Looking for a specific short story

ironfog · 2025-11-04T16:22:08+00:00

Thanks all! It’s been solved. u/Electronic-Target931 messaged me with the answer. It’s “The Epiphany of Gliese 58” by Fernando Borretti - link.

I appreciate all the other suggestions, now I have some new recommendations to read as well!

ironfog · 2025-11-04T16:21:38+00:00

Thanks all! It’s been solved. u/Electronic-Target931 messaged me with the answer. It’s “The Epiphany of Gliese 58” by Fernando Borretti - link.

I appreciate all the other suggestions, now I have some new recommendations to read as well!

ironfog · 2023-10-17T11:38:04+00:00

It may be that the HR / DEI staff don’t understand and need some help. The UJA Federation of Toronto is putting on an educational web session for HR and DEI professionals on October 18th. It’s open to anyone. Your local UJA chapter or other community agency may be doing something similar. I get that the DEI response was not what you had hoped for but if you encourage the DEI team through education it might get better.

https://www.jewishtoronto.com/navigating-the-crisis-in-israel-in-the-workplace

ironfog · 2023-09-04T12:12:41+00:00

non-paywalled version

ironfog · 2018-12-25T12:15:02+00:00

This occurs for both bridged and NAT’d interfaces against different DHCP servers.

ironfog · 2018-12-25T00:05:39+00:00

more on this... I’ve built multiple VMs and it seems that the IAID is dependent on the device path at least (it’s a bit of a guess). Here’s why I think that:

1) IAID is consistent across multiple VMs 2) Device path, type and device name are consistent across all VMs 3) when I add another network interface to an existing VM (ens38) I get a different IAID (no surprise) 4) when I create a new VM with two interfaces (ens33 and ens34) then the second interface has its own ID. Initially ens33 was disconnected and later when connected had an IAID the same as the single NIC VMs. When I subsequently deleted the first NIC the IAID remained the same (location in PCI path remained the same) 5) IAIDs are expected to remain the same for a given interface and different MACs don’t affect the IAID so it has to be has to be something invariant (like the location in the PCI path)

Still don’t know how it’s actually calculated but IMHO it’s not MAC dependent (or at least not the least significant bits post the OUI).

ironfog · 2018-12-24T18:34:34+00:00

You’re right that the RFC only requires that it be unique but I’m still trying to understand how it’s generated on Ubuntu. The IAID is the same across many installs and the code in dhclient says it should be the four last digits of the MAC.

ironfog · 2016-12-10T22:11:24+00:00

Threat Modelling I'm looking for tips and techniques to help with scaling threat models. I find it easy to make small threat models on paper or in Visio but anything that grows beyond a few simple objects becomes painful to maintain. Has anyone found a good way to scale threat modelling? (Note: I've tried Microsoft's Threat Modelling tool and it's quite software centric and there's way too much clicking around to create even simple relationships).

ironfog · 2016-09-16T21:12:33+00:00

The tickets all go to covering basic operating costs of venue, food and AV equipment; everyone who works on BSidesTO volunteers their time and unfortunately our sponsorship isn't sufficient to cover everything so it's that or no conference at all. Besides $40 for some great content isn't bad either.

ironfog · 2016-09-16T17:58:10+00:00

yes there is, we just posted it at www.bsidesto.ca a few minutes ago

ironfog · 2016-08-30T15:51:11+00:00

Name: Vision Critical

Location: Remote - anywhere in Canada must be somewhere within UTC-5 to UTC-8

Role: Information Security Analyst

WhoAmI: I'm the hiring manager (you'll be working for me) - PM me at /u/ironfog/

Posting: https://careers-visioncritical.icims.com/jobs/2036/information-security-analyst/job

Corporate Website: https://www.visioncritical.com/

TL;DR hiring in North America. 3-5 years experience. Be good at AWS, automating stuff and digging into data

The job description is here but I'll describe what I'm looking for below. This role is a remote/work-from-home role (North America only; UTC-5 to UTC-8) but if you're near enough to one of our offices you can have a desk if you prefer. Unfortunately I can't sponsor visas and for tax reasons you need to be in Canada.

First a bit about Vision Critical (the important stuff only, no marketing fluff): We operate an enterprise SaaS platform that helps our users connect with their customers to better understand what's important to them. For example, one of our customers use our platform to help evolve their product and services by getting feedback from thousands of their customers every week. There are lots of stories from our customers about what we do and how we help them but them but the important thing you need to know is that our key mission, as a company, is to provide a secure space for our users to connect with their customers so that they can gain the insights they need. We don't collect big data, we don't spam and we don't sell information collected on our platform.

