Postcards from a Stranger
While working on Floating Sandbox 1.8 I realized I’d gone through 8 versions without noticing a subtle bug in the buoyancy simulation. Fixing the bug challenged my common sense on how things really sink underwater, and after bringing up the discussion at lunch with some of my colleagues, I realized it was not only my […]
Read More A Physics PuzzleFor the 1.5.0 release of Floating Sandbox I had decided to work on rethinking the simulation of water entering physical bodies through a hole in the hull. The 1.4.0 simulation was based on simple Newtonian-like mechanics and consisted of 3 steps: Water Intake: each point adjacent to a hole in the hull would take a quantity […]
Read More Momentum-Based Simulation of Water Flooding 2D SpacesToday was my last day of work at my current company, and I paid a visit to the company’s offices to return company property and cleanup my drawer. On my way out, I had a last glance at the patch panel of the office – it took me a few days in February 2010 to […]
Read More Proud of My Patch PanelRadi brought to my attention this post from Veracode’s Chris Eng on How to Become an Information Security Thought Leader. This video reminds me of so many thought leaders I’ve met. If only I could get them to watch it now 🙂
Read More Chris Eng: How to Become an Information Security Thought LeaderFor the past few months I’ve been working on an interesting problem for a large Dutch financial institution. The driver is a situation quite common in the risk management world: the security office of the institution is trying to centralize the reporting of all risk-related information, and among other things, vulnerability management data plays a […]
Read More A Dimensional Model for Vulnerability ManagementAs a follow-up to my previous post, here’s another example of OWASP’s “authoritative” prescriptive guidance that gives developers advice that is, in my humble opinion, dangerously wrong, and which contributes in building that sort of “parrot security expertise” – i.e. expertise that is based on repeating nonsensical mantras – which you see unfortunately way too […]
Read More OWASP and Input ValidationNothing pisses me off more quickly and surely than a security consultant boasting that “you can solve your [insert favorite injection vulnerability here] issue with proper input validation”. OWASP does this all the time, with preposterous sentences like the following, taken from this page: Input validation is absolutely critical to application security, and most application […]
Read More Input Validation & Injection Vulnerabilities