Profile

Cover photo
Jim Hebert
Works at Fitbit
Attended Florida State University
Lives in Emeryville, CA
857 followers|305,758 views
AboutPostsPhotosYouTube+1'sReviews

Stream

Jim Hebert

Shared publicly  - 
1
Jim Hebert's profile photo
 
Wow--that was fun to watch.
Add a comment...

Jim Hebert

Shared publicly  - 
 
Whoever handled Pekka Rinne's headshot for the NHL TV coverage must have a sense of humor, carefully including the Alfalfa hair sticking up. I'd assumed it was an illusion/background speck until the camera panned and the hair stayed put.
2
Add a comment...

Jim Hebert

Shared publicly  - 
 
Is it just me or does the pictured autonomous car look like it ran into something and lost a turn signal light on the right side of the picture (left side of the car)?  ;-)
5
Sparky Bartlett Jewell's profile photo
 
Not just you.
Add a comment...

Jim Hebert

Shared publicly  - 
 
 
Less than 3 months ago, Detroit Red Wings legend Gordie Howe was completely bed-ridden and unresponsive after suffering a major stroke. Today, Mr. Hockey has gone through a remarkable recovery thanks in part to two stem cell treatments. He's back on his feet, even playing some driveway hockey with his great-grandson.

Check out the full story here: http://bit.ly/1B7YoGu
Mr. Hockey is well enough to travel to Saskatoon next month for a dinner in his honor.
1
Chris Harper's profile photo
 
He was a force behind the net glad he feels better
Add a comment...

Jim Hebert

Shared publicly  - 
 
 
You probably shouldn't be using the WhiteHat Aviator browser if you’re concerned about security and privacy.

I want to be clear that I’m very happy people can take Chromium and build something better on top of it. That’s a big part of why Chromium is open source—to encourage community contributions and third-party innovation. And I want to commend WhiteHat on releasing the source to their fork, because that allows more honest discussion and the potential for shared innovations. But I also feel compelled to stress that building a safe browser is a very hard thing to do, which is why Chrome Security has roughly 30 full-time members and Chrome Privacy has another dozen or so themselves—and none of us are ever short on work.

So, with that in mind I want to explain why I was so concerned after a fairly cursory inspection of the Aviator source code release. First, we found that the overwhelming majority of changes were superficial and branding related, but done so in a way that seriously complicates the process of tracking upstream security fixes. That's why Aviator is perennially at least two major releases behind Chrome, and ships with dozens of publicly disclosed vulnerabilities that are already fixed in the stable Chrome release. Had these branding changes been made more carefully, this simply wouldn't be a problem and Aviator would be able to pull upstream changes and benefit from the security work being done by the Chromium Project.

Unfortunately, the story gets worse when you get to the meat of the relatively small number of technical changes in Aviator. +Tavis Ormandy already tweeted one <http://goo.gl/GY5G2Z>, which is the most trivial RCE bug we found yesterday, but it's important to appreciate that wasn't an isolated issue. The added code doesn’t seem to have been written with a sufficient understanding of how Chrome works, or with adequate regard for security. Take this case <http://goo.gl/7wojNk> where explicit debug breaks are disabled for seemingly no reason at all. In Chrome that call is expected to safely terminate sandboxed processes in a whole slew of situations where the process cannot safely recover, but in Aviator all of those cases have now been turned into potentially exploitable vulnerabilities.

After looking at the newly introduced features, it’s also very hard to understand why any of these changes were made so invasively, and at the cost of hindering compatibility with upstream. Because, so far I just don’t see Aviator adding anything that couldn’t be done much more safely and cleanly via the normal extensions APIs, since the bulk of Aviator’s enhancements are actually provided by the already popular Disconnect extension for Chrome <http://goo.gl/IxaUx8>. And the rest of the changes appear to be covered by changing a handful of well-documented <http://goo.gl/eOi72K> default settings. And I should note you can already find detailed reccomendations <http://goo.gl/Uw1Kom> on configuring stock Chrome for the seriously privacy and security concerned user, which strike me as more effective in practice.

In the end, I really hope this criticism is taken constructively, and provides some useful context for people who want to enhance Chrome. I'm always impressed by the size and passion of the Chromium community, and blown away by the number of people who contribute to and build projects on top of our codebase. But at the same time it’s very important that care be taken in those efforts to preserve the safety of end-users, even more so when making such bold claims about security and privacy (particularly given that security is a necessary precondition for privacy). So, it's critical to get the basics right, like following secure coding practices, tracking stable branches for security fixes, and keeping local changes minimally invasive to simplify the maintenance burden.

#chrome   #security  
1
Add a comment...

Jim Hebert

Shared publicly  - 
 
... for my friends who have been following End-to-End:
5
Aaron Roberts's profile photo
 
Waiting for the Chrome Store release for this.  Very interesting work here.
Add a comment...
In his circles
407 people
Have him in circles
857 people
Allan Goltz's profile photo
Sharior Ibrar's profile photo
Nina Callaway's profile photo
mohamed ibnu's profile photo
Ebenezer Darko's profile photo
Tim Clark's profile photo
Gary Eddey's profile photo
khambhampati suresh's profile photo
Harry Morris's profile photo

Jim Hebert

Shared publicly  - 
6
Simon Waddington's profile photoDragos Ruiu's profile photo
2 comments
 
“Dif-tor heh smusma” 
Add a comment...

