Academic notes series

I mentioned in my previous post that I was feeling a bit weird about not really being connected to the academic world any more. I’m still sorting out how I feel about that and whether I have any long term plans, but I thought it might be nice to listen to some talks and write about them. I used to maintain a blog called Web Insecurity where I put public notes about the stuff I was reading but I got out of the habit after I graduated. So this is sort of the continuation of that, updated for “tired mom to a pre-schooler in a pandemic” levels of effort.

Ground rules:

  1. I’m not an academic any more, so I’m going super casual here: I’m going to watch a talk, probably not read the paper, and definitely not do deep due diligence on related work. (I am happy to have people point out interesting related work if you think I’d like it!)
  2. I’m going to prioritize conferences/publications with open access because I’m hoping some of you will read/watch the same things and have thoughts to share in the comments here.
  3. I’m going to do like I do with book reviews and aim for kind. Peer review defaults to constructive criticism but I’m not part of that process in this context so I can just highlight stuff I thought was interesting and largely ignore stuff I didn’t.
  4. I haven’t decided how often I’ll do this or how long I’ll keep it up yet.

It also bears reminding: My opinions and thoughts are not necessarily shared by my employer. This is a personal lifelong learning project and is not part of my day job.

Anyhow, first talk notes coming up in a separate post!

2019 Fiber Goals

I think these past few years of setting fiber goals has been fun, so here’s what I’m thinking for this year:

  1. Learn steeking. I’ve already signed up for a class in January so hopefully this one will be easy! It’s been on my to-learn list for a while.
  2. Document better. I haven’t been good about this since February last year, which not coincidentally is when I went back to work. I take pictures but haven’t been blogging or updating Ravelry. And I’ve got two patterns that I could maybe release this year, if I ever write them up.
  3. Finish another sweater. I’ve got one for me started but hibernating since early fall, and I’d like to do another toddler one. Plus I have others planned!
  4. Play with mini skeins. I’ve swapped out my yarn subscription for the year to one that’s monthly mini skeins with no project, and I want to play with designing for them. Maybe I’ll finally make that Christmas in July advent calendar I keep thinking about? (I know someone who might be willing to work on it with me so I’ve got to knit up some designs asap!)

Here’s to a new year!

Choosing secure open source packages

I wrote a pair of blog posts for work that came out last month!

Many developers don’t feel qualified to make security decisions. In many ways, that’s a perfectly healthy attitude to have: Security decisions are hard, and even folk with training make mistakes. But a healthy respect for a hard problem shouldn’t result in decisions that make a hard problem even harder to solve. Sometimes, we need to recognize that a lot of architectural decisions in a project are security decisions, whether we like it or not. We need to figure out how to make better choices.

The posts are about how to do very simple security risk assessments on open source packages, so you can make more informed choices about what you include in your code and get a sense of what makes a library look scary to security folk. They’ve got lots of real life examples of things we’ve seen, good, bad and embarrassing, and there’s a nice scorecard at the end that you can use to help you do quick assessments of your own. There are even some cat memes included!

I’m pretty proud to be able to share some of the things we’ve learned about open source security risk with the greater world and these posts fall in the category of “things I’ve made” so I thought I’d link them here. Hope you like them!