Polish Brunch for Friends

October 30th, 2010 Posted in Food
No Comments

Ever since Michelle and I moved in to this apartment in Feb we haven’t had guests for any kind of meals. After being invited to Ronen’s for Hummus brunch a couple weeks ago, Maggie and I started scheming for having a Polish brunch. I finally made this happen and tomorrow for brunch a bunch of friends (from the AppFabric Service Bus team who live on the west-side) are coming over.


Appetizers

Savory Dishes:

  • Barszcz (beet soup)
  • “Ears” filled with mushroom/onion (kind of like tortellini)
  • Potato Pierogi


Sweet Dishes


Dessert

  • Delicje
  • Some yeast-based (often used in Polish desserts) cake Maggie is making
Read More

Lessons Learned on Making Software Secure

October 18th, 2010 Posted in Random Thoughts
No Comments

Today marks my last day of responsibility for making my products secure. I will continue to be responsible for making my feature areas secure, but I won’t be giving out the marching orders anymore.

Since I joined the company in 2005 I was responsible for the security of technologies including the first release of the Windows Communication Foundation, Windows Server AppFabric, Windows Azure AppFabric, and a few others.

The term “Security” is quite broad and can mean many things. But there are two big buckets of responsibility that you can think about: “Security as a Feature” and “Security as a Process”. Security-as-a-Feature is the act of working on features that make your product more secure. For example, using HTTPS instead of HTTP, or implementing an identify system, etc. Then there is Security-as-a-Process, which is basically following the security best practices at every milestone of the software development lifecycle. This includes things like creating threat models, running static analysis tools, fuzz testing, etc.

I currently work on the Access Control Service so clearly I will be working on Security as a feature for quite a while. However, it is security as a process for which it has been my last day.

My responsibility has been to implement the Secure Development Lifecycle (SDL) in the products I worked on. I started this because the WCF team needed it and I was a fresh college hire who could fill the role. It was a great first experience as I was quickly recognized as an expert in my division and saw a lot of demand for me as a result.

Key lessons learned (in no particular order):

  1. Start with threat modeling. If you don’t know how to think about making software secure, threat modeling is a good starting point.
  2. 3rd party penetration testing is worth the piece of mind. Hiring an external team to focus on penetration testing, despite its cost, has an incredible return. Either you verify that you have done your due diligence and no new issues are identified, or the issues that are identified will make your product that much better.
  3. Learn basics of crypto and federated identity. All technical people should be familiar with basics of cryptography like signing, encryption, block vs stream cyphers, etc. This is core to understanding other security related technologies. Similarly federated identity is critical for any service that wants to sell to enterprises; it’s one of the core requirements for any enterprise customer.
  4. Securing your services/products can be easy. Implementing security best practices doesn’t have to be expensive. Doing a little bit of work at every step of the way makes it actually pretty cheap. It becomes a good habit.
  5. Define and live privacy principles. This is a big one. Define a small set of principles such that everyone can easily think about customer and privacy data in terms of those principles. Everything flows from those principles, like figuring out how to triage bugs, defining data handling policies, implementing audit logs and checks and balances, etc. I am very proud of the way that AppFabric Services handle customer data.
  6. Verify assumptions. When teams practice security every step of the way it becomes a great habit. But in those cases you are in danger of making assumptions about interdependencies just because they become habitual and you have mutual expectations. For each functional area as a part of the threat modeling process it is a good idea to list the assumptions you make about all of your dependencies, then verify them with the people that are the authorities.
Read More

Roasted Chicken with Bacon and Fractals

October 17th, 2010 Posted in Food
No Comments

Roasted chicken with herbs and bacon, a side of winter squash, romanesco broccoli, and Chantrelles.

For those unfamiliar with Romanesco, it’s the broccoli which looks like a fractal.

The Chantrelles were picked by yours truly, which I am very proud of. I also made soup with it, but I don’t have the pictures as it was eaten by the time the camera came out.

As usual, everything is local and “beyond” organic.

Read More

Homemade Farmers Cheese

October 15th, 2010 Posted in Food
1 Comment »

Dave McMasters pointed out to me that I haven’t posted anything lately. While I have been cooking, I haven’t been posting stuff. As such, I’m making this little post about home made farmers cheese.

There is a type of Polish Farmers Cheese which seems to be a bit different than most of the Farmers Cheese I’ve been able to find at the farmers markets around here. The farmers cheese I know is more spreadable and crumbles more easily. You can actually get the Polish type of Farmers Cheese at Polish Markets. While I was looking into this I also found out that you can actually make Farmers Cheese at home with very few ingredients.

Here is how the recipe goes, I’ts a modification to one that I found online.

  1. Bring 1/2 gallon whole milk nearly to boil
  2. Turn off the heat and add 3 tbl spoons of white vinegar
  3. Let this sit for 10 minutes
  4. Strait the result through a cheese cloth
  5. Hang the cheese cloth and let it drip out, once it is cool enough squeeze the remaining liquid out

The cheese isn’t as salty and doesn’t have that kick that aged cheese has, it is more mild kind of like cream cheese.

I like to eat it as a spread on bread and then covered with honey. It can also be mixed with chopped radishes and green onion with some salt and pepper and also served on bread. The latter is what I did this time around and it was damn good.

Read More

Wear What You Are

October 14th, 2010 Posted in Random Thoughts
No Comments

Perhaps it is judging a book by it’s cover, but I do believe that you can tell a lot about a person by what they wear. For example… If you ask a college student and a young professional to get dressed up both of them can end up with nice shoes, slacks, and a dress shirt, but you will still be able to tell which is which. The difference is in the details; pattern, color and cut of the shirt, the style of the shoe, cut of the pants, and accessories (e.g. watch).

So when you are read to graduate from mall brands (e.g. Express), here is a small collection of useful links for finding high quality, stylish clothes which are still surprisingly cheap.

http://www.gilt.com/sale/men
http://www.blank-label.com/
http://www.hautelook.com/events#men
http://www.ruelala.com/

Read More

Hacking monitor configuration to fix Photoshop

October 6th, 2010 Posted in Hacks
2 Comments »

I recently installed my 4th monitor. When I ran Photoshop it crashed.

I haven’t been able to figure out why this is going on, as nothing changed other than my monitors. I read forums and the only suggestions they made (updating drivers) didn’t solve the problem.

As odd as it sounded it might be something to do with the new monitor. So I tried what I was hoping I wouldn’t have to: I unplugged my new monitor…. what do you know, Photoshop works.

But the problem is that I wanted to use Photoshop in the new large monitor.

This is where the hack comes in: (1) disable new monitor, (2) run Photoshop, (3) enable new monitor, (4) drag Photoshop into new monitor. It solves the problem, I didn’t say it was pretty.

Read More