New year, new updates

I finally got off my butt and decided what to do with this blog and the fifteen years of posts within.  I'm very not trusting of someone else hosting my writing, so I am sticking with BlogEngine, got an update from them, and am (for now) keeping it on Azure.  I have the source code, I know what is happening under the sheets, and I am pleased for the moment. So, time for some updates.


One of my research topics recently has been security in the software supply chain, and I have presented a talk on the topic at BSides Columbus, Hackers Teaching Hackers, and Central Ohio ISSA.  I canNOT find a recording of any of these to save my life, but if I do I'll update here.  

At CodeMash 2024, I gave two talks on wildly divergent topics.  The first, Developing Kids in Tech, is a retrospective on what I have learned about giving children the tools they need to be successful users, producers, or creators of technology.  There is a gist that has, well, the gist of the resources I use.  I also gave a talk on Velid, a privacy centric mobile first network library.  I am on the documentation team; the Cult of the Dead Cow launched the library at DEFCON last year.

The Application Security Podcast had me on recently, and that should be posted soon.  Robert Hurlbut and I chatted about trends in appsec, supply chain stuff, and CodeMash, as one does.


I have been enjoying some long form microblogging using Mastodon over on  You can find me there - although it is something of a replacement for Twitter too, since that place went to shit.  You'll see random pictures of food, my cats, and other social networky kinds of things.  Oh, and yes, my Twitter account is gone.  If someone takes @sempf on X, it isn't me.

I'm writing a custom book for Wiley on the Dark Web.  Custom books are Dummies Books for vendors that do a little teaching and a little selling, and you can pick them up free at cons and such - you probably have a couple laying around from one vendor or another.  I can't say what vendor yet, but the Tor research for the project has been a lot of fun.


Nearly all of my coding has been for clients recently so I can't show a lot off.  I have been spending a lot of time in C# and Python recently, with some dalliance into Rust (for Veilid) and F# (which I keep trying to get good at.)  I'll get my ass back into FOSS eventually.

Other stuff

Been quite a few years, huh?  Meetups have kinda gotten weird, but the Columbus OWASP chapter is back up and running full bore.  Come see us!  I haven't gotten Locksport back up and running at the Idea Foundry yet, maybe that should be a goal for the summer.

I've got a kid at Columbus State Community College now, studying Human Anthropology, so keeping that all up and running has been fun. Colleges are really trying hard to keep up with tech, but with the decision makers in their 50s and the students in their teens (largely) it's a struggle. I've been keeping up with the application security curriculum I helped put together, speaking at the Capstone courses for seniors and whatnot. 

Hope to catch up with more of y'all in the coming year.  More cons, more meetups, more podcasts. Reach out and say hi!