gammatron - the weblog


NOVEMBER 2024

finding potential dependency confusion targets for supply chain attacks (depfuzzer) [devsecops][appsec]
how has webb space telescope changed cosmology? (bigthink)
low-cost, low-power mesh radio networking (meshtastic)
homebrew flipper zero replacement (capybara)

OCTOBER 2024

when the natural world collides with the human, we must get to a truer vision of what life means on this planet (jeff vandermeer)
the hoover dam's Astronomical Monument allows aliens to understand when it was built (longnow)
The brain’s twilight zone: when you’re neither awake nor asleep (psyche) [longreads]
Beyond Either/Or: Kierkegaard on the Passion for Possibility and the Key to Resetting Relationships (the marginalian)
A Shadow Librarian: Fighting back against encroaching capitalism (DEF CON 32 - Daniel Messe) [conferences]
space chasers (thinking about first contact scenarios) (truly adventurous) [longreads]
Making the Most of a Crisis (mikey dickerson - Civil Service Talent Hackday Prague) [conferences]
Signal's Meredith Whittaker on Surveillance Capitalism (spotify - Kara Swisher) [podcasts][interviews]
How to not Let a Good Crisis go to Waste (mikey dickerson - govtech lithuania) [conferences]

If your plan to succeed where others have failed is "we are going to swim harder," you are going to fail.
why main character syndrome is psychologically dangerous (aeon) [longreads]
life-changing magic of japanese clutter (aeon) [longreads]
10 things likable people never, ever do (inc)
boil your speech/presentation down to one sentence for more effective delivery (inc) [comms]
how to pitch ideas in 10 minutes (inc) [comms]
noaa aurora forecast (dashboad) (30-minute forecast)
Terence Tao's vision for AI-augmented mathematics research (Atlantic) (archive.ph link) [math][longreads]
open blocklist for ublock origin to block AI-slop generators (github)
user misunderstanding and incompatible tools hinder adoption of secure encrypted communication tools (ieee) [infosec]
speaking to yourself in the third person ("illeism") makes you wiser(aeon)

SEPTEMBER 2024

AI and the future of democracy (and lawsuits, dispute resolution, bureacracy, etc) (bruce schneier tedx)

We should prefer when AIs augment people, and not replace them.
"keyball 39" micro split keyboard with trackball (shirogane lab) [keebs]
old-school printed travel (and more) guides, mostly EU/US centric (herb lester) [travel]
USA state department now allows online passport renewal (finally) (state.gov) [travel]
pi-zero-sized sdr hat (crowd supply) [rpi][sdr]
good primer on different sbom types (aph10) [infosec][supply chain]
Some made-in-hawaii aloha shirts (David Shepard) (Kahala) (sig zane) (manaola) (roberta oaks) (tori richards)
The NSA Has a Long-Lost Lecture by Adm. Grace Hopper (1982) (crypto-gram) (youtube part 1) (youtube part 2)
We can learn things from games that can make us better at life (the atlantic) [game theory][longreads]
How Camus and Sartre Split up Over the Question of How to Be Free (aeon)
2024 tidelift state of the open source maintainer report (tidelift) [oss][infosec]
The strange life and mysterious death of a virtuoso coder (Jerold Haas) (wired) [longreads]
using 1password as ssh agent (1password)
Details on squashed nine-hour Prince biopic (nytimes) [longreads]
Frank Lloyd Wright's Architectural Legacy in Oak Park, Illinois (architecture lab) [architecture][flw]
kapersky blog on telegram's brokenness (via cryptogram) [infosec][cryptography]
matt green on telegram's brokenness (via cryptogram) cf (security cryptography whatever podcast) [encyrption][infosec]
Detecting the use of "curl | bash" server side (wayback) [infosec]
nordic software security summit (nsss) [conferences][infosec]
portable USB-C powered soldering station (arstechnica)
comprehensive ad-block tester (d3ward)
3d-printed single-dose hopper and bellows for baratza vario series (introvert) [coffee]
RaspBerry Pi Wall mount with 80mm fan support posts (pinshape) [rpi]
Every AI Talk from BSidesLV, Black Hat, and DEF CON 2024 (tldrsec) [devsecops][conferences]
Why didn't the Big Bang become a black hole? (bigthink) [physics]

AUGUST 2024

recap of all AI-related talks at bsides LV/defcon/blackhat (tldrsec)
Spacetime Management: Lessons from the Stoics (ignite) (Richard Boyd) (devopsdays detroit) [conferences]
multi-color LED time/temp clock etc (no radio sync) (seiko QHL085KLH)
My CI/CD Pipeline Contains All Security Tools Available! (Jasmin Mair) (bsides munich) [appsec][devsecops][conferences]
Are Vulnerability Scanners Dead? Transcending CVEs for Vulnerability Management (upcoming - bsides nova) [appsec][conferences]
netflix hides a bunch of stuff from you, use secret codes to find it (netflix codes)
WTF is Cloud Application Detection Response (latio/James Berthoty) [appsec]
CVSS scores do not correspond to reality (stacklok) [devsecops][appsec]

JULY 2024

sbom-a-rama fall 2024 (denver) (cisa) [devsecops][conferences]
Secure Software Development Education 2024 Survey (linux foundation) [devsecops]
what I learned making an SCA tool in 2024 (chris langton) [devsecops]
The Man Who Invented Modern Probability (nautilus)
How John Coltrane's "My Favorite Things" Changed American Music (smithsonian)
finding the worst shape to pack (opposite of the knapsack problem) (quanta)
why many CNAPPs have a Kubernetes gap (james berhoty) [devsecops][appsec]
geodata from faulty GPS/trackers leads to "null island" (stamen.com)
crystal doodadd turns reality into 8-bit pixel art (yanko)
The Stabilizer Problem - Norbauer's Presentation at Keycon 2024 (youtube) [keebs]
interview with Ryan Norbauer (novelkeys) [keebs]
Faulkner's one-paragraph review of The Old Man and the Sea (lithub)
fifth busy beaver found (turing machine oddities) (quanta)
pv/pipe viewer - monitor data through a pipeline (ivarch) [devops][cli]

