Profile

Cover photo
Jim Hebert
Works at Fitbit
Attended Florida State University
Lives in Emeryville, CA
876 followers|312,091 views
AboutPostsYouTube

Stream

Jim Hebert

Shared publicly  - 
1
Jim Hebert's profile photo
 
Wow--that was fun to watch.
Add a comment...

Jim Hebert

Shared publicly  - 
 
Whoever handled Pekka Rinne's headshot for the NHL TV coverage must have a sense of humor, carefully including the Alfalfa hair sticking up. I'd assumed it was an illusion/background speck until the camera panned and the hair stayed put.
2
Add a comment...

Jim Hebert

Shared publicly  - 
 
Is it just me or does the pictured autonomous car look like it ran into something and lost a turn signal light on the right side of the picture (left side of the car)?  ;-)
5
Sparky Bartlett Jewell's profile photo
 
Not just you.
Add a comment...

Jim Hebert

Shared publicly  - 
 
 
Less than 3 months ago, Detroit Red Wings legend Gordie Howe was completely bed-ridden and unresponsive after suffering a major stroke. Today, Mr. Hockey has gone through a remarkable recovery thanks in part to two stem cell treatments. He's back on his feet, even playing some driveway hockey with his great-grandson.

Check out the full story here: http://bit.ly/1B7YoGu
Mr. Hockey is well enough to travel to Saskatoon next month for a dinner in his honor.
1
Chris Harper's profile photo
 
He was a force behind the net glad he feels better
Add a comment...

Jim Hebert

Shared publicly  - 
 
 
You probably shouldn't be using the WhiteHat Aviator browser if you’re concerned about security and privacy.

I want to be clear that I’m very happy people can take Chromium and build something better on top of it. That’s a big part of why Chromium is open source—to encourage community contributions and third-party innovation. And I want to commend WhiteHat on releasing the source to their fork, because that allows more honest discussion and the potential for shared innovations. But I also feel compelled to stress that building a safe browser is a very hard thing to do, which is why Chrome Security has roughly 30 full-time members and Chrome Privacy has another dozen or so themselves—and none of us are ever short on work.

So, with that in mind I want to explain why I was so concerned after a fairly cursory inspection of the Aviator source code release. First, we found that the overwhelming majority of changes were superficial and branding related, but done so in a way that seriously complicates the process of tracking upstream security fixes. That's why Aviator is perennially at least two major releases behind Chrome, and ships with dozens of publicly disclosed vulnerabilities that are already fixed in the stable Chrome release. Had these branding changes been made more carefully, this simply wouldn't be a problem and Aviator would be able to pull upstream changes and benefit from the security work being done by the Chromium Project.

Unfortunately, the story gets worse when you get to the meat of the relatively small number of technical changes in Aviator. +Tavis Ormandy already tweeted one <http://goo.gl/GY5G2Z>, which is the most trivial RCE bug we found yesterday, but it's important to appreciate that wasn't an isolated issue. The added code doesn’t seem to have been written with a sufficient understanding of how Chrome works, or with adequate regard for security. Take this case <http://goo.gl/7wojNk> where explicit debug breaks are disabled for seemingly no reason at all. In Chrome that call is expected to safely terminate sandboxed processes in a whole slew of situations where the process cannot safely recover, but in Aviator all of those cases have now been turned into potentially exploitable vulnerabilities.

After looking at the newly introduced features, it’s also very hard to understand why any of these changes were made so invasively, and at the cost of hindering compatibility with upstream. Because, so far I just don’t see Aviator adding anything that couldn’t be done much more safely and cleanly via the normal extensions APIs, since the bulk of Aviator’s enhancements are actually provided by the already popular Disconnect extension for Chrome <http://goo.gl/IxaUx8>. And the rest of the changes appear to be covered by changing a handful of well-documented <http://goo.gl/eOi72K> default settings. And I should note you can already find detailed reccomendations <http://goo.gl/Uw1Kom> on configuring stock Chrome for the seriously privacy and security concerned user, which strike me as more effective in practice.

In the end, I really hope this criticism is taken constructively, and provides some useful context for people who want to enhance Chrome. I'm always impressed by the size and passion of the Chromium community, and blown away by the number of people who contribute to and build projects on top of our codebase. But at the same time it’s very important that care be taken in those efforts to preserve the safety of end-users, even more so when making such bold claims about security and privacy (particularly given that security is a necessary precondition for privacy). So, it's critical to get the basics right, like following secure coding practices, tracking stable branches for security fixes, and keeping local changes minimally invasive to simplify the maintenance burden.

