I awoke at the start of 2013 and life was spectacular. I was a few months married (bank accounts reset), had put together a rough plan for honeymooning around the US and even started executing the purchasing of flights etc (bank accounts reset take two). I had also recently had some really interesting discussions with @WadeAlcorn regarding a potential “little” side-project, and of course all the other bits and bobs I was spending time with, various Rails, jQuery and AWS projects. I can’t forget to mention my continued efforts on what I was doing in the 9-5, providing the absolute best information and application security consulting advice and services to our customers that I could.
On the personal front, 2013 saw my love and adoration for my wonderful wife Tenille continue to grow and flourish. We had our highs and lows, moments of despair and absolute joy. Some of the best times of my life I’ve experienced over the past few years, and 2013 was no different. Our trip to LA, Portland, Seattle, New Orleans and Hawaii was nothing short of absolutely spectacular. We got to experience some fantastic music events (The Bronx in their hometown, LA, in an amazing art deco theatre; Local Natives in a 100 year old ballroom in Portland; The New Orleans Jazz Festival), some fantastic meals (in particular the cuisine we sampled in Portland and New Orleans), some breathtaking beers (once again, thank you Oregon you wonderful state of beer) and amazing scenery, particularly in Hawaii.
Shortly after returning home we were welcomed with the news that we would be having a little baby within about 9 months. With excitement and trepidation we both knew that our lives were about to change for ever.
Throughout the entire year I also found myself spending more and more time on that side-project with Wade, co-authoring the Browser Hacker’s Handbook. Working so closely with Wade and Michele @antisnatchor was also filled with amazing highs and lows. As far as challenges go, working on this book has easily been one of the more difficult things I’ve been involved with. Not just from a research point of view, but re-discovering how to apply a high degree of rigour in writing in a consistent, concise and clear manner. Oh, and lets not forget the endless cycles of reviewing and reviewing and reviewing. I would be lying if there weren’t a few moments where I wanted to throw in the towel, but working with these two brilliant security researchers and professionals (not to mention the other talented contributing authors and reviewers we’ve been fortunate enough to get involved) has been such an amazingly fulfilling experience I’m glad I didn’t. Over 1,100 emails and 2,000+ commits later and the book is getting very close to completion.
On other projects I continued my efforts with BeEF (various back and frontend commits, with a focus on the rex console UI, (mobile) browser detection, LastPass SE modules, and an implementation on the WebRTC internal IP detection).
I also released my first version of the SAMM Self Assessment tool, which immediately got some interest from the OpenSAMM project leads for further inclusion with the official OWASP Project. I really enjoyed hacking this together, not only because I got to spend some time with jQuery, but also getting a really good opportunity to play with deploying and scaling this Rails app on AWS services with the excellent Rubber tool (a cloud-wrapper for capistrano). With a few clicks of a button I’m able to scale app servers and DB servers, and then add/remove them from the Amazon’s Elastic Load Balancers. Combine this with S3 and CloudFront to provide a CDN for all the static assets (once again, automatically pre-compiled during a deploy to EC2) and voila. I must admit, it was really fun to spend some time seeing how the app would go throwing loader.io against it.
I can’t forget the ongoing maintenance of the Devise Google Authenticator gem for Rails’ Devise. Hopefully one of the quicker ways to provide 2FA to your Rails apps. The GH project has 83 stars and the gem has been downloaded over 7,000 times from rubygems, so that’s not too bad.
I’ve also been spending a fair amount of time working on a simple threat modelling application, but you’ll have to watch this space for more on this throughout the year.
On the professional side of my life Asterisk has continued to grow and grow. We’re in the process of moving into new premises and we’ve grown by a couple of excellent consultants too. Our first employee is not only someone I deeply respect, but I would consider a good friend, so I’m super happy that Jarrod agreed to dive into the exciting ocean of boutique information security consulting with us. We’ve been beating our targets, and things are feeling really positive, I’m very excited to see how we continue to grow in 2014.
2013 ended on the highest peak when Tenille brought our little baby girl into the world. We’ve only been home with her for a few days now, but I’m so amazed with how well both she and Tenille are doing.
Here’s to 2014 being even better!