Notices by Adam Caudill (adam_caudill@infosec.exchange)

One of the most brilliant and talented women I've ever known once shared a story with me that absolutely shocked me, a story that I think should be heard.

She was hired as a software engineer at NASA, her dream job. Honestly, a dream job for many- it would have bee a dream job for me, before I moved to security. Writing software for spacecraft has to be one of the coolest and yet most demanding jobs in the industry. Yet, her joy was quickly gone, and her spirit deflated.

She was consistently assigned menial, even pointless tasks. Mere busywork at times. Work far below her ability. Work that never gave her the opportunity to show what she was capable of. It didn't take long to find out why.

You see, not long after she was hired, her manager made it clear that he saw women's place as being at home and raising kids. If he was so against women working, why did he hire her? He had a problem, his male engineers had a habit of moving out of the area for higher paying jobs in the private sector. So he started hiring single women in hopes that they'd marry his male engineers, and keep them from moving away.

She had put in a tremendous amount of effort to establish her technical skills, her ability to solve the hardest problems, to prove herself as worthy of one of the most coveted roles in the public sector, to be able to work on cutting edge science and exploration. To her manager, none of that mattered. She was young, single, and he wanted someone that would tie his other engineers to that city. That's all she was to him.

He stated all of that plainly and clearly. He didn't care how smart she was, he didn't care how talented she was. He didn't care what she was capable of. All he wanted was for her to was to meet one of his male engineers, get married, and quit to raise kids.

I was fortunate enough to work with her and see her talent unleashed. I was lucky enough to see what she was truly capable of, and it was a lot. She would have been that manager's best engineer, if he'd given her the chance - if he'd seen her as something other than a means to tie down one of the men he'd hired.

His demeaning and sexist views robbed her of the career at NASA that she dreamed of, and robbed NASA of a brilliant engineer.

At this point, you may be asking why I'm sharing her story, a story that I don't believe was ever shared publicly, instead of her sharing it. Because of one of the other places that women have to fight to be heard: the doctor's office.

She knew something was wrong, she knew something had changed, she was dealing with symptoms of something, but had no idea what it was. Her doctor said it was a minor infection. As treatments failed, she went to a different doctor for a second opinion. Same answer. As the symptoms got worse, she went to more doctors, all said the same thing, Finally, half a dozen doctors later, she found one that was willing to perform even the most basic of medical tests.

It took only a few days to confirm the diagnosis: cancer. It would have been easily treated if diagnosed early, but had already progressed to stage 4. There was no effective treatment.

Because of a sexist manager, NASA lost a fantastic engineer, though the security community gained one of the most brilliant minds in application security that I've ever encountered. Because of doctors that don't listen to women, we all lost her.

(I won't mention her name, as she greatly appreciated privacy in life, though this story should be told and remembered. If you knew her, you're well aware of what a truly amazing person she was, not only as a remarkable talent, but a fiercely loyal friend. I was truly lucky to have her as a friend, and while she's been gone for a few years now, I still mourn losing her.)

I wonder how many people make a point to say please and are otherwise polite to AI bots, just to avoid getting into the habit of making demands when asking for something.

Or is that just a me thing?

As people are discussing the issues witth DDoS attacks and attribution, I’m reminded of how the US Government blamed Russia for a DDoS attack against one of their neighbors, which is more accurately (though very indirectly) blamed on me.

Many years ago I complained in an IRC channel about a small website that ripped off the design of one of my sites. A somewhat shady member of that channel happened to control a sizable botnet (with primarily RU IPs). Yep. You see where this is going. (To be clear, I was venting, and didn’t ask him or anyone else to do anything.)

He thought it would be funny to get a little revenge on my behalf. He aimed his entire botnet at that website, and hit the network with so much traffic that it didn’t take down the target server, instead it saturated the core network gear for the country’s main ISP, knocking most of the country offline for several hours.

By pure coincidence, said small Eastern European country was holding national elections the day I complained about the website, something I didn’t discover until years later.

Even the US Government, with all their resources, can’t always tell the difference between a state-backed attack and a teenager “having fun” with a botnet.