POPULARITY
2 episodes with security headers
Episode 164 contains the notable Digital Marketing News and Updates from the week of June 5 - 9, 2023. And the show notes for this episode was generated using generative AI. And like always, I curated the articles for the show.1. Google's Structured Data Validator vs Schema.org -During June 2023, Google SEO Office Hours, Google's Martin Splitt answered a question about structured data validation and how Google's validator can show different results than the Schema.org validator.Both Google and Schema.org offer tools for validating if structured data is correct. Google's tool validates structured data and it also offers feedback on whether the tested structured data qualifies for rich results in the search engine results pages. Rich results are enhanced search listings that makes the listing stand out on the search results. The Schema.org Schema Markup Validator checks if the structured data is valid according to the official standards.Per Splitt, “Schema.org is an open and vendor-independent entity that defines the data types and attributes for structured data. Google, as a vendor however, might have specific requirements for some attributes and types in order to use the structured data in product features, such as our rich results in Google Search. So while just leaving out some attributes or using some type of values for an attribute is fine with Schema.org, vendors such as Google and others might have more specific requirements in order to use the structured data you provide to actually enhance features and products.”In conclusion, Google's validator has a purpose that is different from just checking if the structured data is valid. It's checking to see if the structured data that Google requires (for potentially showing a webpage in enhanced search results) is valid. The Schema.org validator is just checking for standards and has nothing to do with how Google uses structured data.You can watch the June SEO office hour here.2. Google's Latest Search Console Update Makes it Easier to Fix Video Indexing Issues - Google has released an update to its Search Console, aimed at refining video indexing reports. This enhancement promises to offer you more precise problem descriptions and actionable solutions to help boost the visibility of your videos in Google Search.Previously, users encountered a generic "Google could not identify the prominent video on the page" error. Now, Google has decided to provide more specific details to overcome this problem. Here's what you need to know: Video outside the viewport: If your video isn't fully visible when the page loads, you'll need to reposition it. Make sure the entire video lies within the renderable area of the webpage. Video too small: If your video is smaller than desired, you should increase its size. The height should exceed 140px, and the width should be greater than 140px and constitute at least one-third of the page's width. Video too tall: If your video is taller than 1080px, it's time to resize it. Decrease the height to less than 1080px to comply with Google's new guidelines. While you might still see some old error messages for the next three months, Google plans to phase these out, replacing them with these new, more detailed notifications.By adhering to these updates, you can maximize your video's prominence on Google Search and enhance user engagement. Happy optimizing!3. Navigating the World of Domains: A Google Insider's Advice - Let's delve into the world of domain names and how they can impact your business's digital reach, guided by insights from Google Search Advocate, John Mueller.Mueller recently clarified the differences between generic top-level domains (gTLDs) and country code top-level domains (ccTLDs), following Google's decision to reclassify .ai domains as gTLDs, breaking away from their previous association with Anguilla.In essence, gTLDs (such as .com, .store, .net) are not tied to a specific geographical location, unlike ccTLDs (like .nl for the Netherlands, .fr for France, .de for Germany) that are country-specific. Mueller pointed out that if your business is primarily targeting customers within a certain country, a ccTLD might be the way to go. On the other hand, if you're aiming for a global customer base, a gTLD could be the better option.Importantly, Mueller also highlighted the need to consider user perception. He posed a question to consider: will users click on a link they believe is meant for another country's audience?Furthermore, Mueller also cautioned against using TLDs that may appear spammy, as it can harm your site's credibility.His advice underscores the importance of strategic decision-making when registering your domain, reminding us that the choice of a domain name is not just a technical one, but a business decision that can have a significant impact on your online presence.4. Google's Verdict on the Impact of Security Headers on Search Rankings - In your quest for a secure website, you may have come across HTTP headers - bits of data that offer valuable metadata about a webpage to browsers or web crawlers. The most well-known among these are response headers, like the infamous 404 Error or the 301 redirect.A subset of these headers, known as security headers, play a critical role in fortifying your site against malicious attacks. For instance, the HSTS (HTTP Strict Transport Security) header mandates that a webpage be accessed only via HTTPS, not HTTP, and ensures the browser remembers this preference for the future.While a 301 redirect can guide browsers from HTTP to HTTPS, it leaves your site exposed to potential 'man-in-the-middle' attacks. An HSTS header, on the other hand, ensures your browser requests the HTTPS version directly, effectively bolstering site security.A question was recently posed to Google's John Mueller about whether integrating security headers, like HSTS, could influence website ranking. Mueller's response was clear: the HSTS header does not impact Google Search. This header's purpose is to guide users to the HTTPS version of a site. As for deciding which version of a page to crawl and index, Google uses a process known as canonicalization, which doesn't rely on headers like HSTS.So, while security headers might not boost your site's search ranking, their importance in maintaining a secure browsing experience for your users cannot be overstated. Remember, a secure website is a trusted website, and trust forms the foundation of any successful online presence.5. Debunking 'Index Bloat': Google's Take on Effective Web Page Indexing - In a recent episode of Google's 'Search Off The Record' podcast, the Search Relations team at Google tackled the topic of web page indexing, putting a spotlight on the much-discussed theory within the SEO community: "Index Bloat."This theory, often cause for concern, refers to a situation where search engines index pages that aren't beneficial for search results. It includes pages like filtered product pages, printer-friendly versions, internal search results, and more. Advocates of the index bloat theory argue that such pages can confuse search engines and negatively impact search rankings. They link this issue to the concept of a crawl budget, which is the number of URLs a search bot will crawl during each visit. The theory proposes that index bloat can lead to an inefficient use of this crawl budget, with search bots wasting time and resources gathering unneeded data.However, Google's John Mueller challenged this theory, stating there is no known concept of index bloat at Google. According to Mueller, Google doesn't set an arbitrary limit on the number of indexed pages per site. His advice to webmasters is not to worry about excluding pages from Google's index, but instead, focus on creating and publishing useful content.While some supporters of the index bloat theory have pointed to issues like accidental page duplication, incorrect robots.txt files, and poor or thin content as causes, Google asserts that these are not signs of a non-existent "index bloat," but simply general SEO practices that require attention.Some have suggested using tools like Google Search Console to detect index bloat by comparing the actual number of indexed pages to what's expected. Google's stance implies this comparison isn't indicating a problem, but is instead part of routine website management and monitoring.Google's official stance dismisses the idea of index bloat. Instead, the emphasis should be on ensuring the pages submitted for indexing are valuable and relevant, thereby enhancing the overall user experience.6. Controlling Googlebot: Decoding Google's Search Relations Podcast Insights - In the latest episode of the 'Search Off The Record' podcast, Google's Search Relations team, John