JUNE 2024

great primer on polyfill supply chain attack (latio/berthoty) [devsecops]
1955 Letter from Flannery O'Connor to Betty Hester (American Reader)

M. Sartre finds God emotionally unsatisfactory in the extreme, as do most of my friends of less stature than he. The truth does not change according to our ability to stomach it emotionally. A higher paradox confounds emotion as well as reason and there are long periods in the lives of all of us, and of the saints, when the truth as revealed by faith is hideous, emotionally disturbing, downright repulsive.
depixelizing redacted text (bishopfox) [opsec]
tips for correcting 'common walking mistakes' (and posture) (tech radar)
the history of PID 0 (dave.tf) [unix]
even better vulnerability decsion tree with SSVC (Patrick Garrity) [appsec][infosec][devsecops]
why are vulnerabilities out of control in 2024? (open source security) [appsec][infosec][devsecops]
air bubbles in 50,000 year-old ice core indicates climate change trends will get worse (popular mechanics)
lost crypto wallet unlocked (wired)
what tools compliment CNAPP (james berthoty) [infosec][appsec][devsecops]
appsec koolaid statements (james berthoty - linkedin) [appsec][infosec][devsecops]
vulnerability prioritization decision tree (linkedin) [appsec][infosec][devsecops]
comparison of pilot elite fountain pen nibs (and pilot blue inks) (fpn) [pens]
11 methods to declutter your home (lifehacker)
updated drake equation implies alien intelligence is less likely than thought (gizmodo)
more big-time auroras possible in the near future (discover)

MAY 2024

adding used coffee grounds to concrete increases its strength (science alert) [coffee]
"avoidance machines" - examining how silicon valley products are designed as user traps (kevin baker) [first in a series]

In this way the systems Silicon Valley uses to ensnare us, Seaver notes, walk a fine line between coercion and persuasion. A mouse may walk into a trap in search of cheese, but to describe this as a purely free choice amounts to a kind of willful ignorance.
The Only Valiant Way to Complain Is to Create: William Blake and the Stubborn Courage of the Unexampled (the marginalian) [longreads]
Alert for Social Engineering Takeovers of Open Source Projects (openssf/openjsf) [infosec][xz]
Mechanical Movements of the Cold War: How the Soviets Revolutionized Wristwatches (collectors weekly) [longreads]
The unexpected connection between the northern lights and Hubble's death (big think) [longreads]
hijacking github comments system to distribute malware with reputable-looking urls (bleeping computer) [infosec]
good xz explainer for normal people (npr planet money)
Measuring Brew Water Properties (coffee ad astra) [coffee]
The Story Behind Devo's Iconic Cover of "Satisfaction"(new yorker) [longreads]
38% of webpages that existed in 2023 are no longer accessible (pew research)
The hack that almost broke the internet (npr) [xz]
Scott's Pizza Chronicles: A Brief History of the Pizza Box (serious eats)
interview with jack benchakul of endorffeine (keys to the shop) [coffee]
los angeles times profile of jack benchakul of endorffeine (archive.ph cache) [coffee]
1982 honda acty minvan on kei truck platform (instagram)
old square heineken bottles designed to be reused (smithsonian)
open charter to provide assurances that open source projects won't get relicensed (open core ventures)
vuln exploits have tripled since 2022???!? (infosecurity) [devsecops][infosec]
amazingly-named url shortener (llili.li)
research into possible xz-like social engineering attacks on open source projects (openjs foundation via schneier) [devsecops][opsec]
another library of star trek movie screencaps (screencaps.us) [memes]
retrospective on the NES teenage mutant ninja turtles nintendo NES adaptation (25 years) (inverse)
an Apple II music and video player (wozamp)
Vulnerability exploits in the wild triple - Verizon 2024 data breach investigations report (infosecurity magazine) [infosec]

APRIL 2024

open source, off-grid, decentralized, mesh network (meshtastic)
Nakaya Dorsal Fin 2 in Heki-Tamenuri: A Review (penaddict) [fountain pens]
Passkeys: A Shattered Dream (Firstyear's blog) [security]
rust-based open-source image conversion (switcheroo)
fediverse-based instagram replacement (pixelfed)
run doom inside htop (github) [gaming]
cursed "smart" tv destroys windows PCs by spewing UUIDs at an insane rate (cohost blog)
28 Spring Pastas (bon appetit) [cooking]
Henry Rollins on Black Flag, Minor Threat, The Stooges, Green Day, Beyonce and the meaning of punk (louder)
Physicists Finally Know How the Strong Force Gets Its Strength (sciam)
lessons from xz: a More Sustainable Open Source Ecosystem (cisa) [devsecops][xz]
new excavation is rewriting the timeline of the fall of rome (popmech)
open-source software-defined ham HF transceiver (hermes-lite) [sdr][ham]
thinkpieces on how to "fix" opensource are forgetting the people who make it go (Di4na)

