Jonathan Arnold 🇺🇦Luckily, just some days are like this in the #SaltMine. Like today, for instance. Despite free #pizza
I am debating skipping out on a day or two at the #SaltMine because the weather looks great and we didn’t get much done outside over the weekend. A friend of mine is starting at STR soon. I’ve been trying to get him on board for a couple of years now. I’m excited for three reasons – he’s a really good developer, I get a hefty bonus for referring him, and now I can stop listening to him whine about his job at Amazon. 😸
So no visit to the #SaltMine today. I had a pretty busy day yesterday. I should get a new transfer request to the classified lab before I leave this morning, so I can have it ready for me on Monday. I was able to use some other resources to simulate a standalone machine, and I think I’m ready for the classified lab.
I will spend my day in the #SaltMine at the world headquarters here in Woburn. I would come in more often, but there aren’t enough hoteling spaces, though. For instance, I can’t get one on Thursday. Because I am going into the classified lab more often these days, I might be able to get my own office—or at least my own desk. The threshold is rather low at only two days a week. But I’m not sure when the next assignment phase will be.
So I came into the #SaltMine for a free lunch and a free slice of pie. I am also beginning my journey into a classified lab. We have a couple of them here at STR world headquarters, and my new project is partially classified. It is completely air gapped. You have to take off everything with connectivity, so that means no watch, no phone, and even no car keys. I’ll have to get a normal watch to wear, since I kept checking my wrist for the time.
So it is back to the #SaltMine today. I should be able to do everything because I can stay focused, thanks to a couple of very clear objectives I need to wrap up. That at least helps with the distractions. I have been gradually improving CVE detection and have a few more ideas. I think it’s better to have a false positive than to miss it entirely, so that’s the way I’m progressing.
I am just about done writing up my report in the #SaltMine. We have only been finding 6 out of a potential 40+ CVEs in the source code, and I have a theory why. I want to toss that out there to the team and see what they think we can do about it. I think there might be an easy fix if we’re willing to be too aggressive instead of too conservative.
As I said, I am back at world headquarters for the #SaltMine. It is for a good reason, though. I am getting another free lunch. And we are going to play some #BoardGames too. I brought Take Five and a couple of Mystery Rummy games. I got access to a secret lab yesterday, and I will go down and try to log in today.
As I said, I am in person at the #SaltMine today. It really is incredible how brazen the Orange Turd and his minions are in using all the levers of the most powerful government in history for every petty little grievance. It's a good thing Congress isn’t alive to see this. His fight against Anthropic actually has a strong effect here, because it is one of our most used AI code agents, and as a government contractor, we won’t be able to use it if he continues his petty tirade.
I meant to put a few hours in at the #SaltMine over the weekend, but I never got around to it. I want to finish up my ground truth task. I need to finalize the script and try to fold it into a GitLab CI job. I was hoping to get some feedback from the team, but I haven’t seen anything yet. Only finding six out of 48 CVE’s in the curl code isn’t great.