Tips For Improving Women's Work Environment

Managers view of Survival Tips For Women In Tech | Patricia Aas | 26 April 2021

After my blog post Survival Tips For Women In Tech surfaced yet again, @e8johan replied “I would love something of a guide to complement the warnings. Like ‘How to manage teams for diversity’”, and in response I posted the thread below, starting with the final one here to keep the thread together.

read more

ASan on Windows in CMake in CLion

Quick Notes | Patricia Aas | 01 December 2020

This post is mostly to future Patricia because she will be very annoyed with me if I don’t write it. As usual she gets no nice fluffy text and so you don’t either. Sorry.

read more

Trying to build an Open Source browser in 2020

Meeting C++ Online 2020 | Patricia Aas | 24 September 2020

A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020.

read more

Trying to build an Open Source browser in 2020

NDC TechTown 2020 | Patricia Aas | 03 September 2020

A lot of things have been developed over the last 15 years that should make the process of making a browser easier. In this talk we will explore a bunch of different tools, platforms and libraries that could go into making a browser in 2020.

read more

Keynote, DevSecOps for Developers, How To Start

European Testing Conference 2020 | Patricia Aas | 07 February 2020

How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?

read more

Thoughts On Learning A New Programming Language

OOP 2020 | Patricia Aas | 05 February 2020

How should we teach a new language to folks that already know how to program? How do we use what we already know to leapfrog the learning process? Based on my personal experience and snippets of natural language theory, we will try to explore the cheats and pitfalls when learning a new programming language, but also dig into how we can make it easier.

read more

Inline Thinking

97 Things Every Java Programmer Should Know | Patricia Aas | 16 January 2020

Computers changed. They changed in many ways, but for the purpose of this text they changed in one significant way: The relative cost of reading from RAM became extremely high.

read more

Everything I Know About Git

Personal Notes | Patricia Aas | 07 November 2019

Ok, fine, I probably know more, and yes, you will probably disagree with some of this, but we both know I wrote this more for me than for you, so you’re welcome :)

read more

Keynote, Embedded Ethics

EuroBSDCon 2019 | Patricia Aas | 21 September 2019

More and more we see technology, both hardware and software, intersect with fundamental issues like privacy, democracy and human rights. The opaqueness of tech makes it a handy instrument of oppression and manipulation. We have taught the population to trust us. We have constructed a world in which they have to exist, with little to no oversight or transparency. We build critical infrastructure on hardware and software that even we cannot audit. How can we wield that responsibility? How do we protect those that speak up? How do we protect the population?

read more

Survival Tips for Women in Tech

JavaZone 2019 | Patricia Aas | 12 September 2019

Being the only woman on your team can be hard. Many times it’s difficult to know what is only your experience and what is common. In this talk we’ll go through 24 tips (and a few bonus tips) based on well over a decade of experience being the only woman in several teams. If you’re a woman hopefully you’ll walk out with some ideas you can put to work right away, if you’re a man hopefully you’ll walk out with a new perspective and start noticing things in your day-to-day that you didn’t notice before.

read more

The Anatomy of an Exploit

NDC TechTown 2019 | Patricia Aas | 05 September 2019

Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through simple exploit attempts, and finally a simple stack buffer overflow exploit, how it’s developed and how it’s used.

read more

Keynote - Elections, Trust and Critical Infrastructure

NDC TechTown 2019 | Patricia Aas | 04 September 2019

Free and correct elections are the linchpin of democracy. For a government to be formed based the will of the people, the will of the people must be heard. Across the world election systems are being classified as critical infrastructure, and they face the same concerns as all other fundamental systems in society.

read more

Building in Docker with CLion

Personal Notes | Patricia Aas | 22 August 2019

This workflow was inspired by the Windows Subsystem for Linux (WSL) workflow described by Jetbrains here.

read more

Trying to learn C#

NDC Oslo 2019 | Patricia Aas | 21 June 2019

Learning a new language is often colored by the language you come from.

read more

The Anatomy of an Exploit

CPPP 2019 | Patricia Aas | 15 June 2019

Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through a simple exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an “attacker”, and to slowly start looking at exploitation as another programming tool. We will mainly be looking at C and x86_64 assembly, so bring snacks.

read more

Why Is Election Security So Hard?

