Tim
@helloitstim.bsky.social
Infosec, software dev, politics, puns. 🇿🇦 living in the tiny land of tall people.
Reposted by Tim
Who's asking for these features? Show yourself!
Microsoft and Mercedes‑Benz are working together to let people access Teams from the car.
Benz is the first car maker to enable in-car camera use for Teams while a car is being driven.
The companies are also partnering to put Microsoft 365 Copilot into vehicles.
www.theverge.com/news/708481/...
Benz is the first car maker to enable in-car camera use for Teams while a car is being driven.
The companies are also partnering to put Microsoft 365 Copilot into vehicles.
www.theverge.com/news/708481/...
Mercedes-Benz will let you use an in-car camera in Microsoft Teams while driving
The all-new CLA gets this first
www.theverge.com
July 25, 2025 at 8:46 PM
Who's asking for these features? Show yourself!
Reposted by Tim
I just released my edit of "In Praise of 'Normal' Engineers": why the best engineering orgs in the world are the ones where ✨normal engineers✨ can consistently move fast, ship code, fix shit, help their users, and move the business forward...a little more, every day.
charity.wtf/2025/06/19/i...
charity.wtf/2025/06/19/i...
In Praise of “Normal” Engineers
This article was originally commissioned by Luca Rossi (paywalled) for refactoring.fm, on February 11th, 2025. Luca edited a version of it that emphasized the importance of building “10x engi…
charity.wtf
June 19, 2025 at 5:22 PM
I just released my edit of "In Praise of 'Normal' Engineers": why the best engineering orgs in the world are the ones where ✨normal engineers✨ can consistently move fast, ship code, fix shit, help their users, and move the business forward...a little more, every day.
charity.wtf/2025/06/19/i...
charity.wtf/2025/06/19/i...
Reposted by Tim
An astronomy professor colleague of mine once relayed trying to explain to his students why it was important that they actually write their class reports themselves. “The point is not to teach ME about neutron stars,” he said.
Even accepting the premise that AI produces useful writing (which no one should), using AI in education is like using a forklift at the gym. The weights do not actually need to be moved from place to place. That is not the work. The work is what happens within you.
April 15, 2025 at 12:18 PM
An astronomy professor colleague of mine once relayed trying to explain to his students why it was important that they actually write their class reports themselves. “The point is not to teach ME about neutron stars,” he said.
Reposted by Tim
"I fought a DDoS and lived to tell the tale" is one of my favourite blog posts. It's been many months since I read it, but I remember it whenever I think of WAF. Give it a read; I promise it will be worth it.
open.substack.com/pub/funkbyte...
open.substack.com/pub/funkbyte...
I fought a DDoS and lived to tell the tale
Episode 1 - A Developer's Saga
open.substack.com
March 30, 2025 at 11:38 AM
"I fought a DDoS and lived to tell the tale" is one of my favourite blog posts. It's been many months since I read it, but I remember it whenever I think of WAF. Give it a read; I promise it will be worth it.
open.substack.com/pub/funkbyte...
open.substack.com/pub/funkbyte...
Reposted by Tim
Corollary: ICs who believe that AI can replace middle management think that it would result in them having more power and freedom, not realizing that it would mean taking an infinite stream of vibes-driven AI-generated tickets from their exec overlords
March 18, 2025 at 5:33 PM
Corollary: ICs who believe that AI can replace middle management think that it would result in them having more power and freedom, not realizing that it would mean taking an infinite stream of vibes-driven AI-generated tickets from their exec overlords
Reposted by Tim
Hypothesis: The belief that AI can replace middle management is actually the wish of execs who never gave up on "command and control" models of leadership and just didn't feel able to execute them at scale, but now believe that the machines will allow them to do so
March 18, 2025 at 5:04 PM
Hypothesis: The belief that AI can replace middle management is actually the wish of execs who never gave up on "command and control" models of leadership and just didn't feel able to execute them at scale, but now believe that the machines will allow them to do so
Reposted by Tim
Every tech company* has platform teams trying to build:
1. Heroku, except hand-rolled
2. One giant shared database, so engineers can ignore analytics without consequence
3. If they have a monolith, microservices. If microservices, a monolith
4. A solution to the halting problem
* Hyperbole. I hope
1. Heroku, except hand-rolled
2. One giant shared database, so engineers can ignore analytics without consequence
3. If they have a monolith, microservices. If microservices, a monolith
4. A solution to the halting problem
* Hyperbole. I hope
March 5, 2025 at 10:24 PM
Every tech company* has platform teams trying to build:
1. Heroku, except hand-rolled
2. One giant shared database, so engineers can ignore analytics without consequence
3. If they have a monolith, microservices. If microservices, a monolith
4. A solution to the halting problem
* Hyperbole. I hope
1. Heroku, except hand-rolled
2. One giant shared database, so engineers can ignore analytics without consequence
3. If they have a monolith, microservices. If microservices, a monolith
4. A solution to the halting problem
* Hyperbole. I hope
Reposted by Tim
# avoid the nightmare bicycle
March 3, 2025 at 10:31 PM
# avoid the nightmare bicycle
Reposted by Tim
This is such cool analysis of PIN in @haveibeenpwned.com's Pwned Passwords. Scroll through the page and watch the heat map change alongside the explanations of how people are creating (somewhat) predictable PINs: www.abc.net.au/news/2025-01...
