Podcasts about SwiftOnSecurity

  • 17PODCASTS
  • 19EPISODES
  • 49mAVG DURATION
  • ?INFREQUENT EPISODES
  • Jul 20, 2023LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about SwiftOnSecurity

Latest podcast episodes about SwiftOnSecurity

Hacker And The Fed
The Dangers of Googling Phone Numbers, an Attack on a Security Platform, and Typo Squatting on US Military Domains

Hacker And The Fed

Play Episode Listen Later Jul 20, 2023 83:24


This week on Hacker And The Fed you can't always count on Google for the right telephone number for an airline, an American cloud based directory as a service platform announces that they were hacked by a state sponsored threat actor, millions of US military emails may be ending up in the wrong hands, a new ransomware looks like a windows update, we answer listener questions, and Hector tells a fascinating story about a hacking methodology. Links from the episode: Airline Fake Contact Number on Google Maps https://twitter.com/Shmuli/status/1680669938468499458 https://twitter.com/SwiftOnSecurity/status/1680926780599812098   JumpCloud discloses breach by state-backed APT hacking group https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/ JumpClouds IOCs - https://jumpcloud.com/support/july-2023-iocs   Domains like army․ml, pentagon․ml, navy․ml and af․ml all have Mail Exchange records pointing to 'handle․catchemail․ml' https://twitter.com/mikko/status/1680947795862200325   Watch out for this new malicious ransomware disguised as Windows updates https://www.foxnews.com/tech/watch-out-new-malicious-ransomware-disguised-windows-updates https://www.trendmicro.com/en_id/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html   Listener Questions https://www.lsu.edu/mediacenter/news/2023/06/13-cyber-clinic.php   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees Get your Hacker and the Fed merchandise at hackerandthefed.com

CHAOSScast
Episode 55: GSOC 2021: "Risky" Business

CHAOSScast

Play Episode Listen Later Mar 25, 2022 40:16


Hello and welcome to CHAOSScast Community podcast, where we share use cases and experiences with measuring open source community health. Elevating conversations about metrics, analytics, and software from the Community Health Analytics Open Source Software, or short CHAOSS Project, to wherever you like to listen. On today's episode, we have joining us as our guest, Dhruv Sachdev, who's an undergraduate Computer Engineering student at Mumbai University and was a Google Summer of Code 2021 student for CHAOSS. Dhruv is here to talk about his path to open source and the project he did with the Google Summer of Code 2021. We hear about his experience managing his time as a student and working on this project, what projects he's excited about doing in the near future, and he shares advice if you are new to open source or if you're looking to explore the world of open source. Download this episode now to find out much more, and don't forget to subscribe for free to this podcast on your favorite podcast app and share this podcast with your friends and colleagues! [00:02:00] Dhruv tells us his path to open source, when he started working on an open source project, how he found out about it, and what he finds cool about CHAOSS. [00:03:40] Sean wonders what it is about the measurement and analytics field that is so fascinating to Dhruv. [00:06:28] We hear more about Dhruv's project he did with the Google Summer of Code. [00:10:34] Dhruv tells us what resources really helped him when he started with the Augur team to better understand the software components and more about how CHAOSS was structured. [00:12:17] Sophia talks about a research article evaluating hackathons and how effective they are on open source projects, and Sean tells us about the benefits and impacts of Google Summer of Code. [00:15:33] Dhruv explains his experience as a student, how he thought about time management, and volunteering his time in this space while still in school. [00:21:00] Sean talks about Dhruv's pieces that he did of Augur that looked at metrics and wonders why dependencies are so important right now, and Sophia explains why. [00:25:45] Sean explains what happened in the OpenSSL security breach and talks about Heartbleed. Sophia brings up a previous episode with Avi Press, Founder of Scarf, which is an analytics tool, and explains about the vulnerabilities with tools. [00:29:50] Find out what Dhruv is most excited about doing in the near future with projects. [00:32:54] Dhruv shares advice if you are new to open source or students who are looking to explore the vast ecosystem of open source. Value Adds (Picks) of the week: [00:35:04] Sean's pick is Discord's emergence. [00:36:11] Sophia's pick is cats and daylight savings time. [00:38:11] Dhruv's pick is having so much fun at the MahaShivRatri festival. Panelists: Sean Goggins Sophia Vargas Guest: Dhruv Sachdev Sponsor: SustainOSS (https://sustainoss.org/) Links: CHAOSS (https://chaoss.community/) CHAOSS Project Twitter (https://twitter.com/chaossproj?lang=en) CHAOSScast Podcast (https://podcast.chaoss.community/) podcast@chaoss.community (mailto:podcast@chaoss.community) Ford Foundation (https://www.fordfoundation.org/) Sean Goggins Twitter (https://twitter.com/sociallycompute) Sophia Vargas Twitter (https://twitter.com/sophia_iv?lang=en) Dhruv Sachdev Website (https://dhruvsachdev.me/) Dhruv Sachdev Twitter (https://twitter.com/dhruvhsachdev) Dhruv Sachdev LinkedIn (https://www.linkedin.com/in/dhruv-sachdev-19b1b3143/) Dhruv Sachdev project submission-Google Summer of Code 2021 for CHAOSS (https://github.com/Dhruv-Sachdev1313/GSoC-2021-CHAOSS) Security Scorecards (https://github.com/ossf/scorecard) CHAOSS Augur (https://github.com/chaoss/augur) CHAOSS Risk Metrics Working Group (https://github.com/chaoss/wg-risk) CHAOSS Community Handbook (https://handbook.chaoss.community/community-handbook/) CHAOSScast Podcast-Episode 53: Gathering Open Source Usage Data with Avi Press (https://podcast.chaoss.community/53) SwiftOnSecurity Twitter (https://twitter.com/SwiftOnSecurity?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) Sam Stepanyan Twitter (https://twitter.com/securestep9) MahaShivRatri 2022 (https://isha.sadhguru.org/mahashivratri/?gclid=Cj0KCQjwuMuRBhCJARIsAHXdnqPHxLi6oWCF8vdEMzIo17gnKUEd4XThyD6zrMLlU2ohO6XCVIBG5ZUaAjDfEALw_wcB) Special Guest: Dhruv Sachdev.

Tech Mirror
Digital fever dreams?

Tech Mirror

Play Episode Listen Later Mar 3, 2022 53:20


In the fourth episode of Tech Mirror, Johanna is joined by Justin Warren, Chair of Electronic Frontiers Australia. The pair discuss live issues in tech policy design, from bizarre Internet advertising to privacy and surveillance, to protecting liberal democracy. Justin walks through why we didn't have to build our Internet and tech systems the way we did, and how we can design something better. This episode was produced by Jack Fox. Ben Gowdie provided invaluable research support. Send us your questions: techpolicydeisgncentre@anu.edu.au Follow us on Twitter: @TPDesignCentre Relevant Links: Programmed Inequality by Marie Hicks https://www.goodreads.com/book/show/32078427-programmed-inequality Algorithms of Oppression by Safiya Umoja Noble https://www.goodreads.com/book/show/34762552-algorithms-of-oppression Weapons of Math Destruction by Cathy O'Neil https://www.goodreads.com/book/show/28186015-weapons-of-math-destruction Future Histories by Lizzie O'Shea https://www.goodreads.com/book/show/43560857-future-histories @SwiftOnSecurity

internet digital oppression fever dreams math destruction jack fox justin warren swiftonsecurity
CISO Insider
S3E1 - Radical transparency with Robert Former

CISO Insider

Play Episode Listen Later Jan 12, 2022 33:34


In our Season 3 premiere of CISO Insider, Acquia VP of Security and CISO Robert Former discusses working as a cybersecurity leader today. Robert shares how radical transparency has helped him at every step of his career: making the right decisions for his org by accepting the right levels of risk, effectively managing data security and compliance in a Platform as a Service environment, and maintaining the connections necessary to make remote work successful. We also get into what ethical hacking really means and the importance of securing user data in his dual role at Acquia as the steward of security operations and governance. You'll hear the straight talk with a sense of humor on cybersecurity in our chat with Robert today. Follow Robert on LinkedIn: https://www.linkedin.com/in/robertformer/  Follow Acquia: https://www.acquia.com/  Follow the Twitter accounts and other resources mentioned in this episode: Security Sock Monkey https://twitter.com/SecSockMonkey  Accidental CISO https://twitter.com/AccidentalCISO  Swift on Security https://twitter.com/SwiftOnSecurity  Wolfgang Goerlich https://twitter.com/jwgoerlich  Nightfall is the industry's first cloud-native DLP platform that discovers, classifies, and protects data via machine learning. Nightfall is designed to work with popular SaaS applications like Slack & GitHub as well as IaaS platforms like AWS. Learn more about Nightfall AI on our website: https://nightfall.ai/about/  Listen and subscribe on Apple Podcasts or your favourite podcast player for free! And leave us a review if you're enjoying the show. This podcast is created and sponsored by Nightfall AI. Please share your questions and feedback with us at marketing@nightfall.ai  Follow us on social media: Facebook https://www.facebook.com/NightfallAI  Twitter https://twitter.com/NightfallAI  LinkedIn https://www.linkedin.com/company/nightfall-ai  Instagram https://www.instagram.com/nightfall_ai/  Follow CISO Insider executive producer and host Chris Martinez on LinkedIn https://www.linkedin.com/in/chris-martinez-communications/  Follow CISO Insider producer and interviewer Michael Osakwe on LinkedIn https://www.linkedin.com/in/michael-osakwe-15543b22/  Special thanks to Wendel Topper for podcast production support. Follow Wendel's work at https://createk.us/  Thanks for listening!

