alexjmackey

@shehackspurple great use of semgrep to help find 14 cve's in 3 afternoons that may be of interest: projectblack.io/blog/cve-hunti…

Semgrep is an amazing tool for finding security issues in code and in my unscientific testing with a deliberately vulnerable app found more issues than much more expensive solutions. @project_blk used it to find 14 CVE's in 3 afternoons! projectblack.io/blog/cve-hunti…

@taitems @larsklint There is no financial payout that can cover the damage he has done with his youtube channel

These emails are always really interesting 🤐

@BahmanNik My daughter still likes that one a few years after I bought it

Children books can be amazing at times. You read a small book with a limited number of words but with a very important message. "The paper dolls" is one of them. I have read it to my kids more than 30-40 times and it always feels good reading amazon.com.au/Paper-Dolls-Ju…

@slace @larsklint 😬

@alexjmackey @larsklint It was his Tube channel, but it wasn't prefixed with You

What has @slace seen? Wrong answers only.

@doclangers The placement of these fences and crossings is incredible :(

My train arrives in 5 mins and i really want a coffee from Cafe Opera. Oh well, I’ll just have to wait till I get to the city.

@evanderkoogh @CFDevelop This would be a great talk @evanderkoogh!

@alexjmackey @CFDevelop I did indeed.. not for retire on a private island kind of money, but I would call it a success for the first try at building a product business. Always happy to share stuff I learned.

Is there anyone in Melbourne who has built a successful software business? Or, even released an app that makes money? I'd really like to hear from you hear your story

@valorin Mine are similar age and love Untitled goose game, Minecraft and Super Mario 3d world. Some of the retro game collections they (and I) enjoy too

We got our 8 year old a Nintendo Switch for Christmas but apparently all of the games we've picked are "boring with one person"... Anyone have any suggestions for fun games to entertain an easily-bored 8 year old on their own?

@CFDevelop @evanderkoogh built a successful product that was bought by CloudFlare

@alexjmackey Just anybody who's had success building and marketing a product really

Ahead of our agenda release this Friday, 1 December at 5.00pm, we're happy to share some details on the DDD Melbourne keynote session by @julielerman! Titled "Will AI coding assistants like GitHub CoPilot make me irrelevant?" Get your tix now! dddmelbourne.com/tickets #dddmelb

@stubbornella Depending on the age of kids mine love these series of books: penguin.com.au/books/chicken-… (there's 3 of them about different aspects of online safety, bullying etc)

How do you talk to your kid about online safety? Specifically playing games with new friends online that they don’t actually know IRL. Are there kids books about this?

@ChrisWalshie Don't be ridiculous Chris - the only way to address corporate greed is for anyone with a home loan to er pay some of the wealthiest organizations more rather than actually do anything about corporate greed

One of my fav named properties in react is dangerouslySetInnerHTML - it warns you that you are about to do something likely silly & dangerous.. Do a search for it on your code base & if you find it combined with controllable, unsantized input there is a pretty high chance of xss

@haacked Its very central, a decent hotel and good place to explore Sydney from :)

Flight booked! I'll be speaking at NDC Sydney in Feb 2024. I'm going to stay an extra couple days. Is the Hilton Sydney a good spot or should I switch hotels for the weekend?

@CFDevelop Agreed and ideally considered from the initial designs and reviewed and regularly monitored. Legislation & accountability may help but could lead to less transparency and scape goating.

@alexjmackey Yeah, security needs to be part of the software development process, but the vast majority of companies couldn’t care less unless someone is threatening to cut off their revenue sources unless the pen test succeeds. I wonder how the industry could reprioritise?

How does cybersecurity consulting work? You go to a company, look at their code, and say "this code looks a Swiss cheese 🧀 of security holes" The CTO nods and shrugs 🤷‍♀️ You take their money 💰 and go to the next company? Can't you just skip the check?

@CFDevelop Any decent review will provide prioritized risk based list of items to address (there are almost always things that could be done better) and advice on how to address them. Not everything can be easily fixed obviously but there's usually controls that can reduce or mitigate risk

@damovisa The number of kids was insane - i'd run out of stuff to give away within an hour

We did trick or treating with the kids last night (Australia). It was chaos. FAR busier than last year. Easily double the number of kids in our local area. By the time we were a block away most houses had run out of candy.