The gitlab-markup supply chain vulnerability…

Posted on January 11, 2017 in Security • Tagged with security, GitLab, GitHub, ReStructuredText, business, software, source, code, supplychain • 9 min read

…or how I stubbed my toe on the keys to a few dozen kingdoms

NOTE: this content originally appeared on the Taos blog

I’m authoring this security writeup in ReStructuredText. An odd way to start this off, I know. But bear with me, I promise that ReStructuredText is relevant …


Continue reading

Slavish adherence to guidelines considered…inadvisable?

Posted on November 20, 2015 in Security • Tagged with security, logging, linux, audit, breach, IT, business, CIS, guidelines • 7 min read

Industry “best practices” are STILL no substitute for expert help. Yes, this is one of ‘those’ stories.

Recently I was going over some logs trying to track down a mysterious ‘disappearing’ directory. Situations like this are typically not mysterious in the least, since directories don’t disappear. Either they’re …


Continue reading

Dealing With Breaches

Posted on July 31, 2014 in Security • Tagged with security, breach, IT, business • 6 min read

Security is hard. Much too hard to treat effectively in any one blog post or even one book. It’s a complicated, multifarious discipline that combines a host of observational and technical sub-disciplines. The same is true, to a lesser degree, for breach management. On the one hand, a large …


Continue reading

Moving to Pelican

Posted on July 22, 2014 in Security • Tagged with security, meta, pelican, web, blogging • 4 min read

Obviously there’s a new look here, and a distinct lack of wordpress. also a distinct lack of old posts. That’s fine, there weren’t that many of them lying around anyways, and they were mostly just getting in the way. So we’ve done away with wordpress and …


Continue reading