anything you offer must fit in 1h per month. That is it. And if it does not... we, as maintainers, will not do it. At all. And then what will you do? Throw away the 60% of the code the world depends on in every software product? No. You will discover that you made nothing better.
examining Jia Tan's complete github commit history (hunted labs) [devsecops][xz]
the underrated genius of david bowie's acting (bbc)
looking into the "Jia Tan" persona (wired) [devsecops][xz]
Gravitational waves reveal "mystery object" merging with a neutron star (ars)
examination of claims of technical solutions to xz and why they're wrong (saagarjha) [devsecops][xz]
OSS backdoors: the folly of the easy fix (lcamtuf) [devsecops][xz]
lookback at 2012 Prada fall menswear show, featuring Willem Dafoe, Adrien Brody, Gary Oldman etc (vogue)
deep inspection of the shell script that injects the xz backdoor (russ cox) [devsecops][xz]
bullying as a vulnerability in open source (404 Media) [devsecops][opsec]
wild identity theft story w/ victim in jail (ars)
corrupt memory hardware determined to be cause of Voyager 1 glitches (gizmodo)
51 must-see national park properties (mental floss) [travel]
travel ideas in France (ex-Paris) (guardian) [travel]
identifying software/source code, reproducible builds, provenance (Guix Project) [devsecops]
ceramic coffee dosing tray/cups (via hoffman) [coffee]
Helpful Morel Mushroom Hunting Tips and Secrets (mushroom appreciation) [myco]
filling the nvd data gap (anchore) [devsecops]
interactions in open source projects (examination of xz infiltration) (rob mensching) [devsecops][xz]
faq on the xz compromise/backdoor CVE-2024-3094 (thesamesam) [devsecops][xz]
list of products/distributions incorporating compromised versions of xz (rapid7) [devsecops][xz]
deep analysis of the xz sausage-making (bash, m4, automake, &c bits) (gynvael) [devsecops][xz]
another writeup/summary of xz compromise (ars technica/dan goodin) [devsecops][xz]

MARCH 2024

Technologist vs spy: the xz backdoor debate (lcamtuf) [devsecops][xz]

perhaps they have known for a while
everything I know about the xz backdoor (Evan Boehs) [devsecops][xz]
20,000 ft view/summary of the seriousness of xz compromize CVE-2024-3094 (fediverse) [devsecops][xz]
This is an example of Supply Chain Security that CISOs love to talk and freak out about. This is an example of an Insider Threat that is the boogey man of corporate infosec.
v. brief explanation of how xz/systemd/sshd tie together to make cve-2024-3094 so dangerous (fediverse) [devsecops][xz]
thread from november 2023 theorizing about a long con threat actor assuming control of a major project (fediverse) [devsecops][xz]
thread exploring pressure on xz maintainer to hand off control of the project (twitter) [devsecops][xz]
tracking jai tan's commit timestamps (birchb0y) [devsecops][xz]
alarming statement from redhat on xz compromise (redhat) [devsecops][xz]
PLEASE IMMEDIATELY STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES
cisa alert for xz compromise (cisa) [devsecops][xz]
notes/liveblog on xz compromise (xeiaso) [devsecops][xz]
why bloat is still software's biggest vulnerability (spectrum) [security][appsec][devsecops]
2024 eclipse explorer (nasa)
2024 eclipse path, times, visualizer (nasa)
favorite monospaced terminal fonts (opensource.com)
lily clark's "dew point" sculpture (hyrdrophobic ceramic) (colossal)
unexpected eponymns (roland crosby)
overcoming software supply chain attacks (karambit.ai) [devsecops]
product-led growth may be problematic for security startups (Ross Haleliuk) [bizops][longreads]
browser plugin to automate cookie popup handling (superagent)
how PJ Harvey found her way back to music (vanity fair) [longreads]
omakase coffee experiences in tokyo (sprudge) [coffee]
the math of better (more reproducible) espresso (ars technica 2020) [coffee]
homes that 'whisper rather than scream luxury' (bbc) [longreads]
Ryan Holiday's advice he wishes he'd known earlier (linkedin)
subgenre of American action movies depicting state-surveillance, espionage, network technologies, and perpetual motion (nokiawave via unclear and present danger podcast)
open Vulnerability and Exploit Intelligence (vulncheck community) [devsecops]

FEBRUARY 2024

12 low-maintenance houseplants (allure)
command line toll for url parsing and manipulation (trurl) [devops][devsecops]
foolproof pan pizza (serious eats) [cooking]
yet another sbom-quality metric? (harness sbom score) [sbom][devsecops]
Quantifying your reliance on Open Source software (jamie tanna - state of open con 24) [devsecops]
John WIllis on how Kubernetes won, digital transformation and Deming (software defined talk) [podcasts][devops]
After Love: Maxine Kumin's Stunning Poem About Eros as a Portal to Unselfing (the marginalian)

Afterward, the compromise.
Bodies resume their boundaries.
The Weird, Enduring Appeal of Tool (new yorker)
Turn your fucking phone off, put it in your pocket, leave it in your pocket - stay here.
how to actually change someone's mind (hbr/pocket) [comms]
FOSDEM 2024 Videos Transcribed / Subtitled by Whisper (jonatron)
diversity of human phenomenal experiences (the dress, green needle etc) (aeon) [longreads]
development of the frontal cortex in the teenage brain (nautilus) [longreads]
19 serious dips for the super bowl (romper) [cooking]
exactly how to do a squat (pocket) [fitness]
sboms for production incident response (linkedin) [sbom][devsecops]
innovations and insights in software supply chain security (linkedin) [devsecops]
thoughtful questions for deeper conversations (seattle times) [comms]
bookshelf wealth design trends (clever/Architectural Digest)
leaky vessels: container/runc breakouts (snyk) [devsecops]
cybersecurity buyers report (actualtech) [devsecops]
Deceptive Deprecation: The Truth About npm Deprecated Packages (aqua) [devsecops]
why do sbom haters hate (dfrlab) [devsecops][sbom]
what it's like to use apple's ios lockdown mode (wired)
supply chain attack play-by-play (john stawinski) [devsecops][longreads]
allan friedman podcast interview (security weekly) [sbom][devsecops]
smart questions great candidates ask during interviews (inc) [hiring]
another bougs curl CVE filed (curl blog) [devsecops]
command line tools updated and re-written in rust (zaiste.net) [ops]

