Josh and Kurt talk about open source bugs. What happens if a project decides to close most of their bugs? Nothing really. Bug trackers aren’t a help desk. Show Notes Emacs closes 45% of bugs UVI Tesla investigation UK COVID spreadsheet
Category Archives: Security
Episode 284 – What happens when we DRM power tools?
Josh and Kurt talk about a Home Depot plan to put DRM on power tools. Anyone can add a computer to anything for a few dollars now. How secure is any of this. What does it mean when the things we buy start to acquire DRM? There are a lot of new questions we don’tContinue reading “Episode 284 – What happens when we DRM power tools?”
Episode 283 – When vulnerability disclosure becomes dangerous
Josh and Kurt talk about a very difficult disclosure problem. What happens when you have to report a vulnerability to an ethically questionable company? It’s less simple than it sounds, many of the choices could end up harming victims. Show Notes Disclosure Dilemmas @evacide Bob Diachenko This Is How They Tell Me The World Ends
Episode 282 – The security of Rust: who left all this awesome in here?
Josh and Kurt talk about a story from Microsoft declaring Rust the future of safe programming, replacing C and C++. We discuss how tooling affects progress and why this isn’t always obvious when you’re in the middle of progress. Show Notes Microsoft: Rust Is the Industry’s ‘Best Chance’ at Safe Systems Programming Josh’s devopsdays talkContinue reading “Episode 282 – The security of Rust: who left all this awesome in here?”
Episode 281 – If you spy on journalists, you’re the bad guys
Josh and Kurt talk about the news that the NSO Group is widely distributing spyware onto a large number of devices. This news should be a wake up call for anyone creating devices and systems that could be attacked, it’s time to segment services. There’s not a lot individuals can do at this point, butContinue reading “Episode 281 – If you spy on journalists, you’re the bad guys”
Episode 280 – The perils of Single Sign On
Josh and Kurt talk about what happens when you lose access to your Single Sign On provider. These providers have become critical to many of us, if we lose access to our SSO account we will lose access to many services. Show Notes Postbank
The future of DWF
TL;DR – The future of community identifier is going to be the Cloud Security Alliance. See this blog post for more details. A few months ago the Distributed Weakness Filing project (DWF), announced it was coming back to work with some new ideas around how we work with vulnerability identifiers. The initial blog post definesContinue reading “The future of DWF”
Episode 279 – The audacity of Audacity: When open source goes rogue
Josh and Kurt talk about the events happening to the Audacity audio editor. What happens if a popular open source application is acquired by an unknown entity? Can this happen to other open source projects? What can we do about it? Show Notes SGDQ Paper Mario Paper Mario Arbitrary Code Execution explained Freenode Audacity acquiredContinue reading “Episode 279 – The audacity of Audacity: When open source goes rogue”
Episode 278 – Could SELinux have stopped SolarWinds?
Josh and Kurt talk about a listener provided question. Could SELinux have stopped the SolarWinds attack? Given what we know, the answer is technically yes, but practically no. SELinux is awesome, but it’s very difficult to sandbox something like a build system. Show Notes Gone in 60 milliseconds
Episode 277 – Privacy and activism with Chris Weiland
Josh and Kurt talk to Chris Weiland from Restore the Fourth Minnesota. Restore The Fourth Minnesota is nonprofit dedicated to restoring the Fourth Amendment to the U.S. Constitution and ending unconstitutional mass government surveillance. Chris drops a ton of knowledge about how to be an effective tech activist, what his group is doing, and mostContinue reading “Episode 277 – Privacy and activism with Chris Weiland”