Reading my 2024 retrospective was a little depressing, yet I’m happy to report that despite this year having its challenges, they were nothing like last year. What an amazing way to feel gratitude… remembering the things you’ve gone through and seeing that sometimes what you’re going through now isn’t nearly as tough as some of the stuff you’ve gone through in the past. In a number of ways, this year was great and definitely better than last year.
From a travel perspective, this year was pretty busy but felt lighter than last year. In February I was in both Las Vegas and Raleigh, and in March I was in Washington and for the second time brought my wife with me on a work trip and we had a lot of fun. In April I was back in Raleigh for VulnCon which is probably the best security conference I’ve ever gone to. In May it was Boston for Red Hat Summit. In June I was in Brno again for DevConf, the first time I’d ever been and it was great. In July I was in NYC again (this time not on Times Square!), and in August I was back in Boston. September we were able to spend two weeks in Jasper, but not at the cabins we typically stayed at as they were rebuilding. It was both beautiful and sombre, seeing all the devastation from the fires in 2024. In October I was in Brno again, and also went to Toronto for a customer meeting (interestingly, despite traveling through Toronto all the time, this was only my second time ever actually being in the city outside of the airport). And then finally in November, I was in Atlanta for KubeCon and the OpenSSF security day.
Still quite a bit of travel, but not quite as much as last year which was definitely appreciated.
From a work perspective, this year was a little crazy. Shortly after VulnCon, the funding for CVE fell apart. That created a lot of drama in the industry but ultimately nothing changed. CISA resumed funding and things moved on. I don’t know how much has changed from a CVE program perspective, and none of the alternatives really panned out. We’ll see what the future holds here, because I believe there is more drama yet to be had. A significant focus this year was on Post Quantum Cryptography (PQC) and the EU Cyber Resilience Act (CRA). These are very big, tough things to solve and we’ve been pretty heads-down on how to solve them as manufacturers and stewards, meeting PQC timelines imposed by NIST, and ensuring we represent open source well in all of these areas. Did a few interviews and talks, including part of the Red Hat Summit Community Day keynote which was pretty awesome (side note, I totally forgot to find or listen to my appearance on the Ask Noah podcast, which I updated the old blog post to link to and of course am linking here).
I started my own podcast this year Security Unscripted which was fun but also hard and time consuming — everything was done by me. I put out 11 episodes this year, I’m hoping to pick it up again next year. It had a reasonable amount of views, not amazing, but enough that I’m willing to keep doing it, at least for another year. I was also recording episodes for the current season of Compiler and we put out the first episode but then paused it and that’ll start again in January.
We were also involved in handling the breach that made the news (I’ll leave it as an exercise to the reader to find out more). Suffice it to say, that consumed a lot of time and was quite stressful as well.
On the personal side, a lot of marriage counseling this year. I’m grateful that people are concerned about their marriages and want to seek help to fix them. So many people suffer in silence or just throw in the towel, so those who are willing to put in the work to rebuild their marriages — I’m so proud of them. It’s incredibly hard for my wife and I, as many of these are people we know socially (with the dissolution of NAME Canada with the passing of the founders, we now just perform our marriage counseling through our church), but it’s also profoundly worthwhile. It doesn’t always turn around — after all, my wife and I can’t fix the marriage, all we can do is offer advice and counsel — especially when people are waiting so long to seek help. They’re basically looking for a “hail Mary” but aren’t willing to put in the work because that desire is no longer there. I love it when we can just offer a course correction on the ship of life, a few degrees to get back on course, rather than try to do a 180 and head in a completely different direction. It’s so hard to change course when you have to make such a radical shift, especially when it feels like you’re on a sinking Titanic. All that said, despite how difficult it can be at times, I love doing marriage counseling. It’s so humbling to be trusted by those who are hurting and to be able to help them.
We also got a new kitten, Po. He’s a tuxedo cat, so we named him Po after the Kung Fu Panda. Little did we know how apt that name would be. He’s six or seven months old now and is a complete beast. Poor Stuart, our ragdoll, is being abused by this little guy. We’ll wake up in the morning and it looks like sheep were sheared all over the couch. He’s like the reincarnation of my daughter’s cat, Herbert, in that he’s always going after my Lego. I love him when he’s sleeping and sometimes I just… can’t… when he’s awake. I keep thinking he’ll slow down, but then I look at Herbert and literally don’t know (he’s five now and still naughty!). Hopefully he stops shearing Stuart so much, poor guy.
I’ve spent more time “coding” this year than most years in quite a while and I’m air-quoting because I’m heavily using Cursor, and little bit of Claude Code. I’ve written a number of applications for work and home (some of which I noted recently in another blog post). Some were quite whacky — very heavy javascript that if anything breaks I literally need Cursor to fix it; I am hopelessly useless with javascript. So I tell it to create things with languages and frameworks that I’m used to such that I can fix or change things without requiring AI. Compared to last year, these AI tools are shockingly good. I’m using a lot of Google Gemini as well to help with a variety of things (like when I accidentally disconnected the drainage hose from my dishwasher the other day, it helpfully told me what not to do and helpfully found me some places to call to get it fixed 😉). While I still have an innate distrust for AI in the sense that I wouldn’t exclusively use or rely on it without any kind validation, I am finding it very invaluable as an assistant (and some applications that are for personal use only, it’s doing most of the heavy lifting).
