Viewing posts tagged community

Thanks for visiting!  Opinions are my own, and don't reflect the opinions of my present or past employers.

Viewing posts tagged community

An Introduction to Cascadia Explorers

Image from popejon2 from Paddington, Australia


Some time ago I started a volunteer project to develop a video game for Pacific Spirt Park Society; the project has evolved and taken on a life of it's own, and like much of the things I have done in my life, was something I was drastically underprepared for, but took on as a learning experience.

The game, currently in active development, focuses on teaching the player about the nature of invasive species.  Rather than taking a more traditional edutainment approach of having the student iterate through a lesson and quiz model, I ...

Mozilla Security @ BSidesVancouver and CanSecWest

This year Mozilla will be sponsoring BSidesVancouver, a free community oriented event on March 10th & 11th in Vancouver, BC. This event is very much in the spirit of the Mozilla community and mission, and several of our security team members will be attending both BSidesVancouver and CanSecWest.

In addition to our team members attending the event, Jeff Bryner and Curtis Koenig will be speaking at the event about some aspects of the security processes and technologies that Mozilla uses and has built. If you are going to be at these events and would like to connect with us at ...

Heartbleed Cheatsheet

Heartbleed Cheatsheet:

  • Upgrade OpenSSL on all of your existing software
  • Propose projects to remove infrastructure that can't be upgraded (if your vendors haven't shipped a patch, get new gear)
  • Force users to update credentials (YMMV depending on what you do, either force a re-auth, or password resets)
  • Apologize to your users for not dealing with this weeks ago.


If your employer won't let you do these four things, the next thing to do is find a new job.

Anything less would be unprofessional.

Since Jim asked, this cheat sheet is licensed under the Mozilla Public License, and ...

Being An Ally

I have considered myself "an ally" in the past.  Being helpful, listening to others, advocating for the right opportunities.  It would be easy to make a list of the things I deserve credit for, but instead I will list some things I have done wrong in the last few weeks:

  • Participated in a joke about domestic abuse
  • Laughed at jokes that were derogatory in nature
  • Remained silent when I knew something was wrong

The key thing about these three behaviours is not that I did them because I thought they were funny, or because I thought it was OK.  I ...

Criminalizing Curiousity

First a little background, I work in information security, and have since 2003.  I currently manage a web security team at Mozilla, and work on a range of sites and services, and in the past I have worked in global finance (HSBC Canada, and HSBC Software Delivery), and for the Government of Manitoba.  I have built a career on helping protect and defend exactly the sort of systems that were affected by the Heartbleed sotware bug.

As a bug, Heartbleed was pretty bad (not exactly the 11/10 that Schneier described), but serious.  There have been a ton of write-ups ...