Jim Hebert

Shared publicly  - 
 
Good write up of how to use SSLKEYLOGFILE on various platforms. https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ 

We added a pretty simple way to flip it on for people running 'test' builds of Chrome OS a while ago. (https://code.google.com/p/chromium/issues/detail?id=214676#c4). I haven't kept up with Chrome OS enough to know if those steps are still accurate almost 3 years later. Oy, where has the time gone?!
Intro Most IT people are somewhat familiar with Wireshark.  It is a traffic analyzer, that helps you learn how networking works, diagnose problems and much more. One of the problems with the way Wi...
4
Add a comment...

Jim Hebert

Shared publicly  - 
 
Oh man.
 
There's a lot of truth in jest. The Jack and Triumph Show premieres February 20 at 11:30p ET.
Watch more: http://asw.im/1MViDK
3 comments on original post
1
Add a comment...

Jim Hebert

Shared publicly  - 
 
A British colleague just let me in on this little secret, after referring to me as Jim Herbert in an email. Oy. You avin' a laugh, mate?
1
Jim “Danger” Hanson's profile photoJim Hebert's profile photoWendy Hebert's profile photo
3 comments
 
But you aren't a idiot either. Oh, you are my child though.
Add a comment...

Jim Hebert

Shared publicly  - 
 
Woah...
FXX set the record for longest TV marathon ever last year with a week and a half straight of The Simpsons, but VH1 Classic is about to top it. The network is preparing to run episodes of Saturday...
12
Mike Pegg's profile photoAndrew Brogdon's profile photo
2 comments
 
Hopefully the Phil Hartman years and the Will Ferrell years will both fall on the weekends. :)
Add a comment...

Jim Hebert

Shared publicly  - 
 
 
Remember, kids: Take any and all identifying info off of your vehicle before trading it in.

#cars   #carnews  +Ford Motor Company  #FordF250   #Syria  
Mark-1 Plumbing in Texas City is getting a lot of frantic calls lately. It’s got nothing to do with plugged drains or leaks—and everything to do with Syrian terrorists, social media, and a cast-off Ford F-250 bearing the small business’s name. As Houston news station KHOU reports, Mark-1’s Jeff Oberholtzer traded in an old F-250 […]
3
Add a comment...
People
In his circles
407 people
Have him in circles
857 people
Allan Goltz's profile photo
Sharior Ibrar's profile photo
Nina Callaway's profile photo
mohamed ibnu's profile photo
Ebenezer Darko's profile photo
Tim Clark's profile photo
Gary Eddey's profile photo
khambhampati suresh's profile photo
Harry Morris's profile photo
Work
Occupation
Senior Security Engineer
Employment
  • Fitbit
    2015 - present
  • 2K
    2014 - 2015
  • Google
    2010 - 2014
  • Adobe
    2002 - 2010
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Emeryville, CA
Previously
Birmingham, MI - Tallahassee, FL - Chico, CA - Paradise, CA - San Jose, CA - San Francisco, CA
Story
Tagline
tl;dr I'm Jim
Introduction
Once upon a time...
Bragging rights
Happy at work; happy at home; can't complain!
Education
  • Florida State University
    Computer Science
  • California State University Chico
    Computer Science
Basic Information
Gender
Male
Relationship
Married
Other names
James
Jim Hebert's +1's are the things they like, agree with, or want to recommend.
Google’s Chromebooks Rule Schools As IDC Pegs Them As Top Sellers In K-12
techcrunch.com

Google's Chrome OS may be a long-term sleeper hit thanks to a growing user population among U.S. students – IDC's new figures for tablets an

Retailer-Backed Apple Pay Rival CurrentC Has Been Hacked, Testers’ Email...
techcrunch.com

MCX (Merchant Customer Exchange), the coalition of retailers including Walmart, Best Buy, Gap and others, who are backing a mobile payments

Adobe Acquires Photo-Editing Platform Aviary | TechCrunch
techcrunch.com

Aviary just announced that it has been acquired by Adobe. For those of you who haven't heard of it, Aviary offers a software development kit

Forget the Google Car, get an S-Class and a Coke
www.roadandtrack.com

Mercedes-Benz owners are one simple (dangerous, and irresponsible) taped soda can away from a semi-autonomous commute. Watch, be amazed, but

House of Cards
plus.google.com

Netflix Original Series HOUSE OF CARDS. All episodes of Season 2 now streaming only on Netflix

Google Is About To Smoke Siri On The iPhone
www.businessinsider.com

Google updated its search app for the iPhone...

