Episode 360 – Memory safety and the NSA

Josh and Kurt talk about the NSA guidance on using memory safety issues. The TL;DR is to stop using C. We discuss why C has so many problem, why we can’t fix C, and what some alternatives looks like. Even the alternatives have their own set of issues and there are many options, but theContinue reading “Episode 360 – Memory safety and the NSA”

Episode 359 – The NOTAM outage and other legacy technology

Josh and Kurt talk about the recent FAA NOTAM outage. Keeping legacy things running for long periods of time is really hard to do, this system is no different. It’s also really hard to upgrade many of these due to corner cases and institutional knowledge. There aren’t any great answers here, but we do askContinue reading “Episode 359 – The NOTAM outage and other legacy technology”

Episode 357 – Is open source being overexploited?

Josh and Kurt talk about how to think about open source in the context of society. Open source is more like a natural resource than a supplier. It’s common to think of open source projects as delivered to us, but it’s more like acquiring raw materials from the forest. The problem is we’re harvesting theContinue reading “Episode 357 – Is open source being overexploited?”

The perverse incentive of vulnerability counting

It seems like every few years the topic of counting vulnerabilities in products shows up. Last time the focus seemed to be around vulnerabilities in Linux distributions, which made distroless and very small container images popular. Today it seems to be around the vulnerabilities in open source dependencies. The general idea is you want toContinue reading “The perverse incentive of vulnerability counting”

Episode 356 – LastPass ducked up, now what?

Josh and Kurt talk about the LastPass saga. There’s a lot of great explanations about what happened, but there hasn’t been a lot of info on how to start cleaning up this mess. We rehash some of the existing details then try to untangle what existing users can do to try to start recovering. TheContinue reading “Episode 356 – LastPass ducked up, now what?”

Episode 354 – Jerry Bell tells us why Mastodon is awesome and MFA is hard

Josh and Kurt talk about how hard multi factor authentication is. This all starts from a Mastodon thread, and Jerry Bell, the administrator of infosec.exchange joins us to discuss password security and all things Mastodon. Infosec.exchange is an incredible story and Jerry weaves a thrilling tale. Show Notes

Episode 352 – Stylometry removes anonymity

Josh and Kurt talk about a new tool that can do Stylometry analysis of Hacker News authors. The availability of such tools makes anonymity much harder on the Internet, but it’s also not unexpected. The amount of power and tooling available now is incredible. We also discuss some of the future challenges we will seeContinue reading “Episode 352 – Stylometry removes anonymity”