2019 Fiber Goals

I think these past few years of setting fiber goals has been fun, so here’s what I’m thinking for this year:

  1. Learn steeking. I’ve already signed up for a class in January so hopefully this one will be easy! It’s been on my to-learn list for a while.
  2. Document better. I haven’t been good about this since February last year, which not coincidentally is when I went back to work. I take pictures but haven’t been blogging or updating Ravelry. And I’ve got two patterns that I could maybe release this year, if I ever write them up.
  3. Finish another sweater. I’ve got one for me started but hibernating since early fall, and I’d like to do another toddler one. Plus I have others planned!
  4. Play with mini skeins. I’ve swapped out my yarn subscription for the year to one that’s monthly mini skeins with no project, and I want to play with designing for them. Maybe I’ll finally make that Christmas in July advent calendar I keep thinking about? (I know someone who might be willing to work on it with me so I’ve got to knit up some designs asap!)

Here’s to a new year!

Choosing secure open source packages

I wrote a pair of blog posts for work that came out last month!

Many developers don’t feel qualified to make security decisions. In many ways, that’s a perfectly healthy attitude to have: Security decisions are hard, and even folk with training make mistakes. But a healthy respect for a hard problem shouldn’t result in decisions that make a hard problem even harder to solve. Sometimes, we need to recognize that a lot of architectural decisions in a project are security decisions, whether we like it or not. We need to figure out how to make better choices.

The posts are about how to do very simple security risk assessments on open source packages, so you can make more informed choices about what you include in your code and get a sense of what makes a library look scary to security folk. They’ve got lots of real life examples of things we’ve seen, good, bad and embarrassing, and there’s a nice scorecard at the end that you can use to help you do quick assessments of your own. There are even some cat memes included!

I’m pretty proud to be able to share some of the things we’ve learned about open source security risk with the greater world and these posts fall in the category of “things I’ve made” so I thought I’d link them here. Hope you like them!