AWS Morning Brief
A Somehow Quiet Security Week

AWS Morning Brief

Play Episode Listen Later Dec 9, 2021 5:30


Links: Cyber-security insurance providers are increasing their requirements to be insurable: https://Twitter.com/SwiftOnSecurity/status/1467879429707866112 “Why the C-suite doesn't need access to all corporate data”: https://www.darkreading.com/vulnerabilities-threats/why-the-c-suite-doesn-t-need-access-to-all-corporate-data “Amazon S3 Object Ownership can now disable access control lists to simplify access management for data in S3”: https://aws.amazon.com/about-aws/whats-new/2021/11/amazon-s3-object-ownership-simplify-access-management-data-s3/ Cloud provider security mistakes: https://github.com/SummitRoute/csp_security_mistakes TranscriptCorey: This is the AWS Morning Brief: Security Edition. AWS is fond of saying security is job zero. That means it's nobody in particular's job, which means it falls to the rest of us. Just the news you need to know, none of the fluff.Corey: Are you building cloud applications with a distributed team? Check out Teleport, an open-source identity-aware access proxy for cloud resources. Teleport provides secure access for anything running somewhere behind NAT: SSH servers, Kubernetes clusters, internal web apps, and databases. Teleport gives engineers superpowers. Get access to everything via single sign-on with multi-factor. List and see all of SSH servers, Kubernetes clusters, or databases available to you in one place, and get instant access to them using tools you already have. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. And best of all, Teleport is open-source and a pleasure to use. Download Teleport at goteleport.com. That's goteleport.com.Corey: re:Invent has come and gone, and with it remarkably few security announcements. Shockingly, it was a slow week for the industry. I'm glad but also disappointed to be proven wrong in my, “The only thing you, as a company who isn't AWS, should be announcing during re:Invent is your data breach since nobody will be paying attention,” snark. But it's for the best. It means that maybe—maybe—we're starting to see things normalize a bit.Now, from the Community, we saw some interesting stuff. Scuttlebutt has it that cyber-security insurance providers are increasing their requirements to be insurable. This makes a lot of sense; as ransomware attacks become more numerous, nobody is going to want to cut large insurance checks to folks who didn't think to have offline backups. You might want to check the specific terms and conditions of your policy.I also liked a writeup as to “Why the C-suite doesn't need access to all corporate data.” It's true, but it's super hard to defend against. When the CTO ‘requests' access to the AWS root account, who's likely to say no? If you're going to push for proper separation of duties, either do it the right way or don't even bother.Corey: This episode is sponsored in part by my friends at Cloud Academy. Something special for you folks: if you missed their offer on Black Friday or Cyber Monday or whatever day of the week doing sales it is, good news, they've opened up their Black Friday promotion for a very limited time. Same deal: $100 off a yearly plan, 249 bucks a year for the highest quality cloud and tech skills content. Nobody else is going to get this, and you have to act now because they have assured me this is not going to last for much longer. Go to cloudacademy.com, hit the ‘Start Free Trial' button on the homepage and use the promo code, ‘CLOUD' when checking out. That's C-L-O-U-D. Like loud—what I am—with a C in front of it. They've got a free trial, too, so you'll get seven days to try it out to make sure it really is a good fit. You've got nothing to lose except your ignorance about cloud. My thanks to Cloud Academy once again for sponsoring my ridiculous nonsense.Corey: And from AWS, there was really one glaring announcement that made me happy in the security context, and that was that “Amazon S3 Object Ownership can now disable access control lists to simplify access management for data in S3,” and it's huge. S3 ACLs have been a pain in everyone's side for years. Remember that S3 was the first AWS service to general availability, and a second in beta, after SQS. Meanwhile, IAM wasn't released until 2010. “Ignore bucket ACLs so you don't have to think about them” is a huge step towards normalizing security within AWS, specifically S3.And from the community's tools—I guess it's not a tool so much as it is a tip or I don't even know how you would describe it but I love it because Scott Piper is doing the lord's work by curating a list of cloud provider security mistakes. Lord knows that none of them are going to be showcasing their own failures, or—thankfully—those of their competition because I don't want to get in the middle of that mudslinging prize. This is well worth checking out and taking a look at, particularly when one provider or another starts getting a little too full of themselves around what they're doing in security. That's what happened last week in AWS security. Thank you for listening.Corey: Thank you for listening to the AWS Morning Brief: Security Edition with the latest in AWS security that actually matters. Please follow AWS Morning Brief on Apple Podcast, Spotify, Overcast—or wherever the hell it is you find the dulcet tones of my voice—and be sure to sign up for the Last Week in AWS newsletter at lastweekinaws.com.Announcer: This has been a HumblePod production. Stay humble.

ALEF SecurityCast
Ep#80 – Česká republika součástí 31 zemí se společnou strategií boje proti ransomwaru

ALEF SecurityCast

Play Episode Listen Later Oct 18, 2021 10:35


Sysmon konfigurace: https://github.com/SwiftOnSecurity/sysmon-config VIDEO: Česká republika součástí 31 zemí se společnou strategií boje proti ransomwaru – SecurityCast Ep#80 - YouTube Česká republika byla jednou z 31 zemí, které se zúčastnili virtuální schůzky iniciativy Counter-Ransomware; Google vydal zprávu, která se podrobně zabývá více než 80 miliony vzorků ransomwaru; Ad-blocker co injektuje reklamy; Sysmon slaví 25 let a lze ho používat i s Linux a doporučení s ním spojená. Sledujte nás i na Twitteru @Jk0pr a @AlefSecurity.

El Podcast DEV
62: Ya No Hay Que Usar Mac

El Podcast DEV

Play Episode Listen Later Jul 22, 2020 62:47


Ela (@Ag_Girl_) nos acompaña para hablar del rol del QA en la organización de Ingeniería.Enlaces del episodio:Admix - In-game advertising platform for creators by creatorsBig Sur is both 10.16 and 11.0 - it's officialWho's Behind Wednesday's Epic Twitter Hack?SwiftOnSecurity acerca del hack de TwitterSi te gusta El Podcast DEV, has aprendido algo con nosotros, o simplemente te caemos bien, ¡ahora nos puedes apoyar en Patreon! Al hacerlo, cada semana recibirás un episodio extra de El Podcast DEV, tendrás acceso a una comunidad privada, y nos ayudarás a poder dedicarle más tiempo a la producción del podcast — todos ganamos.

Marketing InSecurity
MiS014: Rising Above Fear and Buzzwords

Marketing InSecurity

Play Episode Listen Later Jan 13, 2020 31:47


“We ‘just’ put together a little blog post about the problem, and it went viral…”  that’s how Tarun Desikan and his co-founders incubated Banyan Security. Now four years later, Banyan is a well founded A-round start up with real products, real customers and reaching real scale. Tarun, who comes from the networking space, talks about selling fear, whether that’s a good thing or now, and how to get past the buzzword buzz.   “Zero Trust is a buzzword, but finding a marketing strategy that rises above fear and buzzword is a real problem all onto itself.” Tarun talks about coming at it as a startup, what it’s like to compete with big guys like Palo Alto and others who have more marketers in their organization than you have in your whole organization. Tarun talks about using the Zero Trust buzzword to both elevate their message and to level the playing field, getting ahead of problems, and timing the problem right.  Tarun asks, “What’s the difference between a good product and one that is too early in the market? - Nothing!” Tarun has a lot to say about ramping up marketing after early product market fit segmenting, reaching and targeting 3-types of CISOs, segmenting early customers, targeting and the like, and when to attack the install base category or focus more on a niche and leverage the buzz and how recommends “strong beliefs held lightly”. Tarun recommends you check out Steven Denning’s The Leaders’s Guide to Storytelling as well as the Lost History of Byzantine and that you follow @SwiftOnSecurity and @RickRubin on Twitter You can follow Tarun at all the usual places, on Twitter at @tdesikan as well as on LinkedIn and you can learn more about Banyan at https://www.banyansecurity.io. Learn more about your ad choices. Visit megaphone.fm/adchoices

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Another Word Maldoc https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/ Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/ Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/ Extending Windows 7 Security Updates https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/ Swift on Security Updates Sysmon Rules https://github.com/SwiftOnSecurity/sysmon-config RSA Webcast https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Another Word Maldoc https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/ Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/ Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/ Extending Windows 7 Security Updates https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/ Swift on Security Updates Sysmon Rules https://github.com/SwiftOnSecurity/sysmon-config RSA Webcast https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving

Sustain
Episode 9: The Trade-Offs of Using Open Source with Lou Huang

Sustain

Play Episode Listen Later Sep 14, 2019 54:32


Episode Summary The panel interviews Lou Huang, who has a background in architecture and urban planning. Lou built an opensource app called Streetmix and uses it to help the panel understand opensource projects from a user's perspective. Lou starts by sharing his background, how he got into opensource and his work making Streetmix sustainable.    Lou then explains that most Streetmix users are urban planners and don’t care if it is opensource or not. The panel weighs the trades offs of choosing an opensource project versus a non-opensource project.    Considering the benefits of using an opensource product, the panel discusses the effect opensource has on developers learning from opensource code. Convenience is mentioned and the panel touches on how seeing the code can ensure that your information stays private.    The trade-offs of using opensource are discussed by the panel. They also discuss how trade-offs are getting fewer. These trade-offs include extra time and the risk of the project not being maintainable.    The panel discusses what the word sustainability means and Lou references the Sustainability three-legged stool. The panel considers the three legs of the stool, economic, social and environmental.   How to raise awareness and funding for sustainable software. The panel also discusses why and how non-technical users of opensource products can contribute to sustaining software that they love. Panelists Eric Berry Richard Littauer Guest Lou Huang Sponsors   GitLab | Get 30% off tickets with the promo code: DEVCHATCOMMIT DevOps DevEd CacheFly Links https://www.codeforamerica.org/ http://saiko.fish  https://streetmix.net/  https://louhuang.com/ https://biffud.com/ https://twitter.com/SwiftOnSecurity/status/1067682759592869889  https://www.facebook.com/Sustain-Our-Software-SOS-857471391289849/ https://twitter.com/sos_opensource Picks Eric Berry: https://theuserisdrunk.com  Unblocked  iPad Pro  Richard Littauer: https://www.sidetracked.com  https://indefenseofdegrowth.com  https://yellowlegalpads.com  Lou Huang: The economics of open source by C J Silverio | JSConf EU 2019  https://www.thegreathack.com  The Imposter's Handbook  Special Guest: Lou Huang.