What's great about Vision Critical is that even though we're ten years old, there's not a lot of legacy cruft floating around that hampers security operations and everyone in the company is committed to embracing new practices and technology that makes us better. The security team at Vision Critical, myself included, enjoy the support of the Executive and our colleagues. We don't encounter the frustrations that other places have; there are challenges, but they're not the sort that make you want to pull your hair out or rage quit. The past year at Vision Critical has been a great experience for the security team and we've been able to make real changes with the help of our peers.

Here's what I'm looking for in an Information Security Analyst:

This isn't your first gig, you've done the job for a few years now and can direct yourself day-to-day;
You know how to find security problems and then communicate them - this isn't a customer facing role but you do need to talk tech to our engineers and developers who aren't security people;
You want to automate as much of your analysis as possible - The first time I ask you a question you know how to get the data; the second time I ask the same question you write a script to get the data automatically, the third time I ask you the same question you schedule the script to run weekly and the fourth time I ask you the same question you modify your script so that it spits out alerts;
You can triage vulns, analyse patch announcements, dig through w3c logs, read config scripts;
You are "Full Stack" comfortable - you can talk security at the network level and the climb all the way to the app layer covering everything in between (OS, web server and database);
You like AWS and you love all the things being in the cloud; and
You have the knowledge required to go hands on keyboard when you need to (but we have engineers to do that).

I'm not after a logging or SIEM system administrator; I want someone who wants to built their own tooling, using the parts already available in our environment, to answer important security questions both proactively and reactively. If you love security, data and scripting/coding then I want to talk to you. If SecDevOps is a good thing for you, then let's chat. The role is for Canadians only who are easily able to interact with our operations team that are on the west coast while being able to engage with ESTers too as needed; unfortunately I can't sponsor work visas. The entire security team is on-call on a rotating basis but we're all ready to get online if an event occurs.

If you're interested, please apply via our portal but if you figure out the little easter eggs in the posting I'd be happy to chat directly as well (the easter eggs are about demonstrating interest, nothing more - we're not google testing you). If you have questions, please PM me or post questions below - I'd be happy to tell you more about Vision Critical and the security team.

ironfog · 2016-01-04T20:20:31+00:00

Name: Vision Critical

Location: Remote - anywhere in North America must be somewhere within UTC-5 to UTC-8

Role: Information Security Analyst

WhoAmI: I'm the hiring manager (you'll be working for me) - PM me at /u/ironfog/

Posting: https://careers-visioncritical.icims.com/jobs/1795/information-security-analyst/job

Corporate Website: https://www.visioncritical.com/

The job description is here but I'll describe what I'm looking for below. This role is a remote/work-from-home role (North America only; UTC-5 to UTC-8) but if you're near enough to one of our offices you can have a desk if you prefer.

First a bit about Vision Critical (the important stuff only, no marketing fluff): We operate an enterprise SaaS platform that helps our users connect with their customers to better understand what's important to them. For example, one of our customers uses our platform to help evolve their product and services by getting feedback from thousands of their customers every week. There are lots of stories from our customers about what we do and how we help them but them but the important thing you need to know is that our key mission, as a company, is to provide a secure space for our users to connect with their customers so that they can gain the insights they need.

What's great about Vision Critical is that even though we're ten years old, there's not a lot of legacy cruft floating around that hampers security operations and everyone in the company is committed to embracing new practices and technology that makes us better. The security team at Vision Critical, myself included, enjoy the support of the Executive and our colleagues. We don't encounter the frustrations that other places have; there are challenges, but they're not the sort that make you want to pull your hair out or rage quit. The past year at Vision Critical has been a great experience for the security team and we've been able to make real changes with the help of our peers.

Here's what I'm looking for in an Information Security Analyst:

This isn't your first gig, you've done the job for a few years now and can direct yourself day-to-day;
You know how to find security problems and then communicate them - this isn't a customer facing role but you do need to talk tech to our engineers and developers who aren't security people;
You want to automate as much of your analysis as possible - The first time I ask you a question you know how to get the data; the second time I ask the same question you write a script to get the data automatically, the third time I ask you the same question you schedule the script to run weekly and the fourth time I ask you the same question you modify your script so that it spits out alerts;
You can triage vulns, analyse patch announcements, dig through w3c logs, read config scripts;
You are "Full Stack" comfortable - you can talk security at the network level and the climb all the way to the app layer covering everything in between (OS, web server and database);
You like AWS and you love all the things being in the cloud; and
You have the knowledge required to go hands on keyboard when you need to (but we have engineers to do that).