#chrome   #security  
1
Add a comment...

Jim Hebert

Shared publicly  - 
 
... for my friends who have been following End-to-End:
5
Aaron Roberts's profile photo
 
Waiting for the Chrome Store release for this.  Very interesting work here.
Add a comment...
In his circles
405 people
Have him in circles
876 people
Sumit Gwalani's profile photo
Stuart Wetton's profile photo
Alex Golding - New Album: "Don't Hide Your Love"'s profile photo
Ebenezer Darko's profile photo
michael jogn's profile photo
Mike McElroy's profile photo
Malaz Mohammad's profile photo
Ellen Howard's profile photo
Kristina Tevil's profile photo

Jim Hebert

Shared publicly  - 
6
Simon Waddington's profile photoDragos Ruiu's profile photo
2 comments
 
“Dif-tor heh smusma” 
Add a comment...

Jim Hebert

Shared publicly  - 
 
Good write up of how to use SSLKEYLOGFILE on various platforms. https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ 

We added a pretty simple way to flip it on for people running 'test' builds of Chrome OS a while ago. (https://code.google.com/p/chromium/issues/detail?id=214676#c4). I haven't kept up with Chrome OS enough to know if those steps are still accurate almost 3 years later. Oy, where has the time gone?!
Intro Most IT people are somewhat familiar with Wireshark.  It is a traffic analyzer, that helps you learn how networking works, diagnose problems and much more. One of the problems with the way Wi...
4
Add a comment...

Jim Hebert

Shared publicly  - 
 
Oh man.
 
There's a lot of truth in jest. The Jack and Triumph Show premieres February 20 at 11:30p ET.
Watch more: http://asw.im/1MViDK
3 comments on original post
1
Add a comment...

Jim Hebert

Shared publicly  - 
 
A British colleague just let me in on this little secret, after referring to me as Jim Herbert in an email. Oy. You avin' a laugh, mate?
1
Jim “Danger” Hanson's profile photoJim Hebert's profile photoWendy Hebert's profile photo
3 comments
 
But you aren't a idiot either. Oh, you are my child though.
Add a comment...

Jim Hebert

Shared publicly  - 
 
Woah...
FXX set the record for longest TV marathon ever last year with a week and a half straight of The Simpsons, but VH1 Classic is about to top it. The network is preparing to run episodes of Saturday...
12
Mike Pegg's profile photoAndrew Brogdon's profile photo
2 comments
 
Hopefully the Phil Hartman years and the Will Ferrell years will both fall on the weekends. :)
Add a comment...

Jim Hebert

Shared publicly  - 
 
 
Remember, kids: Take any and all identifying info off of your vehicle before trading it in.

#cars   #carnews  +Ford Motor Company  #FordF250   #Syria  
Mark-1 Plumbing in Texas City is getting a lot of frantic calls lately. It’s got nothing to do with plugged drains or leaks—and everything to do with Syrian terrorists, social media, and a cast-off Ford F-250 bearing the small business’s name. As Houston news station KHOU reports, Mark-1’s Jeff Oberholtzer traded in an old F-250 […]
3
Add a comment...
People
In his circles
405 people
Have him in circles
876 people
Sumit Gwalani's profile photo
Stuart Wetton's profile photo
Alex Golding - New Album: "Don't Hide Your Love"'s profile photo
Ebenezer Darko's profile photo
michael jogn's profile photo
Mike McElroy's profile photo
Malaz Mohammad's profile photo
Ellen Howard's profile photo
Kristina Tevil's profile photo
Work
Occupation
Senior Security Engineer
Employment
  • Fitbit
    2015 - present
  • 2K
    2014 - 2015
  • Google
    2010 - 2014
  • Adobe
    2002 - 2010
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Emeryville, CA
Previously
Birmingham, MI - Tallahassee, FL - Chico, CA - Paradise, CA - San Jose, CA - San Francisco, CA
Story
Tagline
tl;dr I'm Jim
Introduction
Once upon a time...
Bragging rights
Happy at work; happy at home; can't complain!
Education
  • Florida State University
    Computer Science
  • California State University Chico
    Computer Science
Basic Information
Gender
Male
Relationship
Married
Other names
James