Search
Items tagged with: OSSPodcast
Also I forgot the content warning, this holiday spectacular episode gets kind of real, especially around healthcare and houselessness/unhoused people and a bunch of other topics.
What happens when Santa uses AI to manage the naughty and nice list? As we all learned from "The good place" the points based system no longer works. Find out on the #osspodcast with @joshbressers at https://opensourcesecurity.io/2023/12/17/episode-407-should_santa-use-ai/ Also are elves people? What species are they? Are Santa's elves aquatic elves? Does everyone live on top of water? What about volcanoes? Also what's the maintenance cycle like for Santas sleigh? Is there a log book for this somewhere?
Episode 407 – Should Santa use AI?
It’s the 2023 Christmas Spectacular! Josh and Kurt talk about what would happen if Santa starts using AI to judge which children are naughty and nice. There’s some fun in this one, but …Open Source Security
Episode 394 – The lie anyone can contribute to open source
Josh and Kurt talk about filing bugs for software. There’s the old saying that anyone can file bugs and submit patches for open source, but the reality is most people can’t. Filing bugs…Open Source Security
Question 1) Can you secure something you don't own?
Question 2) Do you actually own any of your stuff?
Find out all about these things on the #osspodcast https://opensourcesecurity.io/2023/09/17/episode-393-can-you-secure-something-you-dont-own/
TL;DR: Kurt isn't very good with mirrors but @joshbressers is good at it.
Episode 393 – Can you secure something you don’t own?
Josh and Kurt talk about the weird world we live in how where we can’t control a lot of our hardware. We don’t really have control over most devices we interact with on a daily basis. T…Open Source Security
100 years from now people will still be listening to the #osspodcast about the #wordpress 100 year registration https://opensourcesecurity.io/2023/09/03/episode-391-the-wordpress-100-year-disaster-recovery-problem/ tldr people regularly spend more than $38,000 for a conversation piece. Not people I know. But people. So I’m told.
Also I’m calling it now, the #burningmud is going to be a bigger problem in some ways than anyone can guess (eg 73000 with no sanitation walking in poopy mud) and I bet no major lessons will be learned by most of them.
Episode 391 – The WordPress 100 year disaster recovery problem
Josh and Kurt talk about wordpress selling web services with a 100 year lifespan. Will WordPress still be around in 100 years? What would 100 years of disaster recovery look like? Most of us will n…Open Source Security
Episode 387 – Enterprise open source is different
Josh and Kurt talk about the difference between what we think of as traditional open source, and enterprise software projects that have an open source license. They are both technically open source…Open Source Security
Episode 386 – We are watching web 2.0 burn
Josh and Kurt talk about a new Google proposal that would add DRM for the web. All the ad driven companies seem to be acting very strangely, there’s probably a reason for this. The way ads us…Open Source Security
Episode 384 – What’s next for open source?
Josh and Kurt talk about some of the efforts to measure and understand open source. There are projects like the OpenSSF Scorecard. We want to measure open source for some idea of quality. Is AI gen…Open Source Security
Episode 383 – Is open source dying?
Josh and Kurt talk about the notion that open source is somehow dying. What’s actually happening is corporate open source is changing, which some are trying to deform into something wrong wit…Open Source Security
The reality is they're still better than a lot of companies claiming to do #OpenSource but it feels like a betrayal because they were the hero of open source for so long
https://opensourcesecurity.io/2023/07/02/episode-382-red-hat-you-were-the-chosen-one/
Episode 382 – Red Hat, you were the chosen one!
Josh and Kurt talk about Red Hat closing up the RHEL source code. Kurt and Josh both worked at Red Hat in the past. This isn’t a show that bashes Red Hat, and it’s not a show praising t…Open Source Security
Episode 379 – Will open source save the world, again?
