Start with the user experience and work backwards to the technology you need.

Steve Jobs once famously said, "you've got to start with the customer experience and work backward to the technology. You can’t start with the technology then try to figure out where to sell it."

This quote has stuck with me. We should focus on who we're building for, what problems they have, and whether our current options available are falling short.

#softwareengineering

*Must reads* for web developers:

The free https://browser.engineering book by Pavel Panchekha & Chris Harrelson & how modern browsers work by Mariko Kosaka:

1️⃣ https://bit.ly/browsers-pt1
2️⃣ https://bit.ly/browsers-pt2
3️⃣ https://bit.ly/browsers-pt3
4️⃣ https://bit.ly/browsers-pt4

I love all of you and I want nothing but the best for each of you, particularly those on infosec.exchange. I understand that Mastodon isn't Twitter, that DMs aren’t end-to-end encrypted, that we are spread across different instances and it can be hard to find your friends, and that an instance can go away at any time, and that translating posts doesn't work correctly, and there is no native giphy support, and that some instances are overwhelmed and super slow, and that you don't think the federated model can scale to a billion users, or that it doesn't support full text search of every post and account, or that we can't comply with the GDPR, or that we don't support quote tweet style functionality, or that we shouldn't collect IP addresses, and many other things.

The fediverse is a work in progress. I've been here for going on 6 years. In that time, it's come a long, long way. That said, Mastodon is not going to appeal to everyone. The decisions I make are not going to appeal to everyone. No one is forcing you to be here. No one is forcing you to disclose your personal secrets into a network of federated servers running by volunteers and hobbyists. NB: this is not Twitter. It has some similar functionality, but it is not Twitter. Parts of it are better, IMO, and parts are not. The security community is generally among the most skilled and competent IT people the world has to offer. Mastodon is open source. Do you see where I'm going?

I set this instance up a long time ago for reasons I don't even remember. I have poured my soul into this thing because I believe in the importance of this community. I have effectively peaked in my career as a CISO and I and my family live well. I am not running this instance for fame, money, a better job, or anything other than wanting to foster a community of people that can learn from each other and make the world a better place. That's it.

As I've said in several recent interviews, I felt particularly obligated to ensure the security community had a good landing spot in the fediverse as everyone was running for the doors in Twitter. We've grown from 180 active users to about 30000 in the span of 3 weeks. I do not expect everyone to stay. Some will set up their own instances. Some will move to one of the other excellent security focused instances. Some will give up and move to on to some other social media. And that is OK. While I am super excited to see the buzz here, I don't have subscriber targets, engagement targets, retention targets, or anything else. The only metric I hold myself to is whether I think this is serving a useful purpose to the community.

I appreciate all of you, regardless of where you land. Infosec.exchange has been here for a long time and will continue to be here for you.

Excellent overview of #privacy, #security, and #accessibility on #Mastodon, by @themarkup https://themarkup.org/the-breakdown/2022/11/21/we-joined-mastodon-heres-what-we-learned-about-privacy-and-security

Highlights:

🔸 Check your server’s privacy policy, as each server has its own rules.

🔸 Watch out w/DMs. Direct messages are not end-to-end encrypted and can be read in full by server admins. Also, anyone you tag in a DM will be able to view it.

🔸 Remember to turn on 2-factor authentication.

🔸 Add alt-text to caption your images and help make this place accessible for all!