From jacobian.org
How to report a security issue in an open source project - Jacob Kaplan-Moss
0 6
So you’ve found a security issue in an open source project – or maybe just a weird problem that you think might be a security problem. What should you do next?
on Fri, 4PM
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
A lot of tech people, particularly more junior folks, are looking for jobs right now. A short but important note for them: newcomers should generally ignore career advice from people who've been in the field longer than 10 or 15 years. The way the industry treats us is so dramatically...
on Mar 13
From jacobian.org
Beware tech career advice from old heads - Jacob Kaplan-Moss
0 1
If you’re new to tech – say, less than 5 years in the field – you should take career advice from people who’ve been in the industry more than 10-15 years with enormous skepticism.
on Mar 13
From jacobian.org
Sidebar #4: Quantitative Risk Revisited - Jacob Kaplan-Moss
0 0
In part 1 of this series, I briefly covered quantitive risk measuring – assigning a numeric value to risk, like “$3,500”, rather than a qualitative label like “medium” – only to quickly recommend against trying it. In this final sidebar, I want to come back to this topic. I’ll spend a bit more...
on Jan 28
From jacobian.org
What accomplishments sound like on software engineering resumes - Jacob Kaplan-Moss
0 0
Effective resumes need to contain two things: responsibilities and accomplishments. The first tells the read what your job was; the second, what your results were. Unfortunately, most people fail at the second part. I’ve seen thousands — maybe tens of thousands — of resumes, and most don’t...
on Jan 27
From jacobian.org
Don't include social engineering in penetration tests - Jacob Kaplan-Moss
0 0
I’m not a fan of including social engineering – spearphishing, calls to support tickets, office visits – as part of penetration tests. These activities are risky, and often involve borderline and outright inappropriate behavior. Further, they tend not to produce useful...
on Jan 23
From jacobian.org
Sidebar #3: Two Flavors of Medium Risk - Jacob Kaplan-Moss
0 1
When you look at a likelihood/impact risk matrix, you might notice that “medium” appears twice – once as high-likelihood/low-impact, and once as low-likelihood/high-impact. These two “mediums” aren’t at all the same!
on Jan 17
From jacobian.org
Sidebar #2: The Swiss Cheese Model - Jacob Kaplan-Moss
0 2
In the real world, accidents happen when a series of small missteps align to create severe consequences. This is something we call the “Swiss Cheese Model”: imagining a systems failure as a set of “holes” in our layers of defense that all line up to create a series accident.
on Jan 16
From jacobian.org
Sidebar #1: "Exposure" - Jacob Kaplan-Moss
0 1
Risk is usually defined as the product of two factors: Likelihood and Impact. However, some disciplines include a third factor: Exposure. What’s that about, and when is it useful?
on Jan 15
From jacobian.org
Mitigation - Jacob Kaplan-Moss
0 0
So you’ve identified a risk — now what do you do about it? Here’s a simple framework to help frame discussions about risk mitigation. It’s intentionally very simple, a basic starting point. I’ll present a more complex framework later in this series, but I want to lay more of a foundation before...
on Dec 10
From jacobian.org
An introduction to thinking about risk - Jacob Kaplan-Moss
0 0
Welcome to a new series about how to think about risk. This series is a crash course, a high-level introduction to the most important concepts and risk frameworks. It’s intended for people who encounter risk from time to time and need some basic tools, but don’t want to make a deep study of it....
on Dec 4
From jacobian.org
jacoBOOian 👻 (@jacob@jacobian.org)
0 1
Like a lot of people I'm really concerned about what the incoming regime is going to do, so here's one small way I'm trying to help: https://jacobian.org/2024/nov/11/digital-security-checkup/
on Nov 17
From jacobian.org
jacoBOOian 👻 (@jacob@jacobian.org)
0 0
What are folks using to bulk-delete their tweets? I tried Block Party but it doesn’t work for me — just deleted a handful of tweets before crapping out.
on Nov 15
From jacobian.org
0 0
If you — as an individual or a group — are re-assessing your digital security posture in light of the US election results, I’m available to help. I’m offering free digital security check-ups to anyone who feels like they need it now.
on Nov 12
From jacobian.org
Why you should run for the DSF Board, and my goals for the DSF in 2025 - Jacob Kaplan-Moss
0 0
Applications are open for the 2025 Django Software Foundation Board of Directors – you can apply until October 25th. So, in this post I’ll do two things: try to convince you to run for the board, and document my goals and priorities for 2025.
