Kernel

Josh and Kurt talk about a blog post about frozen kernels being more secure. We cover some of the history and how a frozen kernel works and discuss why they would be less secure. A frozen kernel is from when things worked very differently. What sort of changes will we see in the future? https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_430_Frozen_kernel_security.mp3 Show Notes Kurt’s strange coffee Why a ‘frozen’ distribution Linux kernel isn’t the safest choice for security

Josh and Kurt talk about filing bugs for software. There’s the old saying that anyone can file bugs and submit patches for open source, but the reality is most people can’t. Filing bugs for both closed and open source is nearly impossible in many instances. Even if you want to file a bug for an open source project, there are a lot of hoops before it’s something that can be actionable. ...

Josh and Kurt talk about the challenges of security at scale. Specifically we focus on why a lot of security starts to fall apart once you have to do something more than a few times. There’s a lot of new thinking we need to push security forward. https://traffic.libsyn.com/opensourcesecuritypodcast/Episode_313_Insecurity_at_scale.mp3 Show Notes Stable Linux Kernel and Machine Learning

Josh and Kurt talk about some happenings in the Linux Kernel. There are some new rules around how to submit patches that goes against how GitHub works. They’re also turning all compiler warnings into errors. It’s really interesting to understand what these steps mean today, and what they could mean in the future. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_288_Linux_Kernel_compiler_warnings_considered_dangerous.mp3 Show Notes The Register Linux story OpenSSL Release Notes

Josh and Kurt talk about a story from Microsoft declaring Rust the future of safe programming, replacing C and C++. We discuss how tooling affects progress and why this isn’t always obvious when you’re in the middle of progress. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_282_The_security_of_Rust_who_left_all_this_awesome_in_here.mp3 Show Notes Microsoft: Rust Is the Industry’s ‘Best Chance’ at Safe Systems Programming Josh’s devopsdays talk Microsoft moved font handling out of the kernel Atari 2600 emulator in Minecraft Rate of technology adoption

Josh and Kurt talk about the University of Minnesota experimenting on the Linux Kernel. There’s a lot to unpack in this one, but the TL;DR is you probably don’t want to experiment on the kernel. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_269_Do_not_experiment_on_the_Linux_Kernel.mp3 Show Notes Linux Bans University of Minnesota for Sending Buggy Patches in the Name of Research University of Minnesota security researchers apologize for deliberately buggy Linux patches The International Obfuscated C Code Contest

Josh and Kurt talk about attacking open source. How serious is the threat of developers being targeted or a git repo being watched for secret security fixes? The reality of it all is there are many layers in a security journey, the most important things you can do are also the least exciting. https://traffic.libsyn.com/secure/opensourcesecuritypodcast/Episode_215_Real_security_is_boring.mp3 Show Notes Targeting developers XKCD Infrastructure comic Hiding security flaws in git Mossad vs Not-Mossad (PDF warning)