JANUARY 2024

3d printed doodads for high-end home coffee enthusiasts (etsy) [coffee]
webtool for intercepting and recording webhook payloads (webhook-test) [devsecops]
600 years of color charts in one mammoth book (colossal)
the value of open source software (harvard business school)
tyranny of the algorithm: why every high-end coffee house looks the same (the guardian) [coffee][longreads]
10 Bathrooms You Should Pee in Before You Die (atlas obscura) [travel]
profiles of various AT&T/NSA spy hubs (the intercept)
teach yourself latin (familia romana)
Salary Negotiation: Make More Money, Be More Valued (Patrick McKenzie)
bruce perens working on what comes next for open source (the register)
Astronomer and Poet Rebecca Elson's Spare, Stunning Meditation on the Mystery of Being (marginalian) [longreads]
Open-Source Dependency Abandonment (Miller, Kastner, Vasilescu) [devsecops][appsec][infosec]
Determining EPSS Score Thresholds for Prioritization (medium) [devsecops][appsec][infosec]
Common Configuration Scoring System (snyk) [devsecops][appsec][infosec]
Zoom Unveils Open Source Vulnerability Impact Scoring System (security week) [infosec][appsec][devsecops]
a method to the madness of the teenage brain (nautilus) [longreads]
uncovering the hidden differences in how people experience the world (aeon) [longreads]
prima coffee advanced pourover class (prima) [coffee]
very little correlation between CVSS and exploitation of vulnerabilities (chris john riley) [infosec][appsec][devsecops]
Raspberry Pi 4 USB Boot Config Guide for SSD / Flash Drives (james chambers) [rpi]
crazy "triangulation" hardware 0-day owns iphones (ars technica) (securelist) [opsec][infosec]


DECEMBER 2023

technique for maximizing airtag privacy while still obstructing stalkers (wired) [opsec]
the advice I wish I listened to when my kids were little (fatherly)
detecting hardcoded secrets in packagesin pypi ecosystem (gitguardian) [devsecops]
how online laughing shorthand/indicators translate into different languages (lol)
suvs and cars in general are getting bigger and killing people (slate) [longreads]
sloppy wrapping is more appreciated by close friends (the conversation)
A guide to difficult conversations for people who hate confrontation (vox)
How to think before you speak, online and off (vox)
the year's most spectacular photos from the James Webb Telescope (time)
The Long, Petty Friendship That Changed Art (manet/degas - new yorker) [longreads]
comically large sweatshirt-material robe/housecoat (offhours) [shopping]
using debian package manager to solve sudoku (wayback)
how much did log4shell change? (veracode) [devsecops]
developer conferences agenda (calendar) [cfps]
How to Become a Killer Negotiator in Nine Steps (pocket/telegraph)
sylvia plath on free will (the marginalian)
vacation planning for maximum enjoyment (pocket)
astronaut-tested productivity hack and mistake recovery (fast company)
PJ Harvey tiny desk concert (npr/youtube)
John Gray on Pessimism, Liberalism, and Theism (conversations w/ tyler) [podcasts]
great interview with US digital service administrator (verge/decoder) [podcasts]
best winter escapes in the united states (natgeo) [travel]
the Japanese Approach to Accepting Life's Challenges, "Ukeireru" (pocket)
self-awareness is the secret to a successful job interview (fast company) [hiring]
Open Source Supply Chain Security at Google (slides, video) (ACM SCORED 2023 keynote) [devsecops]
lost ancient tyrian purple pigment (bbc) [longreads]

NOVEMBER 2023

the manifest destiny of AI and techno-futurism (emily gorcenski) [longreads]
crypto/techbro obfuscation via effective altruism (molly white) [longreads]
selection of mods for gaggia classic pro espresso machine (reddit) [coffee]
full-size m.2 bottom-mount plate for rpi 5 (pineberry) [rpi]
cup score inflation (scott rao) [coffee]
cve "half-day" vulnerability watcher/finder (aquasec) [devsecops]
recommended practices for software bill of materials consumption (department of defense) [devsecops][sbom]
on the importantance of tracking software dependencies (Frederick Kautz) [devsecops]
diy mechanical keyboard with trackball/trackpoint option (holykeebs) [keebs]
figure 8 knot how-to animation (massimo)
self-awareness as a success indicator in job interviews (cnbc) [hiring]

OCTOBER 2023

the massive bug at the heart of the npm ecosystem (darcy clarke) [devsecops]
the stoic antidote to frustration (marginalian) [longreads]
common security advisory framework (via github) [devsecops]
running pihole on docker swarm (ocram85) [rpi]
25 best pizza joints in chicago (chicago mag)
nelson and western electric rules for control charts (via john willis)
ask 3 key questions to be more likable and give better advice (inc) [comms]
skip small talk with emotionally intelligent conversation starters (inc) [comms]
map of people who consider themselves midwesterners (twitter)
x-pac, dyneema etc camping/utility bags (hartford gear)
Commercially Available Chairs in Star Trek (via @gerikson@mastodon.social)
Anish Kapoor's "Untrue/Unreal" Exhibition at Palazzo Strozzi (colossal) [art]
Living with aphantasia (nautilus) [longreads]
what's next for mrna tech (cancer, gene editing) (nature)

SEPTEMBER 2023

the utter uselessness of job interviews (ny times)i [hiring]
big database of command line examples and howtos (via warp) [devsecops]
DevOps/SRE Exercises (github) [devops] [devsecops]
How to Read the Room (Fatherly)
Understanding Software Suppliers (Resilient Cyber) [devsecops]
Become a More Effective Leader at Work (lifehacker) [Careers] [Management]
William Blake on What We Keep In Loss (The Marginalian)
The Greatest Commencement Addresses of All Time (The Marginalian)
Three years all-remote at GitLab: Know the unknown unknowns (Michael Friedrich) [Careers]

AUGUST 2023

build recorder (records interactions between files and tools during compilation) (github) [devsecops]
my distaste for your solution does not mean disregard for the problem (techdirt)
cryptography bill of materials (IBM github)