on Oct 18
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
2.78K Posts, 331 Following, 3.96K Followers · software development, engineering management, information security, basketball shitposting. he/him.
on Oct 18
From jacobian.org
jacobian (@jacob@jacobian.org)
0 1
Dan Olson’s video from #xoxofest is out! Of all the talks at XOXO, this one resonated with me the deepest, to the point that I’m not totally sure I want you watching it because then you’ll know maybe too much about how my brain works, too. https://xoxofest.com/2024/videos/dan-olson
on Oct 10
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
A couple weeks ago I gave a talk at @djangocon@fosstodon.org about the finances of the Django Software Foundation. I wanted to give folks a high-level understanding of our current financial situation, and then imagine a world where we had a substantially-larger budget. Here's a written version...
on Oct 9
From jacobian.org
If we had $1,000,000… - Jacob Kaplan-Moss
0 0
What would the Django Software Foundation look like if we had 4x our current budget?
on Oct 9
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
Is it ethical to use AI in the public sector? I think so — but only in certain ways. I have two positions: 1. Predicting outcomes is snake oil — and even if it weren’t, it's based on deeply biased training data, and would still be unethical. 2. Using AI in ways that are _assistive_ — helping...
on Oct 2
From jacobian.org
Ethical Applications of AI to Public Sector Problems - Jacob Kaplan-Moss
0 0
There have been massive developments in AI in the last decade, and they’re changing what’s possible with software. There’s also been a huge amount of misunderstanding, hype, and outright bullshit. I believe that the advances in AI are real, will continue, and have promising applications in the...
on Oct 1
From jacobian.org
jacobian (@jacob@jacobian.org)
0 1
Got a new computer (Mac Studio), and taking it as an oportunity to try new tools & change up my workflow. So far: - Arc: couldn't grok how it does tabs; abandoned - Vivaldi: happy so far! - Wezterm: lovely - Amethyst: hm… giving it another couple of weeks. - uv: amaze - mise: don't _quite_ see...
on Oct 1
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
2000s: "extend Python with C" 2010s: "extend Python with Python" 2020s: "extend Python with Rust" I have many conflicting feelings about this progression…
on Sep 7
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
Wow, the latest release of Bluesky has some REALLY compelling per-post moderation/safety tools -- disabling quote posts, “detatching” quote posts (hard to describe, see the thread), hiding replies, granular interaction controls (who can reply or quote), more muting controls, etc. Wonderful...
on Aug 29
From jacobian.org
Hangar's Dumb Security Questionnaire - Jacob Kaplan-Moss
0 1
WHen I worked for Hangar, I developed our own Dumb Security Questionnaire (the questions we ask vendors to evaluate their security maturity). All DSQs are dumb, but I think ours is a little less dumb. If not, at least it’s short.
on Aug 14
From jacobian.org
Getting features into Django - Jacob Kaplan-Moss
0 0
Getting new features into Django isn’t easy. It’s that way for a reason — I spoke recently about why conservatism is a virtue — but it does happen. I’d like to do a better job explaining how we decide what goes in and what goes out, so here’s a lightly adapted version of something I posted on...
on Jul 21
From jacobian.org
Bringing Security along on the CI/CD journey - Jacob Kaplan-Moss
0 0
Practical ways to bridge the gap between AppSec and Engineering.
on Jul 17
From jacobian.org
All I Need to Know About Engineering Leadership I Learned From Leave No Trace - Jacob Kaplan-Moss
0 0
Sumana challenged me to apply the principles of Leave No Trace to engineering leadership, so here we go.
on Jul 12
From jacobian.org
What is your labor worth? Tech compensation in 2021 - Jacob Kaplan-Moss
0 0
Salaries in tech are going up, and many people are looking for new jobs or reevaluating the ones they have. However, many tech workers have no idea what their labor is worth on the open market. There’s a huge information asymmetry here: employers have access to detailed industry data on...
on Jul 5
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
A new (to me) principle I'm trying to live by: pay more for the kind of media I want to continue to exist: https://jacobian.org/2024/jun/11/paying-more-for-media/
on Jun 24
From jacobian.org
Paying More for Media - Jacob Kaplan-Moss
0 0
A new principle I’m trying to follow: we should be paying more for independent media. How I got there, and a list of the media I’m paying for.
