Ford Powers

Hello! My name is Ford Powers.

I'm a cybersecurity engineer by education, a software developer by experience, and a tech enthusiast by nature.

I grew up with a love of technology and an insatiable curiosity of how to break things. This quickly led me to The Dark Arts™ of information assurance and cybersecurity.

Cybersecurity

What originally got me into information assurance wasn't attending a conference or reading some hackernews article, it was born out of my love of the cyberpunk genre and characters like the Technomancer.

I focused that curiosity and when I was 16 I began studying Cybersecurity at Columbia Basin College. While still in college I landed a full-time internship at Pacific Northwest National Laboratory assisting an automated software testing team.

In December of 2020 I received my Bachelor's of Applied Science in cybersecurity, and graduated cum laude. Shortly after, I was hired on as a Cybersecurity Engineer at PNNL.

Software

From day one I was writing all kinds of software testing suites to aid in managing a massive application quality assurance effort. Including traditional scripting suites like Selenium Webdriver, some newer stuff in Testng and Cypress, and a lot of Jest unit tests too.

This gave me a really solid appreciation for the artistry of software development. I was able to use my education to inject security in the applications we were building: naturally, this led me down the directed path of software development security.

And that's where I've been ever since! I never lost my love (or skills!) for making applications. Go check out my projects to see what I'm coding/brewing/thinking up.

Tech

Last but not least, I'm a die-hard techie. My interest in the hacker community has led me down some fun paths (check out my blog & projects for some examples).

Some deep dives I've gone on:

  • 3D printing (and 3D printer fabrication/customization)
  • Arduino programming and embedded systems design
  • Portable Raspberry Pi setups (including the infamous Pwnagotchi)
  • PC building and assembly
  • Ethereum development and blockchain programming
  • HVAC custom system creation using excess mining rig heat

Here are some projects! One of my many hobbies Hacking (creating), hacking (destroying), hacking (literally, like with an axe), hiking (not to be confused with hacking), and videography. includes videography, so I've included any that I'm proud of.

Modern Web Testing

A few years ago I started my software journey as a quality assurance intern assisting a development team. At the time, we used many older industry tools to automate our quality checks, namely Selenium Webdriver via Java.

Fast forward a few years, and now as an older and wiser web developer the task of finding tools to help our team identify and triage issues fell into my slot on the Trello board. So, I set out to find what's new on the scene and what could help developers with a modern MERN stack.

Memory Leaks - Fuite

First up is fuite, a memory leak testing tool. Oddly enough, I don't see a lot of SPA developers testing applications for memory leaks, even though it could be a breaking issue for the user, and one that is frustratingly hard to debug.

Fuite does an excellent job of taking the hassle out of memory testing, by doing all the memory consumption comparison for you (in a pretty straightforward and intelligent way) and then gives you actual metrics you can use to measure improvement afterwords. I also thought basing the tool off of Puppeteer Pages was clever, as it's a solid standard and most of us will need to configure custom scenarios so the tool can access privileged or restricted routes.

For more info on how to use it, read the official blog post & how to guide.

Load & Stress - Locust.io

Previously I had experience using JMeter as a stress & load testing tool for a few applications. It worked well enough and has a large community supporting it, but I can definitely appreciate why someone made a modern tool.

Pretty much all my previous gripes with JMeter (Java based, clunky interface, high initial time sink) are fixed with locust.io. Python-based, gives you metrics and pretty graphs out of the box so you can compare results across runs and code updates.

It's also capable of being much more than just a simple load balancing tool, but it remains easy enough to setup for the layman. (Open source is another big plus in my book)

Integration - Cypress

Full feature integration testing (end to end testing) is a non-trivial pursuit. Depending on the complexity of the application it can require large amounts of code in order to have the automated sequence perform well. Having used Selenium Webdriver personally, while it still remains the standard for a number of reasons, I don't think those reasons are particularly good. A couple of my grievances:

  • It's unabstract and too specific when writing page interactions
  • Selenium is heavy as far as packages go - the Java implementation in particular is not easy to install
  • It doesn't play nicely at all with any modern CI/CD pipeline- we had to break things to get it working

Cypress is 100% easier and nicer to use. It's also Javascript, which, when you're writing JS anyways for development makes life quite a bit easier.

Unit - Jest

Good ole' Jest. Can't say much really that hasn't already been said, Jest has remained as the standard for Javascript unit testing for years, and decidedly deserves it's crown.

  • It's lightweight (4kb unpacked)
  • Extensively documented
  • Has a massive community
  • It's actively maintained and has deep pockets due to Facebook money

It also works with all the good stuff like Typescript, Babel and Node, so there's not really a case it can't handle.

Creating a SFS

This entire site is a single HTML file, known as a Single-File-Site or SFS. For navigation, it simply uses the #anchor suffix (from 1992) and the :target CSS selector to show and hide pages/content.

There's no JavaScript, no database, no external dependencies, no CDNs to query, no CSS url() to gather. The entire site is one 16kb transfer. Yet it still works! It will work with screen readers and has all the needed accessibility features. It scales to mobile and desktop. It even has routing, and can accordion expand/contract this blog post section you're reading. All with just native HTML elements and CSS, who knew?

(Did I mention it has a perfect score on Lighthouse?)

I started with the fantastic john doe template from cadars and added some flavor for building and hosting.

Why? After finishing Epic React (which is a great course) I felt too 'in the weeds' of dynamic Javascript web development, and I wanted to take a step back out into plain ole' HTML.

Several great developers have started down this path of doing things the real old way, like Eevee here. It's pretty awesome to be able to edit this website, on my phone, using Github's mobile editor by typing HTML and then just... publishing... the HTML... like how it used to be. No project build dependencies, not even any Jekyll scripts to run on Github's end. Not that there's anything wrong with that, it's just nice to remind people that we can in fact do it this way and still have it work.

There's a bunch of other reasons why one would want to implement such a site - for instance most Tor users have Javascript turned entirely off on their browsers for security reasons, this site would still function 100% in that case.

Also, my portfolio site could be all fancypants and require the bandwidth of a small nation just to load the React dependencies but it doesn't need to be. Keeping the attack surface of this site to practically zero keeps me sane. Can't have XSS if there's literally no script tag on the site.