JULY 2023

just-in-time theory of user behavior (jeff atwood/coding horror) [psych]
side-channel attack via power LED (ars via schneier)
turn command-line scripts into gifs for demo/docs (charmbracelet/vhs)
advanced macOS commands (saurabhs)
Dirty Martini Pasta (delish) [cooking]
Pasta With 15-Minute Burst Cherry Tomato Sauce (epicurious) [cooking]
40-minute interview with PJ Harvey (npr)
acura tsx wagon tonneau cover part # 84400TL4G12ZA (amayama)
acura tsx wagon tonneau cover part # 84400-TL4-G12ZA (ahparts) [diy]
bill watterson on creativity, inspiration, rejection, drudgery, grit, and being interesting (the marginalian)
monster gravitational waves "detected" (sort of) (nature)

JUNE 2023

the church of the clocked screws (lost art press)
the day the lake took the edmund fitzgerald (orion nature and culture) [longreads]
how the best leadership teams navigate uncertain times (hbr) [comms][management]
How to Write Email with Military Precision (hbr) [comms]
is cybersecurity unsolvable? [scott shapiro profile] (ars technica)
seiko dial logo dictonary (thewatchsite)
list of seiko movements (quartz and mechanical) (watchwiki)
is cybersecurity unsolvable? (ars technica) [longreads][infosec]

MAY 2023

disable smb1 and netbios in macos (performance improvements) (apple)
climate and average weather year round for given locations (global) (weatherspark) [wx]
how artists have gotten shadows wrong through history (mit press)
Jorge Luis Borges on preferring english to spanish (instagram)
add remotes to any garage door opener (how to wire up external RF relay) (Rick's Tech Tips) [diy]
prefab, reconfigurable plastic housing (cellophane house) (cf. loblolly house)
bio-based 3d-printed house (umaine)
amsterdam gardens guide (vogue) [travel]
three day trips from amsterdam (conde nast) [travel]
hunting russian "snake" malware (cisa) [devsecops]
experiences of seven homeowners living in frank lloyd wright houses (Architectural Digest)
How To: LG/Kenmore Ice Chute Door 5007JA3006R (youtube) [diy]
yet another solarwinds postmortem (wired) [devsecops]
roundup of new coffee brewers at SCA 2023 (daily coffee news) [coffee]

APRIL 2023

the running conversation in your head - inner voice (atlantic) [longreads]
how ai could write our laws (schneier/sanders via crypto-gram)
inner voice - "We are all in pieces, struggling to create the illusion of a coherent 'me' from moment to moment." (atlantic)
what bobby mcilvaine left behind (two decades since 9/11) (atlantic) [longreads]
design lover's guide to amsterdam (architectural digest) [travel]
nyc's most beautiful public bathroom (atlas obscura) [podcasts]
brad delong on intellectual and technical progress (conversations with tyler) [podcasts]
devops metrics often capture the wrong data (acm via john willis) [devsecops]
software supply chain practices are maturing (reversinglabs) [devsecops]
bipartisan bill for open source security (fedscoop) [devsecops]
roland griffiths inteverview - psychedelics, regrets, terminal diagnoses (nytimes)
sbom type definitions finalized (cisa) [devsecops]
column mini-dripper for pour-over coffee (indiegogo) [coffee]
boom times for used office chair dealers (vice)
emily dickinson's electric love letters to susan gilbert (the marginalian) [poetry]
me from myself to banish (emily dickinson via internetpoem) [poetry]
tips for collecting houseplants on the cheap (wirecutter)
seven questions to explore your core values (fatherly)
rick steves on traveling light, spontaneity (travel and leisure) [travel]
map of upcoming 2023 and 2024 solar eclipses (space.com)

MARCH 2023

classic literature featureing the figurative "literally" (mental floss)
examination of glen canyon/lake powell, western reseviors (incredible pictures) (high country) [longreads]
searchable database of public hiking trails (with maps) (alltrails)
Deep dive on Apple M2 Pro performance compared to AMD 3950X (via jpetazzo@hachyderm.io)
Create SBOMs from github dependency graph data (gh-sbom) [devsecops]
Command Line Interface Guidelines (clig.dev)
Unsafe at Any CPU Speed (Jen Easterly remarks at CMU) (cisa.gov) [devsecops]

FEBRUARY 2023

soviet-era analog/mechanical computer for astronavigation (mastodon)
"venting anger is like using gasoline to put out a fire" (slate)
train yourself to trust your gut more (hbr)
six alternatives to most popular national parks (wapo/pocket) [travel]
we've always been distracted (aeon) [longreads]
how to ask good questions (beside) [comms]
regular expression playground (regex101)
git checkout authentication for supply chain security (Ludovic Courtès @ FOSDEM)
bit-for-bit reproducible container builds (akihiro suda @ FOSDEM) cf. [source date epoch][repro-get]
open source client for container development (finch via estesp/aws) [devops]

JANUARY 2023

the perverse incentive of vulnerability scanning (josh bressers) [devsecops]
super easy pasta pomodoro (allrecipes) [cooking]
quality of random number generator significantly influences monte carlo simulations (more than imagined) (pubmed) [via matthew green]
america's culture warriors are going after librarians (coda) [longreads]
add sbom to containers with github actions (alex ellis) [devsecops]
buildkit dockerfile frontend (qnib) [devsecops]
crawl your mastodon graph for additional accounts to follow (followgraph)
crawl your twitter follows for mastodon handles (fedifinder)
reimagine the 2nd half of your career (continuous improvement &c) (hbr)
how to be a better friend (insider) [comms]
move old raspberry pi root filesystem to USB (instructables) [rpi]
unleashed firmware for flipper zero (github)
fun things to try with flipper zero (derg.nz)
banished words for 2022 (npr)
long-bloom immersion/percolation technique with hario switch (kaldis coffee) [coffee]
hario swith comparison with clever dripper (Acquired Coffee) [coffee]
docker image for feeding ADSB data to flightaware.com (github)
docker image for feeding ADSB data to flightradar24.com (github)
docker image for deconding ADSB (&c) from software-defined radios (github)
fascinating and infuriating intervew w/ retired defense investigator (radley balko) [longreads]