Sustain Our Software
SOS 009: The Trade-Offs of Using Opensource with Lou Huang

Sustain Our Software

Play Episode Listen Later Sep 10, 2019 54:26


Episode Summary The panel interviews Lou Huang, who has a background in architecture and urban planning. Lou built an opensource app called Streetmix and uses it to help the panel understand opensource projects from a user's perspective. Lou starts by sharing his background, how he got into opensource and his work making Streetmix sustainable.    Lou then explains that most Streetmix users are urban planners and don’t care if it is opensource or not. The panel weighs the trades offs of choosing an opensource project versus a non-opensource project.    Considering the benefits of using an opensource product, the panel discusses the effect opensource has on developers learning from opensource code. Convenience is mentioned and the panel touches on how seeing the code can ensure that your information stays private.    The trade-offs of using opensource are discussed by the panel. They also discuss how trade-offs are getting fewer. These trade-offs include extra time and the risk of the project not being maintainable.    The panel discusses what the word sustainability means and Lou references the Sustainability three-legged stool. The panel considers the three legs of the stool, economic, social and environmental.   How to raise awareness and funding for sustainable software. The panel also discusses why and how non-technical users of opensource products can contribute to sustaining software that they love. Panelists Eric Berry Richard Littauer Guest Lou Huang Sponsors   GitLab | Get 30% off tickets with the promo code: DEVCHATCOMMIT DevOps DevEd CacheFly Links https://www.codeforamerica.org/ http://saiko.fish  https://streetmix.net/  https://louhuang.com/ https://biffud.com/ https://twitter.com/SwiftOnSecurity/status/1067682759592869889  https://www.facebook.com/Sustain-Our-Software-SOS-857471391289849/ https://twitter.com/sos_opensource Picks Eric Berry: https://theuserisdrunk.com  Unblocked  iPad Pro  Richard Littauer: https://www.sidetracked.com  https://indefenseofdegrowth.com  https://yellowlegalpads.com  Lou Huang: The economics of open source by C J Silverio | JSConf EU 2019  https://www.thegreathack.com  The Imposter's Handbook 

Devchat.tv Master Feed
SOS 009: The Trade-Offs of Using Opensource with Lou Huang

Devchat.tv Master Feed

Play Episode Listen Later Sep 10, 2019 54:26


Episode Summary The panel interviews Lou Huang, who has a background in architecture and urban planning. Lou built an opensource app called Streetmix and uses it to help the panel understand opensource projects from a user's perspective. Lou starts by sharing his background, how he got into opensource and his work making Streetmix sustainable.    Lou then explains that most Streetmix users are urban planners and don’t care if it is opensource or not. The panel weighs the trades offs of choosing an opensource project versus a non-opensource project.    Considering the benefits of using an opensource product, the panel discusses the effect opensource has on developers learning from opensource code. Convenience is mentioned and the panel touches on how seeing the code can ensure that your information stays private.    The trade-offs of using opensource are discussed by the panel. They also discuss how trade-offs are getting fewer. These trade-offs include extra time and the risk of the project not being maintainable.    The panel discusses what the word sustainability means and Lou references the Sustainability three-legged stool. The panel considers the three legs of the stool, economic, social and environmental.   How to raise awareness and funding for sustainable software. The panel also discusses why and how non-technical users of opensource products can contribute to sustaining software that they love. Panelists Eric Berry Richard Littauer Guest Lou Huang Sponsors   GitLab | Get 30% off tickets with the promo code: DEVCHATCOMMIT DevOps DevEd CacheFly Links https://www.codeforamerica.org/ http://saiko.fish  https://streetmix.net/  https://louhuang.com/ https://biffud.com/ https://twitter.com/SwiftOnSecurity/status/1067682759592869889  https://www.facebook.com/Sustain-Our-Software-SOS-857471391289849/ https://twitter.com/sos_opensource Picks Eric Berry: https://theuserisdrunk.com  Unblocked  iPad Pro  Richard Littauer: https://www.sidetracked.com  https://indefenseofdegrowth.com  https://yellowlegalpads.com  Lou Huang: The economics of open source by C J Silverio | JSConf EU 2019  https://www.thegreathack.com  The Imposter's Handbook 

Embedded
249: It Depends

Embedded

Play Episode Listen Later Jun 14, 2018 73:38


Claire Rowland (@clurr) joined to discuss creating good user experiences for the Internet of Things. Claire is the lead author of Designing Connected Products: UX for the Consumer Internet of Things. You can find more about her on clairerowland.com, from her talks (including Interusability: UX for Connected Products), her book's website, and her guest appearance on the IoT Podcast (episode 21). Her new report about user experience and the IoT will be on Iotuk.org.uk in June of 2018. Elecia was also on the IoT Podcast: episode 158. It was @SwiftOnSecurity who posted the tweet about experts and their typical response.

internet iot internet of things consumer internet iot podcast connected products swiftonsecurity elecia
The Laravel Podcast
Interview: Snipe, AKA Alison Gianotto

