Introductionish

So I'm getting to a place in my life where I can start working on open source projects again and I think I've picked some interesting ones to get involved in so blog time.

The primary project I'd like to start working on is the Librem 5 project. A phone?!? Yeah, I know. But this is going to be interesting, not because it's the most powerful, or has the most features, or has to kill for looks. This is going to be a pure GNU/Linux phone with custom sourced components, built for security and privacy first. With everything open sourced and upstreamed if possible, right down to the board schematics. The privacy thing is nice, I don't have anything to hide, but it seems natural to want as much privacy as you can get. The openness is awesome. And security you say? Well that's become my newest professional focus. You see it all started about a year and a half ago when I moved into application security at work...

I've done a lot of different things in IT over the years, but by far the one I've done most is web application development(~12 years). I'm what some people would call a "Full Stack Developer" (although technically that is not at all my job role at work anymore), I can build the hardware (although these days it's almost always better to use a "Cloud" provider like AWS), setup the network, install and customize the OS (as long as it's *NIX) to any level needed, same with the web server application (embedded or not), customize the web app backend and front end, and all that jazz. I thought I was pretty on point as far as security goes (try unhacking customer websites a few dozen times and you'll get down to learning how to be secure too). I was the security champion on my team, took on an APT a couple years ago and got them to go away (not until after uncovering a information disclosure zero day used against us, so we didn't walk away unbruised either). So yeah, I thought security would be an interesting change.

Mistakes were made. I transitioned a little ahead of schedule due to the Struts 2 blood bath of early 2017. I realize now how different it is to be a dev looking for solutions while trying to be secure, and focusing only on how things can go wrong and how to break things. Anyhow, I seem to be moving past the initial information security learning curve and working to secure/build/dev/document, or whatever else is needed, on this kind of project seems like a great learning experience that could be fun too.

So the things I'm likely to blog about, because they might be useful:

• Getting involved in the Librem 5 project
  • Not sure what kind of help they need, but I'm pretty sure I'll find useful ways to contribute
  • First up is likely a tutorial for Matrix chat as there are a few gotcha's to getting started with that
• Writing a secure blog with the static site generator Pelican and hosting on Amazon infrastructure
• Writing apps for the PurOS phosh (phone shell)
• Any other interesting things that might be related

I hope by sharing my experiences I can help anyone else who might be interested in these things. -jw