DECEMBER 2022

protons are weird (quanta) [longreads]
stocism in the post-pandemic world (esquire) [longreads]
collection of houseplant articles for non-gardeners (pocket)
best indoor plants for small spaces (apartment therapy)
13 indoor plants that don't need sun (gardening chores)
handmade travelers notebook alternative in multiple sizes (etsy)
thread with lots of details on Seiko 9T82 chronograph movement, including a lot of good pics of SBCG003 (watchprosite)
vulnerability scanner written in go (osv-scanner via google) [devsecops]
webapp for checking other website's TLS/encyrption algorithms (ssltest via qualys)
teaching kids about risks, making better choices (bbc)
fixing ux for one-off kubernetes tasks (alex ellis) [devops]
devops conferences/agendas/cfps (github)
Do not say, "Why were the old days better than these?" For it is not wise to ask such questions. (Ecclesiastes 7:10)
quick and dirty regenerate expired k3s certs (one year expiration) (ibm)
quick tutorial on using existing images to seed midjourney v4 (medium) [ai]
3d-printed panel converts ATX power supply to benchtop use (hackster)
fusion XIAO mechanical keyboard contest results (seedstudio) [keebs]
timings and other details for moon/mars occultation on December 7th (via amsci) [more]
free stock images (unsplash)
bypass news paywalls (12ft)

NOVEMBER 2022

custom cases for small-run keyboard projects (p3dstore) [keebs]
ai-generated jodorowski/tron fantasy (via midjourney) [more] [fb]
open source dependency mapping tool from lyft (cartography) [devsecops]
lessons from the best mentors (hbr) [comms]
review of pentiment, video game where player is an artist in 16th-century Bavaria (wired)
mastodon server bootstrapping journal (blogs via linkedin)
casino card-shuffling machines are non-random (new sci via crypto-gram)
walk around world cities (citywalks)
drive around world cities and hear local radio (driveandlisten)

OCTOBER 2022

pi-esque multimeter/tool for RFID/NFC/BT and more (flipper)
trackball module for diy keyboards (github) [keebs]
reverse dall-e takes an image and provides a plausible text prompt (clip interrogator) [ai/ml]
OWASP kube top ten risks #2: supply chain vulnerabilities (owasp via github) [devsecops]
remove your personal data from aggregators (usa today)
the surreal case of a cia hacker's revenge (new yorker)
how democracies spy on citizens (ronan farrow/new yorker)
incredibly misguided critique of open source security (lawfare)
pleasure is good: how french children acquire a taste for life (conversation)
electric horology forum (nawcc)
flipclock restoration/repair forums (flipclockfans)
23 of the world's best hiking trails (cnn)
best and worst public transit seat covers (citylab)
how to have better arguments (psyche)
a close reading of the best opening paragraph of all time (lithub)
friendship ghosting: how to reach back out (stylist)
Michael Heizer's desert megasculpture (nytimes)
NSA Kubernetes Hardening Guide (icnews) [devsecops]
bowie biopic moonage daydream review (michigan daily)

SEPTEMBER 2022

json diff webapp (json-diff.com) [devops]
prediction that ukraine's military momentum will continue to increase (francis fukuyama)
commercial-grade automated aeropress-style infusion coffee brewer (~$5k?) (bunn trifecta) [coffee]
seven safest mushrooms to forage and eat (field and stream)
five open source security tools all devs should know (devopsdays dfw) [devsecops]
full screencaps from all star trek films (movie-screencaps) [memes]

AUGUST 2022

sherlock holmes deductive interview technique (lou adler) [hiring]
the most important interview question of all time (lou adler via linkedin) [hiring]
AC frequecy converter (for running 50hz clocks on 60hz and vice versa) (kcc scientific) [horology]
Wintering, wisdom, and weathering life's darkest times (vox conversations podcast)
$75/cup panama gesha from klatch coffee (youtube) [coffee]
underrated alternative travel destinations (buzzfeed) [travel]
toyota probox minimalist van-shaped-objec (JDM only?) (motor1)
raspberry-pi-based tracking detection device (wired) [rpi]
31 recipies to cook this August (kitchn) [cooking]
Satya Nadella talks about the future of work (microsoft)
remove tracking parameters from URLs in Firefox (ghacks via cryptogram)
Lex Fridman five-hour interview with John Carmack (spotify)
webapp for finding in-stock raspberry pis (rpilocator) [rpi]
tool for archiving websites (has some anti-paywall features) (archive.ph)
webapp for bypassing news paywalls (12 ft)
8 top SBOM tools to consider (cso online) [sbom]

JULY 2022

the first complete sbom tool (tom alrich) [sbom][devsecops]
how to analyze an sbom (cloudsmith) [sbom][devsecops]
not just third-party risk (kusari) [sbom][devsecops]
ai-powered image upscaler (nero)
the myth of "I can't draw" (the conversation)
free file coversion tools (tinywow)
best-ever cabbage hash browns (delish) [cooking]
the two-question performance-based interview (lou adler) [hiring]
garlic confit recipe (kitchn) [cooking]
log4j post-mortem (cisa) [devsecops]
2022 Audubon Photography Awards (audubon.org)
cauliflower parmesean (delish) [cooking]
how to join ads-b tracking network (flightaware) [rpi][adsb]
aquasec/CIS supply chain security guide (aquasec) [devsecops]
iconburst npm supply chain attack (sc magazine) [devsecops]
investigators tracking people who faked their own death (mel) [longreads]