The Laravel Podcast

Play Episode Listen Later Mar 21, 2018 58:56


An interview with Alison Gianotto / Snipe, creator of Snipe IT Snipe.net Snipe-IT @snipeyhead Editing sponsored by Larajobs Transcription sponsored by GoTranscript.com [music] Matt: All right, cool. All right. Welcome back to the latest episode of Laravel Podcast. It's been a little bit of a break for those of you who tune in to every new episode, but I've got another great interview here. As with every single one, I'm interested and excited to introduce someone to you. Some of you have heard of before, a lot of you might not know that she actually works in Laravel. Either way, it's going to be great. This is Snipe. Although in my head, you have been Snipeyhead because I feel that's been your Twitter name for a while. Real name, Alison Gianotto, but I'm probably just going to end up calling you Snipe for rest of this call. Before I go in asking you questions, the first thing I want to do is just I always ask somebody, if you meet somebody in the grocery store who you know isn't technical at all, and they ask you, "What do you do?" What's the first way you answer that question? Snipe: I say I work with computers. Matt: Right, and then if they say, "My cousin works with computers and whatever." Where do you go from there? Snipe: Well, it depends on their answer. If they say, "Do you fix computers?" I'm like, "Not exactly." If they say, "Really? What type of computer work do you do?" I say, "Well, I'm a programmer." They're like, "So you make games?" "Well, not exactly." If they say something like, "Mobile apps or web? What languages?" Then I'm like, "Okay, now I can actually have a conversation." I don't do it to be disrespectful to the person asking. It's just confusing to them, and so I like to keep it bite-sized enough that no one gets confused. Matt: If you talk to a grandma in a store who doesn't have much exposure with computers, and you say, "Well, I work in InfoSec with blah-blah-blah." Then she's going to go, "Huh?" I totally hear you. If somebody does ask and they say, "You know what? I actually work in Rails," or, "I know what a framework is." How do you answer someone when they are more technical? Let's say, somebody-- You understand that this person is going to get all the names that you drop. Where do you go from there? How do you tell someone about what you do? Snipe: I actually usually say that I run a software company. I say, "I run a small software company that basically works on open source software." Usually, they look at me like, "How do you--" Matt: How do you make money? Snipe: Literally makes no sense. [laughter] Matt: Which is where we're going to go. Let's actually go there. Snipe-IT, it's a company that has an open source product. I'm guessing that you make your money by paid support plans and hosting plans. Right? Then you also have the whole thing available for free in open source? Snipe: That's correct. Yes. Matt: Could you give us a little pitch for anybody who doesn't know what Snipe-IT is, and what it does, and who it's for? Snipe: I'm so bad at this. I'm the worst salesperson ever. Matt: Well, I'm helping you grow. [laughter] Matt: Thirty seconds or less. Snipe: If you have any kind of a company and you buy assets like laptops, or desktops, or monitors, you need to keep track of them and you know who has what, what software is installed on what. Then usually I'm like, "I've got this nailed. I've got this nailed." Then I end up saying, "It's not a very sexy project, but people need it." [chuckles] Matt: Right, right, right. You have to justify yourself in your sales. Snipe: I know it. I really do. I'm really the worst at it. People get really excited. We're going to DEF CON this year like we usually do. I'm actually bringing my whole crew. Matt: Cool. Snipe: Because I really want them to be able to experience the way people react when they realize that we are Snipe-IT because they just get so excited. I've had people run across the conference floor to give me a hug that I've never met. Matt: Wow. Snipe: It's really cool. There was another time I was talking to, I think, YTCracker on the conference floor. He introduces me to one of his friends. He's like, "Yes, she's got a IT asset management software." He's like, "Really? I just heard about one of those. That was really great." I know exactly where this is going. I'm watching him look at his phone. He's like, "Yes, I just heard about it. It's really amazing. I think through your competition." I'm just sitting there smirking and I'm like, "Okay." Totally, I know exactly where this is going, but I let him spend five minutes looking it up on his phone. He's like, "It's called Snipe It?" I just look at him like, "Hi, I'm Snipe." [laughter] Snipe: It was actually wonderful. Matt: It's one of the benefits not just of having the company, but actually naming it after yourself. You're like, "No. I'm actually the Snipe. That's me." Snipe: I'm excited to bring my crew out to DEF CON this year so they can really get to experience that first hand. Because like anything else in open source and in company support in general, a lot of times, you only hear the negative stuff. You hear about when something is broken or when something doesn't work exactly the way they want it to work. To actually get just random people coming up-- I'm getting us swag. I'm getting us t-shirts printed out. I'm super excited. Matt: I love it. There's nothing like having the opportunity to see the people who love what you're doing to really motivate you to go back and do it again. I hear that, for sure. Snipe: Definitely. Open source can be really tough with that because for the most part, the only thing that you're hearing is, "It doesn't work," or, "Why doesn't it do it do this thing?" Or people telling you how they think your software should work. To just get basically unbridled love, it really recharges me. It makes me want to work on a project even harder. Matt: Plus, the phrase unbridled love is just fantastic. [laughter] Matt: It should be in our lexicon more often. Snipe: I agree. Matt: It's asset management software. I'm imagining I've got a 500-person company, and every single person gets issued a laptop within certain specs. After it's a certain amount of time old, then it gets replaced. We're going to make sure they have the latest build of whatever, Windows and the latest security patches, and that kind of stuff. It's at the point where you don't have-- My company has, I think, 17 people right now. There is just a spreadsheet somewhere. This is when you get to the point where a spreadsheet is really missing people. People aren't getting their upgrades. People don't have security updates. My guess was the reason there was InfoSec involved in this at DEF CON is because security updates is a big piece of why that's the case. Did I assume right? Could you tell us a little bit more about how InfoSec and security are related to what you're doing here? Snipe: You're kind of right. We don't currently have a network agent, so we don't have anything that listens on the wire. We do have a JSON REST API, though. Basically, we're now working with folks like Jira, Atlassian, and we're going to be working with a JaMP API to try and basically make that stuff easier. I feel like its out of scope for us to try and build another networking agent, but we have an API. If we can just build those bridges, then it just makes it a little bit easier. Ultimately, in terms of security, the real reason why I think people in InfoSec appreciate this tool, especially given the fact that we don't have-- And some people in InfoSec actually like the fact that we don't have a monitoring agent because that actually becomes a separate problem in and of itself. Let me give you a backstory on why I created this in the first place. Matt: Please do. Snipe: Maybe that'll help explain a little bit more. I was the CTO of an ad agency in New York City. We had grown from-- I think I was employee number 12, and we were now at 60 something people. We were using a Google Sheet shared between three IT people, some of which were not necessarily the most diligent- [laughter] Matt: Sure. Snipe: -about keeping things up to date. Basically, when you've got a single point of truth that is no longer a single point of truth, it becomes a bit of a hellish nightmare. Additionally, if you're repurposing-- Because it's an ad agency, so you have a lot of turnover. You don't have any history on any particular asset if this asset is actually bad. If the hard drive on this is actually just bad and should be replaced. If this is bad hardware, then we should consider just unsetting it, and getting a brand new box, whatever. We had to move offices. We were moving our main office and also our data center. Of course, when you're trying to move a 60-person company, and servers, and everything else, the very first thing that you have to do is to know what you have. That was an enlightening experience. It basically turned out that we had about $10,000 worth of hardware that we just didn't know where it was anymore. Matt: Wow. Snipe: People got fired. This is basically before I was a CTO and before I had set up the exiting process. People had been fired or had quit and just taken their laptops with them. That's got company data on it. That was a huge, huge issue for us. I was like, "Okay, we need something that we can integrate into our exit strategy or exit process to make sure that we're reclaiming back all of the data that--" Because some of those stuff is client data. It's actually really sensitive from a corporate perspective. Also, sometimes it's customer data. It was really important to have a way to handle that a bit better. That's it. The asset part is the most important part of that software. We do have support for licenses where the cloud offering portion of that is not as fully developed. We're going to be building in a services section soon. That will describe, for example, if you had Snipe-IT as a vendor, where would we fit in this ecosystem for our customers? We don't actually have a good answer for that. We're going to be building out a services section that lets you know how much money you're paying every month, how many seats you have. Matt: That's great. That would cover not just global stuff, but also individual subscriptions like Adobe and PHP-- Snipe: Sure, sure. Matt: Cool. That's awesome. Snipe: Licenses are really hard. They're hard because you can have-- One of our customers actually has a hundred thousand licenses. Matt: Oh, my Lord. Snipe: Because you've got this notion of a software license and then a bunch of different seats. There are some licenses that have one seat, and only one seat they only ever will. Then there are ones that have tens of thousands. For example, Microsoft Suite. If you have a large company, you're going to have a lot of those licenses. One of the things I care really deeply about in Snipe-IT, and I think one of the reasons why we've been successful in this really saturated marketplace, because it is a really saturated marketplace, is that I care a lot about the users' experience. I know, for example, that our licenses section, the UI on that, the UX on that is not as optimized as it could be. That will be the next thing that we're really tackling is because it is a popular section. It's one that because of the nature of the variability of licenses, makes that a really tricky UX problem to solve. That's one of the things that I love about this work is getting to solve those kinds of problems. Matt: You're just starting to make me interested in this which means you're doing your job of the sales pitch. You said you got something you're super comfortable with. Snipe: [laughs] Matt: I always struggle-- Somebody made a joke and they said something like, "It's a drinking game for how many times Matt says 'I could talk about this for hours' during a podcast." Snipe: I did see that, yes. Matt: We're there already. [laughter] Matt: I want to step back from Snipe-IT just a little bit. Snipe It, I want to call it Snipe It now that you said that. Snipe: Please don't call it that. [laughs] Matt: I won't, I promise. Think a little bit about what got you to here, and what got you to the point where you're a name and an online persona. I saw you had some interactions with @SwiftOnSecurity the other day. Everyone got all excited seeing the two of you interacting. What was the story? I want to eventually go back to when you got into computers in the first place. First, what was the story of the process of you going from just any other person on the Internet, on Twitter, on GitHub, or whatever to being a persona that is relatively well-known across multiple communities? Snipe: I can't really answer that for you because I don't really understand it myself. Other than lots of poop jokes-- Matt: It's the best. Snipe: Yes. [chuckles] I think, probably, I've been on Twitter for a while. Also, I was on IRC for a long time. I think I'm still an op in the ##php channel on Freenode, although I don't visit there as often as I used to. I was really involved in that as I was learning PHP, and as I was helping other people learn PHP. I don't know. I've always been a mouthy broad, and I think that's probably worked because whether you like me or not, you remember me. [laughs] Matt: Yes, for sure. Snipe: I'm doing my very best to not swear on your podcast, by the way. I've caught myself at least five times that I'm like, "No, no, no." [laughs] Matt: If it happens, it happens but I appreciate it. Snipe: I'm doing my very best. I'm at a conference-- Matt: Broad was a good one, yes. All right, exactly. Snipe: Yes, I know. Yes, exactly. I was like, "B-b-b-broad." Matt: [laughs] Snipe: Which is an offensive term in and of itself, but it's still- Matt: We toned it down a little. Snipe: -better than the alternative, I think. [laughter] Matt: I love it. Snipe: I'm trying my best here, Matt. Matt: I appreciate it very much. Was it in the world of PHP? First of all, I heard longevity. I've been here for a while. That's always a big win. Poop jokes, that's also obviously big win. Give the people what they want. Snipe: I don't know if I can say dick jokes on your podcast. Matt: Well, you did. There we are. Snipe: Dick jokes are definitely big part of my repertoire. [laughs] Matt: Yes, I know. Being an interesting person, having been around for a while, but was it in PHP, and teaching PHP, and being around in the PHP world for a while, was that the main space where you came to prominence versus InfoSec, versus being open source business owner? Was it primarily in being a PHP personality where you came to at least your original knownness? Snipe: I think probably. Probably, yes. When I grab onto something, I don't let go of it. I've been doing some Perl work. I've probably started with Perl, but that was back in the days when I ran Linux as a desktop on purpose. [laughs] Matt: Oh, my goodness. Snipe: I was writing some Perl stuff. Heard about this this crazy thing called PHP which looked way easier and was way more readable, and ended up writing some-- Now, terribly insecure. I know this now, because it's like 2000, 2001, something like that. Which is for going back a ways. I had just started to put out stupid scripts like e-card scripts and things like that, because they served the need that I needed to have filled. This is a well-known secret, but I worked Renaissance Fairs for a very long time. I was guild member number four of the International Wenches Guild. Matt: What? Snipe: Yes. That's not even the most interesting thing I can tell you. Anyway, I was running their website Wench.org which now looks terrible because Facebook took over that community. I used to have interactive like sending roses to