Repeat

Just a small thank you note: Olympiacos vs Real Madrid 100 – 82

On Abstraction

A twitter conversation I followed minutes ago sparked this memory:

“the purpose of abstracting is not to be vague, but to create a new semantic level in which one can be absolutely precise.”

I think the first time I used the above argument from Dijkstra was when huku and @_argp made their excellent presentation about memory allocators back in OWASP AppSecEU 2012.

[EWD340]

Defender of the Crown

Olympiacos vs CSSK 69 – 52

Agile consulting

Reg Braithwaite (@raganwald) tweeted at 18:55 on 2013/05/08:

Agile Consulting: Common Sense for $2,500 a day.

To which I replied:

@raganwald But since you pay $2500/day you’re forced to follow it :-) If it is offered for free you won’t #agile

remote power-on

From my INBOX:

Back in the days with no remotely-controlled power we had a server with another computer set face-to-face, such that the CD tray was hitting the power reset button of the neighbor. Unfortunately, this one has the power button on top, and you have to hold it in order for the box to shut down.

A Storm of Swords – Book 2

By far the best book in the series so far. Well worth the pages before starting it. And I finished this part faster than the first.

(A Storm of Swords – Book 1) (A Feast for Crows)

Catastrophe is always just around the corner

This is something System Administrators aquire as knowledge along the way (as the homeostasis provider that they are). This is something that developers always ignore for they do not operate the systems that they build either on scale or for long enough to understand how what they built works. This is something that every DevOp and their managers should be prepared for:

“Complex systems possess potential for catastrophic failure. Human practitioners are nearly always in close physical and temporal proximity to these potential failures – disaster can occur at any time and in nearly any place. The potential for catastrophic outcome is a hallmark of complex systems. It is impossible to eliminate the potential for such catastrophic failure; the potential for such failure is always present by the system’s own nature.” — How Complex Systems Fail

If people expect that the software intensive systems that they use are like bridges, they should be prepared for Tacoma Narrows.

Being a spammer for 40 minutes

When Martijn Grooten told me that he would spend a few days in Greece, I immediately grabbed the opportunity and asked him to give us a presentation. He gladly accepted and with great assistance from the Athens ISACA and Greek OWASP chapters, the presentation was given yesterday at 18:30 at PwC’s building:

Photo courtsey of @kpapapan — Photo courtesy of @kpapapan

The title of the presentation is “Being a spammer for 40 minutes” and you can grab the PDF version of the slides. For those who missed it (and it was a full house) an outline of what Martijn intended to say was posted some days earlier.

Thank you Martijn for letting us share and thank you for giving an illuminating talk for a diverse audience. Indeed the interesting things in mail happen after filtering.

A Storm of Swords – Book 1

It took me longer than I expected to finish the first part of “A Storm of Swords“, but it was definitely worth the effort. And I say effort because after thousands of pages that I mostly read through the night, the multitude of names starts makes it hard to follow the chain of events and alliances without taking notes and running back to consult them. And that is why I am thankful for the Wiki of Ice and Fire.

(A Clash of Kings) (A Storm of Swords – Book 2)

3rd Infocom Security (Athens)

Yesterday I managed to attend the 3rd Infocom Security event here in Athens. It was a full house, given the fact that the registration queue was so long that I gave up and went for coffee for half an hour before returning to the desk. Such a high attendance was to be expected, since this is a “free of charge” event. I saw almost all familiar faces (whether we’ve been introduced or not) that I see in other events and gatherings which are considerably smaller. This only makes it a success.

For as long as I stayed there, I was on the hallway track. It was too difficult to secure a place within the halls, so I wandered around the booths with a lot of other attendees. The most interesting one IMHO, was by census since these guys did something that the others did not: The displayed a zero day exploit. Quite impressive stuff accompanied by an excellent and thorough technical explanation. In the end I had an interesting exchange with them that went along these lines:

– Since you are not in the exploit selling business, why are you showing this to me here?
– We aim to show that even when you do your best (and most do not) you may end up with a false sense of security. And we aim to help you with that.

A lot of people opt for the blue pill and take a bet: things won’t break while they are in office. Even competent people put their heads in the sand sometimes.

So there, it was a “red pill” presentation, quite different from the typical “blue pill” ones that we’re used to. And the best thing that I got from the event.

—
#include<std/disclaimer.h> /* I have known the census people for some years and share a graduate supervisor with one of them */