Josh and Kurt talk about some new open source projects that aim to start taking back some of our privacy and rights. It’s a huge hill to climb, but it seems like there is some hope. Open sour…Open Source Security
Episode 378 – Naming things is harder than security
Josh and Kurt talk about namespaces. They were a topic in the last podcast, and resulted in a much much larger discussion for us. We decided to hash out some of our thinking in an episode. This is …Open Source Security
Episode 377 – The world is changing too fast for humans to understand
Josh and Kurt talk about PyPI suspending new accounts and packages for a day, and a 60 minutes story about deepfakes. The problems are mostly the same, but for very different reasons. The world is …Open Source Security
Episode 376 – Open Source Summit, who built your open source, and AI
Josh and Kurt talk about the Open Source Summit in Vancouver. Josh was there and we pick on two observations. Firstly that security keeps trying to use fear as a feature, except it doesn’t wo…Open Source Security
Episode 375 – The market forces of left-pad, Episode 77 remaster part 2
Josh and Kurt finish up the leftpad discussion. We spent a lot of time talking about how the market will respond to these sort of events, and the market did indeed speak; very little has changed. T…Open Source Security
https://opensourcesecurity.io/2023/04/09/episode-370-open-source-is-bigger-than-you-can-imagine/
Episode 370 – Open Source is bigger than you can imagine
Josh and Kurt talk about some data on the size of NPM. Josh wrote a blog post and a report about the amount of SEO spam in NPM was released. Open source is enormous, and it’s mostly one perso…Open Source Security
#osspodcast
Episode 368 – The Sovereign Tech Fund with Fiona Krakenbürger
Josh and Kurt talk to Fiona Krakenbürger about the Sovereign Tech Fund. This is a fund created by Germany to fund important open source projects. Fiona has amazing insight into how this fund was cr…Open Source Security
Find out some hard lessons learned over the year from @kurtseifried and @joshbressers on the #osspodcast https://opensourcesecurity.io/2023/03/12/episode-366-software-liability-is-coming/ TL;DR: counting vulnerabilities is both completely stupid, and completely neccesary. The trick is to think about them the right way (hint: statistics, not pets. Except when they are pets like #log4j. Who's a good vulnerability? You are!).
Episode 366 – Software liability is coming
Josh and Kurt talk about the number of dependencies that is now normal. Keeping track of thousands of dependencies used to be impressive, now it’s normal. In what instances should we know eve…Open Source Security
Episode 365 – “I am not your supplier” with Thomas Depierre
Josh and Kurt talk to Thomas Depierre about his “I am not a supplier” blog post. We drink from the firehose on this one. Thomas describes the realities and challenges of being an open s…Open Source Security
Episode 364 – Using SBOMs is hard
Josh and Kurt talk about SBOMs. Quite a bit has happened in the world of SBOMs in the last year or so. There are going to be different types of SBOMs, like build, source, or runtime. Each will tell…Open Source Security
Episode 362 – A lesson in Rust from Carol Nichols
Josh and Kurt talk to Carol Nichols about Rust. Carol is an authority on Rust and helps us understand how Rust works, why it’s different. Why Rust doesn’t have the same problems C and C…Open Source Security
Episode 361 – GitHub got pwnt, but it wasn’t very exciting
Josh and Kurt talk about the recent GitHub breach. It wasn’t terribly exciting, but there are some interesting conversations to have around securing certificates, source code, and hardware se…Open Source Security
Episode 359 – The NOTAM outage and other legacy technology
Josh and Kurt talk about the recent FAA NOTAM outage. Keeping legacy things running for long periods of time is really hard to do, this system is no different. It’s also really hard to upgrad…Open Source Security
Episode 357 – Is open source being overexploited?
Josh and Kurt talk about how to think about open source in the context of society. Open source is more like a natural resource than a supplier. It’s common to think of open source projects as…Open Source Security
Episode 356 – LastPass ducked up, now what?
Josh and Kurt talk about the LastPass saga. There’s a lot of great explanations about what happened, but there hasn’t been a lot of info on how to start cleaning up this mess. We rehash…Open Source Security
Episode 355 – Security Boxing Day
Josh and Kurt talk about some security gifts for boxing day. We start out with the idea of the security poverty line and discuss a few ideas for how a low resource group can make their open source …Open Source Security
There's a tool to look at #HackerNews authors and see if their writing is similar to another user (sock puppets anyone?)
This of course leads to larger discussions about #privacy, #cybersecurity, #impersonation, and of course, #shakespeare
https://opensourcesecurity.io/2022/12/04/episode-352-stylometry-removes-anonymity/
Episode 352 – Stylometry removes anonymity
Josh and Kurt talk about a new tool that can do Stylometry analysis of Hacker News authors. The availability of such tools makes anonymity much harder on the Internet, but it’s also not unexp…Open Source Security
Also, we managed to avoid discussing CISA, Twitter, and all the other things on fire.
Episode 351 – Is security or usability a law of the universe?
Josh and Kurt talk about end to end encrypted messages. This has been a popular topic lately due to the Mastodon popularity. Mastodon has a uniquely insecure messaging system, but they aren’t…Open Source Security
This of course creates a lot more questions than it answers
Nothing makes sense anymore. Maybe it never did.
#cybersecurity
https://opensourcesecurity.io/2022/11/13/episode-349-the-cyber-is-coming-from-inside-the-house-the-uk-is-scanning-itself/
Episode 349 – The cyber is coming from inside the house – the UK is scanning itself
Josh and Kurt talk about the UK plan to scan their country’s IP space. The purpose and outcome of this isn’t completely clear at this point, but we are hopeful the data can be used as a…Open Source Security