each other. Because in the Renaissance Fair community, different rose colors have different meaning. It's basically like an online greeting card thing with these built-in rose color meanings. You could pick different colors of roses and send them to people that you liked, or people you didn't like, or whatever. Having this playground of a huge community of people who-- Basically, I would post to the forums. I'd say, "I'm thinking about building this. What do you guys think?" By the time they actually answered me, I had already built it anyway. I was just like, "This looks really interesting. I want to see if I can do this." Matt: To do it, yes. Snipe: Yes, exactly. It was really, really cool to have access to, basically, a beta-testing community that was super excited about anything that I put out. It definitely stoked the fires for me, stretching and doing things that I may not have done if I didn't have a reason to do it before. Matt: Well, I love how much passion plays a part there. Not this ill-defined like, "I'm passionate about programming. That means I spend all my free time doing it," but more like-- I've noticed that a lot of people who are a little bit older had PHP-- Actually, just developers in general which is quite a few people I've had on the show. Snipe: Are you calling me old? Matt: Me too. I'm in the group too. Snipe: Are you calling me old? Oh my God. That's it. This interview is over. [laughter] Matt: You're going to burn the place down. I think those of us who started back when becoming a programmer wasn't necessarily going to make you big and rich. There's a little bit of that idea today. Go do a six-month boot camp, and then you're going to be rich or something. I think when a lot of us started-- I'm putting myself in that bucket, in the '90s and the '80s. When we started, it was because it was something that allowed us to do things we couldn't do otherwise. I don't know your whole back story, so I want to hear it, but a lot of the people I've noticed, "I was in the dancing community. I was in the video game community. I was in the Renaissance whatever Fair community." Snipe: I used to work on Wall Street. That was what I was doing before I got into computers. [laughs] Matt: Okay. Well, before I talk anymore, we need to talk about this. Tell me the story. Tell me about Wall Street, and then tell me when did you actually first get into computers? Snipe: I left high school. I was living with my sister in a tent in Montana for about nine months. Then it got too cold, our toothpaste started to freeze during the day. We were like, "F this business." We went down to Colorado because we'd met some friends at Colorado School of Mines. Stayed there for a little bit. Came back to New Jersey, and was like, "Well, I don't want to go to college. I also don't have any money for college." [laughs] There's that. I ended up waitressing for a little bit. Was waitressing, wearing my indoor soccer shoes, because I was a soccer player for 13 years. The coach from Caine College came in to eat at my restaurant. He looks at me with disdain and he goes, "You actually play soccer with those, or are they just for fashion?" Matt: Oh, my goodness. Snipe: I'm like, "Bitch, I was All-State. What are you talking about?" [laughter] Snipe: He's like, "Do you want to go to college?" I'm like, "I guess." He invited me to go to Caine College where I studied education of the hearing impaired for exactly one semester. [laughter] Snipe: I was like, "Holy crap. This is so boring. I can't do this." Not the education of the hearing impaired part. Matt: Just college. Snipe: Yes, it just wasn't my jam. I was like, "I want to move to New York." I moved to New York City. I pick up a paper, and I'm like, "Okay, I'm super not qualified to do any of these things." Basically, I was a leatherworker at a Renaissance Fair. I'd done makeup work for the adult film industry. I'm like, "Um." Of course, the easiest way to Wall Street is sales. I had the most grueling interview I've ever had in my life, because I didn't know anything about real sales compared to retail. I remember sweating so hard. I'd just dyed my hair back to a normal color. You could still see a little bit of green in it, and I'm wearing my sister's fancy, fancy suit. I have no idea what I'm actually going to be doing there. It is literally out of Glengarry Glen Ross, high-pressure sales that they're expecting from me. I'm like, "I'm 17, 18 years old. I have no idea what I'm doing." I managed to pull it out. At the very last minute, I got the job. Matt: Nice. Snipe: Was working at a place that did forex futures. Then they went out of business because the principals moved back to Argentina with all of our clients' money. That spent a little bit of time in the attorney general's office, making it really clear that we had nothing to do with it. Matt: At least it was there and not jail. Snipe: That's absolutely true. It's not that uncommon that the main traders are the ones that actually have the access to the real money. Then we started working at a stock shop. I realized I was working until six, seven o'clock at night, busting my ass all for lines in a ledger. I was actually pretty good at that job, but I also caught myself using those creepy, sleazy sales techniques on my friends and my family. When you catch yourself saying, "Well, let me ask you this." You're like, "Ah, ah." Matt: "I hate myself. Oh, my God, what am I doing?" Snipe: I know. I just realized that I hated myself, and that I didn't want to do it anymore. I quit my job. I had a boyfriend at that time that had a computer. That's pretty much it. I had done some basic programming, literally BASIC programming in high school. Matt: Like QBasic? Snipe: Yes. BASIC in high school. In fact, funny story, when I wrote my first book-- I almost didn't graduate high school because my parents were getting divorced, and I just checked out. I was good in all my classes, I just checked out. I had to pass a computer programming class in order to graduate. My teacher, who was the track coach as well, Coach Terrell, he knew me from soccer. He calls me into his office. He's like, "Alison, I've got to tell you. You just weren't here, and you know that if you don't show up, I penalize you for that. Did really well on all your tests, but attendance is not optional in this class. I just don't think I can pass you." I'm like, "I'm not going to graduate then." He's like, "All right. Well, the thing is that when you're here, you do really good work. I'm going to let you go this time, but you've really got to get your shit together." Matt: Wow. Snipe: When I published my first programming book, I sent him a copy. [laughter] Matt: That's awesome. Snipe: I wrote on the inside, "Dear Coach Terrell, thanks for having faith in me." [laughs] Matt: That's amazing, and you know he has that sitting on the shelf where everyone can see it. Snipe: Yes, yes, yes. Matt: That's really cool. Snipe: That was really nice of him. [laughs] My life would have had a slightly different outcome if I'd had to take some more time, and get a GED, and everything else just because I didn't show up to my programming class. Matt: Wow. Snipe: Anyway, I left Wall Street because I had a soul, apparently. Matt: Turns out. Snipe: It turns out, "Surprise." I totally still have one. [laughter] Matt: It's funny because you're telling me this whole story, and what I'm seeing in front of my face in Skype is your avatar. For anyone who's never seen this avatar, it's got a star around one eye, smirky, slanty eyes, looking down where you're like, "I'm going to get you." It's funny hearing you tell this story, and just the dissonance is so strong of seeing that, hearing your voice, and then hearing you talk about being on Wall Street. Obviously, I'm looking back. Hindsight is 20/20, but seeing this story turned out the way it has so far does not surprise me, looking at the picture of you that I'm looking at right now. Snipe: Mohawk people have souls too. Matt: It turns out, yes. Snipe: I got that mohawk as a fundraiser for EFF. Matt: Really? Snipe: I raised like $1,500 for EFF a bunch of years ago. Matt: You just liked it and kept it? Snipe: Yes. Once I had it, I was like, "Wait a minute. This completely fits me. Why did I not have this my entire life?" Matt: That's awesome. Snipe: Yes, there was a good reason behind it. Matt: Honestly, what I meant is actually the inverse which is that I associate having the soul-- When you imagine a soulless, crushing New York City job where you hate what you're doing, you don't usually associate it with the sense of owning who I am and myself that is associated with the picture I'm looking at right in front of me. Your boyfriend at that time had a computer, you actually had a little bit of history because you'd studied at least some coding. You said primarily and BASIC in high school. Where did you go from there? Was that when you were doing the Renaissance Fairs, and you started building that? Or was there a step before that? Snipe: No. Remember, this is back when the Web-- I'm 42. Matt: I wasn't making any assumptions about what the Web was like at that point. Snipe: I think there might have been one HTML book that was about to come out. That's where we were. If you wanted to do anything on the Web, you basically figured out how to right-click- Matt: View source them. Snipe: -and view source, and you just poked at things until they did what you wanted. There was no other way around that. I realized that I really liked it because it let me say what I wanted to say, it let me make things look-- For what we had back then, we didn't have JavaScript, or CSS, or any of that stuff. Matt: Right. Use that cover tag. Snipe: Yes, exactly. It was enormously powerful to be able to have things to say, and put them out there, and other people could see it. Then I just started to freelance doing that. I was also doing some graphic design for one of those-- It's like the real estate magazines, like Autotrader type of things but for cars. I used to do photo correction for them using CorelDraw, I think it was. Matt: Oh, my gosh, that's a throwback. Snipe: Yes. I'm an old, old woman. [laughter] Matt: I've used CorelDraw in my day, but it's been a long time. Snipe: Our hard drives would fill up every single day, and so we'd have to figure out what had already gone to press that we can delete it off. Basically, Photoshopping, to use Photoshop as a verb inappropriately, garbage cans and other stuff out of people's black and white, crappy photos. Because he was nice enough to give me a job. I offered and I said, "You know, I can make you a website." He's like, "Yes, the Internet's a fad." I was like, "I'm just trying to build up my portfolio, dude, for you for free." He's like, "Yes, yes, yes, it's not going to stick." I'm like, "Okay." [laughs] Matt: All right, buddy. Snipe: That's where it started. Then I think I moved to Virginia for a short amount of time, and then Georgia. Got a job at a computer telephony company where I was running their website, and also designing trade show materials like booths and stuff, which, by the way, I had no idea how to do. No one was more surprised than I was when they took pictures of the trade show and the booth actually looked amazing. Matt: That should look good. Snipe: I was like, "Look, yes." Matt: "Hey, look at that." [laughter] Snipe: That's very, very lucky. There was definitely a lot of fake it until you make it. Also, I've never designed a trade show booth, but trade show booths do get designed by someone, and at least a handful of those people have never done it before. Matt: Right. I'm relatively intelligent person, I understand the general shape of things. Snipe: Yes. Get me some dimensions, I'm sure I could make this work. Matt: What is the DPI thing again? [chuckles] Snipe: Yes, exactly. That was exciting and fun. Then I moved back to New York to teach web design and graphic design at an extension of Long Island University. Matt: Cool. Snipe: Yes, it was actually very, very cool. The school was owned by these two teeny-tiny Israeli ladies. They were absolutely fabulous. It was kind of a crash course in Hasidic and Orthodox Jewish culture. It was in Flatbush, so basically, 90% of my students were Hasidic or Orthodox. I think I broke every rule ever. The two owners of the school would just look at me and laugh. They wouldn't offer me any guidance. They just liked watching. Matt: Well, it would be awkward. Yes. Snipe: Exactly. I'm like, "Why would you do that to me?" [laughter] Snipe: They're just laughing. I could hear them laughing from upstairs- Matt: That's hilarious. Snipe: -when they knew I was putting my foot in another cultural mess. That was really, really fun. I learned a lot from that. I learned a lot about teaching. I even got to have a deaf student one time, which was great, except I didn't know-- I used to know or still know American sign language, but when I learned, there weren't any computer-related signs. It was actually a weird barrier that I hadn't thought about. We're like, "Okay, I can sign as I'm talking," but then I'm like, "Wait, do I have to spell all this stuff out every single time? I have no idea." That was cool. Then I started just doing HTML for a company called Cybergirl, which is not a porn site. I always have to clarify that. Not that there's anything wrong with porn, but it was not, in fact, a porn site. It was an online women's community. Matt: Cool. Snipe: They weren't really super profitable in the community itself, so they had a separate part that did websites for clients. I was put on to work mostly with their clients. They had stuff written in ASP, ColdFusion. Because the people who had designed it weren't there anymore, I basically had to learn all of these languages. Also, we only had a part time sysadmin, so when we'd hire someone new, I'm like, "I guess I'm creating email accounts for people now." I became a stand-in for a lot of different roles. Got to play with a lot of different languages, some of which I liked vastly better than others. ColdFusion? Really? [laughs] Matt: ASP wasn't that bad. There was worse things than classic ASP. Snipe: Yes, there are. That is a thing that could be said. That is an opinion one might have. [laughter] Matt: Trying to keep a positive spin on it. Snipe: I would say that all of these languages, the ones that are still around, have come a very long way since then, including PHP. Matt: Yes, yes. .NET is not a classic ASP. PHP 5, whatever. PHP 7 is no PHP 3, for sure. Snipe: Certainly. Matt: Were you using PHP at that point already, then? Was that one your-- Snipe: Yes. That was one I was-- Because I'd already done some Perl stuff, and it just wasn't that hard. One of our clients had a website, I think it was The Bone Marrow Foundation, had their website in PHP. That forced me to do a bit more legwork on it. That was the beginnings, the very beginnings. Matt: At that point, we're probably talking about single-page PHP files for each page. At the top, you've got a common.inc that you're doing your database connections. Then below that, it's just a template, right? Okay. Snipe: Functions.inc and usually some sort of PHTML. [laughs] Matt: God, PHTML, yes. Okay, all right. Snipe: I told you, I am an old, old lady. Matt: Honestly, we worked on a site that still used PHTML and things like four or five years ago. I was like, "I didn't even know that PHP parser is still allowed for this." Apparently, some of these things still stick around. Snipe: Whatever you set as your acceptable file formats, it'll parse. Matt: Yes, you can make it happen. Snipe: I can have a .dot site file extension if I wanted to. Matt: I like that idea now. Jeez. When was the transition? What were the steps between there and