Paranoia 2019 | Patricia Aas | 21 May 2019

What makes the domain and requirements of elections so difficult to solve with computers? In this talk we will go through a lot of the requirements of an election and what motivates them, and show how computers surprisingly often introduce more vulnerabilities than they solve when applied to elections.

read more

The Anatomy of an Exploit

ACCU 2019 | Patricia Aas | 10 April 2019

Security vulnerabilities and secure coding is often talked about in the abstract by programmers, but rarely understood. In this talk we will walk through a simple exploit, how it’s developed and how it’s used. The goal is to try to get a feeling for the point of view of an “attacker”, and to slowly start looking at exploitation as another programming tool. We will mainly be looking at C and x86_64 assembly, so bring snacks.

read more

Reading Other People's Code

NDC Copenhagen 2019 | Patricia Aas | 29 March 2019

Someone else’s code. Even worse, thousands of lines, maybe hundreds of files of other peoples code. Is there a way to methodically read and understand other peoples work, build their mental models?

read more

6 DevSecOps Hacks

FemTech 2019 | Patricia Aas | 27 March 2019

How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture? We will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring.

read more

Simple Meetup Recording Setup

Recording Oslo C++ Users Group Meetups | Patricia Aas | 20 March 2019

About a year ago I sent a DM to Olve Maudal asking if we could revive the Oslo C++ Users Group which had laid dormant for several years. He replied cheerfully: “I think that’s a great idea! You should definitely do that!” True to form I thought: “How hard can it be?” and said “Sure, why not?”

read more

C++ The Principles of Most Surprise

Security Researchers meetup 0x07, February 2019 | Patricia Aas | 25 February 2019

Undefined Behavior and Compiler Optimizations can result in programs that display surprising behavior. In this presentation we look at some examples, and I hope to convince you that you should not reason about Undefined Behavior and that you should take care and use your tools.

read more

Deconstructing Privilege, Keynote

C++ on Sea | Patricia Aas | 04 February 2019

Can you describe a situation that caused you to realize you were privileged?

read more

Reading Other People's Code

NDC London 2019 | Patricia Aas | 30 January 2019

Someone else’s code. Even worse, thousands of lines, maybe hundreds of files of other peoples code. Is there a way to methodically read and understand other peoples work, build their mental models?

read more

DevSecOps for Developers, How To Start

NDC Security 2019 | Patricia Aas | 25 January 2019

How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?

read more

Linux Security APIs and the Chromium Sandbox

NDC Security 2019 | Patricia Aas | 25 January 2019

The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers.

read more

Linux Security APIs and the Chromium Sandbox

BlackHoodie 2018 and OWASP Norway Day 2018 | Patricia Aas | 20 November 2018

The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context in this talk.

read more

Deconstructing Privilege, Keynote

DevOpsDays Oslo 2018 | Patricia Aas | 29 October 2018

Can you describe a situation that caused to realize you were privileged?

read more

Software Vulnerabilities in C and C++

CppCon 2018 | Patricia Aas | 26 September 2018

What does a vulnerability using signed integer overflow look like? Or a stack buffer overflow? How does code like this look and how can we change the way we program to reduce our risk? The first half of this talk will show examples of many different vulnerabilities and describe how these are combined to make the first steps of an exploit. Then we will discuss what kind of programming practices we can employ to reduce the chances of these kinds of bugs creeping into our code.

read more

Make It Fixable

CppCon 2018 | Patricia Aas | 25 September 2018

From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, and an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture of fixability are closely connected, and both need continued refinement and focus. This talk will describe architectural and organizational features that make it easier to make corrective...