Is your PIN code among the first ones hackers are likely to try?
The ABC analysed 29 million stolen codes to help you avoid using an insecure one.
www.abc.net.au
January 27, 2025 at 10:37 PM
This is such cool analysis of PIN in @haveibeenpwned.com's Pwned Passwords. Scroll through the page and watch the heat map change alongside the explanations of how people are creating (somewhat) predictable PINs: www.abc.net.au/news/2025-01...
Reposted by Tim
I'm not anti-metric. I'm anti metric abuse. Data mostly asks questions, not answers them. Here's an example of using data to ask questions about who are influential programmers on a project. tidyfirst.substack.com/p/measuring-...
January 27, 2025 at 5:29 PM
I'm not anti-metric. I'm anti metric abuse. Data mostly asks questions, not answers them. Here's an example of using data to ask questions about who are influential programmers on a project. tidyfirst.substack.com/p/measuring-...
Reposted by Tim
Always do this prior to going through a security checkpoint or interacting with law enforcement
Security tip for iPhone users: holding the side button and one of the volume buttons for two seconds will lock your phone and disables Face ID until you enter your password. Useful for situations where someone may try to unlock your phone without your consent.
January 25, 2025 at 11:46 PM
Always do this prior to going through a security checkpoint or interacting with law enforcement
Reposted by Tim
Angertainment is a great way to describe the emotional experience most social media platforms are optimizing for.
January 17, 2025 at 7:33 PM
Angertainment is a great way to describe the emotional experience most social media platforms are optimizing for.
Reposted by Tim
Today at NCSC we published two blogs on our position regarding passkeys - the first is below (links to the second) - they are our future, not perfect but getting better..
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
Passkeys: they're not perfect but they're getting better
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.
www.ncsc.gov.uk
January 15, 2025 at 9:58 AM
Today at NCSC we published two blogs on our position regarding passkeys - the first is below (links to the second) - they are our future, not perfect but getting better..
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
.. call to action within!
www.ncsc.gov.uk/blog-post/pa...
Reposted by Tim
This is what frustrates me most about AI companies with opaque language about what they do with data sent to their models - it opens very genuine questions about the ethics of pasting material into the bot to get a summary or explanation
Recently talked to a student who admitted to using ChatGPT as a study device - by feeding it all of the class lecture slides and having it generate summaries. So now OpenAI has ownership of all the slides my co-instructor and I created from scratch…
January 4, 2025 at 11:19 PM
This is what frustrates me most about AI companies with opaque language about what they do with data sent to their models - it opens very genuine questions about the ethics of pasting material into the bot to get a summary or explanation
Reposted by Tim
who is this for? that's what I can't wrap my head around - who wants to follow someone who's not real, and is posting about their regular day to day life except none of it is really happening? who is this *for*?
Meta is testing, or has started to ship, its AI generated profiles, here on Instagram
www.instagram.com/himamaliv
#SocialWeb
www.instagram.com/himamaliv
#SocialWeb
January 3, 2025 at 11:01 AM
who is this for? that's what I can't wrap my head around - who wants to follow someone who's not real, and is posting about their regular day to day life except none of it is really happening? who is this *for*?
Reposted by Tim
This is well worth a read.
There's so many cool tools out there. I hope this post inspires you to give some new ones a go in 2025.
matthewsanabria.dev/posts/tools-...
matthewsanabria.dev/posts/tools-...
Tools Worth Changing To in 2025
Change your tools and change your life in 2025.
matthewsanabria.dev
January 2, 2025 at 12:21 AM
This is well worth a read.