ending up where you are now? Are we still many steps behind, or did you get out on your own pretty quickly after that? Snipe: I was doing some contract work. Thanks to a friend that I'd met through IRC. I was doing some contract work for a company out in San Diego. They were an ad agency. This is the beginning of the days when marketing companies were trying to own digital, and they were trying to build up their digital departments. They moved me out there because they're like, "You're amazing, so come on out here and build up our team." I did. I built up their team. We had some really cool clients. We had San Diego Zoo, San Diego Padres, California Avocado Commission. At that time, I didn't like avocados. I was giving away free avocados that I did not like. Matt: [chuckles] Oh, no. That's so good. Snipe: I hate myself now for knowing how many avocados I could have had. [laughs] I got to build lots of custom web apps, all the database-y stuff. That was really fun. I left there, started my own web design company for lack of a better term, where I was basically using PHP, but also pretending like I knew how to design anything at all. Sorry, hang on. Incoming call. Building my own custom applications for people. None of it is really that fancy, but whatever. That was fun. Then I broke my foot. This is before the ACA, and so I had no insurance. Thousands of dollars and a spiral fracture later, I'm like, "Maybe I should get a real job." [laughter] Snipe: I started to work for the San Diego Blood Bank, which was a great gig. It's probably my favorite job. The pay wasn't that great, but my coworkers were great. Your hours were your hours. There was no overtime. If you had to work overtime, you got paid double time and a half, something like that. It was insane. Matt: Especially compared to the ad agency world, which is basically the exact opposite. Snipe: Yes. Yes. There's no amount of blood you can show to prove that you're loyal to that particular market. I ended up moving back to New York and ended up working for the Village Voice for a little while. Matt: Really? That's cool. Snipe: Yes, that was cool. Unfortunately, they had already been bought out by Newtimes, and so they were not the Village Voice that I grew up with, the one that warmed the liberal cockles of my heart. It was actually a crap place to work, to be honest. People were getting fired all the time. There was this one guy, he used to hang out in the archives room with an X-Acto blade and a piece of paper and would just cut at the piece of paper. He was actually scary. Everyone was afraid of him, because that's office shooter kind of crazy. Matt: Exactly, exactly. Snipe: I left there, finally, and worked for another ad agency. That's the one that I was working at when I finally started to work with Snipe-IT. Finally started to make Snipe-IT. For a while, while I was in California, the nice thing about running your own gig back then, because it was like a one-man shop, so I didn't have people that I had to worry about. I got a chance to work with tigers for about a year. It was just exhausting. That was around the time when I was writing my book, too. Working with tigers, commuting four hours a day, coming home stinking like raw chicken and tiger pee. Then working on my book, and then whatever I can possibly eke out for customers. It was pretty chaotic and definitely exhausting, but they were good times. Matt: I don't want to preach too far on this, but I feel like the more of our story that takes us around different aspects of life and different experiences, the more we bring to the thing we're in right now. That's one of the reasons I keep pushing on people having histories before they came to tech or diverse histories in tech. It's not to say that someone who just graduated from college and instantly got a job as a developer is therefore now incomplete, but I think that a lot of what makes a lot of people interesting is what they bring outside. That's true for anybody, right? What makes you different from the people around you makes you different, and makes you interesting, and it makes you have a perspective to be able to bring that the people around you don't. It sounds like you have quite a few of those, at least as you enter into the communities that I'm asking you from the perspective of whether PHP, or Laravel, or anything like that. I don't know where I'm going with that, but anyway. Snipe: [laughs] Matt: That's very interesting to hear. Snipe: I always say I sound really interesting on paper. I'm not really that interesting to talk to, but when you actually look at all the crap I've done, it's like, "Wow. That's kind of a lot." Matt: Right. That is a lot going on. Snipe: It's all weird. Weird stuff. Matt: If I remember right, the book that you wrote was a Wrox PHP book, right? Snipe: Yes, yes. You can still get it on Amazon, but it costs more to ship. Matt: Really? I got to-- Snipe: Actually, I'm not sure. It may just be eBay. The last time I checked, it was selling for $2.95 and costs like $80 to ship. [laughs] Matt: Professional PHP4 Web Development Solutions. Snipe: Yes. Matt: I don't see a Mohawk. I don't know which one's you. Snipe: No, no. Matt: [laughs] Snipe: Yes, I know. Gosh, it's a mystery of the ages, isn't it? [laughs] Matt: All right. Yes. $22.99. Wow. What was your experience like writing a book? Would you do it again? Snipe: Possibly, but I would need a bit more written assurances up front about how-- This is a co-authored book. Basically, we were not given communication information with each other. We were writing these chapters completely independently and it sucked. I offered to set up a bulletin board just so we could-- For some reason, they didn't want us talking to each other or something. I don't know, but I was like, "Because I don't know where this chapter is going to fall, I want to make sure that I'm not rehashing a thing that's already been discussed, or touching on something that needs more information." They never facilitated that. They actually pushed back against it. It was really frustrating. You're literally writing chapters in a vacuum that then have to be cohesive when you string them all together. I would need to know if it was going to be a co-authorship. I would need to know that this will truly be collaborative. Because the way it looks on the cover, it looks like we're all hanging out. No, I don't think I've ever spoken to those people ever. [laughs] Matt: Wow. Jeez. Snipe: It's really weird. It's really weird. I did not like that. I thought that was really just not a way to give the best experience to the reader. If I was going to collaborate, I would have to make sure that there was something like that. I've toyed with writing a couple of books over the last few years. It is also a bit of a time suck. Matt: Yes, it is. My perception, what I've told people in the past is that people often ask me, "Should I write a book with a traditional publisher like you did?" Because mine was with O'Reilly. "Or should I self-publish like a lot of the people in our community have?" My general perception has been, if you want to make money, self-publish. Snipe: Definitely. Matt: If you want reach that's outside of your current ability, then consider a traditional publisher. You've got quite a bit of reach and I wonder whether it's-- Snipe: This is like 2003, though. Matt: I don't mean for them, but I mean now. If you're going at it now. It seems like there'll probably be less of a reason for you to do a traditional publisher at this point. Snipe: I don't know, though. I still kind of O'Reilly. Matt: You still like it? Snipe: Being a published O'Reilly author, I still toy with that, honestly. Matt: I tell people I got a degree in secondary English education, basically. This O'Reilly book is my proof that I'm actually a real programmer. Snipe: [laughs] You know what? Honestly, that was really important to me back then. Snipe: Me too, really. Matt: I don't know where things would have gone, I don't know if I would have-- I probably would have stuck with it because I really, really liked it. I think that gave me a bit of confidence that I really needed. Proof, again, because I didn't graduate college. I nearly didn't graduate high school because of the programming class. [laughs] It was a way for me to say not just to the rest of the world, but to myself, like, "Hey, I actually know what I'm talking about." Matt: You can't underappreciate just how significant that is. I love that you said it. It's not just to everybody else, it's to you, too. Snipe: More than anyone else, to myself, honestly. I don't care what you guys think. [laughs] Matt: I spent several thousand hours writing a book with a major publisher so that I can overcome impostor syndrome. It's totally worth it. [laughter] Snipe: I still have it. That's a thing, I have it. Matt: I still have it, but maybe a little less. Snipe: At least if someone actually pushes the impostor syndrome too far, I'll be like, "I wrote a book. What have you done?" Matt: Exactly. Snipe: Meanwhile, I go off and rock in the corner as if, "Oh, my God. I don't deserve to be here. I don't deserve to be here." Matt: Exactly. It certainly doesn't make it go away, but maybe it's a tool in our arsenal to battle it. Snipe: That's a very good way to describe it. Matt: I like it. Snipe: I would need that to be a bit more of a tighter process. Matt: Well, if you decide to write with O'Reilly, I know some people. Just give me a call. Snipe: [laughs] I also know some people in O'Reilly. Matt: I was just going to say I'm pretty sure you don't need me for any of that kind of stuff. I just had to say it to try and seem like I actually matter, so this works. Snipe: Of course, you matter. Matt: I matter. Snipe: I got up early for you, Matt. I got up early for you. Matt: That's true. Snipe: You don't have any idea. Matt: That's true, this is quite early your time. I appreciate it. Snipe: [laughs] Matt: I'm trying to not talk forever. I'm trying to move us on even though I'm just my usual caveats, everyone take a drink. You eventually started Snipe-IT. I think we skipped a couple of things. We were talking about you becoming the CTO of the ad agency and being in a place where you needed to manage that kind of stuff. You started Snipe-IT. You now have a remote team. Could you tell me a little about the makeup of your team, and what it's like running a remote team, and the pros and cons you've experienced, and anything else that you would want to share about what that experience is like for you? Snipe: Well, I'm really lucky, first of all, because although our team is remote, we're all also local. We can actually see each other, we'll go out and have beers when we hit a major milestone. We'll go out and have some champagne and celebrate that we do get to see each other's faces. Also, we were friends first, so that helps. It's totally, totally different. If you're looking for advice on how to run a real remote team, that I can't help you with. I can't tell you how to manage your friends through Slack, though. [laughs] Matt: Basically, you and a bunch of friends live like an hour driving distance to each other or whatever and choose to work from home? Snipe: More like seven minutes. [laughs] Matt: Jeez. Snipe: Yes, yes. Matt: Okay, so this is really just like, "We just don't feel like going to an office," kind of vibe. Snipe: It's pants, it's pants. I'm not putting on pants. I've worked too hard in my career to have to put on pants anymore. There is a reason this isn't a video call, Matt. Seriously. [laughter] Matt: I wish that this was one of the podcasts-- Snipe: I think I just made Matt blush, by the way. Matt: I wish this was one of the podcasts where they name each episode, because that would have been the name right there for this episode. I might have to, just for this one, just give it a name just for that. Okay. I hear you. I get it. Snipe: The thing is I hadn't actually planned on hiring when I did. The reality is I should have, because I was really buckling under the helpdesk. That customer support load was a lot. It was causing me a great deal of anxiety. Looking back at it now, it was really untenable. Of course, I think that I'm 10 feet tall and bulletproof, so I'm like, "I got this. I got this." Meanwhile, it's four o'clock in the morning and I can't even see straight anymore. I ended up having to hire someone for a personal reason. She's actually worked out great. She's an absolute rock star on the helpdesk. She's never worked a helpdesk before, and she owns it. It's actually really, really great. Once I'd hired her, I think-- The onboarding takes a little bit. Especially, literally never worked a helpdesk before, so it's not just onboarding with my company, it's like onboarding the entire concept. As soon as she got her footing, she just completely handled it. It was really great. The next hire was a developer/sysadmin that I've known for a while. He is just fantastic. He's actually the harder one because he, I think, requires a little bit more structure, and a little bit more face time. I need to be better. I do. I need to be better about working with that because in my head, I'm still managing this the way that I want to be managed. I forget that that's actually not my job anymore. Matt: People are different. Snipe: Yes, people are different. Also, not everybody wants what I want. Frankly, it doesn't matter what I want. Ultimately, that's no longer a luxury that I have, caring more about how I want things to go for myself. That priority has shifted, and so I'm having to painfully learn [chuckles] that lesson. Not painfully. I love my entire team. They're absolutely amazing. I'm super, super grateful for them every day that goes by. Every time one of them takes vacation, we all hold on to our desks. We're like, "Okay, we can get through this, we can get through this." It's a learning curve, certainly. I've run my own small business, I've run dev teams. This is a different thing though, because the reason why I wanted to make this a company instead of just running this as a side project is because I've worked for tons of shitty companies. I want to build the company that I wish I'd worked for. Matt: I'm so sorry for doing this, but I was doing that thing where you're hearing somebody talking and waiting for your chance to talk. I literally was about to say Dan and I, when we started Tighten, the first thing we said was, "We want to build the company we want to work for." You just said and I'm like, "Exactly." That introduces the problem you're talking about, which is you just assume everybody wants the same things you want. It also means nobody else gets to force you to put people through things that you wouldn't want to be put through. It's an incredible freedom if you can make it profitable. Snipe: Yes. Absolutely. Getting to institute stuff that I think is really worker-friendly. We all make our own hours. We have office hours so that when Victoria's handling the helpdesk, she's got access to the text that she needs during a certain amount of time. In general, she's got a kid. We have to have that flexibility, so that she-- Honestly, she just lets us know that she's going to pick up her kid. It's like, "Okay, cool. See you back in half an hour or whatever." Vacation, she had not had a real vacation in probably 10 or 15 years. Last year, we were like, "You are taking vacation." She kept checking into Slack. I'm like, "Girl, I will actually revoke your credentials." Matt: [laughs] Exactly. Snipe: Do not play with me. Matt: I love it. Snipe: This year, I've decided that there's two weeks basically mandatory vacation, and we're going to put $3,000 towards each person's vacation funds- Matt: That's cool. Snipe: -so that they can actually