Mueller and Gary Illyes, delved into two key topics: blocking Googlebot from crawling certain parts of a webpage and preventing Googlebot from accessing a website completely.When asked how to stop Googlebot from crawling specific sections of a webpage, such as the "also bought" areas on product pages, Mueller emphasized that there's no direct method to achieve this. "It's impossible to block crawling of a specific section on an HTML page," he clarified.However, Mueller did propose two strategies, albeit not perfect ones, to navigate this issue. One involves utilizing the data-nosnippet HTML attribute to stop text from being displayed in a search snippet. The other strategy involves using an iframe or JavaScript with the source blocked by robots.txt. But be wary, as Mueller cautioned against this approach, stating it could lead to crawling and indexing issues that are difficult to diagnose and solve.Mueller also reassured listeners that if the same content appears across multiple pages, it's not a cause for concern. "There's no need to block Googlebot from seeing that kind of duplication," he added.Addressing the question of how to prevent Googlebot from accessing an entire site, Illyes provided a straightforward solution. Simply add a disallow rule for the Googlebot user agent in your robots.txt file, and Googlebot will respect this and avoid your site. For those wanting to completely block network access, Illyes suggested creating firewall rules that deny Google's IP ranges.To sum up, while it's impossible to stop Googlebot from accessing specific HTML page sections, methods like the data-nosnippet attribute can offer some control. To block Googlebot from your site altogether, a simple disallow rule in your robots.txt file should suffice, though you can take further steps like setting up specific firewall rules for a more stringent blockade.7. Sweeping Changes to Google Ads Trademark Policy: What You Need to Know - Google Ads is making significant changes to its Trademark Policy that could impact how your advertisements are run. Starting July 24, Google will only entertain trademark complaints that are filed against specific advertisers and their ads. This is a shift away from the current policy, where complaints can lead to industry-wide restrictions on using trademarked content.This change is a response to feedback from advertisers who found the previous system frustrating due to over-flagging and broad blocks. The new policy aims to streamline resolutions, making them quicker and more straightforward. In addition, it will provide greater clarity and transparency for advertisers, a much-needed improvement many have been advocating for.As explained by a Google spokesperson, "We are updating our Trademark Policy to focus solely on complaints against specific advertisers in order to simplify and speed up resolution times, as opposed to industry-wide blocks that were prone to over-flagging. We believe this update best protects our partners with legitimate complaints while still giving consumers the ability to discover information about new products or services.”Do note that any trademark restrictions implemented before July 24 under the current policy will continue to apply. However, Google plans to phase out these limitations for most advertisers gradually over the next 12-18 months.You can learn more about these changes by visiting the Google Ads Trademarks policy page here.8. Double Menus, Double Fun: SEO Unaffected by Multiple Navigations - In a recent SEO office hours video, Google's Gary Illyes made it clear that the presence of multiple navigation menus on your website doesn't affect your SEO performance - be it positively or negatively.The question arose during the video discussion, asking whether having two navigation menus - a main one featuring important site categories and a secondary one focusing on brand-related extensions - could potentially harm SEO performance.Illyes' response was reassuring. He stated that it's highly unlikely that multiple navigation menus would have any impact on your website's SEO. In other words, whether you have one, two, or even more navigation menus on your page, Google's algorithms are sophisticated enough to recognize these elements and process them accordingly.So, rest easy and design your website to best serve your audience. Remember, whether your navigation is on the top, left, or bottom of your page, Google's got it figured out!9. Google's Eye on XML Sitemap Changes: Resource Efficiency in Action - Google's own Gary Illyes recently reaffirmed that the tech giant is diligent about scanning XML sitemaps for updates before launching the reprocessing protocol. This practice is rooted in the desire to conserve valuable computational resources by avoiding unnecessary reprocessing of unchanged files.When asked whether Google compares current and previous versions of XML sitemaps, Illyes's response was a resounding yes. He explained that Google refrains from reprocessing sitemaps that have remained the same since their last crawl - a measure designed to prevent wastage of computing resources.However, any modifications in your sitemap, whether in the URL element or 'last mod', will trigger a new round of parsing and generally initiate reprocessing. Illyes pointed out that this doesn't automatically guarantee that the altered URLs will be crawled, as they must still pass through the usual quality evaluations like any other URL.Importantly, if a URL is deleted from the sitemap because it no longer exists, it doesn't imply that it will instantly be removed from the index or prioritized for crawling to expedite its deletion. Keep this in mind when making changes to your sitemap.10. Boost Your Search Rankings: Google's Advice on Consolidating Pages - In a recent SEO office hours video, Google's Gary Illyes brought up a valuable point about web page consolidation. He discussed 'host groups', a term used when Google displays two results from the same domain in search results, with one listed below the other.Illyes suggested that when your website forms a host group, it indicates that you have multiple pages capable of ranking well for a particular query. In such cases, he recommended considering the consolidation of these pages, if feasible.This advice aligns with Google's host groups documentation, which recommends setting one of these pages as the 'canonical' if you'd prefer users to land on that page over the other.The concept of a host group comes into play when two or more consecutive text results from the same site rank for the same query and hence, get grouped together.The rationale behind Google's recommendation for consolidation could be understood as an attempt to prevent your pages from competing against each other. When two pages vie for the same ranking, consolidating them could potentially boost the ranking of the remaining page.From an SEO perspective, having two listings could increase your click-through rate. However, the idea of consolidation is to create a more streamlined user experience and possibly enhance your page's ranking.Keep in mind that this is an approach to consider and may not suit every situation. Always consider your unique context and audience needs when making SEO decisions.11. Unlocking Video Thumbnails in Google Search: Key Insights Revealed - Recent changes to Google's approach to video thumbnails in search results have prompted many queries. These alterations ensure that video thumbnails are displayed only when the video constitutes the main content on a webpage.This doesn't imply that the video must be the first element on your page. Instead, as Google's Gary Illyes explains, the video should be immediately noticeable — it should be "in their face right away." This user-centric approach enhances the user experience, eliminating the need for them to hunt for the video on the page.Illyes encourages web developers and SEO experts to consider the user's perspective. When visitors land on your page, they should not have to actively search for the video. It should be prominently displayed, akin to the approach of popular video platforms like Vimeo and YouTube.Remember, the aim of these changes is to reduce confusion and streamline the user experience by ensuring that videos are easy to find and view. Take inspiration from major video sites to better understand what Google's algorithms are seeking.12. Enhanced Conversion Tracking with Microsoft Advertising's New Cross-Device Attribution Model - Microsoft Advertising is set to enhance its tracking capabilities with the introduction of a Cross-Device attribution model. Revealed in Microsoft's latest product update roundup in June, this model promises to provide more accurate insights into customer conversion journeys across multiple devices and sessions.With