Posts

It's aliiiiiive! Documenting for security as a process

There's something about the standard practice of how we document security assessments that's been bothering me for a while now. If I had to summarize it, I'd say it's about treating the documentation of a security audit as a final product rather than an input to an ongoing process. Let me illustrate what I mean. Pretty much any report template that I've ever been given was structured around listing the vulnerabilities identified during the audit. On some engagements, there was no expectation of a final report. Instead, the work products were issues filed in a bug tracker. In these cases, the number and severity of issues filed were also used as a measurement of productivity. But when I document my security assessments, my process looks fairly different in that I also keep copious notes on coverage: What have I looked at (even if I didn't find anything there)? What were the attack vectors that I investigated, including the ones that didn't pan out? Why did th...

Charting a course to hands-on DNA sequencing with the Oxford Nanopore MinION

Like any self-respecting DIYBio enthusiast, I've been flirting with the idea of doing some hands-on sequencing, on and off for the past few years. There were musings about doing some good old fashioned Sanger sequencing (still on the table as a workshop-type thing, in the same spirit that motivates the hand papermaking workshops you sometimes find at industry & technology museums). Then I've been eyeing the somewhat affordable but fairly outdated DNA sequencers that occasionally pop up on eBay. So far, I've always backed off for a number of reasons. Short version: It seemed impractical. They're usually still quite expensive. They're too big for my tiny biolab, so I'd have to find another place to put them. I'd have to learn how to operate them without being able to count on the manufacturer's support. I never investigated this closely, but I'm not sure that manufacturers are particularly keen on providing training to a second-hand buyer of an al...

Getting my Pharmacia LKB Multidrive XL online... now with 3D printing!

Image
Quite a while back, I bought a used Pharmacia LKB Multidrive XL on eBay. It's a gel electrohphoresis power supply that can output up to 3500 volts at several hundred milliamps. There was a problem, though: Whenever I tried to use it, it just gave me the error "Invalid connector". The unit didn't come with a manual, so I was stumped as to what exactly this error meant. Searching for the manual online didn't yield anything besides a few old forum posts with broken links. The manufacturer, Pharmacia, had since been bought be Amersham, which in turn had been bought by GE Healthcare. It seemed like a long shot, but I rang up the GE Healthcare customer support and asked for the manual. They were amazingly helpful and sent me a PDF. Armed with the manual, I learned that the error I was getting was connected to one of the many safety precautions that were built into the device. First off, the unit has four power outlets. All four need to be plugged in with something, ...

Yet another overly ambitious Todo list

2012 has passed (and I have to say, thank Eris it did), and 2013 is upon us. Say what you will about arbitrary counter resets and new year's resolutions; the start of a new year is a convenient time to reflect, to look back, and to look forward. Another motivation for this reflection is that I just completed my diploma thesis at long last; so naturally, there's the question of: What next? And so I thought I'd record here what I'd like to do in 2013 - at a minimum, I may be able to go back to this post in a year's time and compare my goals then and now, and to get a sense of what I thought I might be able to accomplish in one year vs what I actually did accomplish. So here goes, in no particular order. Go snowboarding. Not a given, seeing as I live in a place where both mountains and snow are scarce to non-existent. Visit some of the European biohacking groups. High on my list are BiologiGaragen in Copenhagen, La Paillasse in Paris, brmlab in Prague, London Hac...

A tale of three cities

(Disclaimer: This post is about a toilet door. Yes. You read correctly. A toilet door that has come to mean a lot of things.) Once upon a time, there was a group of people who had spent all their lives in a kingdom where women were considered commodities and things of value only if they pleased the eye. Believing that every human being should be regarded as such, they were frustrated with this, and so they decided to go out into the world and find a more accepting place. They came upon a fork in the road that led into three different directions; they decided to split up and promised to send each other word on what they found on the end of each road. Each group came upon a magnificent city at the end of its respective road, full of technology and science and art and wonder, where strangeness and new perspectives and possibilities of being seemed to be around every corner. However, those three cities were not all the same; and the respective groups soon came to experience very ...

Life after the diploma thesis, or: my case against a PhD

I'm 34 pages into my diploma thesis (target is around 100 pages, including everything), and the deadline for handing it in is Decembre 28th. Time to think about life after the thesis. I've been toying with the idea of going for a PhD, since I really, really want to do science. And if you want to do science, getting a PhD is the way to go, right? But after mulling this over for quite a while, I've almost arrived at the conclusion that, no, for me, a PhD is not the right way to go. I'd like to lay out my reasoning and my plan here; who knows, maybe I'll get some useful input before making a final decision? Or maybe I'll make my decision anyway, and leave this as input to others who are in a similar situation. One of the points that came up when talking about the issue with my parents was: making a living. Really. Me and my three siblings were raised by a single dad at the low-income end of the spectrum. Much as my older siblings, I started earning my l...

Addition: Questions around personal genomics - sharing vs. privacy

There was something bugging me while writing my last post on some issues with personal genomics, because I seemed to remember I had another point that I wanted to bring up. Now it came back to me. The point was about the technicalities of sharing genomic data. Now, the last post was mostly me bitching about the current mode of personal genomics, 23andme and all, and how I don't think it's a good idea to hand over your genomics data to some US-based company with very clearly stated commercial interests. (Just to summarize on that: Having commercial interests is not a bad thing in itself in my book, but I'm a bit of a tough sell if you want me to share my data for what seems like mostly your commercial interest, and doubly so if these data are not exclusively mine to disclose.) But there is another point worth discussing around the topic of personal genomics which is a little more forward-pointing, maybe. Let's say we agree that personal genomics are here to stay...