Paying for Windows?

23andme going out of business!

Okay. So…business cards suck! They’re annoying, expensive to get printed, and get outdated quickly. I’ve been to so many networking events where I’ve gotten a stack of business cards, only to throw them away a few weeks later.

Let’s fix it with technology!

See below for a picture of my business card.

3 years ago, in 2022, I made a ReactJS package to render business cards in HTML:

https://github.com/meltingscales/react-business-card-hfbp?tab=readme-ov-file

I recently read an interesting article about a neural network that, instead of artificial neurons, has logic gates.

https://google-research.github.io/self-organising-systems/difflogic-ca/?hn

The paper described its neural network as “sparse”, and this made me want to ask ChatGPT “Why does this paper describe logic-gate networks as sparse?”

I didn’t realize this really important fact:

In “Deep Neural Networks”, they’re called “Deep” because it’s a 2D matrix of nodes “neurons” that are FULLY CONNECTED to every single output in the previous layer.

Okay!!!

TL:DR; Don’t pay for a domain name. Don’t pay for hosting. It’ll teach you stuff but is annoying to maintain!

Use GitHub Pages. Or .carrd.co. It’s free. It’s simple. It works. It doesn’t cost $144/year. The build system is simple. It’s hard to mess up. And you can literally copy my site, or someone else’s.

I’ve gone through many different iterations of this:

2019: Custom HTML.
2020: ^^
2021: Hugo + GitHub Pages.
2022: Hugo with a custom theme.
2023: ReactJS custom site.
2024: ^^
2025: Back to Hugo + GitHub Pages.

Brainstorming on CICD Pipeline Design

What are the questions that I should be asking myself when I’m thinking about how to automate security in a CICD pipeline?

What about a CICD pipeline without thinking about security?

• What should CICD Pipelines do?
• What shouldn’t CICD Pipelines do?

These feel too general. These might be valuable to explore, but I think that making them more specific will be better.

The questions that I ask myself are important because they will determine the architecture of the pipeline. I feel like I’m starting to understand what 2 of my coworkers, Gil and Vishal, are talking about. If I start trying to design a CICD pipeline with an existing piece of automation, it’s not a good starting point. But if I start with the right principles in mind, building good ideas becomes easier.

Intro

I’m thinking about what the best way is to manage vulnerability scanning in the SDLC.

Sitting down and really thinking about this is a culmination of talking with coworkers about this for a while, and stuff that’s been happening at work.

Specifically, if the goal is to:

1. Provide developers vulnerability data as fast as possible
2. Provide developers vulnerability data in a FULLY automated manner

(Maybe as a bonus, we can also)

Going to see a friend from my childhood, a good friend of my late mom - Jet Dee. Can’t wait.

Will update this blog more after I land.

Update: It was pretty good. Been awake for 36 hours…and caught the Plymouth Brockton bus with about 30 seconds to spare.

I’ll probably update this later… I would just ramble about something random if I wrote more.

What I really should do is figure out how to make the functionality of “view only post tagged with X”. I might need to ask David K the best way to do this.

Preamble

https://www.isc2.org/Certifications/CSSLP

This is a collection of notes I’ve taken for the CSSLP. Hopefully they are useful to you as well!

I made a program to study for this test. Feel free to use it.

https://github.com/HenryFBP/pyconsolequiz

Secure Software Concepts

Core Concepts

• Main concept is about restricting user access

Confidentiality

• Keep info away from people who don’t NEED to know it

• Secret info remains secret

• Must understand what data needs to be kept secret