this new feature, if a customer clicks an ad on their laptop and later completes a purchase on their phone, Microsoft Advertising will attribute the conversion to the original ad click on the laptop. This development will ensure that your marketing efforts are accurately credited, regardless of the device where the conversion ultimately occurs.As a result of this new tracking model, marketers may notice a slight uptick in the number of conversions reported in their performance metrics. If you observe an increase in conversions, the new Cross-Device attribution model could be the driving factor. Keep an eye on your reports to understand the full impact of this latest update on your performance data.13. New Verification Mandates for Microsoft Ads: Everything You Need to Know - Starting August 1st, Microsoft Advertising will be implementing a new policy to enhance transparency and security. Only ads from verified advertisers will be displayed on the platform. If you haven't yet met the Microsoft Ads verification requirements, it's crucial to complete them before August 1st to ensure your ads continue to run smoothly.The Microsoft Ads Advertiser Identity Verification program, which was launched in June 2022, is rolling out the following important dates: As of July 1st, all new advertisers must be verified before their ads can go live. If you haven't received an email from Microsoft about account verification by July 15th, you should reach out to Microsoft support. Starting August 1st, Microsoft Advertising will exclusively display ads from verified advertisers. Once verified, all ads will showcase: The name and location of the advertiser. The business or individual responsible for funding the ad. Additional information explaining why a user is seeing a specific ad, including targeting parameters. In addition to these updates, Microsoft Advertising is also launching a new feature - the Ad Library. This will enable all users to view ads shown on Bing that have gained any impressions in the European Union. Users will be able to search for ads in the Ad Library by using the advertiser's name or by entering words included in the ad creative. The details of the advertiser will be displayed in the Ad Library.Stay ahead of the game and get your account verified to enjoy uninterrupted ad delivery with Microsoft Advertising!14. Unleashing New Opportunities: LinkedIn Introduces Direct Messaging for Company Pages - In a bid to foster more professional connections and interactions, LinkedIn is set to expand its messaging tools. The platform has now introduced a new feature that allows Company Pages to send and receive direct messages (DMs). This marks a major development as previously, one-to-one messaging was only available for individual LinkedIn members.LinkedIn's new feature, termed Pages Messaging, paves the way for members to directly contact brands. Conversations can cover a broad range of topics from products and services to business opportunities. To handle these two-way conversations, organizations will be equipped with a dedicated inbox, enabling them to manage and prioritize incoming inquiries that are most relevant to their business.As a result of this feature, companies might see a significant increase in messages inquiring about opportunities. However, LinkedIn's 'focused inbox' system, which segregates DMs based on priority and topic settings, can help manage the influx. In addition, companies have the option to disable the Message feature if they wish.LinkedIn has been quietly testing this feature with a select group of users in the past month. Considering that over 63 million companies actively post on their LinkedIn Company Pages, this new feature could potentially revolutionize direct interactions and unearth fresh opportunities.Furthermore, LinkedIn is exploring the integration of an AI assistant to aid in lead nurturing. This could be a significant asset, allowing users to research the person they are communicating with without the need to manually browse through their profile or posts.While it might not be a 'game-changer', the new Company Page messaging feature, which is being rolled out from today, is certainly a noteworthy addition to consider in your LinkedIn marketing strategy.15. Apple Amps Up Privacy: A Glimpse at iOS 17 and macOS Sonoma - In a continued commitment to user privacy, Apple has introduced fresh security enhancements in iOS 17 and macOS Sonoma, aimed at curbing intrusive web tracking. The new Link Tracking Protection feature is at the heart of this upgrade.Activated by default in Mail, Messages, and Safari (while in Private Browsing mode), Link Tracking Protection zeroes in on tracking parameters in link URLs, which are often used to monitor user activity across different websites. The feature scrubs these identifiers, thereby thwarting advertisers' and analytics firms' attempts to bypass Safari's intelligent tracking prevention functionalities.Typically, these tracking parameters are attached to the end of a webpage's URL, bypassing the need for third-party cookies. When a user clicks the modified URL, the tracking identifier is read, enabling the backend to create a user profile for personalized ad targeting.Apple's new feature disrupts this process by identifying and removing these tracking components from the URL, ensuring the user's web page navigation remains as intended. This operation is quietly executed during browser navigation in Safari's Private Browsing mode and when links are clicked within the Mail and Messages apps.To strike a balance, Apple has also unveiled an alternate method for advertisers to gauge campaign effectiveness while preserving user privacy. Private Click Measurement, now accessible in Safari Private Browsing mode, enables the tracking of ad conversion metrics without disclosing individual user activity.In conclusion, Apple's latest efforts reflect a renewed commitment to user privacy, promising to make online experiences safer and more secure across their operating systems.
In episode 72 of the We Hack Purple Podcast host Tanya Janca brings Scott Helme back on because she just cannot get enough when it comes to security headers! You can watch and listen to his first episode here (https://wehackpurple.com/podcast/episode-69-with-scott-helme/). In this episode we focus on the “new” security headers from Scott's great blog article where he first introduced the public to them (https://scotthelme.co.uk/coop-and-coep/). The new security header's focus on protecting us from side-channel attacks like Spectre and Meltdown, and we really honed in on how to configure each one, and why we would need or want them. The features are powerful, and we discussed building up to using them, for best results. Part of the reason that Scott built SecurityHeaders.com was to contribute to solving the problem of ‘how do we get the message out there'. SecurityHeaders.com is an educational tool rather than any kind of definitive or perfect security assessment tool, but it's still incredibly useful. He's working hard to raise awareness, and podcast episodes like this can help. One of the most striking things Scott hears when teaching his and Troy Hunt's ‘Hack Yourself First' course when they talk about headers like CSP and HSTS, is: “Wow, I didn't know this existed!” There is a huge gap that we need to bridge in security between these things existing, and people knowing they exist and then actually using them. This is a bug hurdle for folks like us.We also talked a bit about how all of these security headers are able to create reports and tell you what's up with your app. Lucky for us, Scott built Report-URI so we can receive those reports with ease! Scott also has another free tool he created: https://crawler.ninja/ too, where he scans the top 1 million sites every day and looks at various things, including their use of security headers. As an example, you can see this list of sites using a CSP from today: https://crawler.ninja/files/csp-sites.txtScott also creates reports using his crawler data that showing trends over time and changes in the usage of security features like various security headers: https://scotthelme.co.uk/tag/crawler-report/Very special thanks to our sponsor: Women's Society of Cyberjutsu! Women's Society of Cyberjutsu are hosting CYBERJUTSU CON 4.0 and the 10th Annual Cyberjutsu Awards on June 24, 2023!!! The con Con will consist of Hands-on Workshops, Capture The Flag (CTF) Competitions, Professional Headshots, Recruiting Opportunities, Celebration, and more. Participants will walk away with hands-on knowledge that can be applied immediately on the job. You can check out the event here: https://womenscyberjutsu.org/page/CyberCon2023Join We Hack Purple!Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!
