Towards a theory of software development expertise | the morning paper
Experience should be measured not just on its quantity (i.e., number of years in the role), but on its quality. For example, working on a variety of different code bases, shipping significant amounts of code to production, and working on shared code bases. The knowledge of an expert is T-shaped with depth in the programming language and domain at hand, and a broad knowledge of algorithms, data structures, and programming paradigms.
learning  programming 
5 weeks ago
Be Unfailingly Kind – Rands in Repose
DJ is always this leader. DJ communicates clearly and competently. Need to leave a raid after we’ve been at it unsuccessfully for two hours to be with your family? DJ says, “No worries, we’ll find someone else…” Having repeated difficulty fulfilling your role in this part of the raid which is resulting in multiple wipes? “No worries, let’s try a slightly different strategy, ok?” Never played this raid before? Didn’t mention this before the raid began? “No worries, let me walk you through how this works…” Want to practice a part of the raid that will result in additional wipes? “No worries, here’s how it works…”
leadership  destiny  gaming  management 
9 weeks ago
Remote Code Execution in Alpine Linux
My first attempt was to use gdb to attach to the process and just call exit(0). Unfortunately, Docker containers don’t have the SYS_PTRACE capability by default and so we can’t do this. Since we’re root, however, we can read and write /proc/<pid>/mem for the apk process:
linux  docker  rce  kernel  exploit 
september 2018
Google Cloud Platform Blog: 7 best practices for building containers
Reducing the attack surface of your host system is always a good idea, and it’s much easier to do with containers than with traditional systems. Remove everything that the application doesn’t need from your container. Or better yet, include just your application in a distroless or scratch image. You should also, if possible, make the filesystem of the container read-only. This should get you some excellent feedback from your security team during your performance review.
docker  devops  kubernetes  sysadmin 
july 2018
« earlier      
afl amazon analysis android api apple appsec architecture arm art aslr asm assembly automation aws baby backup binaries binary bios bookmarks bounty bruteforce bugbounty burp business c challenges cheatsheet checklist chrome citrix cli clickjacking cloud code codereview coding compiler conference container containers cooking cracking crackmes crypto cryptography csrf css ctf debug debugger debugging decompiler defcon design dev development devops dfir dns docker domains domxss dropbox dtrace ebooks ec2 education elf email embedded encryption engineering erlang exercise exploit exploitation exploits facebook firewall firmware fitness flash fonts food forensics frida funny furniture fuzzing games gaming gdb gifs gifts git github go golang gpg gtd guide guides hacking hackintosh ham hardware hardwarehacking heap heapexploit hearthstone heroku history home hosting house html5 http ida idapro infosec inspiration ios iot iphone jabber jailbreak java javascript json k8s kernel kindle kiosk kubernetes lab leadership learning lfi libc linux lion lockpicking mac mainframe mallory malware meltdown memory metasploit minecraft mitm mobile mobileappsec mobilesec mobility music netsec network networking node nodejs noise oauth objectivec online osx paleo parenting password passwords pc pdf pentest pentesting phishing photography piano poc pokemon presentation privacy productivity programming proxy python radio rails raspberrypi rce re recipe recipes recon reddit redteam reference regex registration research reverse reverseengineering reversing risk roku root rop router rtlsdr ruby saml sast scanner screencast sdr search security server setup shell shellcode sourcecode spam sql sqli ssh ssl sso ssrf staticanalysis storage stretching stripectf sublime sudo sysadmin team testing theos tool tools training tutorial tutorials tv tweak twitter uart ubuntu unix usb video vm vmware vps vulndev vulnerability wallpaper web webapp webappsec webdesign webdev webservice websockets wifi windows windows8 wireless wordlist workout wp7 writeup xcode xml xoom xss xxe znc

Copy this bookmark: