You know you own a house when...

You have more entries for Home Depot then coffee places. Well ok I am sure this is different for other people, but you get the idea :).

Ugh...Now What?

This week I turned 25, yikes. Now I know it isn't that old, but to me it feels like I have been around for awhile. So, this week in between working and working on my house I have been thinking about what I want to achieve in the next two years before the next milestone for me 27. Not that most people care what my plans are but hey I will spew them out there just to add more noise to the interweb :).

• Spend more time with my girlfriend and family


• Start to bike more


• Become less dependent on my day job (i.e. get my business generating more revenue


• Help the security community out


• Get better at writing

Some of these things conflict with each so I am interested to see how it will all work out. Mainly I guess I get to stay the course I have been going.

What not to do for a login form

I just started working with a new client. One of my first tasks was to modify a popular piece of hosted blogging software. One thing that I noticed was the login form. Their mistake is a rather common one. I could not initially view the login form via SSL. Yes, when the form sent the data over to the server it is in a encrypted pipe which is good and if you did not login successfully it directed you to a secure form. However, the initial post was not from a SSL form. Now you might thinking I am over-reacting but there is another reason SSL is good, it verifies a sites identity. This will help a site against phishing attacks. Granted it won't prevent phishing attacks since most users don't look at the SSL bar but hey every bit helps :).

Back to working....

Don't guess or assume something, know it

Today I was reminded of a rule I try to follow (keyword, try). When developing or building things never guess or assume how something works, KNOW how it works. I finally got around to debugging a memory leak issue in a internal application here at work that has baffled my fellow employees. Although, I don't think they have spent much time working on it. I finally found the offending method and the developer on it started to do the try and compile process of debugging it. This had to be stopped because it was getting us nowhere fast. I looked into some of the internal methods of the .Net framework and found where the problem was. No matter how much my cohort would have tried he never could have fixed the problem without taking a step back and learning how everything was working. We even knew the line of code in our code that was causing the problem, but after that decompiling was necessary :).

So, what is my point? It is that when coding you need to understand how stuff works and not just start guessing. This can be applied to many different areas, not just coding, I think at least. Whenever I see someone trying to blindly fix a problem I associate it with being a newb or not very good at that specific activity. I can name quite a few areas where I just start to blindly guess at things. You can apply a more scientific process to things, but, at some point you are going to say fuck it and do some blindly stupid thing that you wish you hadn't, well at least that is how I feel sometimes.

Now where is my coffee....

Staying Hungry

When starting a business or anything that is tough one thing you often hear is to stay hungry or put yourself into a position you have to succeed. With the new house I have semi-put myself into this position. I can live on my paychecks but it would suck and when I don't have to suffer too much I prefer not to :).

Now, advice like "staying hungry" is one thing to hear but it is one another to live it. Now that I am starting to live it I can totally understand why people offer this advice. The few people who know me, know I work a decent amount but now besides wanting to work a lot I try to prioritize on how much money it will make me (both in the short and long term). I am not sure how this feeling will play out over the next few years but I think it will be a positive change for me.

On top of all this I see it as another way for me to get my software service off the ground. I just have to learn to balance the short-term and long-term. Juggling 3-4 projects that are all do within the next few months and building a piece of software is tough, throw a full-time job on to that and it gets even more trying :). I think I am going to blog about it along with how I manage my time. It might be interesting at least for me to look at it in a few years.

Well back to work.....

So this is why they do it...

Last Friday was a very good day for me. I found my first really serious bug at work. Until then I have found some decent security bugs but nothing like I found that day. I now understand why people do security testing it is for the 20 minutes after 2 weeks of work when you realize that you just found a bug that will 0wn thousands if not millions people, it is pretty cool.

I know this doesn't happen only for security testing. I have had similar feelings when doing development and I am sure most other fields have a similar type of thing. Although, I am not sure what it would be for accounting :P.

This same feeling is also the background to gambling, email and any other "addicting" type of things it is for the short rush. But still it is nice to find it again in technology if only for a short little bit.

Now I just need to wait another 6 months to find another serious bug to get another hit again :(.

Things not to do when security testing...

At my day job I do security testing. That means I get to be evil which is always fun. This means it is a good day when I kill a server, this is drastically different from some of my past jobs. However, when testing there are certain things that are bad ideas. Like when trying to get something to work and you are doing it on your local machine don't load 1,000 instances of the windows calculator! If you do and you have enough coffee you just start laughing :).

Alright back to destroying stuff.