Hey, it's 5:05 thanks for joining us on, Friday April 14th, 2023,. From the Sourced Podcast Network in Camp Hill Pennsylvania. This is your host Bob Bannon. Stories in today's episode, come from Trac Bannon in Camp Hill Pennsylvania, Edwin Kwan in Sydney, Australia, Katy Craig in San Diego, California , and Marcel Brown in St. Louis, Missouri. Pokie is going on vacation, I have the controls, Let's get to it.Security Headers to Secure Your Web Application
In episode 69 of the We Hack Purple Podcast Host Tanya Janca speaks to the only person on earth who is more excited about security headers than she is: Scott Helme of Report URI! Scott talked about all the different security headers, how some are ‘new', when and why we would use them. We spoke about why some security headers stopped being used, rogue certificate authorities, and so much more. In fact, at the end, we felt that didn't get to finish all the things we wanted to say. There was so much more to dive into, meaning this is part 1 of a 2 part episode! Scott's Bio:Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption. Scott's Links:https://scotthelme.co.ukhttps://report-uri.com/https://scotthelme.co.uk/tag/crawler-report/https://crawler.ninja/ https://crawler.ninja/files/csp-sites.txt Very special thanks to our sponsor: The Diana Initiative! A conference committed to helping all those underrepresented in Information Security: Monday August 7, 2023 In-Person at The Westin Las Vegas Hotel & SpaJoin We Hack Purple!Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!
1. Jeevan Singh -- Threat modeling based in democracyJeevan joins us to speak about self-serve threat modeling at Segment or threat modeling based in democracy. 2. joswha/Secure-Coding-HandbookClient side, Server Side, Auxiliary.3. Security headers quick referenceSecurity headers recommended for all websites, websites that handle sensitive user data, and websites with advanced capabilities.4. Cyber insurance isn't helping with cybersecurity, and it might be making the ransomware crisis worse, say researchersThe paper suggests that insurance should require 'minimum ransomware controls' as part of any ransomware coverage.5. Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious RootkitIf you sign something malicious, you allow it to bypass all your other security controls.
Friss hírek a HTML6 és CSS4 kiadásának részleteivel kapcsolatban, Yandex real-time video translate megoldás, milyen szoftverek segítik a leggyakrabban az együttműködést, és még néhány más érdekesség Résztvevők: Edu Róka Tartalom: 00:00:00 Intro 00:00:42 Image Set 00:08:29 HTML6 CSS4 00:12:59 Yandex translator 00:18:03 Security Headers Image Set Image set – https://developer.mozilla.org/en-US/docs/Web/CSS/image/image-set() Security headers Security Headers – […]
HTTP security headers are an easy and effective way to harden your application against all kinds of client side attacks. We'll discuss which security headers there are, what functions they have and how to use them properly. To learn more about Netsparker, visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode652
HTTP security headers are an easy and effective way to harden your application against all kinds of client side attacks. We'll discuss which security headers there are, what functions they have and how to use them properly. To learn more about Netsparker, visit: https://securityweekly.com/netsparker Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/PSWEpisode652
For this episode of The Secure Developer Podcast, we welcome Scott Helme to chat with us about front end security. Scott is the force behind Security Headers and Report URI and he is also a Pluralsight author and an award-winning entrepreneur! We get to hear about Scott's professional trajectory since leaving college, the interesting developments and changes he has made along the way, and his current work with his different projects. Scott then explains the service that Security Headers provides, something that he created to effectively scratch his own itch. The educational value it offers is quite remarkable and our guest does a great job of explaining exactly how it functions and its ease of use. From there he turns to Report URI and explains how this company compliments the services of Security Headers. Our conversation progresses onto the topic of HTTPS and the encouraging increases that have been happening for years now in terms of adoption and ultimately, security. This is something that Scott has been very excited about and happy to see, as it shows a general trend in the industry towards better, safer practices and standards. The last part of our conversation is spent with Scott sharing some thoughts on organizational approaches to security and what he sees in the near future for the space. For all this and then some, tune in today!
What a great Forensic Lunch today! On today's broadcast we had: Yuri Gubanov (@belkasoft) giving an update about whats going on at Belkasoft. Including their IOS 13.4 full file system acquisition using Checkm8, their new IR module in Belkasoft Evidence Center and a neat capability to do managed remote logical phone collections. Steve Gibson and Spencer Hendee (@stevegibson) from KPMG (disclaimer I work there too!) came on to discuss the really cool AWS Cloud IR Automation we've been working on. Brian Moran (@brimorlabs) social media maven and principal of BriMorLabs came on to discuss the Magnet Virtual Summit DFIRFIT 2020 where for a donation (and some excercise) you can get a cool prize pack shipped to you anywhere in the world! Register here: https://mvsdfirfit2020.com Caleb Queern (@HttpSecHeaders) also of KPMG came on to discuss the clearsite HTTP header. This was interesting as its a directive a website can give to a browser to tell it to clear/not store history or data about it. This will need to be tested, you can read more here https://w3c.github.io/webappsec-clear-site-data/ So great stuff this week, you can watch below. Otherwise next week we've already confirmed Zach Wasserman to come and talk about OSQuery and Kollide!
