www.momenthouse.com/twogirlsoneghost Have ghost stories of your own? E-mail them to us at twogirlsoneghostpodcast@gmail.com This episode is sponsored by Bombas, BetterHelp, and Pretty Litter. Bombas' mission is simple: make the most comfortable clothes ever, and match every item sold with an equal item donated. Go to bombas.com/tgog for 20% off your first purchase. BetterHelp is customized online therapy that offers video, phone and even live chat sessions with your therapist, so you don't have to see anyone on camera if you don't want to. Get 10% off your first month at betterhelp.com/tgog. Once you try Pretty Litter, it'll be the only litter you ever use. Go to prettylitter.com/tgog to save 20% on your first order. If you enjoy our show, please consider donating to our Patreon. We promise to make it worth your time and we promise not to haunt you. We have a variety of different tiers that will give you access to bonus content, special shoutouts, discounted merch and more! Patreon.com/twogirlsoneghostpodcast. Finally, please Rate and Review the podcast on iTunes and follow us on social media! Youtube, Instagram, TikTok, Facebook, and Discord. Edited by the awesome team at Upfire Digital and original music by Arms Akimbo! Disclaimer: the use of white sage and smudging is a closed practice. If you're looking to cleanse your space, here are some great alternatives!