It’s a brand new year. Many people have set their new years resolutions, companies are starting new projects, and for those in Australia and other countries where school years match calendar years, school kids are getting ready to start another year at school. In many ways, this blog is one such “new thing” that’s being started.

A common theme at the end of a year, is for a person or organisation to review the previous year, to highlight some special things they found and to look at what they’re wanting to do in the future. Unfortunately for me, I can’t do that this year as I’ve only just started documenting these things in a nice manner. However, I can still talk about things I want to do in the year to come!

Year to come

For 2018, there are three main things I’d like to do with this site.

1. Publish more consistently
2. Releasing guides and manuals
3. Give regular “What I’m reading” posts
4. Release tools online

Publish more consistently

If I get the other three done, this will be pretty easy. Basically though, I’ve ran other blogs in the past and I find that starting a blog is easy. Maintaining a blog is the hard part! If I can at the very least do weekly posts, I’ll be very satisfied with myself. If I manage monthly though, I’ll still be happy.

Releasing guides and manuals

In a way, I feel my recent posts on Rendering JSON Strings and Django/Axios/CSRF were kind of a lead up to this, but I’m wanting to do more in-depth guides for people to use in the future. I’ve found other people’s guides out there super-useful, but I often find that I have to take some aspects from multiple guides and combine them together to get exactly the information I need. I plan on finding a scenario that I’m currently working on tackling, and writing guides that look at the issue and how I’ve solved them. I have one in the works already, hopefully someone will find that useful!

What I’m reading

This isn’t something I see very often in tech related blogs, but I’ve found these to be interesting posts in other fields before. Basically, I’ll keep a list of articles I find useful, and at the end of the month publish that list so that other people can see what I’ve been finding useful. Hopefully this helps other people find out about other bloggers that they may not have heard of before, and may find an article they otherwise would have missed. I’ve started this with a “Recommended reading” page that lists other bloggers, but these posts will be linking to specific articles/posts, not just their main webpage.

Release tools online

We all have various websites that have useful tools that we go to in our day-to-day work, without which we’d have a harder time getting our jobs done. Two such tools I find super-useful are whatsmydns and whatsmybrowser. I’ve got some tools that I’ve personally been using, that I’d like to share publicly as I feel others would also find them useful. Developing these tools also serves as a great learning experience for me too!

2017 Recommended Reading – Year in review

Now that I’ve said what I want to do more of in the year to come, let’s start off number 3 in that list and do my first “What I’m reading” post and do something similar to a “Year in review” post at the same time?

Below are some articles that were published in 2017 that I found worth sharing.

Troy Hunt

I find it interesting that I’ve been following Troy for close to two years now. Boy how time flies…

Firstly, this series on Fixing Data Breaches by Troy Hunt was an interesting read, looking at ways that organisations can help minimise the damage when a data breach has occurred, ways of preventing them and how to encourage companies to do the right thing. This post may not be the most useful for individuals, but definitely worth the read if you’re a decision maker in a company. For ease of use, here’s the link to each individual part.

1. Education
2. Data Ownership & Minimsation
3. Ease of Disclosure
4. Bug Bounties
5. Penalties

Following from this, albeit not chronologically, was a post Troy made several months earlier on how an organisation should/shouldn’t act after a data breach has occurred.

Other articles I’d include in a “Highlights of Troy Hunt for 2017” mix tape:

• 6 Step Happy Path to HTTPS
• The one valuable things all websites have, and why Phishers want it
• The trouble with politicians sharing passwords (or anyone for that matter!)

Scott Helme

Scott I’ve only been following for a shorter period of time, so it made this list a bit easier to write. Also he doesn’t post as much as Troy so there’s less articles to pick from, but they’re all equally useful.

• Malware Hunting with CSP – This one I found particularly interesting. In my day-job hunting bugs in our software, I’m always looking for more ways of getting more useful debugging information!
• Are EV certificates worth the paper they’re written on?
• Sarahah – Particularly topical as a lot of my friends started using this around the time this article came out!
• Let’s Encrypt with DNS Round Robin – An interesting read on using Let’s Encrypt on load balanced servers
• nomx: The worlds most “secure” communications protocol followed by the comments on Hacker News, a ZDnet article on the topic and of course the comments on r/netsec

Others

I kept Troy’s and Scott’s in their own section, simply because they have so many. They’re not the only sites I read though! Other great articles to read:

• Why the internet must be regulated
• 2018 guide to building secure PHP software
• PHP 7.2 – The first programming language to add modern cryptography to its standard library
• 10 years in, nobody has come up with a use for blockchain
• This is how you respond to a disclosure
• Remove my password so hackers can’t hack me (I think the guy’s making a joke… I think…)
• Mailsploit
• Announcing the first SHA-1 collision
• How I hacked hundreds of companies through their helpdesk

Here’s hoping 2018 has even more worthwhile reads than 2017 did!