Shell text processing, data rebalancing on ZFS mirrors, Add Security Headers with OpenBSD relayd, ZFS filesystem hierarchy in ZFS pools, speeding up ZSH, How Unix pipes work, grow ZFS pools over time, the real reason ifconfig on Linux is deprecated, clear your terminal in style, and more. Headlines Text processing in the shell (https://blog.balthazar-rouberol.com/text-processing-in-the-shell) This article is part of a self-published book project by Balthazar Rouberol and Etienne Brodu, ex-roommates, friends and colleagues, aiming at empowering the up and coming generation of developers. We currently are hard at work on it! One of the things that makes the shell an invaluable tool is the amount of available text processing commands, and the ability to easily pipe them into each other to build complex text processing workflows. These commands can make it trivial to perform text and data analysis, convert data between different formats, filter lines, etc. When working with text data, the philosophy is to break any complex problem you have into a set of smaller ones, and to solve each of them with a specialized tool. Rebalancing data on ZFS mirrors (https://jrs-s.net/2020/03/10/rebalancing-data-on-zfs-mirrors/) One of the questions that comes up time and time again about ZFS is “how can I migrate my data to a pool on a few of my disks, then add the rest of the disks afterward?” If you just want to get the data moved and don’t care about balance, you can just copy the data over, then add the new disks and be done with it. But, it won’t be distributed evenly over the vdevs in your pool. Don’t fret, though, it’s actually pretty easy to rebalance mirrors. In the following example, we’ll assume you’ve got four disks in a RAID array on an old machine, and two disks available to copy the data to in the short term. News Roundup Using OpenBSD relayd to Add Security Headers (https://web.archive.org/web/20191109121500/https://goblackcat.com/posts/using-openbsd-relayd-to-add-security-headers/) I am a huge fan of OpenBSD’s built-in httpd server as it is simple, secure, and quite performant. With the modern push of the large search providers pushing secure websites, it is now important to add security headers to your website or risk having the search results for your website downgraded. Fortunately, it is very easy to do this when you combine httpd with relayd. While relayd is principally designed for layer 3 redirections and layer 7 relays, it just so happens that it makes a handy tool for adding the recommended security headers. My website automatically redirects users from http to https and this gets achieved using a simple redirection in /etc/httpd.conf So if you have a configuration similar to mine, then you will still want to have httpd listen on the egress interface on port 80. The key thing to change here is to have httpd listen on 127.0.0.1 on port 443. How we set up our ZFS filesystem hierarchy in our ZFS pools (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSOurContainerFilesystems) Our long standing practice here, predating even the first generation of our ZFS fileservers, is that we have two main sorts of filesystems, home directories (homedir filesystems) and what we call 'work directory' (workdir) filesystems. Homedir filesystems are called /h/NNN (for some NNN) and workdir filesystems are called /w/NNN; the NNN is unique across all of the different sorts of filesystems. Users are encouraged to put as much stuff as possible in workdirs and can have as many of them as they want, which mattered a lot more in the days when we used Solaris DiskSuite and had fixed-sized filesystems. Speeding up ZSH (https://blog.jonlu.ca/posts/speeding-up-zsh) https://web.archive.org/web/20200315184849/https://blog.jonlu.ca/posts/speeding-up-zsh I was opening multiple shells for an unrelated project today and noticed how abysmal my shell load speed was. After the initial load it was relatively fast, but the actual shell start up was noticeably slow. I timed it with time and these were the results. In the future I hope to actually recompile zsh with additional profiling techniques and debug information - keeping an internal timer and having a flag output current time for each command in a tree fashion would make building heat maps really easy. How do Unix Pipes work (https://www.vegardstikbakke.com/how-do-pipes-work-sigpipe/) Pipes are cool! We saw how handy they are in a previous blog post. Let’s look at a typical way to use the pipe operator. We have some output, and we want to look at the first lines of the output. Let’s download The Brothers Karamazov by Fyodor Dostoevsky, a fairly long novel. What we do to enable us to grow our ZFS pools over time (https://utcc.utoronto.ca/~cks/space/blog/solaris/ZFSHowWeGrowPools) In my entry on why ZFS isn't good at growing and reshaping pools, I mentioned that we go to quite some lengths in our ZFS environment to be able to incrementally expand our pools. Today I want to put together all of the pieces of that in one place to discuss what those lengths are. Our big constraint is that not only do we need to add space to pools over time, but we have a fairly large number of pools and which pools will have space added to them is unpredictable. We need a solution to pool expansion that leaves us with as much flexibility as possible for as long as possible. This pretty much requires being able to expand pools in relatively small increments of space. Linux maintains bugs: The real reason ifconfig on Linux is deprecated (https://blog.farhan.codes/2018/06/25/linux-maintains-bugs-the-real-reason-ifconfig-on-linux-is-deprecated/) In my third installment of FreeBSD vs Linux, I will discuss underlying reasons for why Linux moved away from ifconfig(8) to ip(8). In the past, when people said, “Linux is a kernel, not an operating system”, I knew that was true but I always thought it was a rather pedantic criticism. Of course no one runs just the Linux kernel, you run a distribution of Linux. But after reviewing userland code, I understand the significant drawbacks to developing “just a kernel” in isolation from the rest of the system. Clear Your Terminal in Style (https://adammusciano.com/2020/03/04/2020-03-04-clear-your-terminal-in-style/) if you’re someone like me who habitually clears their terminal, sometimes you want a little excitement in your life. Here is a way to do just that. This post revolves around the idea of giving a command a percent chance of running. While the topic at hand is not serious, this simple technique has potential in your scripts. Feedback/Questions Guy - AMD GPU Help (http://dpaste.com/2NEPDHB) MLShroyer13 - VLANs and Jails (http://dpaste.com/31KBNP4#wrap) Master One - ZFS Suspend/resume (http://dpaste.com/0DKM8CF#wrap) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Your browser does not support the HTML5 video tag.
Eddie takes a back seat in this episode (due to being a bit under the weather), while Josh tells us about several articles that intrigued him this week.
Security.txt and Security Headers on SaaS Platforms; Let’s Encrypt Root Cert Changes; TicTocTrack Kids Watch Vulnerabilities; Sponsored by Twilio https://www.troyhunt.com/weekly-update-135/
Hey folks, this is our next to last RTO of the year! Sorry it’s a little late this week, but as always, we think it’ll be worth the wait. This week, we start off with...