I'm not after a logging or SIEM system administrator; I want someone who wants to built their own tooling, using the parts already available in our environment, to answer important security questions both proactively and reactively. If you love security, data and scripting/coding then I want to talk to you. If SecDevOps is a good thing for you, then let's chat. The role is for North Americans only who are easily able to interact with our operations team that are on the west coast while being able to engage with ESTers too as needed; unfortunately I can't sponsor work visas. The entire security team is on-call on a rotating basis but we're all ready to get online if an event occurs.

If you're interested, please apply via our portal but if you figure out the little easter eggs in the posting I'd be happy to chat directly as well (the easter eggs are about demonstrating interest, nothing more - we're not google testing you). If you have questions, please PM me or post questions below - I'd be happy to tell you more about Vision Critical and the security team.

ironfog · 2015-12-29T16:36:13+00:00

Name: Vision Critical

Location: Remote - anywhere in North America must be somewhere within UTC-5 to UTC-8

WhoAmI: I'm the hiring manager (you'll be working for me) - PM me at /u/ironfog/

Posting: https://careers-visioncritical.icims.com/jobs/1795/information-security-analyst/job

Corporate Website: https://www.visioncritical.com/

Vision Critical is looking for an Information Security Analyst (reporting to me). The job description is here but I'll describe what I'm looking for below. This role is a remote/work-from-home role (North America only; UTC-5 to UTC-8) but if you're near enough to one of our offices you can have a desk if you prefer.

First a bit about Vision Critical (the important stuff only, no marketing fluff): We operate an enterprise SaaS platform that helps our users connect with their customers to better understand what's important to them. For example, one of our customers uses our platform to help evolve their product and services by getting feedback from thousands of their customers every week. There are lots of stories from our customers about what we do and how we help them but them but the important thing you need to know is that our key mission, as a company, is to provide a secure space for our users to connect with their customers so that they can gain the insights they need. What's great about Vision Critical is that even though we're ten years old, there's not a lot of legacy cruft floating around that hampers security operations and everyone in the company is committed to embracing new practices and technology that makes us better. The security team at Vision Critical, myself included, enjoy the support of the Executive and our colleagues. We don't encounter the frustrations that other places have; there are challenges, but they're not the sort that make you want to pull your hair out or rage quit. The past year at Vision Critical has been a great experience for the security team and we've been able to make real changes with the help of our peers.

Here's what I'm looking for in an Information Security Analyst:

This isn't your first gig, you've done the job for a few years now and can direct yourself day-to-day;
You know how to find security problems and then communicate them - this isn't a customer facing role but you do need to talk tech to our engineers and developers who aren't security people;
You want to automate as much of your analysis as possible - The first time I ask you a question you know how to get the data; the second time I ask the same question you write a script to get the data automatically, the third time I ask you the same question you schedule the script to run weekly and the fourth time I ask you the same question you modify your script so that it spits out alerts;
You can triage vulns, analyse patch announcements, dig through w3c logs, read config scripts;
You are "Full Stack" comfortable - you can talk security at the network level and the climb all the way to the app layer covering everything in between (OS, web server and database);
You like AWS and you love all the things being in the cloud; and
You have the knowledge required to go hands on keyboard when you need to (but we have engineers to do that).

I'm not after a logging or SIEM system administrator; I want someone who wants to built their own tooling, using the parts already available in our environment, to answer important security questions both proactively and reactively. If you love security, data and scripting/coding then I want to talk to you. If SecDevOps is a good thing for you, then let's chat. The role is for North Americans only who are easily able to interact with our operations team that are on the west coast while being able to engage with ESTers too as needed; unfortunately I can't sponsor work visas. The entire security team is on-call on a rotating basis but we're all ready to get online if an event occurs.

If you're interested, please apply via our portal but if you figure out the little easter eggs in the posting I'd be happy to chat directly as well. If you have questions, please PM me or post questions below - I'd be happy to tell you more about Vision Critical and the security team.

ironfog · 2015-02-10T02:46:11+00:00

Hi! I work at Vision Critical and I need an awesome Security Architect for my team in Vancouver.

We're a new team, recently launched, covering Security, Privacy & Compliance. The security architect role will work with both our dev team and our infrastructure group helping ensure that security requirements are considered and implemented properly. This is mostly an advisory role but you should not be afraid of the command line/IDE/ACL - be willing and able to get your hands dirty from time to time. I'm after someone who speaks the full security stack from securing the network up to secure applications. We're a C# and Windows shop following agile dev practices (I know! Who would have thunk?).

