Signs of Triviality
vimrc: settings based on terminal background
Yes, it's a slow coup
Post-Quantum Cryptograpy Proof of Concept Implementations
July 4th, 2025
Bootstrapping HTTP/1.1, HTTP/2, and HTTP/3
Post-Quantum Cryptography on NetBSD
How it's going...
Sites using PQC (March 2025)
Mood
Post-Quantum Cryptography in February 2025
Does the internet really need even more TLDs?
2024-11-06
TLS 1.3 Hybrid Key Exchange using X25519Kyber768 / ML-KEM
Installing NetBSD on Linode
Creating a NetBSD/amd64 AMI
Creating NetBSD EC2 AMIs
Whose CIDR is it anyway?
Email DNS Records Cheatsheet
Post-Quantum Cryptography in January 2024
Use of HTTPS Resource Records
TLD Domain Count Stats
The gTLDs' New Clothes
Whose Cert Is It Anyway?
Open sourcing code into a separate git repository
Who reads your email?
AWS IAM and Cost Explorer CLI Setup
Who controls the internet?
Time is an illusion, Unix time doubly so...
The Sender Policy Framework (SPF)
DNS Response Size
If Programming Languages Were Futurama Characters
Keeping Up To Date
Learning By Lurking
Debugging Certificate Errors
Basic Network Troubleshooting
Infosec Skill Sets
WHOIS: Fragile, unparseable, obsolete... and universally relied upon
strlcat(3) > strncat(3)
Open Source Security Process Wishlist
Uninitialized Stack Variables
IPC Buffer Sizes
IPv4 addresses are silly, inet_aton(3) doubly so.
What's in a hostname?
There is no 'printf'.
TLDs -- Putting the '.fun' in the top of the DNS
DuckDuckGo Onion Search for Firefox
(All) DNS Resource Records
URLs: It's complicated...
(Technical) Infosec Core Competencies
Behavioral Economics in Information Security
Sharing Secrets
Your E-Mail Validation Logic is Wrong
10 Software Engineering Laws Everybody Loves to Ignore
Recommendations To Write (Slightly More) Readable And (Thus) Robust Code
CPU Pinning and CPU Sets
2020-11-15
"Zero Trust" in a Nutshell
2020-11-04
Creating AWS IPv4/IPv6 Dual Stack EC2 Instances
Essential Ticket Skills - Ticket Management
Browser Startup Comparison
A (a few) ops lessons we all learn the hard way
stdarg And The Case Of The Forgotten Registers
Falsehoods CS Students (Still) Believe Upon Graduating
OKR Distractions
DNS Security: Threat Modeling DNSSEC, DoT, and DoH
ITMFA - Just. Like. Dat.
New Adventures in DNSSEC and DANE
The Zen of Infosec
Capturing specific SSL and TLS version packets using tcpdump(8)
Writing Consistent Tools
Required Reading: The Mythical Man Month and Peopleware
'Twas the night before Christmas - SysAdmin Edition
Restricting Processes
Essential Ticket Skill - Filing Tickets 101
Jan's Twitter Animal Threads
DNS tcpdump by example
Paranoid Principles
The Attack Life Cycle
(Some) iPhone Privacy Settings
(Some) Browser Privacy Settings
The Razor's Edge - Cutting Your TLS Baggage
Patching is hard. Knowing what to patch
is harder still.
Safely Creating And Using Temporary Files
Why Companies Should Pay For Their Employees To Attend Conferences
Attending and speaking at conferences
Half a Book
RealWorldCryptography 2017 Notes
OpSec 101 - A Choose Your Own Adventure for Devs, Ops, and other Humans
Know Your Enemy - An Introduction to Threat Modeling
Crazy Like A Fox
It's the people, stupid.
Survey - Security Organization Effectiveness and Human Motivations
Betteridge's Paradox
The Value of a Bug Bounty Program
A few thoughts on Incident Response
Infosec: How we see ourselves vs. how others see us
Interviewing Delusions & Realities
Root Cause: Human Errno
Writing Shell Scripts
Moving the Needle
Semper Ubi Sub Ubi - Things They Don't Teach You In School
Industry vs. Academia
Everything is Awful (And You're Not Helping)
Defense at Scale
An abbreviated, incomplete guide to help you decide whether or not you're plagiarizing
Using the OS X Keychain to store and retrieve passwords
Passing Passwords
Three Simple Questions
Primum non nocere - Ethical Obligations in Internet Operations
Ethical Obligations in Internet Operations - Survey Results
If medical jobs were like tech jobs...