Panel: Charles Max Wood Guest: Ryan Chenkie This week on My Angular Story, Charles speaks with Ryan Chenkie (Canada). He is a developer who uses JavaScript with Angular and Node and he does screencasting at angularcasts.io. They talk about Ryan’s background, his current projects, and getting over imposter syndrome! Check it out! In particular, we dive pretty deep on: 0:00 – Advertisement: Get A Coder Job! 0:47 – Chuck: Today our guest is Ryan Chenkie! 0:55 – Guest: Hello! I’m excited! 1:02 – Chuck: What are you doing now? 1:10 – Guest: I spent 2.5 years at Auth0 and learned a ton there. I was doing some side work and then figured out I had to focus on one thing or the other. Now I have been a consultant fulltime and also teaching, too. AngularCast.io I teach there. 1:56 – Chuck: Sounds like people are excited about GraphQL. I’ve been there, too, and make a similar decision. 2:19 – Guest: It was a hard decision b/c I liked all of my colleagues there. I always had the itch to be self-employed. 2:42 – Chuck: You figure out of it’s for you or not. 2:51 – Guest: Yep! I am happy to be another year of it. 3:00 – Chuck: I went free-lanced about a year ago b/c the decision was made for me. 3:29 – Guest: I am grateful for it. 3:40 – Chuck: Yeah, we talk about this a lot on one of my podcast platforms. If you can make a connection with people then you’ll be god. 4:07 – Guest: Yeah I had to figure out if I would have to focus on the marketing side of things or not. Right now the projects are coming to me – right to my front door, which is great! It’s this ever-expanding web. 4:55 – Chuck: Yeah where people tend to show-up. Let’s talk about your story! How did you get into programming? 5:30 – Guest: It was a little less typically at the time. I was fully self-taught. I went to school for a somewhat Geography degree. It got boring for me at some point. I had to do one programming course while in school and it was in Java. I was terrible at it and I didn’t have a clue what I was doing. It didn’t help that the instruction wasn’t great. I was terrible I didn’t understand a thing. I was scared that I was going to fail the course. I came out of there feeling like I didn’t have the chops to be a programmer. I was doing Geomantic-stuff. I learned that the further you get into this programming stuff you would make better money – better job, etc. I was trying to put this map/graph into a website and it said that I had to learn Java. This time, though, the material was taught to me in these small increments. I got into it more and I was more attracted to the idea of programming. 10:00 – Guest continues. 10:32 – Guest: I was learning Angular and JavaScript better. 10:35 – Chuck: Yeah it makes you think through it. You have to go deep. 10:47 – Guest: I would make a sample packet. I would get to certain points and get to a point and I couldn’t explain what I did. I would get to a roadblock and I couldn’t explain it. I would be on this tangent for a while and have to figure this out. I was working with the government, at this time, but I thought: maybe I could try this programming thing for a while. Did you go to NG Vegas conference? 12:20 – Chuck: Nope. 12:25 – Guest: There is this conference in Las Vegas – I am going to go and hang out with people. At this conference I met some important people. This company posted that they needed someone and I thought: this is the job for me. I sent an email – went to an interview – and did an example. I got the job and freaked out because I wasn’t a “real” programmer. I wrote some content for them and it’s been all good. 14:07 – Chuck: Let me back-up real quickly. How did you find Angular? 14:18 – Guest: It’s hard to pinpoint the “moment” I had found Angular. As I am learning through Code Academy I am reading articles and stuff. I heard about Angular.js and watched some online tutorials and watched all of the talks from the conference. I thought that I needed to learn it b/c it was pretty popular at the time. I knew how to write JavaScript, but made me clearly see with Angular.js app I had to back up and learn it. 15:34 – Chuck: Yep! 16:05 – The guest mentions Hacker News among other things. 16:22 – Chuck: Angular and Electron is what we brought you on for – is that what you are doing? 16:36 – Guest: The guest talks about his experiences with Angular and Electron. 18:26 – Chuck: Let’s backup some more – didn’t sound like you worked with a lot of tech companies right? 18:51 – Guest: Yep that was my only one. 18:57 – Chuck: I hear a lot of complaints from people having this imposter syndrome. You only being in the industry for a short amount of time – how did you overcome the imposter syndrome? 19:34 – Guest: Imposter syndrome has been an issue for me – I wasn’t crippled – but it’s debilitating. “Who am I to teach on this subject?” – but I think I’ve made conscious efforts to ignore that and to use it as a little bit as fuel. I remember, man, of being scarred! I remember being terrified to see the online comments – b/c they are going to “know” that I don’t know what I am talking about. Funny thing is that I had a lot of positive comments. Little-by-little, those positive pieces of feedback were good for me. I thought: At least I am helping people (like I said, little-by-little!). I think there has been a part of a loop there. If you can look for that feedback it can help overcome imposter syndrome. The things of value are the things that scare you. 22:41 – Chuck: Yeah, I talk about this all the time to people. I have been self-employed for 8.5 years. I am not going to starve. If I had to, I could go and find a “normal” job. 23:20 – Guest: I agree. One piece of feedback that I got from a colleague is that she said: you are very resourceful! Knowing that it helped b/c it was a boost of confidence. If I had this capacity of being resourceful that helped me make my decision. It wasn’t a good time in the sense that we just had a baby. If it went south then I could always go back and get a “normal” job. 24:43 – Chuck: Yeah we talk about that in Agile development – the further you go the more information you get. 24:58 – Guest. Yep 25:03 – Chuck: What are you doing now? 25:07 – Guest: I’ve had a few large clients these past few years. I have current projects going now one is with a museum. I am speaking at a few conferences – one of them was in San Francisco and Prague. Now I am planning for next year and figuring out what my teaching and speaking plans will be. It looks like I am focusing on Graph QL content. Lots of Angular, too! 26:32 – Chuck: You are web famous! 26:35 – Guest: I don’t know about that, but I do have some things out there. 26:42 – Chuck: How can people find you? 26:49 – Guest: Twitter! Website! GitHub! 27:18 – Chuck: Picks! 27:25 – Fresh Books! END – CacheFly Links: jQuery Angular JavaScript Vue React Chuck’s Twitter Chuck’s E-mail: chuck@devchat.tv Code Academy Auth0 Scotch.io Ryan’s LinkedIn Ryan’s Packages Ryan’s Website Ryan’s Twitter Ryan’s GitHub Sponsors: Get A Coder Job Fresh Books Cache Fly Picks: Ryan Security Headers Try to push past the fear of being an “imposter”! Chuck Dungeons & Dragons Take time with family! Being handy around your home. Lowes. Surprise yourself and go beyond the imposter syndrome!
