You know how scientists hypothesize that there are an infinite number of universes? 2016 is a year that forces me to confront the reality that they may be right. I've been starting to think that we live in one of the bizarre, alternate universes where crazy things happen on a regular basis.

In all those the other sane universes, the following things didn't happen in 2016:

  • George Michael, "singer of Last Christmas", doesn't die... on Christmas
  • Murder clowns don't hide in the woods and cause teen panic.
  • The Cubs don't come from 3-1 to win the World Series in game 7.
  • Harambe doesn't gather 14,000 votes in the presidential election.
  • A reality show star doesn't become the President of the United States.

The closer you look the more you'll realize that I'm right. It's unsettling to think about it.

So let's think about something else - how about a retrospective on the ramblings of your rogue security storyteller. Also check out this cool Spanish vanity website I built with Django.

Drawing from this archival site for all things yours truly, we can see there are 47 items to choose from. That's too many, so let's just do have a look at the best ones.

What keeps white hat hackers from turning to the Dark Side?

Network World: What Keeps White Hat Hackers from Turning the Dark Side?

The idea for this, one my favorite articles ever, had been rattling around my head for years. The premise came from a lunch discussion among my friends: "how much would it take for you to hack for evil?"  I surveyed over three dozen of my friends and colleagues to find out what their prices were, if any. Some illuminating results. 

DevCentral Lightboard Video

DevCentral Video: SSL Outbound Lightboard Lesson

People loved this 12-minute video illustrating a complex problem. Well my colleagues did anyway. Had fun flying to St. Louis where Jason Rahm and John Wagnon let me use their supercool lightboard studio.

IOT Minions

Newsroom: Making Sense of the Krebs / OVH / Dyn DDoS Attacks

Here's my take on the huge DDoS attacks of September and October 2016. Had to rush this one to release as an official company position on the attacks. I really like how it came out. One customer read it and said "We need to talk to the guy that wrote this! Get him here!"

Donald and Miss Universe

Blog: The Top Ten Hardcore F5 Security Features in BIG-IP 12.1

It took me 23 hours to write this! But people LOVED IT. Continuing my tradition of the top security features of each F5 BIG-IP release. Follow my countdown of the top ten most hardcore security features in the TMOS 12.1 release.

2016 DDoS Attack Trends Whitepaper

Whitepaper: 2016 DDoS Attack Trends

Here's an awesome whitepaper I wrote in the fall of 2016. I embedded eight references to Huey Lewis and the News. Can you find them all?


DROWN vulnerability

SecurityWeek: Is DROWN a 'Hello Kitty' SSL Vulnerability?

Should you panic about the DROWN SSL vulnerability? Is it cute and kid-friendly, or is it a monster vulnerability coming to expose your most sensitive data? This piece I did for SecurityWeek builds upon the "Stack Ranking SSL Vulnerabilities" article I'd written the year before.

SecurityWeek: Cyber Espionage Report: APT at RUAG

I get lucky sometimes. This was one of those times. I ran into a member of, and he told me of an interesting report about a cyberespinage case in Europe. Made for a great SecurityWeek article.

Mirai Strikeback iRule

DevCentral iRule: Mirai Strikeback - an iRule to kill IoT Bot Processes from your F5

Wrote this cool script to kill Mirai bots that are attacking your website. So satisfying because how often do you get to strike back at your cyber attackers? Almost never! Use at your discretion, because technically it's a bit of a hack, and hacking is illegal kids. So many consider this a proof concept.

Hacking Parking Tickets

SecurityWeek: Hacking Europe's Smart Cities

A young hacker came up to me after a talk in Belgium and told me how some hackers were taking slight advantage of the smart city infrastructures in Europe. Made for a great article for SecurityWeek. Nice little piece, and the picture is an actual picture of some of the hacked parking meter slips.

DevCentral Video: F5 Advanced Firewall Manager Roundtable 

I love getting invited to do these video podcast dealies with the DevCentral team. This was a really fun one where the discussion ran all over place and many laughs were had. At least on my end.

Netflix and Chill

DevCentral Blog: The Top Ten Hardcore Security Features in BIG-IP 12.0

Version 12 of BIG-IP and its glorious cadre of security modules has been released unto the world in 2016. It was a big, big release packed with 194 features. More than half of those are security-related. Selecting the best of over 100 security features was a daunting task. I had considered using the darts-against-printed-spreadsheets approach, but ultimately just went through them all, one by one, and selected the best, just for you.

SecurityWeek: Mysteries of the Panama Papers

When asked for Comment on the Panama papers, I said heck yeah, there are so many questions. So I put them into a SecurityWeek byline, and then answered them. Most of them. Even the one about Simon Cowell.

Newsroom: Cloud Security Crucibles: Australia and New Zealand

I’ve just returned from a long tour of Australia and New Zealand (ANZ), where some exciting developments are worth capturing. Both countries are island nations, and one thing Darwin noted in “On the Origin of Species” is that islands can become crucibles of evolution. Australia is evolving a new way to leverage cloud, and New Zealand is evolving a new efficiency model for government security services. Both countries share one aspect with the rest of the world: challenges around encryption.

SecurityWeek: You Can't Find What Your Not Looking For Because Goat Parkour

Goat parkour is a thing. We commissioned the analyst firm IDC to do a survey about encryption. They asked questions that I always wanted to know the answer to. So what does that have to do with goat parkour? Read on and find out.

DevCentral Blog: David Holmes Greatest Hits, 2015 Edition

In the same way that this blog is published in 2017, so was the 2015 edition published last year. So technically the Greatest Hits from last year is one of the Great Hits of this year. That sounds paradoxical, doesn't it. But that's how we started this whole blog, isn't it, talking about alternate universes!

So there have you it; only the greatest hits this time for 2016. Hand selected, just for you, my dear readers. If you want to see the rest of the pieces, or just about anything I've ever written, it's all indexed at

See you all in the new year!