Josh chats with Olle E. Johansson about the Global Vulnerability Intelligence Platform (GVIP). It’s no secret the current vulnerability systems are reaching a breaking point. Olle is one of the few people with a long term vision instead of trying to just fix the short term problems. His GVIP ideas are very good, but it’s a community effort and needs our help. Give it a listen and if it sounds interesting, come help us out! ...

Episode Links Frank Nextcloud Nextcloud getting started Digital Sovereignty Index This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player. Episode Transcript Josh Bressers (00:00) Today, open source securities talking to Frank Kolichek, the founder and CEO of Nextcloud. I am holy cow. I’m excited to have Frank here because I feel like European digital sovereignty and Nextcloud have been just like on the top of the headlines for months now. So Frank, welcome so much. ...

Josh talks to David Bernstein about the world of crisis management and business continuity. David is a certified emergency manager and tell us about preparing for both digital and physical disruptions. Everything is IT now, so the way we think about disaster preparedness is changing. We talk about understanding risks, creating plans, and the role of practice in the world of crisis management. This is a super interesting universe and Dave was very patient and kind. I learned a lot and can’t wait for Dave to come back. ...

I posted a graph on LinkedIn. It showed that of the 10 million open source projects tracked by ecosyste.ms, more than half haven’t been updated in two years. I didn’t suggest old was bad or good, but I got a number of replies about most of this software is “done” so it’s fine. We don’t have any evidence either way, I’m unwilling to make any claims about the numbers (yet, I’m working on it). This got me wondering what it would mean for software to be “done”. Which then led to the question is anything ever done? It’s a lot harder to figure this out than I had expected. ...

William Brown is back! This time Josh chats with him about Passkeys. WTF are they? A Passkey is a form of multi factor authentication, but it’s not super obvious what that really means. William does a fantastic job explaining what a Passkey is, how we got to where we are today with Passkeys. He shares a ton of explanations about the whole world of authentication along the way. Some of this stuff is basically magic. ...

Josh discusses Suricata with Victor Julien, the founder and lead developer of the Suricata project. Victor explains the history of Suricata, its impact on cybersecurity, and the community that keeps it all running. Challenges like encrypted traffic and the evolution of open-source projects. Victor even gives us a glimpse into what he sees as the future of the project. There’s a lot to learn about Suricata in this one. Episode Links Victor Suricata Kelley episode Suricata github This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player. ...

If you’re of a certain age, you probably remember the essay The Cathedral and the Bazaar. The TL;DR was that old open source was the cathedral of exclusive developers and groups. Then the Bazaar showed up (which was the Linux Kernel for example) and that freed us from the shackles of the cathedral. Except if we look at how things evolved, it wasn’t actually a bazaar. It was a bunch of roadside churches that are now megachurches. But there is still a bazaar, and it’s holding up our modern infrastructure. ...

Josh talks to Gergely Nagy (algernon) about his tool Iocaine. Iocaine creates a maze to trap scraping bots in a world a fake pages they cannot escape. algernon tells us how Iocaine effectively traps bots by serving them endless loops of nonsensical URLs and web pages. It’s an extremely clever tool that’s designed to be completely hidden from normal users, but not hidden to the scrapers. Episode Links Gergely Iocaine algernon on Mastodon Nam-Shub of Enki Iocaine on mastodon Iocaine example site This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player. ...

Josh chats with Xe Iaso, the creator of Anubis the web AI firewall. We discuss how Anubis is tackling bots and scrapers. The discussion around the scrapers is fascinating and challenging, these things are everywhere and don’t behave very nicely. There’s also discussion about running a successful open source project. Xe has a lot of experience to share with us, you’re going to learn something new with this one. Episode Links Xe Anubis Blog Odd number of cores blog Common Crawl This episode is also available as a podcast, search for “Open Source Security” on your favorite podcast player. ...