Exactly 2 years ago today I started work with Mozilla, and it’s been the best two years of my working life! I’ve been thinking for some time when I might say today, in fact have been agonizing over it a little bit. So many other Mozillians have made beautifully eloquent posts about their experience. Working at Mozilla has meant a great deal to me and it’s really changed the way I think about myself, my coworkers and my life in general. So many people have helped me and encouraged to me and I don’t have the words to thank them all.
When I started working at Mozilla it was a bit of a culture shock. I had just spent four years working for healthcare company coming from that to the open-source world of Mozilla took some getting used to. I initially described it as moving from a closed Stalinist country to classical Athens. Mozilla’s openness really does pervade everything our community is at the core of what we do. The entire concept has been a joy to work on and in the next year I hope to extend it further with a bunch of stuff that we’re working on to reengage security contributors.
A special thanks to all the members of the Security Assurance and Security Engineering teams. Everyone has been supportive, helpful and patient with me; as well as teaching me a great deal and giving me a place to grow. I know the future holds many challenges and achievements for us, I can’t wait to get to work on them. Being a part of this community is more than a job, its a purpose that matters!
Pascal Finette did An interesting blog the other day on “The Essence of Leadership”. It got me thinking about the subject and what I think is the core of the matter:
- Lead themselves first, they accept responsibility for their own growth and progress.
- Understand that learning is a process for life.
- Connections matter, and that genuine communication empowers everyone when it shows respect for other people and viewpoints.
- Legacy matters, how we act today sets the stage for the future.
- Empowering others is a prime directive for success
To some degree this is about the difference between management and leadership, that’s better left for another post.
I like using LimeChate for my IRC client, but since I don’t have a way to maintain an always on connection I was missing information happening in channels we use for work. My coworkers user IRSSI on their people accounts and ssh in to get the scroll back. Honestly I just don’t like the asthetics of IRSSI and I have invested some time in good themes for LimeChat and getting things just the way I like it. So I dug a bit more and found a bouncer called ZNC and set off to see if I could get it installed.
First I tried to install it directly and that did not work, in fact the commands said they would report my activity to our ops security group (good thing I work with that team). After poking around on our IRC channels I found out znc is already installed on our people accounts for Mozilla and I just needed to get a config. The easiest way to do this is to run “znc -c, –makeconf“; I found the list of commands by doing a znc -? while ssh-ed into my people account.
The interactive setup was pretty easy, if you have setup an IRC client for doing work at mozilla a good deal of the setup is the same. The biggest difference is you have to give the program a port to listen on, and you need to remember that port for configuring your client be it LimeChat or another. Here are some example choices:
What port would you like ZNC to listen on? (1 to 65535): #
Would you like ZNC to listen using SSL? (yes/no) [no]: yes
Would you like ZNC to listen using ipv6? (yes/no) [no]: no
Listen Host (Blank for all ips):
It will then ask you to setup a user, again pretty easy, then it asks about modules but I did not setup any of these as I did not see a use. You will need the info for your irc server in my case irc.mozilla.org, what port it listens on, (6697) and weather it uses ssl (it does) After that it will ask for the channels you want to have it be on. Don’t forget to provide the passwords for password protected channels. Then you can start it up.
The last part of this is setting up your client. you will want to use localhost as your server and the port you setup in your conf and don’t forget to use SSL. You will also need the username and password you setup during your config. The last part of this that took me a while to figure out was that I had to setup an ssh pass for the local host. On my OS X box that looks like this (you can make this a permanent alias for convenience) “ssh -L####:localhost:#### firstname.lastname@example.org” where #### is the port you specified in your config and username is your people account username. Once this is done you can connect your client and your off.
I have found that any channels I have joined, not just the ones in my conf do have scrollback and other than the server and ssh redirect irc works exactly like a normal connection directly to the mozilla irc servers. As such I have only setup the znc to join channels that are critical for me and I manage the other channels from my irc client.
Thanks to bwinton, the team on #IT and my coworkers for sending me down this path.
“You want free speech? Let’s see you acknowledge a man whose words make your blood boil, who’s standing center stage and advocating at the top of his lungs that which you would spend a lifetime opposing at the top of yours.”
~ The American President (1995)
I’m just going to leave this favored quote of mine here as food for thought.
The WordPress.com stats helper monkeys prepared a 2011 annual report for this blog.
Here’s an excerpt:
A New York City subway train holds 1,200 people. This blog was viewed about 7,400 times in 2011. If it were a NYC subway train, it would take about 6 trips to carry that many people.
So no blogging for a while, its been a busy month. In addition to being a family man of 3 kids, involved in Scouting with my son and just general life it’s been a month of traveling.
First, I spoke at SkyDogCon 2011 in Nashville, TN on The Neurobiology of Decision Making (youtube). I was the first speaker and it was my first time speaking at a conference, I was very pleased that it was well received. I met SkyDog at DerbyCon 2011 which was my first small con and I really enjoyed it. I had easily as much fun at SkyDogCon and really enjoyed getting to spend more time with individuals talking about Mozilla, Firefox and other fun topics. It was also great fun hacking the arduino badges and learning how to pick a lock. The staff treated me exceptional well, the speakers were a fun bunch to hang out with. I really hope I get a chance to speak again at next years con.
The weekend after that I was at MozCamp EU in Berlin, Germany, again as a speaker but more importantly as a member of the Security Team. I really wanted to meet and make some connections with contributors and further the message of “we’re all in this together for the betterment of our users”. It was also a moving experience for me personally, last time I was in Germany was 1987 and as 3rd generation American of German immigrants it was really painful to see Germany divided. I fulfilled a 24yr old promise to myself to walk beneath the Brandenburg Gate.
Then we have the fall holiday here in the USA known as Thanksgiving. Unfortunately for me I caught some bug in my travels through London and Berlin and was pretty ill. A trip to the Dr. for meds to keep the rest of my family well and not to ruin the holiday finished up any time before the holiday and family, geocaching with the kids, socializing and eating at up the rest of my blogging time.
The rest of my month was taken up the the usual security meetings & Firefox meetings; you know the get stuff built and shipped movements.
Thankfully the traveling, meeting, talking and thinking time has left me with many things to talk about. I hope all my readers had as good a month as I did.
Meeting: Louisville OWASP – Nov 11th , 11:30 AM – 1 PM
Sullivan University Campus, 3101 Bardstown Road, Room 254, Louisville KY 40205 – (about 15 minutes from the airport…on I-264 East)
When you arrive at the University’s main building, Drive around past the front visitor’s doors to the parking area on the right side of the Main Building. Room 254 can be accessed via a back stairway near a break area on the back right-hand side of the building, very easy to spot.
Desktop Betrayal: Exploiting Clients through the Features They Demand
Tom Eston is the manager of the SecureState Profiling Team. Tom leads a team of highly skilled penetration testers that provides attack and penetration testing services for SecureState’s clients. Tom focuses much of his research on new technologies such as social media, mobile devices and new web technology. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national conferences including DerbyCon, Notacon, OWASP AppSec, Black Hat USA, DEFCON and ShmooCon.