Panel: Charles Max Wood Guest: Ryan Chenkie This week on My Angular Story, Charles speaks with Ryan Chenkie (Canada). He is a developer who uses JavaScript with Angular and Node and he does screencasting at angularcasts.io. They talk about Ryan’s background, his current projects, and getting over imposter syndrome! Check it out! In particular, we dive pretty deep on: 0:00 – Advertisement: Get A Coder Job! 0:47 – Chuck: Today our guest is Ryan Chenkie! 0:55 – Guest: Hello! I’m excited! 1:02 – Chuck: What are you doing now? 1:10 – Guest: I spent 2.5 years at Auth0 and learned a ton there. I was doing some side work and then figured out I had to focus on one thing or the other. Now I have been a consultant fulltime and also teaching, too. AngularCast.io I teach there. 1:56 – Chuck: Sounds like people are excited about GraphQL. I’ve been there, too, and make a similar decision. 2:19 – Guest: It was a hard decision b/c I liked all of my colleagues there. I always had the itch to be self-employed. 2:42 – Chuck: You figure out of it’s for you or not. 2:51 – Guest: Yep! I am happy to be another year of it. 3:00 – Chuck: I went free-lanced about a year ago b/c the decision was made for me. 3:29 – Guest: I am grateful for it. 3:40 – Chuck: Yeah, we talk about this a lot on one of my podcast platforms. If you can make a connection with people then you’ll be god. 4:07 – Guest: Yeah I had to figure out if I would have to focus on the marketing side of things or not. Right now the projects are coming to me – right to my front door, which is great! It’s this ever-expanding web. 4:55 – Chuck: Yeah where people tend to show-up. Let’s talk about your story! How did you get into programming? 5:30 – Guest: It was a little less typically at the time. I was fully self-taught. I went to school for a somewhat Geography degree. It got boring for me at some point. I had to do one programming course while in school and it was in Java. I was terrible at it and I didn’t have a clue what I was doing. It didn’t help that the instruction wasn’t great. I was terrible I didn’t understand a thing. I was scared that I was going to fail the course. I came out of there feeling like I didn’t have the chops to be a programmer. I was doing Geomantic-stuff. I learned that the further you get into this programming stuff you would make better money – better job, etc. I was trying to put this map/graph into a website and it said that I had to learn Java. This time, though, the material was taught to me in these small increments. I got into it more and I was more attracted to the idea of programming. 10:00 – Guest continues. 10:32 – Guest: I was learning Angular and JavaScript better. 10:35 – Chuck: Yeah it makes you think through it. You have to go deep. 10:47 – Guest: I would make a sample packet. I would get to certain points and get to a point and I couldn’t explain what I did. I would get to a roadblock and I couldn’t explain it. I would be on this tangent for a while and have to figure this out. I was working with the government, at this time, but I thought: maybe I could try this programming thing for a while. Did you go to NG Vegas conference? 12:20 – Chuck: Nope. 12:25 – Guest: There is this conference in Las Vegas – I am going to go and hang out with people. At this conference I met some important people. This company posted that they needed someone and I thought: this is the job for me. I sent an email – went to an interview – and did an example. I got the job and freaked out because I wasn’t a “real” programmer. I wrote some content for them and it’s been all good. 14:07 – Chuck: Let me back-up real quickly. How did you find Angular? 14:18 – Guest: It’s hard to pinpoint the “moment” I had found Angular. As I am learning through Code Academy I am reading articles and stuff. I heard about Angular.js and watched some online tutorials and watched all of the talks from the conference. I thought that I needed to learn it b/c it was pretty popular at the time. I knew how to write JavaScript, but made me clearly see with Angular.js app I had to back up and learn it. 15:34 – Chuck: Yep! 16:05 – The guest mentions Hacker News among other things. 16:22 – Chuck: Angular and Electron is what we brought you on for – is that what you are doing? 16:36 – Guest: The guest talks about his experiences with Angular and Electron. 18:26 – Chuck: Let’s backup some more – didn’t sound like you worked with a lot of tech companies right? 18:51 – Guest: Yep that was my only one. 18:57 – Chuck: I hear a lot of complaints from people having this imposter syndrome. You only being in the industry for a short amount of time – how did you overcome the imposter syndrome? 19:34 – Guest: Imposter syndrome has been an issue for me – I wasn’t crippled – but it’s debilitating. “Who am I to teach on this subject?” – but I think I’ve made conscious efforts to ignore that and to use it as a little bit as fuel. I remember, man, of being scarred! I remember being terrified to see the online comments – b/c they are going to “know” that I don’t know what I am talking about. Funny thing is that I had a lot of positive comments. Little-by-little, those positive pieces of feedback were good for me. I thought: At least I am helping people (like I said, little-by-little!). I think there has been a part of a loop there. If you can look for that feedback it can help overcome imposter syndrome. The things of value are the things that scare you. 22:41 – Chuck: Yeah, I talk about this all the time to people. I have been self-employed for 8.5 years. I am not going to starve. If I had to, I could go and find a “normal” job. 23:20 – Guest: I agree. One piece of feedback that I got from a colleague is that she said: you are very resourceful! Knowing that it helped b/c it was a boost of confidence. If I had this capacity of being resourceful that helped me make my decision. It wasn’t a good time in the sense that we just had a baby. If it went south then I could always go back and get a “normal” job. 24:43 – Chuck: Yeah we talk about that in Agile development – the further you go the more information you get. 24:58 – Guest. Yep 25:03 – Chuck: What are you doing now? 25:07 – Guest: I’ve had a few large clients these past few years. I have current projects going now one is with a museum. I am speaking at a few conferences – one of them was in San Francisco and Prague. Now I am planning for next year and figuring out what my teaching and speaking plans will be. It looks like I am focusing on Graph QL content. Lots of Angular, too! 26:32 – Chuck: You are web famous! 26:35 – Guest: I don’t know about that, but I do have some things out there. 26:42 – Chuck: How can people find you? 26:49 – Guest: Twitter! Website! GitHub! 27:18 – Chuck: Picks! 27:25 – Fresh Books! END – CacheFly Links: jQuery Angular JavaScript Vue React Chuck’s Twitter Chuck’s E-mail: chuck@devchat.tv Code Academy Auth0 Scotch.io Ryan’s LinkedIn Ryan’s Packages Ryan’s Website Ryan’s Twitter Ryan’s GitHub Sponsors: Get A Coder Job Fresh Books Cache Fly Picks: Ryan Security Headers Try to push past the fear of being an “imposter”! Chuck Dungeons & Dragons Take time with family! Being handy around your home. Lowes. Surprise yourself and go beyond the imposter syndrome!
