Writing

ChatGPT and Plagiarism

Plagiarism is a serious transgression for writers for the same reason joke theft is a cardinal sin for comedians - it amounts to an attack on their profession. Creative theft is so hated because it steals the fruits of our labor even more fundamentally than just office politicking or project credit-taking. It erases the identity of the original author and creates in its place a lie - that the perpetrator of the theft deserves the accolades, finacial and social, associated with it.
Read more

Senior Developer Koans

“We need to integrate with a SOAP API that’s been deprecated for 3 years” said the Engineering Manager. And the Developer wept. A Senior Developer wanted to choose the best Node framework for his project, so he asked the Master. “Deno” said the Master. “Teacher” asked the Junior Developer, “Why doesn’t my feature work in Firefox?” “All features work in Firefox” replied the Senior Dev, “from a certain point of view.
Read more

A Quick Guide to Collecting Sci Fi

Over the years of avidly collecting my niche (New Age science fiction from the 60s and 70s), I’ve picked up a few germs of knowledge about book collecting, preservation, and general enthusiasm. It is an addicting hobby, and like any pursuit, something you can improve at with just a tiny bit of perfectly normal, not-clinical, garden-variety obsession. Buy your Bible Before anything else, buy the excellent Science Fiction and Fantasy Authors: A Bibliography of First Printings of their Fiction edited by L.
Read more

Junior Developer Koans

“Generate a react app without scaffolding” instructed the Master. The student could not. The old man told the young: “Python has seen 3 versions in my day”. The young man responded: “Node has 12.” “Teacher”, the student inquired, “What’s the best Javascript MVC?” The teacher replied. “It’s not JQuery.” A Junior Developer wanted the best Javascript framework for his side project, so he evaluated every option before deciding. He starved to death.
Read more

Writing a Book with Unix

Introduction Last year I published my first book with a publisher, Hands on Bug Hunting For Penetration Testers. Going in, I was determined to set up a workflow that would allow me to: 1) Keep a backup of the book. 2) Allow me to easily track my writing progress. 3) Work on the book offline. 4) Keep my own copy of the book. What set of tools could possibly control the versioning, backup, access control, and portability of plain text?
Read more

Bug Hunting for Penetration Testers Available Now

Hands-On Bug Hunting for Penetration Testers is now available. The book covers how to detect, validate, and write submission reports for XSS, SQLi and NoSQLi, XXE, CSRF, and more vulnerabilities, including sections on detecting hidden content, crowdsourcing code injection snippets and other malicious inputs, writing quality submission reports, and more. It uses Burp Suite as a principal tool and proxy, with Python (3.6.5) and Bash scripts thrown in to augment, extend, and automate different testing functions.
Read more

Creating my Blog and Book Sites on the Free Stack

When I was setting out to revamp my personal blog and create a new site for my book, I had a couple of considerations in mind. I wanted both sites to be highly-available (I don’t get much traffic, but also don’t want a hug of death), simple (with as few moving parts as possible), and easy-to-update and generally extend. All of that led me to a static workflow. Settling on (but not for) Static I love static sites.
Read more

My Writing Tech Stack

All writers have their own workflows for writing: Many people use Word, Google Docs, or Libre Office - George R.R. Martin famously uses WordStar, a DOS-based text-processing system from the mid-80s. As long as your personal productivity is juiced and you’re comfortable, you can be as idiosyncratic as you want. Somewhere a hardcore cypherpunk is writing the next cryptographic epic in vim. In that spirit, I’ve evolved my own writing process over time as I’ve looked for a workflow that minimized application overhead, allowed me to translate documents between formats, provided robust version tracking, integrated well with other tools, and worked offline.
Read more

Pre-order Hands-On Bug Hunting for Penetration Testers

Update: The book has since been released. See how to purchase it at handsonbughunting.com or use the Amazon link included in the article below. This October I’ll be releasing my first book with Packt publishing, Hands-On Bug Hunting for Penetration Testers. The book covers: Preparing for pentesting engagements Building an automated pentesting workflow Detecting and reporting OWASP’s Top 10 most common bugs Finding the best bug bounty programs Focusing on testing the right parts of a web application Formatting vulnerability reports to maximize your payouts Going further If you have some experience with penetration testing, it’ll be a good introduction to public bug bounty programs, and if you’re just getting into security, it’s a great series of walkthroughs for getting up to speed - even if you have to search for the meaning of a term or two (or three).
Read more

1-Minute Markdown

What’s Markdown? Markdown is punctuation for the web. It enables authors to easily write documents that feature common online staples like links, images, as well as italicized, bold, and other types of rich text, using a simple, lightweight set of symbols that can easily be converted to HTML, doc, pdf, or rtf files. Since markdown files are just plain text, they’re an ultra-portable way to write web-compatible content without the mess of a WYSWIG editor or proprietary file types.
Read more