Additionally, I finally figured out containers. Not from a security perspective (I’ve talked about that quite often in public and to customers) but in a use-them-for-myself kind of way. I covered that quite a bit in some recent blogs, especially Gitea container registry with podman. I feel like a new person learning old skills! 🤣 But honestly, wow, this makes life easier for some things for sure. I also switched from using PythonAnywhere to Heroku. We’ll see if the cost is the same (it’s for my VEX demo application, nothing major) but I needed something that would use ASGI instead of WSGI. While I’ve appreciated PythonAnywhere for the last number of years, I can honestly say that Heroku is easier and faster. It remains to be seen if it will be as inexpensive.
All in all, this year was pretty decent. We had the gas lines in the neighborhood replaced this year, which meant a lot of digging and construction for a few months. It also meant mice were displaced and those little buggers figured out a way in. It makes me think of the Secret of NIMH book/movie where the mice had to relocate due to a farmer digging up the field. Well, some of them relocated into the house… again! In the spring I’m going crack hunting to fill them all so we never have to deal with them again. And hopefully there won’t be much more construction around here, although I’m being told that finally we’re getting fibre next year — all of our telephone lines are overhead so hopefully it won’t be too disruptive.
Last year for Christmas the girls got me a bunch of books. I’ve read about half of them so far, and got distracted with re-reading Terry Goodkind because I needed something small enough to pack for my trips and what they got me were all either 1000+ pages or big trade paperbacks that are hard to fit in the backpack. I did buy the Brandon Sanderson Wind and Truth book as I enjoyed the prior novels in the Stormlight Archive but this one was just.. meh. I don’t normally quit books unless they’re really bad, but this one had a different writing style than the prior books, and I found it unappealingly woke. So I got to around ~200 pages and gave up on it. It was not the enjoyable read I’ve become accustomed to from him. I actually just googled it and it appears I’m not the only one who feels this way. Oh well, lots of other books to read I guess. And the girls properly spoiled me again this year, but only two books from the Oatmeal so those are definitely fun reads.
Well, as we came to the end of the year, things took a different turn. The weather got pretty atrocious, from freezing rain to over two feet of snow and whiteout conditions (driving an hour in the snow back from Christmas at my brother’s, half of it in whiteout conditions was a lot of “fun”, so was shoveling all the snow and wrecking my back). I think this is the most snow we’ve had in December in quite a few years. Sadly, a good friend of my daughter’s also took his life on Christmas Eve so it was a quieter Christmas. Aside from that tragedy it was overall good, which I think was a good distraction, but I just feel so terrible for the friends and family that are affected. It’s a hard reminder that things can feel great for one, and others around them can be hurting in truly unspeakable ways. I don’t take anything for granted, and even when things are hard I know there are others who have it harder. Counting blessings and cultivating that attitude of gratitude are two ways I try to stay grounded.
Books read
These are the books I read this year:
- The Pilgrim’s Progress, John Bunyan
- Gai-Jin, James Clavell
- The Shadow of the Gods, John Gwynne
- The Voice Bible
- The Hunger of the Gods, John Gwynne
- Dragons of Deceit, Margaret Weis & Tracy Hickman
- Dragons of Eternity, Margaret Weis & Tracy Hickman
- Dragons of Fate, Margaret Weis & Tracy Hickman
- Wizard’s First Rule, Terry Goodkind
- The Fury of the Gods, John Gwynne
- Stone of Tears, Terry Goodkind
- The Call to Climb, James Robbins (this is a great book and highly recommended!)
Games played
There were some fantastic games this year. I especially enjoyed Black Myth Wukong and I believe they’re making another so I’m very much looking forward to it. The last boss (I think he’s the last?) is ridiculously hard so I never actually finished the game. I did spend the last few months continuing playing Nioh 2 once I heard the third one will be coming out (pre-ordered!). I wish I knew why it’s telling my I’m only 96% done the game; I’ve finished every difficulty, have all the trophies, and am level 750 with a focus level of 495 (your main level can only go up to 750, but you can get additional focus levels up to 1000 for increasing specific stats). I think I have to finish every single mission on every difficulty, which I’ve not done, so I’ll probably spend the next two months grinding my way through them so I can get that elusive 100% (fingers crossed).
- Wo Long: Fallen Dynasty
- Black Myth Wukong
- Elder Scrolls 4: Oblivion (remaster)
- Nioh 2 (_again, this game is so good!)
- The Last of Us (game was decent but lost my interest after a few weeks)
- Mortal Kombat 1
Well, to anyone who’s read this, I hope you’ve had a wonderful Christmas and have an amazing new year and a very prosperous 2026!