Cybersecurity

Josh and Kurt talk about what beer and reproducible builds have in common. It’s a lot more than you think, and it mostly comes down to quality control. If you can’t reproduce what you do, you’re not a mature organization and you need maturity to have quality. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_197_Beer_security_and_consistency_the_newer_better_triad.mp3 Show Notes Reinheitsgebot Josh’s Blog Post Ken Thompson’s reflections on trusting trust Tor Browser Deterministic Builds One line package broke npm create Donkey Kong 64 memory leak Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about automatic updates. Specifically we discuss a recent decision by Ubuntu to enable forced automatic updates. There are lessons here for the security community. We have a history of jumping to solutions rather than defining and understanding problems. Sometimes our solutions aren’t the best. Also murder bees. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_196_Pounding_square_solutions_into_round_holes_forced_updates_from_Ubuntu.mp3 Show Notes The Oatmeal giant bee comic Honeybees cook giant hornet Ubuntu 20.04 LTS’ snap obsession has snapped me off of it Forum discussion Comment on Twitter with the #osspodcast hashtag ...

Josh and Kurt talk about the uproar around Cloudflare’s “Is BGP safe yet” site. It’s always interesting watching how much people will push back on new things, even if the new things is probably a step in the right direction. The clever thing Cloudflare is doing in this instance is they are making the BGP problem something anyone can understand. Also send us your funny dog stories. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_195_Is_BGP_actually_insecure.mp3 Show Notes Is BGP safe yet? Reddit BGP conversation Hacker News BGP conversation Stealing cryptocurrency with BGP Show Tags #BGP Comment on Twitter with the #osspodcast hashtag ...