Picture of Darren P Meyer

Darren P Meyer

an information security researcher, technology hobbyist, maker, parent, and rabid moderate. I work at Veracode, but I don't speak for them here.

Most LGBT discrimination should considered sex discrimination

There is a current trend of passing laws and enacting regulations to establish sexual orientation and gender identity as “protected classes”. A protected class is “a characteristic of a person which cannot be targeted for discrimination”. As I write this, race, color, religion, national origin, age (40+), sex, pregnancy, citizenship, familial status, disability, veteran status, and genetic information are all protected classes.

As these laws and regulations come into effect, it becomes illegal to fire or refuse to hire or remove from housing (etc.) anyone on the basis of their sexual orientation or gender identity. I think this is a good thing.

I also think it shouldn’t be necessary, because most discrimination on the basis of sexual orientation or gender identity should be considered sex discrimination already.

If I fire a woman for doing something that men are allowed to do, that’s sex discrimination. If that something is “have sex with women”, I don’t see the difference. And this basic construction seems to apply to a lot of things relvant to trans* and gender issues:

  • wearing women’s or men’s clothing
  • wearing makeup
  • wearing gender-identified hair or jewelry
  • indicating a sexual romantic interest in a particular gender

Now, I’m not a lawyer, so I’m sure there’s nuance here; but it seems to me that where orientation and gender identity are not explicitly protected, there ought to be a fair amount of protection already.

No-Bullshit Meditation

If you wish to learn how to meditate, there are a lot of resources. Nearly every one I’ve seen is filled with breathy woo, and most of them have a bunch of other bullshit that serves no purpose but to try (and usually fail) to make the author sound profound.

Meditation—even beginner meditation—has well-established benefits for mood, focus, and creativity; having to put up with pseudo-spiritual nonsense to get those benefits sucks. So here is a simple method to start meditation, as well as a brief discussion about some misconceptions that may mess with your practice.

Be clear and realistic about your objectives

The goal of a meditation practice is often described with such bullshit terms as “emptiness of mind”, which lead people to think the goal of meditation is to think of nothing. That’s not really a useful way to think about it.

Your ultimate goal in meditation is to have all your attention focused on what’s going on right now. This is hard because we’ve been trained our whole lives to think a lot about the past or the future, with all the stresses involved. Thinking only about right now once in a while is like a brain vacation.

You will absolutely fail to do this. A lot. Hardly anyone can manage to do it for any significant period of time, even without all the distractions that will annoy you every time you try. That’s totally OK because even shitty meditation ...

Meetings Are A Terrible Way To Communicate

Several people need to have a conversation about something: let’s call a meeting,that will help “facilitate communication”, right? Probably not.

Meetings are almost always a terrible way to communicate. Don’t get me wrong, there’s are ways to have an effective meeting. But if your goal is to encourage effective communication, having a meeting means you’re fighting uphill.

Meetings tend to favor people who are outspoken, think quickly, and are self-assured. But on every effective team on which I’ve worked, there are valuable contributions to be had from those who are quiet, who think deeply, or who are a unsure of themselves. Meetings are not good outlets for those folks, which means you’re leaving the value they can add on the table whenever you have a meeting.

Some of this can be improved by changes to the meeting. A good moderator will ensure that quiet people have an opportunity to speak. But:

  • a 30-60 minute session will not ever be conducive to getting value from people who need to time to think deeply before they contribute.

  • putting someone who’s unsure of themselves on-the-spot will only discourage them from contributing

We live in a wonderful world where written communication is faster and easier than ever; having conversations in text (strings of replies on GitHub or Stash or JIRA or whatever, chats on IRC or Slack, even just email threads) is almost always a better choice than a meeting when you want everyone on your ...

Developers Can and Should Own AppSec

Security professionals tend not to trust development and quality teams when it comes to application security, and so they try to force compliance with a rigorous AppSec program.

But especially in Agile, DevOps, and similar rapid development methods, that tends to cause a lot of problems. Development teams can and should own their own AppSec program—one that meets their needs—whether or not their security team supports them.

One way to do that is Responsive AppSec: and I wrote an introduction to Responsive AppSec on the Veracode Blog. The comments system there sucks, so if you have a response, please tweet at me @DarrenPMeyer.

Veracode Internet of Things (IoT) Security Whitepaper

I contributed research and analysis to a Veracode whitepaper on IoT security risks

The choice of “Cyber” branding is unfortunate, but the work is solid and carefully done. It documents both the bad and the good security decisions discovered in a selection of six consumer-targetted IoT devices.

Update: the Veracode site is requiring an email to view the PDF; here’s a direct link for those who wish it.

Page 1 / 2 »