go and do something awesome, and relaxing, and not stress about money while they're there, and just get to go and actually enjoy things, and come back refreshed and ready to work. It's pretty cool being able to come up with stuff like this and really like, "What would I have needed?" Because when I was working at the ad agencies especially, I would accrue my PTO. Honestly, that's why Snipe-IT existed. It was because I had two and a half weeks, three weeks of PTO that was not going to roll over. They made me take vacation in November. They wouldn't let me do it in December. They made me do it in November, and I was like, "Yes, three weeks of just relaxing, playing video games." That didn't work. I accidentally the product. [laughs] Now, I accidentally the business. Matt: That's awesome. One of the things I often talk about as an entrepreneur, as a business owner is something that I think people are scared of talking about, which is power. Because being a business owner means you get to hire, you get to figure out how money is spent, you get to figure out what pressures are and are not put in the people you work with. I call that power, but I think power doesn't have to be a scary word because, really, what matters is what you do with the power. When we hear power as a negative thing, it is usually because the people on power are benefiting themselves. I think that something is really beautiful, and wonderful, and we need more of in the world is when we can see power as a positive thing, because people get power and then use it for the benefit of other people. I just want to applaud and affirm what you're doing, because you just described that. It's like, "I got power, and the first thing I did was work to make other people's lives better understanding what the situation that they were in was." I love hearing that. I'm really glad that we got to talk about this today. Snipe: Well, thank you. I'm looking forward to coming up with more stuff like that. Matt: I love it. Snipe: It's super important to me. Our customers are incredibly important to us, obviously, but my staff is as important. You can't have one without the other either direction. Matt: In the end, they're just both people who you work with. The hope is that you're able to make both groups of people really have lives that are better because they had a chance to interact with you. Snipe: Yes, absolutely. Matt: Okay. We are almost out of time. I asked people at Tighten if they had any questions for you. They gave me a million, and I haven't gotten any of them. They're all going to be mad at me, so I'm trying to look at the one that I could pull up that won't turn into a 30-minute long conversation. Snipe: I'm Italian. There is literally nothing you can talk to me about that won't turn into a 30-minute conversation. [laughs] Matt: All right. I'll literally go with the question that has the least words in it and see if that gets us anywhere. Coffee or tea? Snipe: Red Bull. Matt: There you go. See how short that was? All right. Snipe: This podcast is sponsored by Red Bull. [laughter] Matt: It's so funny that it's been the thing at Tighten for the longest time, where those of us who started the company and the first hires were primarily coffee people. There's one tea holdout, but over time, the tea contingent has grown. Just within the last nine months, we hired two people who are Red Bull addicts. All of a sudden, we're shopping for the company on-site and they're like, "Orange Red Bull, no sugar, energy, blah, blah, blah." I'm like, I have a course in Red Bull flavors. Anyway, I still think it's pretty gross, but I did try some of them. Snipe: It's disgusting. No, it is utterly vile. It is really, really gross. [laughter] Matt: I don't get it. Please pitch me on why I would drink red Bull instead of coffee then. Snipe: No. If you don't drink Red Bull, then there will be more for me. First of all, I'm not going to pitch that. Matt: World's dwindling storage of Red Bull. Snipe: Obviously, we buy our stores out of local Red Bull, it's ridiculous. We have a main store, and then we have a failover store. Listen, you don't drink it because it tastes good. It tastes like dog ass, but it wakes you up. It keeps you awake. It feels the same role that coffee does, and frankly, I don't think that coffee tastes that good. Matt: Okay. Fair enough. Snipe: I can ask the same question to you. Matt: Right. For you, it's a combination. You don't like the flavor of either, but one of them you can buy in bulk and throw in the fridge? Snipe: Yes, yes. Matt: Got it. I get that. I love the flavor of coffee, but I'm like a geek. I have all the equipment, and all that kind of stuff. Snipe: Of course, you do. [laughter] Matt: Am I predictable? I am predictable. Okay. Snipe: I will neither confirm nor deny. My lawyer has advised me. [laughs] Matt: Not to make a statement on this particular-- I have one more and I'm praying that I can make it short, but I probably won't. You are a member of the Laravel community. You use Laravel. You share things every once in a while, but for someone who is such a big name, who's a member of the Laravel community, much of your popularity is not within the Laravel community. You're not popular because you're speaking at Laracon, you're not creating Laravel packages that all the people are consuming. It's this interesting thing where you're a very well-known person who uses Laravel and is a member of the Laravel community but is not necessarily gaining all that fame within Laravel space. It's an interesting overlap. As someone who does have exposure to lots of the tech communities, you're in the InfoSec world, you've been in PHP for a while, but you're also solidly Laravel. Do you have any perspectives on either, maybe the differences between InfoSec and PHP, differences between InfoSec and Laravel, and/or is there anything that you would say to the Laravel community, or things you'd either applaud or hope to see grow? Is there anything you just want to say about the way Laravel compares, or connects, or overlaps, or whatever with the rest of the world that you're in? Snipe It's always an ongoing joke in the InfoSec community. PHP developers are pretty much the easiest punching bag in the InfoSec community. Matt: And everywhere else. Snipe: In fact, I think just yesterday, I submitted an eye-rolling gift in relation to someone at InfoSec, bagging on PHP developers. I get it. When the language first came out, it was really easy to learn. You didn't need to have any knowledge of programming, or discipline, or best practices. There were no best practices for quite some time in PHP. I totally get that. The thing is that that's not really the world that we live in anymore. It's actually hard to write a PHP application without using a framework these days. Because the frameworks are so much better and it's so much faster, that for me, I'm pretty sure I could still write a PHP application without a framework, but why the hell would? If I ever have to write another gddmn login auth routine, I'll kill myself. I will actually kill myself. Comparing InfoSec to PHP or Laravel is like comparing apples to orangutans. They're entirely different animals and there is a little bit of overlap, but typically not. In general, PHP has a bad reputation in InfoSec. In fact, I will tell you a very brief story about how I got into InfoSec. This one's always a fun one. I used to run a nonprofit organization when I moved to California the first time. It was basically like Megan's Law for animal abusers. Criminal animal abuse. I would pull in data, break it down statistically based on a couple of different pointers like domestic violence connection, blah blah blah blah blah, and basically run statistics on that stuff. This was going back a very, very long time when nobody really knew or gave a crap at all about AppSec. At one point, my website got hacked. The organization's website got hacked. I am literally on my way to speak at a conference in Florida, an animal welfare conference. I'm checking in. I'm like, "Hi, I'm Alison Gionatto. I'm a speaker." She goes, "You're petabuse.com. That's great. I'm so sorry to hear about what happened." I'm like, "I've been on a plane for a couple of hours." I'm like, "Wait, what?" [chuckles] I run to my hotel room, and somebody has defaced the website with an animated GIF, and a song playing in the background which was basically a clip from Meetspin, and they linked to Meatspin. If any of your listeners don't know what Meatspin is- Matt: I don't. Snipe: -please do not Google that. You can google it, but have safe search on. Matt: Is it like Goatse kind of stuff? Snipe: Yes. "You spin me right round, baby, right round" playing in the background on autoloop. To this day, when I hear that song, I shiver a little bit. Matt: Trigger, yes. Snipe: Exactly. I ended up actually talking to this guy who thought that we were a much bigger organization than we were. He was trying to extort money, of course. I was like, "Dude, you have you have no idea. We get like $800 in donations every month. You are barking up the wrong tree." He's like, "I thought you were bigger. I'm sorry, but it is what it is." I toyed with him long enough to figure out what he had done. The thing is, this is on a Cobalt RaQ server. First of all, we're going back. Second of all, those are not exactly going for their security, but it was what I could afford. Honestly, it's what I could afford. I figured it out, I locked him out. I did leave him one final kind of F you text. [laughter] Snipe: Just so that he knew. That was how I got into this in the first place was basically a horrific, horrific internet meme and the defacement of my organization's website. Again, this is 2004, 2005. Application security became really important to me, and that's why I'm here. [chuckles] That's why I go to DEF CON. That's why I speak about application security and security in general. To get back to your original question, there isn't really an overlap. There is this disdainful relationship, for the most part, coming from both directions because InfoSec people don't typically treat programmers in general very well, but especially not PHP developers. PHP developers are tired of getting shit on, and so they don't necessarily treat-- It becomes a bit of a self-fulfilling-- Matt: Impostor, yes. Exactly. Snipe: Honestly, it's all just a bunch of dumbass egos and it's stupid. If we would just talk to each other a little bit more, we'd probably be a little better off. Matt: Come on, somebody. You'll be surprised to hear that I could talk about InfoSec and PHP for an hour, but we're out of time. I don't know if I'm going to have you back sometime or I don't know what, but this's been amazing. I really appreciate you spending some time with me. Before we cut off for the day and I cry because of all the topics I'm not going to cover, is there anything you wanted to talk about? Anything you want to plug, anything you want to cover, anything you want to say to the people that we haven't got to cover today? Snipe: Nothing that really comes to mind. I am still really passionate about AppSec. If you're using a framework and you're not utilizing all of the security stuff that's built in already, specifically Laravel is really good with that. I've had write some Middleware to add some additional CSP headers and things like that. If you're already paying the price, the overhead of using a framework, then freaking use it. Actually use all of the bits that are good, not just the bits that you don't feel like writing. Laravel makes it really hard to avoid the CSRF tokens. You'll actually have to go out of your way to disable those. I like that about Laravel. I like that it's opinionated. I like that it doesn't want you to screw this up. That said, any developer left to their own devices sufficiently motivated will still screw it up. Matt: Will screw something up, yes. Snipe: Yes, Exactly. Frameworks like Laravel, I think once that are headed in the right direction, so your default login already uses bcrypt to hash the password. You would, again, have to go out of your way to write something that would store something in cleartext or MD5. I think it's a step in the right direction. Use your frameworks, learn what their built-in security functionality is, and use them. Matt: Use it. [laughs] Snipe: One of the packages I'm actually writing for Laravel right now is an XSS package which will basically walk through your schema, and will try and inject rows of XSS stuff in there so that when you reload the app and if you got to any kind of functional testing or acceptance testing setup, you'll be able to see very quickly what you've forgotten to escape. Matt: I love it. Snipe: For a normal Laravel app, that's actually hard to do because the double braces will escape everything. For example, if you're using data from an API, maybe you're not cleaning it as well or whatever. That's one of the packages that I actually am working on. Matt: That's great. Also, if you're using JavaScript, it's really common for people to not escape it, and so that all of a sudden, they forget to clean it. Snipe: Exactly. I wanted one quick way to basically just check and see how boned I was. That'll be fun. Matt: Yes. Does it have a name yet that we can watch for or would you just link it once you have it? Snipe: Well, the only name-- You know how the mocking data packages called Faker? You can imagine what I'm considering calling this that I probably won't call it? [laughs] Matt: Probably won't, but now we can all remember it that way? Yes. Snipe: No promises. Absolutely no promises is all I'm saying. [laughs] Matt: Assuming it's safe for work, I will link the name in the show notes later. If not, you could just go-- [crosstalk] [laughter] Snipe: Again, no promises. Matt: I like it. Okay. You all have taken enough drinks, so I won't say my usual ending for you to drink too. Snipe, Alison, thank you so much. Thank you for the ways you have spoken up for a lot of things that really matter both in this call and our community as a whole. Thank you for hopefully helping me but also our entire community get better going forward, but also the things you brought to us in the past in terms of application security. I don't know why I didn't say this earlier, but Mr. Rogers is maybe one of my top heroes of all time. That was what was going through my mind when you were talking about running your company. Thank you for being that force both for running companies that way and taking care of people, and then, of course, by proxy for just the people who you're working with. The more people that are out there doing that, I think the better it is for all of us. This has been ridiculously fun. If anyone wants to follow you on Twitter, what's your Twitter handle and what are other things they should check out? That URL for Snipe-IT? I will put all of these in the show notes, but I just wanted you to get a chance to say them all at the end. Snipe: My Twitter handle is @snipeyhead, because @snipe was taken. I'm still pissed at that guy. [laughter] Snipe: The URL for Snipe-IT is snipeitapp.com. Not very creative. All of our issues are on GitHub. Your pool of requests are welcome. [laughter] Snipe: As always. Matt: Nice. Snipe: It is free. If it helps you solve some of your problems at your organization, we would love for you to try it out. If you'd like to give us money, that's awesome too. Ultimately, the more people who are using it, the better. Matt: Nice. Okay. Well, thank you so much for your time. Everyone, check out the show notes as always. We'll see you again in a couple of weeks with a special episode. I'll tell you more what it is when that one happens. See you. Snipe: [chuckles] Thank you so much, Matt.

