Can you guess who I am?1 😈 It turns out distributed identity management is an oxymoron. Here’s what you can know and how to stay sane(ish) through your code audit. This is an expanded set of sli...

From BSides Boulder 2024, many attempts to figure out who did what, when, where, and why in a git repository (and some lessons learned, too). This is an expanded set of slides and resources since ...

From BSides Boulder 2024, many attempts to figure out who did what, when, where, and why in a git repository (and some lessons learned, too). This is an expanded set of slides and resources since ...

It’s the same actions-runner-controller you know and love (or curse), but with many fewer CVEs to generate compliance paperwork. With a new gig and new tech stack to learn, let’s do something a li...

Last time, we covered the basics of GraphQL to interact with custom fields and other project management properties in GitHub’s project boards. Now that we know how to use it, here’s some patterns,...

Every now and then, there’s a problem that absolutely, positively must be solved with GraphQL - the query language API interface. It takes me a day or two just to remember how to use it every time...

Feedback is a gift. Unsolicited positive feedback to someone’s manager is the quiet gift you never know you received. 🎁 Give this gift freely. 🎁 I have a habit of writing these short “sparkles...

I’m not sure I know what the “real internet” looks like anymore. 🙈 I’ve haven’t seen much in the way of advertising on the internet in perhaps 10 years or so, as I’ve been running a Pi-hole as a n...

bincapz is an open-source utility that enumerates predicted binary capabilities for both compiled and scripting languages (more here). Even before the recent problems with the xz compression libra...

There was a lot to read this weekend about the xz backdoor, how maintainers get burned out, and a great tl;dr response plan. As someone who’s both led a terrifyingly complex software factory and w...