I’m Spencer. This is my site where I post things about stuff. You probably came to this site either looking for an answer to a question or looking for me. If you were looking for an answer I hope you found one. If you were looking for me I’m not here right now, leave a message. I encourage you to comment in my blog, respond in your own blog with trackbacks and pingbacks, or send me an email using the link to follow or in the footer of each page.

• More info about me, Spencer.
• Personally.
• Professionally.
• Professional Resources (patents, papers, etc).
• Email me, Spencer.
• More info about the server you’re visiting now.
• Hardware.
• Software.
• Security.

Meanderings About Me

Personally

I’m Spencer Shimko. This is my site and server. Most of the time I’m off doing other things. I enjoy music, games (board and video), cars, and new gadgets. I’m not real big on watching TV but I pay for FiOS anyways. I do not enjoy long walks on the beach. I enjoy debating about pretty much anything. I’m not always right. I keep forgetting about hobbies I really enjoy like making music and the visualization project I’ve been meaning to start for years. I know I have the time for these things but I just can’t remember where I put it. I’m color blind (Deuteranopia or strong Deuteranomalia). I love being challenged intellectually. I’m interested in anything to do with computer security and that spills over into my job. What really surprises me is how little I know about the things I know the most about.

I live and work in Columbia, Maryland, in the US. This is a great place to live – somewhere in between DC and Baltimore. Baltimore is a friendly, working-class town while DC isn’t a terrible place to visit. When you need to leave there are three international airports within a one hour drive. The Inner-Harbor and the Smithsonian are just two examples of the great places that you seem to forget about when you live here. The photo of me above is a quick iPhone shot taken while I was driving across the Chesapeake Bay Bridge to the Eastern Shore.

Instead of boring you with my technical background here I’ll just say I’m a geek. If you aren’t the rest of this page might be a bore. There, you’ve been warned.

Professionally

Went to college. Graduated. Got a job in computer security field. Researched and developed. Moved to OS X on the desktop a few years back. Love it and no plans to change. Still run Linux on my server(s) – love it, no plans to change. Run whole lotsa (SE)Linux for work.

I am working on my fifth year at Tresys Technology. We do open source security. This is where SELinux plays a big role. I do all sorts of things like research, security architecture development, security consulting (?), technical writing, and some technical sales to keep me sociable.

Working in a small company offers great role flexibility and has exposed me to amazing variety of tasks. Wearing a developer hat it is all to easy to get lost in the black and white that is computer security (allow/deny). Thankfully, some of the tasks remind me regularly that it isn’t always “the secure way or no way.” Functionality is critical.

Some things I’ve been participating in at Tresys:

• Cross-Domain Collaborative Information Environment (CDCIE)
• CDS Framework
• Certifiable Linux Integration Platform
• Secure Inter-Process Communication Library
• Razor for DB2 and WebSphere
• VM Fortress – Virtualization Security

I will post about things I am interested in here. Some of this may be on the subject of computer security in which I have both a personal and professional interest. Keep in mind that it is my personal site. It is not endorsed, sanctioned, reviewed, or enjoyed by my employer. If you’re a moron little slow and can’t tell, these thoughts are my own, not my employers. I don’t run these posts by my employer. I will never work somewhere that required pre-pub review for personal interest blog entries. If you’re going to respond to a post or rant that appears here take that into account.

Professional Resources

I’m starting to gather my professional references and resources here. I’ll start pulling in papers, presentations, etc as time goes.

• Patent describing a method for creating and managing co-operative Mandatory Access Control policies in network environments.
• Patent describing a method of constructing a secure Inter-Process Communications channel using Mandatory Access Control.
• Two additional patents in the field of mandatory access control have been submitted and are pending public release from the USPTO. I’ll post a link when they reach that phase.

Meanderings About The Server

Hardware

The hardware hosting this site is a Macbook Pro with 4GB of RAM and a 2.33Ghz C2D.

The same system also functions as a media center and is hooked up to my Panasonic 1080p plasma using a DVI->HDMI convertor and digital audio goes to my Pioneer Elite receiver. I use Plex as my media center app.

The Internet connection is FiOS 20M down, 5M up.

Software

The Macbook Pro hosting this site is my media server running OS X (>=10.6.2). In addition there is a CentOS 5 (>=5.4) virtual machine running in VMware Fusion. This website is being served from that virtual machine.

The CentOS install is hand trimmed and fully patched (probably). The services running include Postfix, Amavisd-new (Spamassassin, ClamAV), Cyrus IMAP, Apache, MySQL, and BIND. Other applications of interest include Wordpress.