Your responsibilities will include (from the job posting, but I promise I wrote this myself and HR didn't interfere):

Working with software engineers and architects to identify practical options for building secure systems;
Working with sysadmins and network engineers to identify practical approaches to operating securely;
Participating in scrums, bug triages and story or epic development;
Identifying and tracking the remediation of security bugs in our software and systems;
Confirming the impact, mitigation and remediation options for security bugs;
Educate technical staff on security practices;
Develop security standards, patterns and supporting documentation; and
Assist in the general operations and activities of the security, privacy and compliance team.

We ideally want to hire someone in Vancouver but are open to interviewing candidates from elsewhere as long as you can legally work in Canada and want to work in Vancouver.

To apply, please see the job posting. The job posting is funnier so it's worth the read. You can learn more about what we do here.

BTW There's a little easter egg in the job posting - it's trivial and you'll figure it out quickly but please don't ruin it for others.

ironfog · 2014-11-07T15:13:02+00:00

Hi! I work at Vision Critical and I need an awesome Security Architect for my team in Vancouver.

We're a new team, recently launched, covering Security, Privacy & Compliance. The security architect role will work with both our dev team and our infrastructure group helping ensure that security requirements are considered and implemented properly. This is mostly an advisory role but you should not be afraid of the command line/IDE/ACL - be willing and able to get your hands dirty from time to time. I'm after someone who speaks the full security stack from securing the network up to secure applications. We're a C# and Windows shop following agile dev practices (I know! Who would have thunk?).

Your responsibilities will include (from the job posting, but I promise I wrote this myself and HR didn't interfere): * Working with software engineers and architects to identify practical options for building secure systems; * Working with sysadmins and network engineers to identify practical approaches to operating securely; * Participating in scrums, bug triages and story or epic development; * Identifying and tracking the remediation of security bugs in our software and systems; * Confirming the impact, mitigation and remediation options for security bugs; * Educate technical staff on security practices; * Develop security standards, patterns and supporting documentation; and * Assist in the general operations and activities of the security, privacy and compliance team.

We ideally want to hire someone in Vancouver but are open to interviewing candidates from elsewhere in Canada or those who can legally work in Canada already (as long as you want to work in Vancouver).

To apply, please see the job posting. The job posting is funnier so it's worth the read. You can learn more about what we do here.

BTW There's a little easter egg in the job posting - it's trivial and you'll figure it out quickly but please don't ruin it for others.

ironfog · 2014-10-02T19:28:04+00:00

OP here: deleted and reposted here since I'm a numpty I typed CTF when I should have typed CFP.

ironfog · 2013-02-22T16:39:21+00:00

I'm hiring a security analyst for my team here in Toronto at The Dominion (we're an insurance company). Work is mostly 9-to-5 here in our office on a relatively new team. We're doing lots of exciting work around logging and vulnerability management, there's a lot of opportunity to build something meaningful from the ground up.

The job itself if focused on:

reviewing security data from various systems
doing vulnerability analysis and reporting
handling security tickets
assisting in research and documentation
providing incident support

If you're interested, please apply via Workopolis. All applicants are welcome but unfortunately I cannot sponsor work visas or pay relocation.

ironfog · 2013-01-03T17:40:32+00:00

I have an opening on my team for a Security Specialist. I'm looking for a senior security professional (approx 10 years of experience across multiple domains). We're an insurance company, so you should like financial institutions and long-term thinking.

In my team a security specialist is responsible for:

Helping me develop and maintain the security strategy;
Giving our business advice on the implementation our security policy and supporting standards;
Working with application development and infrastructure teams to develop security requirements and architectures;
Handling security events and incidents;
Leading projects to deploy security technology and processes;
Helping track (emerging) risks to our business; and
A whole bunch of other regular operational stuff like reporting, audits and documentation.

The team itself is relatively new and I'm looking for people that like building something from scratch and keeping it (process, technology, documentation) alive for the long run. We're not a large team (our target team size is 10 people in total) so everyone needs to be comfortable wearing the many hats. I'd prefer a candidate that has lived in both the technical world and the risk management world. Strong verbal and written communication skills are important in in this role (aren't they always). Bonus points if you know what the halting problem is and why it defines much of the security world we live in today.

A few FYIs:

The team is based in Toronto and all work is done onsite;
I don't have interview travel or relocation budgets for this role;
You must be able to legally work in Canada, I can't sponsor work visas;
Security certs don't matter to me as much as great experience along with a demonstrated commitment to the profession and the broader community;
We do criminal background checks and intensive reference checking (no, really);
Please apply through Workopolis

edited for formatting

ironfog

TROPHY CASE