Embedded
219: Not Obviously Negligent

Embedded

Play Episode Listen Later Oct 12, 2017 74:46


Kelly Shortridge (@swagitda_) spoke with us about the intersection of security and behavioral economics. Kelly’s writing and talks are linked from her personal site swagitda.com. Kelly is currently a Product Manager at SecurityScorecard. Thinking Fast and Slow by Daniel Kahneman What Works by Iris Bohnet Risky Business, a podcast about security Teen Vogue’s How to Keep Your Internet Browser History Private Surveillance Self-Defense from EFF, including security for journalists as mentioned in the show Bloomberg’s Matt Levine Twitter suggestion @SwiftOnSecurity, @thegrugq, and @sawgitda_.

Rebuild
173: There Are No Gems, Only Stones (N)

Rebuild

Play Episode Listen Later Jan 31, 2017 175:51


Naoki Hiroshima さんをゲストに迎えて、AirPods, アイコン、 自動運転、Swift, トランプ、バイリンガルニュース、ビール、SF, Alexa などについて話しました。 スポンサー: try! Swift (コード: TRYREBUILD) Show Notes Apple releases Find My AirPods in iOS 10.3 beta iStockNow Bragi The Headphone APFS is coming soon What's coming to CarPlay in iOS 10.3 Japanese toilet industry agrees to standardize complex bidet controls Accidental Tech Podcast: 205: People Don't Use the Weird Parts Daring Fireball: Former Apple UI Designer Bas Ording Now at Tesla “自動運転革命” ~DeNAの挑戦~|NHK ロボットタクシー株式会社 Why Uber’s self-driving program failed in San Francisco Tesla's radar (TSLA) predicts a collision and starts braking before it happens TOKYO - try! Swift ★ try! Swift 割引チケット ★ realm/SwiftLint: A tool to enforce Swift style and conventions Go for short variable names RuboCop Looking back on Swift 3 and ahead to Swift 4 izqui/Taylor: A lightweight library for writing HTTP web servers with Swift @SwiftOnSecurity Peter Thiel Is a Fucking Fool Google Recalls Staff to U.S. After Trump Immigration Order Trump's Immigration Ban Doesn't Include Countries with Business Links Trump targets tech's H-1B visa hiring tool 全米日系人博物館 Trump Press Secretary Sean Spicer may have just tweeted his password Donald Trump used a Gmail address to secure @POTUS Conway: Trump White House offered 'alternative facts' on crowd size A ‘rogue’ group of staffers is tweeting secrets from the White House バイリンガルニュース 特別編(#BN249) The Talk Show 1: Big, Fat, and Bloated — Neutral 世界のアルコール消費量 国別ランキング・推移(WHO) 2015年アメリカの人気クラフトビールトップ10 あなたのための物語 | 長谷敏司 悪童日記 | アゴタ クリストフ Amazon.com Help: Lend or Borrow Kindle Books Amazon Echo Dot Amazon.com: Alexa Skills Alexa Skills Kit Amazon’s Alexa started ordering people dollhouses after hearing its name on TV Nintendo Switch pre-orders are now live Rebuild: 172: Unparental Controls (hak)

Paradox Project Podcast
Episode 12: Star Wars, Polling Wars, Culture Wars

Paradox Project Podcast

Play Episode Listen Later Dec 21, 2015 59:05


This week join Jordan, Matthias, and Zach as we we fight a little bit about how people have reacted to the new Star Wars (and then a little bit about the value of Star Trek) before we jump into...Unpopular Opinions6:00 - 28:00Matthias - If the right wants to see more government scrutiny and tracking of what Muslims say and do online, they need to get comfortable with the idea of the government profiling right-wing anti-government views for the purposes of fighting domestic terrorism. Conversely, if the left want to argue that terrorism is a small thing that happens infrequently, they need to start shrugging it off when there is a terror attack from an anti-government or right-wing group (which is also extremely rare.)Zach - Based on the Public Policy Polling poll on the bombing of Agrabah, Americans should be more comfortable saying "I don’t know" to questions. (Matthias takes issue with this and we argue about it for about 15 minutes)Jordan - I was apparently a flaming liberal this week because I think shipping immigrants out of the country en masse is not a reasonable thing.GOP Debate28:00 - 39:00We talk about Rubio vs Cruz and the fight they had in the debate and during the following days. Zach is upset that the GOP candidates don't know anything about encryption, Matthias thinks that extended to Wolf Blitzer and his terrible questions. We talk about encryption and how there is a really terrible understanding among politicos. We also gush over @SwiftOnSecurity and theorize about who she "really" is.Democrat Debate (but mostly Star Wars, culture, and repetitive narrative styles)39:00 - 52:00The Democrat debate was something no one watched or wanted to watch. Then we go over how uninspiring Hillary is, both in the debate and in general. Zach was irritated that Hillary say "May the Force be with you" at the debate. This spins off into a riff in which Zach thinks our popular culture is way too corporate and repetitive . Matthias and Jordan defend heroic narrative structure and fun. Predictions54:00 - 59:00Zach: The Star Wars prequels will be erased from canon and rebooted.Matthias: The Iowa (and maybe New Hampshire) election results will be 10 points or more out of line with the polls.Jordan: I will get three fourths of my Paradox Project work done over then Christmas break.