How to Seem Smart in Infosec Meetings
Ethical Obligations in Internet Operations - Questionnaire
Passwords Are Here To Stay
Velocity NY 2015 - See you there!
The Art of Plain Text
Speak Up
Infosec Basics: Reason behind Madness
Performance Review Selfies
lish(1) -- a limited shell
Your POODLE and You
On Peter Principles and Failing to Fail
Digesting Ducks like Facebook
Digesting Ducks Discussing Uptime
Duct Tape and WD40
Heartbleed and You
Privacy and Social Media
Using Tor to Circumvent Country Origin Restrictions
All Is Not Lost. (But We Need Your Help.)
Wait, wait... Don't Pwn Me!
Mehr Üs als Äs
Converting ssh(1) RSA public keys to PKCS8 format
The Nest of Trust
NSA infiltrates Grindr
clogger(1) -- a campfire logger
Ask yourself two questions...
So I went to Velocity New York 2013...
Online Privacy Tools - Links
One City One Book - Online Privacy Tools
Creating an OS X .pkg installer
Security Related Interview Questions for all Engineers
Syncing NIST's National Vulnerability Database with Jira
less bug, more /dev/null
Syncing the NIST National Vulnerability Database to Sqlite3
Sharing Secrets Using SSH Keys (II)
Beware the Conference Echo Chamber
Yahoo!'s "Must Not Work From Home" Mistake
Got logs?
Kerberos v5 Status Codes
Kerberos Error Codes
Non-trivial command-line fu via @rtfmsh
Ramblings on Remote Employment
Of Users and Groups -- oh, and Trust
iPad Apps for Kids
Things I Remember
Using an IPv6 tunnelbroker on NetBSD/EC2
Sharing Secrets Using SSH Keys
Sandy and I
Defining "Operations"
We get signal. What!
Of Illustrations and Licenses
Spectacular File System Confusion
Updating Jira tickets via mail
Integrating Duo 2FA with OpenVPN
From Company Closed to Open Source
Writing (system) tools
How Systems and Software Engineers see themselves
Twitter Stats
GMail Annoyances
Kabelsalat Be Gone
This Way To Awesome
Brilliant Ideas: BeerWare
Writing about Writing
Achtung, Deutsch!
Becoming Untumbled
Down With The Fancy Pants With^WAt Velocity
Unix? What Unix? This is Linux!
Unpatch (!= patch -R)
Just-in-time translation of user-provided LESS via NodeJS - Yikes!
...And They're Both Probably Right
(Some) Recruiters are People, too!
Metamatter
Why I left Yahoo!
All Good Things...
iCal, iPhone and iCloud - iVey!
Leaving Yahoo!
sudo: unable to execute <command>: success
Of Headless User Accounts and Restricted Shells
Parental Math
No tratheroute for you!
Migration is hard...
It's a Book!
Marbles in my Underpants
Go Lisp!
Learning Programming Languages for Fun and Profit
Teaching "Advanced Programming in the UNIX Environment"
Ever wonder why they're called "asswords"?
Ye Olde TLS/SSL Renegotiation Vulnerability
A Tale of Two Exploits
Jan's Blog Episode IV -- A New Hope
Why I won't get Speakeasy DSL again
Bouncing mails due to relays.ordb.org
Google blocking certain User-Agents
Solaris pxeboot with pxelinux
Brilliant Ideas (I)
Nested SSH Tunnels
Of course it runs NetBSD!
Migrating Quotas
More on Solaris 10 ZFS vs. Apple XRaid
Solaris UFS >1TB vs. inodes
Solaris 10 ZFS vs. Apple XRaid
Moving License Managers
Ride down Williamsburg Bridge
Solaris 10: libstdc++.la empty
Solaris 10: svcadm rquotad
Solaris 10: Serial Console
Mac OS X: amanda vs. launchd
Mac OS X NFS share vs. Garritan Personal Orchestra
Netbooting vs. spanning tree
Mailman + HTTPS
So that's why they call it "rescue"...
Mac OS X: Remotely installing .dmg
Gigabit Cables
XServe and locking drives
Mac OS X: readlink(2)
Mac OS X: attaching drives
Save your config!
Don't lock yourself out
Extracting a file from a .deb
New York State of Mind
New York State of Mind
09/11
Contact - A Plead
Mit Gott im Urlaub
Macht die Tagesschau zur Show des Tages!
Sinnlos - oder: Ulla Kock am Brink vs. Geschlechtsverkehr
Der Grottenolm
Ei Eboshi! Se Mushi! No Fuji!
Statistiken, die einem das Leben retten können
Das ZDF, der Katalog und Ich
Lost Infosec Battles