The upstream software risk. Are we really checking it?
npm (the nodejs aka Javascript package manager) has ~10B packages downloaded in a rolling 28-day period [source: Laurie Voss]. So clearly there is no person looking at each download. And, npm is unsigned. So, well, each download could be different, even if its of the ‘same’ file. We’ve had some incidents where npm packages were…
Gadgets! my new travel buddy: the Xioami usb-c active-node-cancel headphones
Airlines don’t allow Bluetooth headsets (the air regulators don’t. Some mention this in a passive-aggressive kind of way but do nothing. Others are less passive and more aggressive. Modern phones are getting rid of the 3.5mm jack. Sure there are usb-c dongles, and the dongles are tiny so not really an issue. but… this leads…
My upcoming webinar on security surprises in cloud migration
I’m doing a (guest) webinar for RootSecure on Wednesday Oct 24th @ 11:00 EDT (Toronto) time. You can register if you want to hear a bit about things that might surprise you as you migrate from a safe secure comfy closet to a big airy cloud. For the last years I have been working on cloud, OpenStack,…
Casual rental transportation devices
Waterloo is going to start allowing those ‘lime‘ scooters. I have to say I’m not a huge fan. Seeing them in San Francisco, they were a nuisance, left laying all over the place, and being joy-ridden by drunk tourists. I do think the general concept is strong tho. Recently I was in Minnesota, and they…
Bike helmets work. And some surprised ducks
So the weather here is…. damp. The ride in this am was exceptionally wet and dark (I proved that the laser guidelines are visible!) but otherwise uneventful. The ride home, however, I got to prove that the bike-helmet (mocked for paw-patrol-esque view) functioned… the hard way. So I’m cruising along, somewhat more slowly than usual,…
Long Strange Trip