JUNE 2022

who makes chicago's manhole covers? (chigago sun-times) [ironcovers]
github application security will win the appsec wars (colin dembovsky) [appsec][devsecops]
check if your keyboard can be eavesdropped through a microphone (keytap3)
why brewing coffee and tea are so different (serious eats) [coffee]
how fast are linux pipes? (Francesco Mazzo) [ops]
six mobility exercises for longevity (wellandgood) [fitness]
zq, faster/easier alternative to jq (Steven McCanne) [ops]

MAY 2022

made to order tomoe river week-on-one-page planners (etsy)
various v60 techniques (rao, hoffman, kasuya, &c) (pouroverproject) [coffee]
tetsu kasuya 4:6 v60 technique (longshortlondon) [coffee]
Hario V60 Tetsu Kasuya Model (kaffenytt) (kurasu) [coffee]
how big companies kill ideas (scaling startups, learning from failure, &c) (decoder) [podcasts]

APRIL 2022

how to discover whether someone is actually happy at work (hbr) [comms]
casio fx-1 calculator with nixie tube display (twitter)
numerical projection display (cf. CDC 3300) (twitter)
apollo-era test/data equipment with faux-nixie display (twitter)

MARCH 2022

web-based microsoft word art generator (makewordart)
10 frank lloyd wright houses you can visit (afar)
how to tie 20 essential knots (outdoor life)
tool for viewing hidden metadata on airline reservations (github) (pnr.sh)

FEBRUARY 2022

various forum posts on hyperalignment for baratza vario grinder (reddit) (hb 1) (hb 2) (hb 3) [coffee]
arm-based upgrade board for Casio F91 (sensor watch)
five edible urban plants (outdoor life)
tmux cheatsheet (tmuxcheatsheet.com) [ops]
zsh config examples to review (joshua hartwell) (matt lim) [ops]
Nice things are meant to be enjoyed, even if it means they break sometimes (eater)
brining beans before cooking increases creaminess (serious eats)
Every Great Writer is a Great Deceiver: Vladimir Nabokov's Best Writing Advice (lithub)

JANUARY 2022

global security database (gsd) [github database] [project plan] [csa circle group] [podcast]
five questions every manager should ask direct reports (hbr) [comms]
CostPlus Drug Company (Mark Cuban)
history of blinking cursor (inverse) [longreads]
better diff(1) output (github) [ops]
lsd - ls(1) deluxe w/ color, icons etc (github) [cf. exa][ops]
fx - interactive json processing (a la jqplay) (github) [ops]
fzf - general-purpose command-line fuzzy finder (github) [ops]
bat - better cat(1) with syntax highlighting (github) [ops]
duf - a better du(1) disk usage summary (github) [ops]


DECEMBER 2021

james webb space telescope mission tracker (live updates)(nasa)
macos security and privacy guide (github/drduh) [ops]
kdig for dns over https/tls examples (arch man) e.g. kdig +short @doh.opendns.com +https myip.opendns.com [ops]
tetris players develop new ways to hold classic nes controllers for more speed (vice)
nyc diner-style ceramic coffee cup (moma store) [coffee]
the best mentors ask these 8 questions (fast company) [comms]
configure pihole for dns over tls (unbound) [ops][rpi]
configure pihole for dns over https (cloudflared) [ops][rpi]
how rainfail has changed in your area (usa today) [climate]
diverse teams are less comfortable, perform better (hbr)

NOVEMBER 2021

install and use any command on any os (command not found) [ops]
mens jeans reviews (wirecutter)
moebius concept art from jodorowsky's dune (instagram) (google photos)
how to follow up with someone who isn't responding (hbr) [comms]
online open ldap test server (forumsystems)

OCTOBER 2021

losing your native language (bbc) [comms]

SEPTEMBER 2021

how to transfer stock into an ira (zacks finance)
one sentence will make you a more effective speaker (inc) [comms]
12 phrases that will make your audience put down their phones (inc) [comms]
stop ending your speeches with any questions (inc) [comms]

AUGUST 2021

list of least-traveled highways by state with senic callouts (geotab) [travel]
interactive comparison of keycap profiles (keycaps.info) [keebs]
nyquist/levinson split 40/60 ortholinear keyboard (keebio) [keebs]
dsp40 40% staggered or orthlinear keyboard (keebio) [keebs]
remember anything with this 20-minute habit (inc)
be a more interesting conversationalist (inc) [comms]
questions interesting people ask (inc) [comms]
source for untabbed hario v60 filters (prima)
how english spelling got so disfunctional (aeon)
fricatives, with lots of tangents related to weird spelling in english (lingthusiasm podcast)

JULY 2021

mac/os x window management (remember positions &c) (slate)
new child tax credit faqs, including opt-out (irs)
baratza vario alignment video (youtube) [coffee]
baratza vario burr upgrade (youtube) [coffee]
baratza vario super alignment photo guide (home-barista) [coffee]
app to measure grind size distribution (ad astra) [coffee]
cybersecurity bad practices for critical infrastructure (cisa) [devsecops]
chicago to-dos (conde nast) [travel]
alonzo skiles livermore (findagrave) [ironcovers]

JUNE 2021

scary piece on vulnerabilities of weapon systems (crypto-gram)
benefits of being terrible (and great) at things (outside) [kaizen]
coffeevac 1/2 lb coffee cannister (tightvac) [coffee]
eight clues that a candidate will be a great hire (lou adler) [hiring]
writing in reverse for better written communication (emails, &c) (inc) [comms]
reading education is totally broken (apmreports) [comms]
monument spans continental plates in iceland (00group) [travel]
how to handle secrets on the command line (smallstep) [devsecops]
mrna revolution is just beginning (wired)

