I got to chat with Lars about a new CI/CD system he’s been working on called Ambient. It sounds really cool and does some very clever things today, with even more things planned in the future. We also spend some time discussing a project he works on called Radicle, a distributed Git forge. It feels like having decentralized infrastructure might be more important than it’s ever been, for some reason. ...
Josh and Kurt talk about a lot of security vulnerabilities in this month’s Patch Tuesday. There’s also a new Git vulnerability. This sparks the age old question of how fast to patch? The answer isn’t binary, the right answer is whatever works best for you, not what someone tells you is best. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_319_Patch_Tuesday_with_a_capital_T.mp3 Show Notes Patch Tuesday Git security update
Josh and Kurt talk about an article about how expertise has a limited lifetime. We are all experts in something, but some of us will find our expert knowledge to be outdated eventually. We discuss what that means in the context of security and tech and disagree about how to best keep your skills up to date. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_299_Experts_From_A_World_That_No_Longer_Exists.mp3 Show Notes Experts From A World That No Longer Exists Neuroplasticity Scotty and the mouse Git 2.34 4H Public Speaking
Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many layers in a security journey, the most important things you can do are also the least exciting. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_215_Real_security_is_boring.mp3 Show Notes Targeting developers XKCD Infrastructure comic Hiding security flaws in git Mossad vs Not-Mossad (PDF warning)