on Jun 12
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
@danilo@hachyderm.io “I don’t let my husband go out to lunch with the women he works with” “we keep location sharing on all the time so we always know where each other is” “I read my wife’s texts every morning while she showers” (said with wife in the room in a “isn’t this cute?” tone)
on Jun 2
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
@webology@mastodon.social @ryancheley@mastodon.social I kinda already did: https://jacobian.org/2017/jun/27/social-engineering-pentests/
on May 30
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
this sucks https://www.guru3d.com/story/microsoft-reportedly-readies-billion-bid-to-acquire-valve-steam/
on May 23
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
The “one more thing” at #PyConUS is a well-considered, realistic, totally backwards compatible plan to remove the GIL!
on May 20
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
“When the PSF gets funding it *gets results*” @brainwane@social.coop #PyConUS (Sponsors and grant foundations: are y’all paying attention?)
on May 19
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
I love @simon@simonwillison.net’s proposed new term for LLMs: instead of “artificial intelligence”, “imitation intelligence” #PyConUS
on May 19
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
After thinking on it, I think the root cause here isn’t laziness, but a deep desire to believe that software development is ~ s p e c i a l ~ somehow, that they’re ~ a r t i s t s ~ with a mystical ineffable process. (Never mind that many of these same people insist on calling themselves...
on Apr 30
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
Well, I definitely didn't have "nonprofits are bad actually" on my Mastodon Discorse bingo card
on Apr 29
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
Holy shit, Conan O’Brian on Hot Ones was … holy shit what the hell was that. I don’t know what I was expecting but … holy shit! Talk about committing to the bit - Conan didn’t commit to the bit, he fucking pledged his immortal soul to the bit. I’ve never seen anything quite like that.
on Apr 22
From jacobian.org
You have two jobs - Jacob Kaplan-Moss
0 0
Welcome to FictionalSoft! I hope your first week is going well? Great. As you start to find your feet, I want to make sure we have a shared understanding of what success looks like here. Apologies in advance if I’m telling you something you already know, but it’s important to be...
on Apr 16
From jacobian.org
0 0
One of the main responsibilities of a leader/manager is helping their staff develop. Mentorship, coaching, and sponsorship are import tools in the staff development toolbox. Good leaders should be adept in all three, and know when (and when not) to use each. In my work with new managers, I...
on Apr 3
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
Every time I write about how I fucked something up with git, I get a good deal "this is your fault”-inflected feedback. So look: I fuck something up with git about monthly. Have for a decade. You can draw one of two conclusions from this: 1. I am terribly stupid. 2. Git is fundamentally an...
on Mar 30, 2024
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
TIL you shouldn’t be using `git pull`. I am certainly having a User Experience right now. https://mastodon.social/@glyph/112179679930695077
on Mar 29, 2024
From jacobian.org
Discussing Open Source funding and sustainability on the Sustain podcast - Jacob Kaplan-Moss
0 0
I was invited on the Sustain podcast to discuss my recent rant about open source sustainability. I talked about my reaction to the criticism that open source maintainers receive when they take funding, and how this is a personal issue for me – maintainers aren’t abstract ideas to me, they’re my...
on Mar 29, 2024
From jacobian.org
Talking about Django's history and future on Django Chat - Jacob Kaplan-Moss
0 0
I was on the Django Chat podcast to about Django’s history, the creation of the DSF, my recent return to the DSF board and my goals there, and the things I’m excited about for Django going forward. Here are some highlights from the interview.
on Mar 20, 2024
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
My flippant snarky line I use sometimes is "I'm too stupid for Git”. This isn't really true: I don't think I'm stupid, and I don't think other people who struggle with Git are either. But it captures something — Git feels aimed at a very high skill level. It's a "black diamond" tool, "experts...
on Mar 20, 2024
From jacobian.org
jacobian (@jacob@jacobian.org)
0 0
Attached: 1 image “I can prove that AI is useless because I always recognize the obvious errors that it makes.“
on Mar 20, 2024
From jacobian.org
So you messed up. Now what? - Jacob Kaplan-Moss
0 0
You’ve made and committed to a timeline, but your estimate was wrong. The timeline’s going to slip. Now what?
on Mar 14, 2024