MAY 2021

Write Like You Talk: 12 Tips for Conversational Content (content marketing) [comms]
The good guy/bad guy myth (aeon)
You Can Only Maintain So Many Close Friendships (the atlantic)
america's most underrated national monuments (afar) [travel]
using ai/ml to probe software for vulnerabilities (wired via cryptogram) [devsecops]
docker container attack vectors and techniques (mitre) [devsecops]
free cloud-based linux host monitoring (interzer) [devsecops]
browse streaming services by genre, format &c (movieofthenight)
source for luggage parts, connectors, belt rivets etc (ohio travel bag)
high-end boutique dyneema bags/luggage (sdr traveller)
profile of memphis community radio stations (memphis flyer)
historic memphis buildings (historic memphis.com)

APRIL 2021

regular expression in-browser testing (regex tester - dan's tools) [devsecops]
tsundoku: the art of buying books and never reading them (bbc)
best office chairs (wirecutter)
deals on used high-end office chairs (seatingmind)
giving good compliments (ted ideas) [comms]
seven phrases to increase your power at work (fast company) [comms]

MARCH 2021

movment of indiana bell building while occupied in 1930 (via hn)
look for many small gains instead of few large gains (one percent rule) [kaizen]
obit for space shuttle engineer Allan McDonald (npr)
bash shell history tips - bang shortcuts (mooreds) [devsecops]

FEBRUARY 2021

throwaway development container for docker (nicola) [devsecops]
octopus with completely transparent head (modernmet)
remote desktop for low-bandwith xserver (x2go)
short-lived ups passenger service on "quick change" cargo 727 freighters 1997-2001 (airways mag)
playground for jq (jqplay) [devsecops]
paen to midtown manhattan north of penn station (new yorker)
oldest manhole cover in nyc, in that unnamed neighborhood (se corner of 40th and 8th)

JANUARY 2021

how to give better advice (sci am) [comms]
you will regret these choices in 10 years (medium)
the mathematical case against blaming people for their misfortune (psyche)
os x window management (rectangle)
os x automation tooling (hammerspoon)
important/urgent axes for decsision making (eisenhower matrix)
using dropbox on arm/raspi [1] [2] [3] [rpi]
coffee flavor wheel (counter culture) [coffee]
quick and dirty how-to for building multi-arch docker images (docker blog) [devsecops]
most nutritious foods (bbc) [cooking]
major stargazing events for 2021 (natgeo)
configure raspberry pi for kubernetes (alex ellis) [rpi]
boot raspberry pi 4 from USB (tom's hardware) [rpi]


DECEMBER 2020

clearer thinking - improve rationality (good podcast as well) (spencer greenberg)
using obs &c for remote presentations (selfimproving.dev)
webcam network of residential window views (windowswap)
browser-based photo editor with intuitive workflow (photopea)
teach it to a toddler to learn anything (feynman technique)
variation makes practice twice as effective (inc) [kaizen]

NOVEMBER 2020

anger is temporary madness (massimo pigliucci)
remembering alex trebek (fivethirtyeight)
radical advance in multiplication speed (quanta)
jeff vandermeer: some version of the apocalypse is inevitable (sway podcast w/ kara swisher)
history/background on the circumflex (haggardhawks)
1983 war scare/able archer exercise (gwu nukevault)
three important life skills nobody taught you (markmanson.net)

OCTOBER 2020

wifi qr code generator (qifi)
museum of obsolete library science (metmuseum)
history and evolution of the numpad (uxdesign.cc)
colemak keyboard layout resources (colemak.com) [keebs]
some bilingual people dyslexic in english but not their other language (medicalxpress)
open-source coloring/restoring of photos (deoldify)
conflict over ai/ml image upscaling/colorizing/adding frames etc (wired)

SEPTEMBER 2020

blacklight - real-time website privacy inspector (the markup)
comprehensive terminal/ssh for ipad/ios, with mosh support (blink.sh) [devsecops]
wynton marsalis on 12 essential jazz recordings (pocket)
wynton marsalis picks his top 50 jazz recordings (jazz blog)

AUGUST 2020

great thread on remote onboarding new hires (twitter)
three jobs that retention programs overlook (hbr)
improve your strategic thinking (hbr)
beagle bros, nrol-39, etc stickers (vintagetechstickers)
underground black market chalk dealers in academia (cnn)
overview of keycap profile differences (keeblog) [keebs]
transparent toilets in tokyo (nippon foundation)
image cloaking disrupts ml facial recognition (via crypto-gram)
fermi estimation, orders of magnitude, beirut/covid guessing (david epstein)
leather notebooks, pencil rolls, razor cases etc (inkit/etsy)
leather index card holder (etsy)
horween leather wallets etc (ashland chicago)
leather wallets, belts, watch straps (guarded goods)

JULY 2020

dutch oven bread (king arthur) [cooking]
listening via observation of light bulb vibration (via crypto-gram)
why new hand sanitizers smell bad (wirecutter)
old terminal keyboard arcana w/ why unix uses ~ for $HOME mentioned in passing (dave cheney) [keebs]
the three elements of trust (hbr) [comms]
promql query builder and learning aid (promlens) [devsecops]
historic memphis buildings and businesses (historic-memphis.com)

JUNE 2020

the origin of unix pipes (cat-v.org) [devsecops]
extensive resource for AT&T long-lines tech and gear (long-lines.net)
excellent vimrc example (github) [devsecops]
weird mods on mystery 737 (the drive)
long piece on Marcus Hutchins (kronos, wannacry) (@malwaretechblog) (via crypto-gram)

MAY 2020

noctilucent clouds intensifying in the arctic (spaceweather)
running dns-over-https with pihole (pihole) [rpi]
os x command-line tool for reading cpu temp (github)
command-line utility for dispaying solar and lunar epherma (github)
promql (prometheus query language) cheat sheet, crash course (promql for humans) [devsecops]
install os x Catalina on older macs (dosdude1)