read more

Reading Other People's Code

NDC Sydney 2018 | Patricia Aas | 19 September 2018

Someone else’s code. Even worse, thousands of lines, maybe hundreds of files of other peoples code. Is there a way to methodically read and understand other peoples work, build their mental models? In this talk I will go through techniques I have developed throughout 18 years of programming. Hopefully you will walk away with a plan on how to approach a new code base. But even more I hope you walk away with a feeling of curiosity, wanting to get to know your fellow programmers through their code.

read more

Survival Tips For Women In Tech

Who else is the only woman on their dev team? | Patricia Aas | 06 September 2018

Yesterday I saw a tweet from Erin Fox @erinfoox where she asked a simple question: “Who else is the only woman on their dev team?” When I answered her that I’d been the only woman dev most of my career, she asked me if I had any survival tips, and I wrote her a list of 24 tips. Quite frankly it could easily be 50. I will list the 24 here, with a little more elaboration.

read more

Isolating GPU Access in its Own Process

Composing Using Multiple Processes (NDC TechTown 2018) | Patricia Aas | 30 August 2018

Chromium’s process architecture has graphics access restricted to a separate GPU-process. There are several reasons why this could make sense, three common ones are: Security, Robustness and Dependency Separation.

read more

Linux Security APIs and the Chromium Sandbox

Using Linux APIs to Isolate Processes (NDC TechTown 2018) | Patricia Aas | 30 August 2018

The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.

read more

Why make a browser?

Learning by Doing | Patricia Aas | 13 August 2018

I understand why it might seem odd that the first thing I make is a browser, especially right after leaving a browser company. The logic behind it is a bit convoluted, but bear with me. I have a plan.

read more

Jumping in at the deep end

Learning new things | Patricia Aas | 11 July 2018

I’ve had a secret dream for years of starting my own company. Being my own boss, making something cool and building a great team to do it with. I didn’t tell anyone, but I have mentally refurbished our basement to be a cool office space maybe a hundred times.

read more

Deconstructing Privilege

Being Spared a Hardship (NDC Oslo 2018) | Patricia Aas | 15 June 2018

Can you describe a situation that caused to realize you were privileged? I have asked many people that question now, and what I have learned is that privilege is an Unconscious Incompetence. Being privileged is a non-event. When we become conscious of it we realize that our privileged experience is not applicable to less privileged people. What happens to them does not happen to us. Only when we become Consciously Incompetent do we realize the need to listen. We need to learn. In this talk I hope to make you realize that we all have privilege and to start a...

read more

Secure Programming Practices in C++

NDC Oslo 2018 | Patricia Aas | 14 June 2018

Bjarne Stroustrup, the creator of C++, once said : “C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off.” He has also said : “Within C++, there is a much smaller and cleaner language struggling to get out.” Both are true.

read more

Reading Other People's Code

Web Rebels 2018 | Patricia Aas | 04 June 2018

Someone else’s code. Even worse, thousands of lines, maybe hundreds of files of other peoples code. Is there a way to methodically read and understand other peoples work, build their mental models? In this talk I will go through techniques I have developed throughout 18 years of programming. Hopefully you will walk away with a plan on how to approach a new code base. But even more I hope you walk away with a feeling of curiosity, wanting to get to know your fellow programmers through their code.

read more

Making a Headless Android Device

Embedded Meetup 2018 | Patricia Aas and Johan Herland | 07 May 2018

Making a Headless Android Device

read more

Isolating GPU Access in its Own Process

Foss-North 2018 | Patricia Aas | 23 April 2018

Isolating GPU Access in its Own Process

read more

Make It Fixable

NDC Copenhagen 2018 | Patricia Aas | 16 March 2018

Trying to prepare your project or organization to be able to receive vulnerability reports is a daunting task. And often far more complex and cross disciplinary than one first expects. This talk describes some of the most common challenges and how to counteract them.

