Blog de Joe Freeman

Transparency is one of the core pillars of the Agile mindset. Transparency exposes issues earlier making it possible to address them in a move-left fashion. Transparency is critical to the success of Agile and is one of the Agile tenets that is hardest to implement in large enterprises and federal projects. The Federal contract/project cycle is designed to use competition to reduce cost and fraud risk. One of the unintended consequences of this is that the competitive process punishes transparency and rewards those that let their partners fail. Federal projects don't die. They just move to the next phase as part of another bid process. This means contracting companies work on the project for the government while working on securing the next bid round by working for themselves . Federal contracts involving multiple partners and sub-partners punish transparency and encourage companies to let their partners fail to secure better positions in future phases of the project. I...

Chromebooks have a security model that traditional laptop OS makes are still struggling to broadly implement. Chrome OS (Chromebook) is one of the more secure platforms for web browsing and web applications restricting users to a limited set of high level APIs. Power users   and developers often belittle the system because they are unable to install and run arbitrary applications. The ChromeOS and Chromium teams have resisted unbridled execution of the Linux programs because that would weaken the security profile of Chrome based devices.  ChromeOS/Chromium  as now addressed this issue by providing secure sandboxed environments that execute Linux programs that are highly isolated from the Chrome operating system. Chromebooks, including CloudReady devices, now support isolated  Crostini  Linux containers with only a single preference setting.  Crostini Linux runs in a sandboxed Linux Container inside a Linux VM.  Programs running inside Cr...

Tethering Kali Linux to your iPhone is very easy.  You can do this either via wifi or via a USB connection.  The USB connection has the advantage of charging the phone while using it. There may be security disadvantages. Tethering Enable your hot spot on the iPhone. Settings -> Personal Hotspot Plug your iPhone USB/Lightning cable into your laptop Select    Trust   when your iPhone offers the    Trust this Computer?   dialog. Verify the connection Method 1 Look at the iPhone.  You should  see the message     Personal Message: 1 Hotspot  at the top of the iPhone screen. Method 2 Open the Settings Application Select the Network panel Verify   USB Ethernet   is Connected Method 3 You should see the network connection icon in the upper left corner  in place of the wireless icon.  Click on that to see that USB Ethernet is Connected ...

AWS provided a great session experience for the AWS Public Sector Summit breakout sessions. All the breakout sessions for the 2019 AWS Public Sector summit ran simultaneously in the same room Silent Disco  style.  There was no in-room PA system. Speakers were mic'd into a multi-channel broadcast system.  Attendees wore individual headsets tuned to the talk of their choice. Attendees were provided with multi-channel headsets that could be tuned to any of the talks.  Each talk was on a different color.  Each headset had independent volume and channel controls that could be set by the listener. This picture shows 2/5 of the simultaneous talks.  You cannot really see it but the the earpiece colors are different for these two talks. This picture shows people listening to three different stages.  It is hard to tell here so you'll have to take my word for it.

Program Increment Planning is a powerful piece of the SAFE framework that provides a structured way of managing cross team work in time blocks larger than a development sprint.  It provides Program level view into something that is otherwise a set of independent of team streams. My current team meets for 1-1/2 days on a quarterly basis to align the next quarter's deliverables.  We bring in our 5 development teams, the product owners, the business line product owners and our cross functional support teams, DBA, CM, OPS, etc.  This meeting gives a one wall view of our coordinated deliverables and exposes our cross team dependencies and their timeframes. Our PI planning wall is normally 8 feet tall and probably 8 feet wide.  We have struggled with how to maintain the wall after the PI planning so that we can track how well the plan reflected the actual work we do/did.  I recently visited with AmTote International. Their Agile Program Director gave us a qu...

DEFCON is the   hoodie conference that follows the BlackHat  suit  conference.  It has a very different feel from other security conferences with no corporate sponsors, no advertising, no marketing mailing list and an aggressive inclusion policy.  Normally I can go to a conference, sit in some sessions and do a little lab work and feel like a success.   DEFCON is all about participation and inclusion.  There is an entire wall of competitions often called Capture the Flag (CTF)  that originate in the various villages.   It has 20+ semi-structured lab tracks.  Attendees literally wear the results of their conference activities. DEFCON 26 was my first visit to the Las Vegas hacker conference.  I was completely unprepared for the almost any of the lab / village sessions that I worked on.  It was still awesome but I would have gotten so much more out of it with some serious preparation. Prepare There is a g...

The CON is what you make of it . I arrived in Las Vegas at my first DEFCON the night before registration.  We finally got to bed around 1:30 in the morning.  The registration line had already started... DEFCON 26 Registration The main part of the conference starts on Friday.  Workshops start on Thursday. Registration starts Thursday morning at Caesars. Most of the activities start on Friday. I got in line Thursday at 5:30 AM along with several thousand of my closest friends.  Some folks spent the night in order to make sure they got the electronic badges.  Another few thousand joined the line behind me. You basically show up at Caesars with $280 in registration cash for plus whatever cash you need to purchase shirts and other SWAG.  I'd recommend having access to other cash in case you run into other swag you want from the villages or vendor area. Registration opened at 6:00 AM.  They register approximately 20,000 people on Thursday. Regist...

Profit sharing is designed to reward hard work and drive behavior for the good of the business. Hewlett Packard had a profit sharing plan in the 80s and 90s that fed all job titles and pay ranges.  I participated an HP plan that made all profit sharing plans after that point complicated, opaque and tilted towards the higher paid employees.  The HP 10% Profit Sharing Plan HP distributed 10% of the company's profit to the employees on a semi-annual basis . This meant everyone was reminded of the company's health every 6 months.  Seniority and time served played no part in the formula.  This was unlike many of today's two tiered retirement or incentive programs where younger hires have weaker deal. The Profit Sharing bonus was pro-rated based on the employees salary capped at $100,000  basis.  The pro rating and salary cap meant the paid out dollar amounts for factory line employees and executives profit sharing amounts were closely aligned. Payou...

Hear my cautionary tale, I fed an OSS project 14 years ago. This article was published in 2018.  It followed me home and I've been keeping it on life support since that time.  OSS is great but  know this  about small or slow moving projects: "it may follow you home if you feed it"  We needed a patch for a project back in 2004. The original author wasn't interested in the project any more. I became a contributor and pushed out that release and 10 more with ever slowing rate of change.  The last release was mid 2015.  You would think the project was dead, given that the last release: migrated to Windows 7 APIs, added mostly stable 64 bit support, compiled against java 6 and used Visual Studio 2013 for the MS integration. Soruceforge dropped the project version control system, CVS, in 2015. Two folks recently (2018) submitted a couple new fixes. A quick site check showed the project still has over 900 downloads per week! That was a surprise. That c...

Big pieces of the 2018 Microsoft Build conference were about applied machine models and secure IOT. One of the keynote demos was called "Scott or Not" where a Raspberry PI used a machine learning vision model to determine if the person in front of a camera "looked like Scott". Some of the most interesting parts of the demo were not obvious without a both demo later in the day. Hobbyist are often ok with a hand crafted build using manual script instructions. That approach doesn't work in a commercial environment with 100s or 1000s of units. Microsoft took a more enterprise approach by creating a modular demo that supported easier automation. The demonstration code is organized in a modular fashion using Docker images. Individual functions of the pipeline are isolated to their own containers. This makes it possible to update tools, languages and code without any updates to the core system. Demonstration Flow The diagram on the right shows the flow for the vi...