Chrome was delivered without any sprints at all. The team came in at 9 and left at 5 (figuratively, people actually kept their own ~8h schedules) every workday for a couple years like clockwork. No drama. No broken marriages, no broken families.

Woot! Let's do this! I'm really looking forward to sharing this.

Woo! LocoMocoSec: Hawaiʻi Security Conference has been on my list since it started; I'm finally here and so excited! Looking forward to meeting folks. Just hanging out today/tomorrow if anyone else in early wants to meet up!

When it literally rains on your parade at LocoMocoSec: Hawaiʻi Security Conference with Ronnie Flathers Sam Hepburn Person @h4ck3rky13 and Patrick Thomas (@[email protected]) #stillHavingFun

#locomocosec

Brilliant talk from Patrick Thomas (@[email protected]) on bonding security to developer productivity.

Slides from my #LocoMocoSec talk on "Productizing Security" docs.google.com/presentation/d…

Strong recommend. Some great examples that improve both risk and user experience, and also give metrics that make the wins feel real.

Web timing attacks: super cool in principle, still super janky in practice. Seems like TimeTrial (github.com/dmayer/time_tr…) and Nanown (code.blindspotsecurity.com/trac/nanown/) still best tools, but really janky to get running & require a known-good case. Anyone got suggestions? Banging my head.

Strong recommend for anyone thinking about sustainability, culture, and ultimately the humans in a security organization. Astha Singhal knows what she's talking about and delivers it so well. 🙌

Congrats to Resourcely! Clear, exciting product vision at that critical touchpoint of developer velocity, security, and cloud resources. Very pleased to have joined this round, and looking forward to seeing where Travis McPeak and Aladdin Almubayed take this idea.

I don’t think there’s a SOC2 rule against banking 50 pre-approved empty PRs for future use.

Hah, this makes me feel so much better about my small pile of aborted "I think I should write something about..." drafts.

Of the ~950 people I follow on twitter, some hacky profile scraping says that about 60 of those currently have a Mastodon link. So for me that's basically from ~0% to 15% exodus (or at least strongly hedging) in a *week*.

What can we say, twitter-driven development sometimes works :) netflix.com/.well-known/se… Ya'll are good folks. Keep it going!

Thanks for the #BSidesSF Semgrep workshop enno Lewis Ardern Brandon Wu . You packed a *ton* into 2 hours. Really appreciate the work that went into it.