Monthly Archives: May 2016

software engineering

Security integration

I’m working on a security story that has drug on for close to 6 weeks now.  It is the result of an early decision to turn off TLS because the mechanism for setting up the certificates wasn’t ready and just turn it back on later.  Yeah, that never goes well. (This decision happened before I came into the team, so I won’t point fingers.)

I’ve finally come to a small epiphany about security.  We talk a lot about security algorithms and strength and attack vectors and vulnerability surfaces.  But the math and analysis parts of security seem like much more straight forward problems.  There are lots of great tools for those things that should be used.  The _real_ challenge to security is integration.  Getting the certificates in the right places.  Turning on those little configuration switches in all the right files.  Specifying the right ports and routing traffic through firewalls and load balancers and TLS terminators.  That seems to be where the practical complexity lies.

Maybe some day I’ll have an epiphany about how to make that happen more smoothly. 😉

remote work, software engineering

Teleworking can be a good thing

I have had a couple conversations where the topic of my work arrangement has come up. I still keep in mind this article. http://martinfowler.com/articles/remote-or-co-located.html
Effectively, I think having a good manager who knows the team and how well they are working is key. Having team members who have integrity and want to get the job right helps, and pair that up with good remote-worker skills and tools and you can be successful anywhere.
Of course there are some jobs where you need to be with the equipment, but if you are writing software that often isn’t the case.