Josh and Kurt talk about GitHub enforcing sanctions against an open source developer and Docker changing how their registry works. There’s a lot to unpack in this one. There’s a lot of happenings going on in the world of open source. We are seeing governments paying attention to open source like never before, change isContinue reading “Episode 367 – Open source will never be the same”
Author Archives: Josh Bressers
Episode 366 – Software liability is coming
Josh and Kurt talk about the number of dependencies that is now normal. Keeping track of thousands of dependencies used to be impressive, now it’s normal. In what instances should we know everything about our open source? The days of being able to ignore your software liability is looking like it’s coming to an end.Continue reading “Episode 366 – Software liability is coming”
Episode 365 – “I am not your supplier” with Thomas Depierre
Josh and Kurt talk to Thomas Depierre about his “I am not a supplier” blog post. We drink from the firehose on this one. Thomas describes the realities and challenges of being an open source maintainer. What open source and society owe each other. How safety can help describe what we see. There’s too manyContinue reading “Episode 365 – “I am not your supplier” with Thomas Depierre”
Episode 364 – Using SBOMs is hard
Josh and Kurt talk about SBOMs. Quite a bit has happened in the world of SBOMs in the last year or so. There are going to be different types of SBOMs, like build, source, or runtime. Each will tell us different things depending on what we need to know. We also cover some of theContinue reading “Episode 364 – Using SBOMs is hard”
Episode 363 – Joylynn Kirui from Microsoft on DevSecOps
Josh and Kurt talk to Joylynn Kirui about DevSecOps in the Microsoft universe. Joylynn gives us an overview of the current state of devops and tells us about some of the tools Microsoft has made available to the open source universe. Show Notes
Episode 362 – A lesson in Rust from Carol Nichols
Josh and Kurt talk to Carol Nichols about Rust. Carol is an authority on Rust and helps us understand how Rust works, why it’s different. Why Rust doesn’t have the same problems C and C++ have, and what the future of it all could look like. It’s a really fun show with some great questionsContinue reading “Episode 362 – A lesson in Rust from Carol Nichols”
Episode 361 – GitHub got pwnt, but it wasn’t very exciting
Josh and Kurt talk about the recent GitHub breach. It wasn’t terribly exciting, but there are some interesting conversations to have around securing certificates, source code, and hardware security modules. In general GitHub did most things right on this one. Show Notes
Episode 360 – Memory safety and the NSA
Josh and Kurt talk about the NSA guidance on using memory safety issues. The TL;DR is to stop using C. We discuss why C has so many problem, why we can’t fix C, and what some alternatives looks like. Even the alternatives have their own set of issues and there are many options, but theContinue reading “Episode 360 – Memory safety and the NSA”
Episode 359 – The NOTAM outage and other legacy technology
Josh and Kurt talk about the recent FAA NOTAM outage. Keeping legacy things running for long periods of time is really hard to do, this system is no different. It’s also really hard to upgrade many of these due to corner cases and institutional knowledge. There aren’t any great answers here, but we do askContinue reading “Episode 359 – The NOTAM outage and other legacy technology”
Episode 358 – Furby vs Alexa
Josh and Kurt talk about the Furby source code going public. This is an opportunity to discuss what’s changed in our attitude in devices that record our audio? Our devices today are vastly more powerful and dangerous than a Furby, what does your risk appetite look like? Show Notes
Open Source Security 