Panel: Charles Max Wood Guest: Ryan Chenkie This week on My Angular Story, Charles speaks with Ryan Chenkie (Canada). He is a developer who uses JavaScript with Angular and Node and he does screencasting at angularcasts.io. They talk about Ryan’s background, his current projects, and getting over imposter syndrome! Check it out! In particular, we dive pretty deep on: 0:00 – Advertisement: Get A Coder Job! 0:47 – Chuck: Today our guest is Ryan Chenkie! 0:55 – Guest: Hello! I’m excited! 1:02 – Chuck: What are you doing now? 1:10 – Guest: I spent 2.5 years at Auth0 and learned a ton there. I was doing some side work and then figured out I had to focus on one thing or the other. Now I have been a consultant fulltime and also teaching, too. AngularCast.io I teach there. 1:56 – Chuck: Sounds like people are excited about GraphQL. I’ve been there, too, and make a similar decision. 2:19 – Guest: It was a hard decision b/c I liked all of my colleagues there. I always had the itch to be self-employed. 2:42 – Chuck: You figure out of it’s for you or not. 2:51 – Guest: Yep! I am happy to be another year of it. 3:00 – Chuck: I went free-lanced about a year ago b/c the decision was made for me. 3:29 – Guest: I am grateful for it. 3:40 – Chuck: Yeah, we talk about this a lot on one of my podcast platforms. If you can make a connection with people then you’ll be god. 4:07 – Guest: Yeah I had to figure out if I would have to focus on the marketing side of things or not. Right now the projects are coming to me – right to my front door, which is great! It’s this ever-expanding web. 4:55 – Chuck: Yeah where people tend to show-up. Let’s talk about your story! How did you get into programming? 5:30 – Guest: It was a little less typically at the time. I was fully self-taught. I went to school for a somewhat Geography degree. It got boring for me at some point. I had to do one programming course while in school and it was in Java. I was terrible at it and I didn’t have a clue what I was doing. It didn’t help that the instruction wasn’t great. I was terrible I didn’t understand a thing. I was scared that I was going to fail the course. I came out of there feeling like I didn’t have the chops to be a programmer. I was doing Geomantic-stuff. I learned that the further you get into this programming stuff you would make better money – better job, etc. I was trying to put this map/graph into a website and it said that I had to learn Java. This time, though, the material was taught to me in these small increments. I got into it more and I was more attracted to the idea of programming. 10:00 – Guest continues. 10:32 – Guest: I was learning Angular and JavaScript better. 10:35 – Chuck: Yeah it makes you think through it. You have to go deep. 10:47 – Guest: I would make a sample packet. I would get to certain points and get to a point and I couldn’t explain what I did. I would get to a roadblock and I couldn’t explain it. I would be on this tangent for a while and have to figure this out. I was working with the government, at this time, but I thought: maybe I could try this programming thing for a while. Did you go to NG Vegas conference? 12:20 – Chuck: Nope. 12:25 – Guest: There is this conference in Las Vegas – I am going to go and hang out with people. At this conference I met some important people. This company posted that they needed someone and I thought: this is the job for me. I sent an email – went to an interview – and did an example. I got the job and freaked out because I wasn’t a “real” programmer. I wrote some content for them and it’s been all good. 14:07 – Chuck: Let me back-up real quickly. How did you find Angular? 14:18 – Guest: It’s hard to pinpoint the “moment” I had found Angular. As I am learning through Code Academy I am reading articles and stuff. I heard about Angular.js and watched some online tutorials and watched all of the talks from the conference. I thought that I needed to learn it b/c it was pretty popular at the time. I knew how to write JavaScript, but made me clearly see with Angular.js app I had to back up and learn it. 15:34 – Chuck: Yep! 16:05 – The guest mentions Hacker News among other things. 16:22 – Chuck: Angular and Electron is what we brought you on for – is that what you are doing? 16:36 – Guest: The guest talks about his experiences with Angular and Electron. 18:26 – Chuck: Let’s backup some more – didn’t sound like you worked with a lot of tech companies right? 18:51 – Guest: Yep that was my only one. 18:57 – Chuck: I hear a lot of complaints from people having this imposter syndrome. You only being in the industry for a short amount of time – how did you overcome the imposter syndrome? 19:34 – Guest: Imposter syndrome has been an issue for me – I wasn’t crippled – but it’s debilitating. “Who am I to teach on this subject?” – but I think I’ve made conscious efforts to ignore that and to use it as a little bit as fuel. I remember, man, of being scarred! I remember being terrified to see the online comments – b/c they are going to “know” that I don’t know what I am talking about. Funny thing is that I had a lot of positive comments. Little-by-little, those positive pieces of feedback were good for me. I thought: At least I am helping people (like I said, little-by-little!). I think there has been a part of a loop there. If you can look for that feedback it can help overcome imposter syndrome. The things of value are the things that scare you. 22:41 – Chuck: Yeah, I talk about this all the time to people. I have been self-employed for 8.5 years. I am not going to starve. If I had to, I could go and find a “normal” job. 23:20 – Guest: I agree. One piece of feedback that I got from a colleague is that she said: you are very resourceful! Knowing that it helped b/c it was a boost of confidence. If I had this capacity of being resourceful that helped me make my decision. It wasn’t a good time in the sense that we just had a baby. If it went south then I could always go back and get a “normal” job. 24:43 – Chuck: Yeah we talk about that in Agile development – the further you go the more information you get. 24:58 – Guest. Yep 25:03 – Chuck: What are you doing now? 25:07 – Guest: I’ve had a few large clients these past few years. I have current projects going now one is with a museum. I am speaking at a few conferences – one of them was in San Francisco and Prague. Now I am planning for next year and figuring out what my teaching and speaking plans will be. It looks like I am focusing on Graph QL content. Lots of Angular, too! 26:32 – Chuck: You are web famous! 26:35 – Guest: I don’t know about that, but I do have some things out there. 26:42 – Chuck: How can people find you? 26:49 – Guest: Twitter! Website! GitHub! 27:18 – Chuck: Picks! 27:25 – Fresh Books! END – CacheFly Links: jQuery Angular JavaScript Vue React Chuck’s Twitter Chuck’s E-mail: chuck@devchat.tv Code Academy Auth0 Scotch.io Ryan’s LinkedIn Ryan’s Packages Ryan’s Website Ryan’s Twitter Ryan’s GitHub Sponsors: Get A Coder Job Fresh Books Cache Fly Picks: Ryan Security Headers Try to push past the fear of being an “imposter”! Chuck Dungeons & Dragons Take time with family! Being handy around your home. Lowes. Surprise yourself and go beyond the imposter syndrome!
Intel’s XDK cross platform mobile development: http://xdk-software.intel.com Try out ElasticSearch in a ‘fiddle-like’ environment: https://www.found.no/play/ NightwatchJS browser test: http://nightwatchjs.org Security headers you should know about: http://ibuildings.nl/blog/2013/03/4-http-security-headers-you-should-always-be-using
© 2020-2025 Ivy Podcast Discovery LLC