read more

C++ for Java Developers

JavaZone Academy 2018 | Patricia Aas | 06 February 2018

C++ for Java Developers

read more

Secure Programming Practices in C++

NDC Security 2018 | Patricia Aas | 24 January 2018

Secure Programming Practices in C++

read more

Make it Fixable, Living with Risk

NDC London 2018 | Patricia Aas | 19 January 2018

Make it Fixable, Living with Risk

read more

C++ for Java Developers

SwedenCpp Meetup 2017 | Patricia Aas | 16 November 2017

C++ for Java Developers

read more

Linux Security APIs and the Chromium Sandbox

SwedenCpp Meetup 2017 | Patricia Aas | 16 November 2017

Linux Security APIs and the Chromium Sandbox

read more

Trust, Elections and Twitter

Fscons 2017 | Patricia Aas | 05 November 2017

Trust, Elections and Twitter

read more

Make It Fixable

Sikkert NOK 2017 | Patricia Aas | 26 October 2017

Make It Fixable

read more

Making a Headless Android Device

NDC TechTown 2017 | Patricia Aas and Johan Herland | 23 October 2017

Making a Headless Android Device

read more

C++ for Java Developers

JavaZone 2017 | Patricia Aas | 13 September 2017

C++ for Java Developers

read more

We’ve got this!

A Thank You to Twitterverse | Patricia Aas | 05 September 2017

This last week has been a harrowing experience for me. I’m an introverted programmer and generally a very private person, and in the space of just a few days I was suddenly in the news, both nationally and internationally. Even though the experience was completely overwhelming, I have rarely been so touched and so grateful.

read more

Making Inclusive Products

The People In The Room | Patricia Aas | 17 August 2017

I have spent some time trying to explain the issues around the “Googler memo” lately, and it has made some things clear to me. First of all, most of us want to make the best products we can. We also realise that this means that those products have to work for all kinds of people. The problem is: It has become increasingly clear that we are not doing a great job catering to needs we don’t have ourselves. We are creating products that don’t work on people with dark skin, doesn’t cater to the needs of women, are offensive to...

read more

Linux Security and How Web Browser Sandboxes Really Work

Security Researchers 2017 | Patricia Aas | 19 June 2017

The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context.

read more

Linux Security and How Web Browser Sandboxes Really Work

NDC Oslo 2017 | Patricia Aas | 15 June 2017

The Linux Security and Isolation APIs have become the basis of some of the most useful features server-side, providing the isolation required for efficient containers. However, these APIs also form the basis of the Chromium Sandbox on Linux, and we will study them in that context. This is the sandbox used in the Vivaldi, Brave, Chrome and Opera browsers among others. The Chromium Sandbox has a very platform specific implementation, using the platform APIs available to construct it. In this talk we will describe the requirements of the Chromium Sandbox in detail and go through how the Linux implementation fulfills...

read more

Make it Fixable, Living with Risk

Paranoia 2017 | Patricia Aas | 10 May 2017

Coming into a code base can be overwhelming. Taking responsibility for the security of a project can be truly terrifying. This talk will describe a set of common scenarios for a project, and how to counteract them. Hopefully, this will help to move your codebase and project to a state where you will be more prepared to handle incoming vulnerability reports. They are down-to-earth everyday scenarios, illustrated by real world software projects and security incidents. Some of the stories are well known, some are anonymized to protect the innocent. Presented at Paranoia 2017

read more

Make it Fixable, Designing for Change

Security Divas 2017 | Patricia Aas | 26 January 2017

Our users trust us. They trust that we will protect them and lead them down the right path. Doing that right the first time is practically impossible. From experience we have learned that almost any surface we expose could have weaknesses. We have to have a plan on how to deal with issues as they arise, an architecture that allows us to correct and protect in products that are already in use. When security is lifted up to the discretion of the user, however, we often fail to inform their decision properly. The usability of security and the architecture for...

read more