Survival Tips For Women In Tech

Patricia Aas | 06 September 2018

Yesterday I saw a tweet from Erin Fox @erinfoox where she asked a simple question: “Who else is the only woman on their dev team?” When I answered her that I’d been the only woman dev most of my career, she asked be if I had any survival tips, and I wrote her a list of 24 tips. Quite frankly it could easily be 50. I will list the 24 here, with a little more elaboration.

read more

Isolating GPU Access in its Own Process

Patricia Aas | 30 August 2018

Chromium’s process architecture has graphics access restricted to a separate GPU-process. There are several reasons why this could make sense, three common ones are: Security, Robustness and Dependency Separation.

read more

Linux Security APIs and the Chromium Sandbox

Patricia Aas | 30 August 2018

The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.

read more

Why make a browser?

Patricia Aas | 13 August 2018

I understand why it might seem odd that the first thing I make is a browser, especially right after leaving a browser company. The logic behind it is a bit convoluted, but bear with me. I have a plan.

read more

Jumping in at the deep end

Patricia Aas | 11 July 2018

I’ve had a secret dream for years of starting my own company. Being my own boss, making something cool and building a great team to do it with. I didn’t tell anyone, but I have mentally refurbished our basement to be a cool office space maybe a hundred times.

read more

Deconstructing Privilege

Patricia Aas | 15 June 2018

Can you describe a situation that caused to realize you were privileged? I have asked many people that question now, and what I have learned is that privilege is an Unconscious Incompetence. Being privileged is a non-event. When we become conscious of it we realize that our privileged experience is not applicable to less privileged people. What happens to them does not happen to us. Only when we become Consciously Incompetent do we realize the need to listen. We need to learn. In this talk I hope to make you realize that we all have privilege and to start a...

read more

Secure Programming Practices in C++

Patricia Aas | 14 June 2018

Bjarne Stroustrup, the creator of C++, once said : “C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off.” He has also said : “Within C++, there is a much smaller and cleaner language struggling to get out.” Both are true.

read more

Reading Other People's Code

Patricia Aas | 04 June 2018

Someone else’s code. Even worse, thousands of lines, maybe hundreds of files of other peoples code. Is there a way to methodically read and understand other peoples work, build their mental models? In this talk I will go through techniques I have developed throughout 18 years of programming. Hopefully you will walk away with a plan on how to approach a new code base. But even more I hope you walk away with a feeling of curiosity, wanting to get to know your fellow programmers through their code.

read more

Embedded Meetup 2018

Patricia Aas and Johan Herland | 07 May 2018

Making a Headless Android Device

read more

Foss-North 2018

Patricia Aas | 23 April 2018

Isolating GPU Access in its Own Process

read more

JavaZone Academy 2018

Patricia Aas | 06 February 2018

C++ for Java Developers

read more

NDC Security 2018

Patricia Aas | 24 January 2018

Secure Programming Practices in C++

read more

NDC London 2018

Patricia Aas | 19 January 2018

Make it Fixable, Living with Risk

read more

SwedenCpp Meetup 2017

Patricia Aas | 16 November 2017

C++ for Java Developers

read more

SwedenCpp Meetup 2017

Patricia Aas | 16 November 2017

Linux Security APIs and the Chromium Sandbox

read more

Fscons 2017

Patricia Aas | 05 November 2017

Trust, Elections and Twitter

read more

Sikkert NOK 2017

Patricia Aas | 26 October 2017

Make It Fixable

read more

NDC TechTown 2017

Patricia Aas and Johan Herland | 23 October 2017

Making a Headless Android Device

read more

JavaZone 2017

Patricia Aas | 13 September 2017

C++ for Java Developers

read more

We’ve got this!

Patricia Aas | 05 September 2017

This last week has been a harrowing experience for me. I’m an introverted programmer and generally a very private person, and in the space of just a few days I was suddenly in the news, both nationally and internationally. Even though the experience was completely overwhelming, I have rarely been so touched and so grateful.

read more

Making Inclusive Products

Patricia Aas | 17 August 2017

I have spent some time trying to explain the issues around the “Googler memo” lately, and it has made some things clear to me. First of all, most of us want to make the best products we can. We also realise that this means that those products have to work for all kinds of people. The problem is: It has become increasingly clear that we are not doing a great job catering to needs we don’t have ourselves. We are creating products that don’t work on people with dark skin, doesn’t cater to the needs of women, are offensive to...

read more

Linux Security and How Web Browser Sandboxes Really Work

Patricia Aas | 19 June 2017

The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.

read more

Linux Security and How Web Browser Sandboxes Really Work

Patricia Aas | 15 June 2017

The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context. This is the sandbox used in the Vivaldi, Brave, Chrome and Opera browsers among others. The Chromium Sandbox has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox in detail and go through how the Linux implementation fulfills...

read more

Make it Fixable, Living with Risk

Patricia Aas | 10 May 2017

Coming into a code base can be overwhelming. Taking responsibility for the security of a project can be truly terrifying. This talk will describe a set of common scenarios for a project, and how to counteract them. Hopefully, this will help to move your codebase and project to a state where you will be more prepared to handle incoming vulnerability reports. They are down-to-earth everyday scenarios, illustrated by real world software projects and security incidents. Some of the stories are well known, some are anonymized to protect the innocent. Presented at Paranoia 2017

read more

Make it Fixable, Designing for Change

Patricia Aas | 26 January 2017

Our users trust us. They trust that we will protect them and lead them down the right path. Doing that right the first time is practically impossible. From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture for...

read more