Colorado Avalanche forward Cody McLeod faces in-person hearing
www.nhl.com

Colorado Avalanche forward Cody McLeod faces in-person supplementary discipline hearing for hit of Niklas Kronwall of the Detroit Red Wings

St. Louis Blues' Maxim Lapierre suspended five games for boarding
www.nhl.com

Blues forward Maxim Lapierre has been suspended for five games, without pay, for boarding Sharks defenseman Dan Boyle.

Wille Nelson "Far Away Places" Featuring Sheryl Crow - Exclusive Track P...
teamcoco.com

You heard it here first: Willie &amp; Sheryl Crow sing a duet.

Chromium Blog: Security rewards at Google: Two MEEELLION Dollars Later
blog.chromium.org

[Cross-posted from the Google Online Security Blog] One of Google's core security principles is to engage the community, to better protect o

Police Responding to Shooting in San Francisco
www.nbcbayarea.com

Emergency crews are responding to a report of multiple shooting victims near the REI store at 7th and Brannan streets in San Francisco.

Introducing Project Loon: Balloon-powered Internet access
googleblog.blogspot.com

The Internet is one of the most transformative technologies of our lifetimes. But for 2 out of every 3 people on earth, a fast, affordable I

I sold my Viper, but the memories I'll keep
www.autoblog.com

Automotive public relations guru Tom Kowaleski recounts the genesis of the Dodge Viper program as he says goodbye to his own car.

FULL EPISODE: Maron – Dead Possum
www.ifc.com

While Denis Leary is on the podcast, Marc's manhood is put into question. This fuels Marc to tackle a home improvement problem with the help

Very tasty, great atmosphere, and they're very good about their food prep when you tell them you have a peanut allergy. Highly recommended.
Public - 9 months ago
reviewed 9 months ago
I cannot say enough good things about Elaina's massage work. She's incredibly knowledgeable and professional. Her work is the most effective massage I've ever had. She's very thoughtful about things like how much pressure to apply, and takes the time to understand your overall health care situation to tailor her work to best meet your individual needs. If you're skeptical about massage like I've been in the past, Elaina may just change your mind, she certainly changed mine.
• • •
Public - 9 months ago
reviewed 9 months ago
After past dissatisfying experiences, Walnut Creek Toyota sent us a "please come back, give us another chance" email containing a coupon for a free oil change. We scheduled an appointment for the oil change over the phone, during which we got an obnoxious high pressure sell to pay for various other service. We declined that and insisted they live up to the offer to provide the free oil change. That weekend, we set the alarm clock on a Sunday morning, and headed up the freeway before eating breakfast. We arrived on time, but were surprised to learn that this appointment meant very little, as the car would have to be left *all day*. I have little doubt that once they got the car up on the lift, with me trapped, I was going to hear more about what I needed to pay them to fix. Needless to say, I left immediately, with my car and without the oil change. I didn't make an appointment so that I could be on standby all day for a 20 minute operation. I'd rather pay someone else than let these guys work on my car for free. They got their second chance from me and they blew it again.
• • •
Public - 2 years ago
reviewed 2 years ago
Awesome food with an awesome view. We came back for a second visit on our short 6 days on the island because it was so good. Try the fish n chips or have a small Caesar with the Vegas Roll. Can't go wrong here.
Atmosphere: Very GoodDecor: Very GoodService: Excellent
Public - 2 years ago
reviewed 2 years ago
14 reviews
Map
Map
Map
I cannot say enough good things about Elaina's massage work. She's incredibly knowledgeable and professional. Her work is the most effective massage I've ever had. She's very thoughtful about things like how much pressure to apply, and takes the time to understand your overall health care situation to tailor her work to best meet your individual needs. If you're skeptical about massage like I've been in the past, Elaina may just change your mind, she certainly changed mine.
• • •
Public - 10 months ago
reviewed 10 months ago
Awesome chicken salad. Good falafel wrap. The hibiscus iced tea was the best we've ever had and the iced coffee was a solid offering as well. Prices on par for the island, I don't know what the other reviewers are moaning about.
Food: Very GoodDecor: Poor - FairService: Good
Public - 2 years ago
reviewed 2 years ago
My partner and I loved absolutely everything about dining here. We were seated and always attended to promptly by friendly staff. We love that everything comes a la carte and comes to the table as it's ready. It meant we started to get food almost right away, very helpful when we arrive hungry. It also encouraged us to order several things, share everything, and experience more of the amazing flavors this place has to offer. Hi-lights included a delicious mushroom-lobster appetizer, plank-cooked salmon, sushi rolls, and their sangria. The desert menu looked delicious and will be just-right for a night when the mood calls for high end desert fare. Or if it's not a "special occasion" kind of a night, do what we did: head across the street to Ben & Jerry's for ice cream, and enjoy it along the water's edge in the fading summer evening sunlight. Not only is Yoshi's great food, but thanks to the location, you can put together a nice evening around it, with easy parking, and after-dinner entertainment options from the waterfront to the theater to Yoshi's jazz club. Highly recommended, we'll be back!
• • •
Food: ExcellentDecor: Very GoodService: Excellent
Public - 2 years ago
reviewed 2 years ago