for twa: [#93](https://github.com/trailofbits/twa/pull/93)
for syntheses: [#753,#755,#756,#822](https://github.com/Gp2mv3/Syntheses/pulls?q=is%3Apr+is%3Aclosed+author%3Ajdesalle)
# Participating in Open source
## Open Source operating system
I already had VM installed for Ubuntu, which I use for everything dev related, and for Kali, another debian derivative specialised in security tools, which I use for playing CTF.
CTF being one of my hobbies, I often use the Kali one and its command line. GIT was also used as I used to share [some solutions for general CTF](https://github.com/jdesalle/WriteUps) or for the [CSCBE](https://github.com/jdesalle/CSCBE2020Qualifier) publicly after event were finished for people to read and learn, or for people to find alternative solutions to them
## Finding a project
Since I started without any idea of what to expect or what to look for as a first project, I started looking for first good issues for beginners in open Source, and I found the website [First Timers Only](https://www.firsttimersonly.com/) which gave recomendation of several website used.
I quite liked [Up-for-grabs](https://up-for-grabs.net/#/) as it allowed me to use filter to choose themes that seemed interesting to me.
As somebody interested in security, That's the kind of project I was looking for.
## TWA: Tiny Web Auditor
TWA is a very lean web auditor that can be used to make a quick audit of the HTTP headers and configuration used by a website.
What I liked about this project is that it the kind of tools I'd enjoy to do/use: straghtforward and without any bloat, lean but does what it needs to do, quite following the KISS principles.
I first looked into the current issue and saw one that seemed fitting, concerning the deprecation of the Feature-Policy header in favor of Permissions-Policy. It seemed feeting for two reasons: it was a small feature, but it required to read the (small) code and understand the intent of the program.
My (currently) only conrtribution was toward this issue, but I quite liked this project and will probably looked into the other opened issues, and look and what can be done to improve on the anaysis done, while respecting it's essence of staying a lean tools as expressed in the [contribution guidelines](https://github.com/trailofbits/twa/blob/master/CONTRIBUTING.md).
## Syntheses
This repository is a peculiar case. It started in 2011 as an opensource repository for synthesis for student at the Engineering Faculty at UCLouvain, and have been pretty well maintained until COVID, though it currently doesn't have any official current Maintainer, the previous one still check for pull request until somebody take the role. While a lot of people used the synthesis of this repository, the program changes in 2018 made it so most of those synthesis where not up to date, which is when the second generation of maintainer took their role.
What I like about this project is that it's something that was directly used by a lot of people during their studies at uclouvain, quite a few contributors ended up doing pretty well, some of them engaging in a PhD. Maintainers also used to keep in touch whith faculty, removing things that wheren't supposed to be there (example with the ML course).
During the courses of my studies, I made some small changes on those when I saw mistakes on synthesis on the platform.
## Conclusion
While I wouldn't say I did a lot for the open source comunity, I enjoyed the feeling on contributing, and will probably continue as I used to do with my ctf Writeups.
# BOOK
I read *Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon* By *Kim Zetter*.