Reposted by Tim
TIL how easy it is to ask curl to dump TLS session keys to disk 🛠️
Simply set the environment variable `SSLKEYLOGFILE=/path/to/file` 😅 Note: it also works for Firefox and Chrome
Extremely useful when combined with Wireshark 👍
Simply set the environment variable `SSLKEYLOGFILE=/path/to/file` 😅 Note: it also works for Firefox and Chrome
Extremely useful when combined with Wireshark 👍
December 20, 2024 at 11:35 AM
TIL how easy it is to ask curl to dump TLS session keys to disk 🛠️
Simply set the environment variable `SSLKEYLOGFILE=/path/to/file` 😅 Note: it also works for Firefox and Chrome
Extremely useful when combined with Wireshark 👍
Simply set the environment variable `SSLKEYLOGFILE=/path/to/file` 😅 Note: it also works for Firefox and Chrome
Extremely useful when combined with Wireshark 👍
Reposted by Tim
Example: Companies pay big bucks for all sorts of tools that run on desktops, mail systems, servers, etc. instead of deploying FIDO authentication to eliminate password phishing entirely.
The basics are still the basics. But we're in an industry built on misplaced fear and hacklore.
The basics are still the basics. But we're in an industry built on misplaced fear and hacklore.
Someone once asked me what they should do about Stingrays intercepting their traffic go deliver Pegasus while at the same time they used the same password to email, bank and random shopping website.
December 20, 2024 at 4:32 PM
Example: Companies pay big bucks for all sorts of tools that run on desktops, mail systems, servers, etc. instead of deploying FIDO authentication to eliminate password phishing entirely.
The basics are still the basics. But we're in an industry built on misplaced fear and hacklore.
The basics are still the basics. But we're in an industry built on misplaced fear and hacklore.
Reposted by Tim
I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a
December 19, 2024 at 8:51 PM
I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a text writeup! I don't want a video! I want a
The best response to “Founder Mode” that I’ve seen: charity.wtf/2024/12/17/f...
Thank you @mipsytipsy.bsky.social
Thank you @mipsytipsy.bsky.social
“Founder Mode” and the Art of Mythmaking
I’ve never been good at “hot takes”. Anyone who knows anything about marketing can tell you that the best time to share your opinion about something is when everyone is all worked up about it. Hot …
charity.wtf
December 18, 2024 at 7:56 PM
The best response to “Founder Mode” that I’ve seen: charity.wtf/2024/12/17/f...
Thank you @mipsytipsy.bsky.social
Thank you @mipsytipsy.bsky.social
I’m enjoying the fact that the prevalence of AI tech is leading people to ask “what _should_ our tech do for us?”. Should have been asking that all along….
December 7, 2024 at 6:59 PM
I’m enjoying the fact that the prevalence of AI tech is leading people to ask “what _should_ our tech do for us?”. Should have been asking that all along….
Reposted by Tim
greetings gentleblues, I bring you tidings of hot takes and shade
my new post discusses why cybersecurity isn’t special (nor should it be) kellyshortridge.com/blog/posts/c...
plus eight opportunities for security programs to become constructive vs. constrictive
my new post discusses why cybersecurity isn’t special (nor should it be) kellyshortridge.com/blog/posts/c...
plus eight opportunities for security programs to become constructive vs. constrictive
Cybersecurity Isn't Special
This blog post explains why cybersecurity shouldn’t be a special stream of work in organizations, and presents opportunities for security programs to become more constructive and less gatekeepy.
kellyshortridge.com
December 13, 2023 at 3:46 PM
greetings gentleblues, I bring you tidings of hot takes and shade
my new post discusses why cybersecurity isn’t special (nor should it be) kellyshortridge.com/blog/posts/c...
plus eight opportunities for security programs to become constructive vs. constrictive
my new post discusses why cybersecurity isn’t special (nor should it be) kellyshortridge.com/blog/posts/c...
plus eight opportunities for security programs to become constructive vs. constrictive
Reposted by Tim
Actually Frankenstein was the name of the scientist. I, the person correcting you on this trivial point, am the monster.
October 31, 2023 at 4:28 PM
Actually Frankenstein was the name of the scientist. I, the person correcting you on this trivial point, am the monster.
Reposted by Tim
I appreciate Amazon having such a generous limit.
As someone who types 60 words per minute for 17 hours per day, I was worried I wouldn’t be able to publish my three daily novels.
arstechnica.com/information-...
As someone who types 60 words per minute for 17 hours per day, I was worried I wouldn’t be able to publish my three daily novels.
arstechnica.com/information-...
September 24, 2023 at 12:45 PM
I appreciate Amazon having such a generous limit.
As someone who types 60 words per minute for 17 hours per day, I was worried I wouldn’t be able to publish my three daily novels.
arstechnica.com/information-...
As someone who types 60 words per minute for 17 hours per day, I was worried I wouldn’t be able to publish my three daily novels.
arstechnica.com/information-...
Reposted by Tim
Start writing with no ideas. Just write 500 words a day of something. The ideas will turn up, even if you can't use what you're writing.
September 13, 2023 at 1:19 AM
Start writing with no ideas. Just write 500 words a day of something. The ideas will turn up, even if you can't use what you're writing.