Today is the third birthday of this notebook and, by the convention I have established, also the day I write a short reflective post.
The first one was an explicit launch of the experiment. The second was a midpoint check-in. The third — last week — was the more substantive end-of-year post. This one is briefer.
Three years of writing has produced something I am at peace with. The discipline is established; the audience is small but committed; the topic continues to expand faster than I do.
What is different about this year
My predictions discipline is more rigorous — explicit probabilities, deadlines, scoring at the deadline. The first quarter will tell me how this works in practice.
My community engagement is wider — at least four conferences planned, possibly speaking at one. The notebook-in-isolation pattern was sustainable but was leaving value on the table.
My internal-defence focus is stronger. Last year was dominated by perimeter security and DDoS; this year I want to write more about what happens after compromise — lateral movement, detection-after-incident, response process.
My honeypot deployment will expand. The Honeynet tooling is now operational; the Sebek module is on my list for the next month. By midyear I want to be running across a small range of IPs.
What is the same
The weekly cadence. The British English. The internal links to past posts. The calibrated humility discipline. The willingness to be wrong publicly and explain it.
More in a week. The first technical post of 2001 is going to be on a Linux worm called Ramen that has been making the rounds.