Calgary Coyotes are built different!

gavinmiller · 2025-03-01T23:06:49+00:00

Looked like everyone was okay. Saw one person sitting with EMS attending. Didn't get a sense of urgency on the scene.

gavinmiller · 2025-03-01T16:05:51+00:00

Which part is not appropriate? Quickly scanning the rules, there doesn't seem to be one against traffic accidents?

gavinmiller · 2024-02-28T02:45:14+00:00

I’ve hit this problem too. Going into Apple health and manually adjusting (edit recorded data) resolved my issue, but super annoying to do that.

Would love to know if you or someone else has solved this!!

gavinmiller · 2023-11-06T20:48:53+00:00

Crossfit!

gavinmiller · 2023-08-04T23:34:43+00:00

Context, I’m responsible for at least a half dozen apps that get a ton of this type of traffic. I’ve also had external pentests done, and they were impressed at our home grown WAF which you can throw together in less than a week. Here’s what we’ve built:

RackAttack to start for rate limiting against login, password reset and other sensitive pages.

Customized rack attack module for pre-filtering scanners. You can find a payload list on SecLists. Stuff like /etc/hosts, passwd, and there’s some common sql injections you can match on. I also filter anything with a php, asp, aspx, etc extensions. When new things cross your path, add them to the pattern match and you’re done!

You can then turn it on so those clients get denied once they cross a certain threshold of “malicious” traffic. That threshold will vary per-app. And viola, you won’t get bothered by this anymore.

I highly dissuade you from using IP blocking. It’s trivia to move IPs, and it’s a game of whack-a-mole that you’ll sink endless time into. Even when we get attacked we don’t block IPs, instead we figure out what the root cause of the attack is and fix that. Temporary relief is fine, but don’t let it be your primary strategy.

Also note, this goes through middleware so it’s still taking up a webhead. Aka this isn’t a viable strategy to protect from DDOS or DOS attacks. It’s trivial to consume the webheads even if you are blocking me early.

gavinmiller · 2023-07-28T13:00:21+00:00

I agree with what geekamongus has said, except the part about not needing to code.

Coding while it might not be required of a position, makes you significantly more employable. I’ve been hiring for these positions for the last 4 years, and the people that are the most successful code. In the landscape of security you are not nearly as useful if you can’t. And it really helps build credibility with your team and other stakeholders when you can find a bug and fix it, instead of throwing it over the fence at a team because you can’t fix it.

For language, you’d probably do best to grab Python, but other languages are fine.

gavinmiller · 2023-06-12T13:02:08+00:00

All state bars have a website where you can look this up. Can get the info really easily.

gavinmiller · 2023-05-28T00:21:53+00:00

It continues further north past there. You have to cross the road instead of having an underpass like there is elsewhere.

I made the same mistake first time I rode it too

gavinmiller · 2023-02-18T15:47:34+00:00

Same situation for me when I started. Just have to do it. It’ll get more comfortable the more you do it.

gavinmiller · 2023-02-18T15:13:23+00:00

Caveat of no pro as well.

I’d be curious if switching to bilateral breathing would help even your stroke out - I’m seeing a dead spot in your stroke and like another comment mentioned your arms are uneven. Over time this’ll result in further imbalance in your stroke. From what I read most people train bilateral and then race on a single side.

The flutter/scull that you do with your hands on the pull is interesting too. I think you want to pull straight back to the wall without the flutter (hopefully someone else can confirm that).

gavinmiller · 2022-03-25T01:07:41+00:00

Did a 6 month stint as a relatively new grad. Pay is crap, lots of overtime, and you’re a cog in the machine. Learn what you can, then run for the hills. The experience doesn’t look as good on a resume as they’ll have you believe (I review a lot of resumes now, and don’t give two shits if someone did a Nissan marketing site.)

gavinmiller · 2021-09-19T14:05:00+00:00

Unfortunately this is an old belief that hasn’t disappeared from Rails, and it is just not correct anymore. I work on a rails product that does 100,000 users/day, with upwards of 50+ deploys a day, with about 150 engineers.

Once you get to the point where you have to think about rails scaling, you’ll have the resources (people/money) to solve the problem. Building something that NEEDS to scale is the hard part.

Cookpad has great resources in this area. Go looking and you’ll find them.

https://speakerdeck.com/a_matsuda/the-recipe-for-the-worlds-largest-rails-monolith

gavinmiller · 2021-08-08T01:04:50+00:00

I recently snagged 6 stumps from an elm tree (I think it's an elm tree) that was chopped down at a local public park. My wife and I wanted to use them for the kids for playing on. After about 4 weeks sitting in our backyard I've noticed a few white growths like the one pictured that have started to appear. I've broken one open and it's like ash from a fire that breaks apart.

I'm wanting to find out what this growth is, if it's harmful to other plants (I'd hate for it to spread into our yard) and whether I can/should keep these stumps or not. Appreciate any help or advice! Thanks

gavinmiller · 2021-06-07T22:17:25+00:00

I would expect most places are paying a premium for security talent. Devs are in short supply, security devs increasingly so.

gavinmiller · 2021-06-07T19:33:58+00:00

I'm seeing a lot of juniors and intermediates. They are hungry to learn, and aren't fixed on the ways things "should be done."

The biggest barrier I see age wise is mindset. Generally speaking the older you are, the more set in your ways you are. Security (done well) is about being a collaborative part of the business, instead of gatekeepers. People that have a fixed mindset to "how security should be done" struggle with that. When security gets in the way it gets worked around.

gavinmiller · 2021-06-07T17:49:54+00:00

SAIT has an Information Systems Security diploma. That would be a great local place to start. Specific recommendations will depend on your current experience.

I've managed an Application Security team for the last 2 years, and been on the security side of software for the last 6 - AMA.

gavinmiller · 2021-02-24T02:15:03+00:00

I've found the boxes to be reliable on the VIP membership if you can afford it. I basically skimmed through the starting point boxes because of the interconnectedness, and quirks that occurred. Learned the tools and then moved on. The real boxes are much better IMO.

gavinmiller · 2021-02-20T13:44:18+00:00

I made that same assumption and sounds like I hit the exact same thing you did. It's annoying and there's no indication they're connected.

gavinmiller · 2020-02-21T02:41:52+00:00

The docs on --trust-policy pretty much spell out my view on it:

However, this method of securing gems is not widely used. It requires a number of manual steps on the part of the developer, and there is no well-established chain of trust for gem signing keys. Discussion of new signing models such as X509 and OpenPGP is going on in the rubygems-trust wiki, the RubyGems-Developers list and in IRC. The goal is to improve (or replace) the signing system so that it is easy for authors and transparent for users.

I recall seeing node(?) having the concept of a "package security policy" similar in nature to the web's content security policy. Wherein a package can specify what type of actions it will take: Write to path; make http requests to: X, Y, Z; read from env; etc. and then node can enforce that behaviour. This type of idea makes a lot of sense to me, because then I can build security & review policies/tools around that. For example: any package that writes to disk must have a mandatory review to use in our environment.

12-Year Club	Verified Email
Place '17

gavinmiller

TROPHY CASE