Somehow, I Survived

I spent all day watching security training videos. Ordinarily, application security is a topic that interests me a great deal. I might even spend the occasional Sunday lying in bed viewing lectures of this sort for entertainment. But not these videos.

These were corporate training seminars focusing on the minutia of things that don't matter (e.g., which text editor the lecturer prefers) while quickly skimming over topics I'm interested in or those relating directly to my professional duties. (The two don't always align as well as they might, but that's to be expected.)

And the subject matter was frequently outdated too. The core fundamentals were solid, but the course was filmed about five years ago, which may as well be a century in today's digital security ecosystem. There were many discussions about software, devices, and practices that are now uncommon, unsupported, or even abandoned.

By the end of the course, I was so bored that I took to shouting at my computer. I'd yell, "Shut up! Just shut up already!" I imagine the neighbors thought I was in an argument. When the lectures finally came to a close, there was a test to contend with yet. A ten question quiz after nearly eleven hours of rambling talks with no meaningful review beforehand! That part seemed especially unfair.

I feel like the company could have saved a lot of money and gotten better results if, rather than filming a two-week seminar and reusing that footage for years on end, they instead maintained a small library of written material along with short instructional videos. Our very own on-staff experts could update and expand these materials as the times change.

Different departments and disciplines would be expected to take only those units relevant to their domains, and not be bogged down learning about the security implications of how gcc optimizes code written in the C programming language or choosing the best access control library for Java when said developer's job is to build Ruby on Rails applications. Students could take short quizzes at the end of each unit, which (maybe) they'd have to pass before moving on to the next topic.

The whole experience was horribly dull and has put a severe damper on my interest in computer security as a study beyond my immediate needs as an application developer (which are considerable and even daunting as it is). But I survived. And I passed the test, which means I don't have to look at any of this again for at least a year or two. To celebrate, I ate myself sick on white chocolate peanut butter cups and cherry vanilla ice cream. Mmm, mmm, gross.

Suggested reading (and viewing)...

• iOS Privacy: watch.user - Access both iPhone cameras any time your app is running, iOS users often grant camera access to an app soon after they download it (e.g., to add an avatar or send a photo). These apps, like a messaging app or any news-feed-based app, can easily track the users face, take pictures, or live stream the front and back camera, without the user’s consent. [Includes working demo code.] (Felix Krause)
• Why People Refuse to Believe Scientists, [T]he problem people have with science is never the actual science. People have a problem with the implications of science for their worldview and, even more important, for their ideology. When anti-intellectualism rises to the surface, it's because there are new, urgent results coming out of the scientific community that challenge the perspective and status quo of people with power. (Scientific American (PAYWALLED))
• STUNG by a BULLET ANT!, Meet Coyote Peterson. He travels the globe in search of poisonous critters and then convinces them to sting him. In this episode, he takes the bullet ant challenge. (Brave Wilderness @ YouTube)
• BITTEN by a SNAPPING TURTLE!, Coyote Peterson goads a snapping turtle into biting his hand. CHOMP! Fun times. (Brave Wilderness @ YouTube)