A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
Similar Podcasts
The Cynical Developer
A UK based Technology and Software Developer Podcast that helps you to improve your development knowledge and career,
through explaining the latest and greatest in development technology and providing you with what you need to succeed as a developer.
Go Time: Golang, Software Engineering
Your source for diverse discussions from around the Go community. This show records LIVE every Tuesday at 3pm US Eastern. Join the Golang community and chat with us during the show in the #gotimefm channel of Gophers slack. Panelists include Mat Ryer, Jon Calhoun, Carmen Andoh, Johnny Boursiquot, Angelica Hill, Mark Bates, Kris Brandow, and Natalie Pistunovich. We discuss cloud infrastructure, distributed systems, microservices, Kubernetes, Docker… oh and also Go! Some people search for GoTime or GoTimeFM and can’t find the show, so now the strings GoTime and GoTimeFM are in our description too.
The FOSS Pod
From the creative geniuses behind Brad & Will Made a Tech Pod, The FOSS Pod is a show about the free and open source software that’s changing the world, and the developers who are making it happen.
Episode 383 - Is open source dying?
Josh and Kurt talk about the notion that open source is somehow dying. What's actually happening is corporate open source is changing, which some are trying to deform into something wrong with open source. Open source is doing great, probably better than ever. Show Notes Open Source isn't sustainable anymore VORON Design Video of the first lathe Plane Crazy Evernote layoffs
Episode 382 - Red Hat, you were the chosen one!
Josh and Kurt talk about Red Hat closing up the RHEL source code. Kurt and Josh both worked at Red Hat in the past. This isn't a show that bashes Red Hat, and it's not a show praising them. We take an honest look at the past, present, and future of Linux. There's a lot to talk about in this one. TL;DR, Red Hat was the chosen on, and we all feel betrayed. Show Notes Red Hat's first blog post Red Hat's honest post DeWitt clause
Episode 381 - WTF Reddit, APIs and risk
Josh and Kurt talk about the incredible Reddit debacle. At the center of it all is an API. What does it mean to be using an API and how does this relate itself back to our own risk. Many of us rely on APIs for countless things, and if a company decides to cut off that API somehow, it could create a mess. Show Notes Grimace's Birthday Reddit’s new API pricing will kill off Apollo on June 30 Cory Doctorow enshitification Wal Mart pickle story Elon Musk and Mark Zuckerberg agree to hold cage fight
Episode 380 - A new Sovereign Tech Fund program and the BBC on destroying hard drives
Josh and Kurt talk about a new program from the Sovereign Tech Fund to fund open source work. It's a great looking program with an acceptable amount of money behind the program. We also talk about a story claiming millions of perfectly good hard drives are destroyed per year. They're probably not OK at all. Show Notes Sovereign Tech Fund Challenges Why millions of usable hard drives are being destroyed LTT Buys Storage Array
Episode 379 - Will open source save the world, again?
Josh and Kurt talk about some new open source projects that aim to start taking back some of our privacy and rights. It's a huge hill to climb, but it seems like there is some hope. Open source doesn't care about growth, or numbers, or anything really, so it can't ever lose. Show Notes Codeberg Veilid Hawkins Cheezies Apollo's Reddit API costs
Episode 378 - Naming things is harder than security
Josh and Kurt talk about namespaces. They were a topic in the last podcast, and resulted in a much much larger discussion for us. We decided to hash out some of our thinking in an episode. This is a much harder problem than either of us expected. We don't have any great answers, but we do have a lot of questions. Show Notes Not Red Hat NPM hash package Episode 129 – The EU bug bounty program
Episode 377 - The world is changing too fast for humans to understand
Josh and Kurt talk about PyPI suspending new accounts and packages for a day, and a 60 minutes story about deepfakes. The problems are mostly the same, but for very different reasons. The world is changing faster than we can keep up, so what is a human to do? Show Notes PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted](https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html) 60 minutes reporter voice clone Cooridor Crew deepfakes Certificate bit flip Candy is delicious
Episode 376 - Open Source Summit, who built your open source, and AI
Josh and Kurt talk about the Open Source Summit in Vancouver. Josh was there and we pick on two observations. Firstly that security keeps trying to use fear as a feature, except it doesn't work. Secondly we discuss AI and how people are talking about it. It is changing things, how much is yet to be seen. Show Notes SLSA FRSCA S2C2F MSI leak Intel microcode Tom Scott AI Video
Episode 375 - The market forces of left-pad, Episode 77 remaster part 2
Josh and Kurt finish up the leftpad discussion. We spent a lot of time talking about how the market will respond to these sort of events, and the market did indeed speak; very little has changed. There is an aspect of all these security events where we need to understand the cost vs benefit just isn't there. it may never be there. Rather than whine and complain, we need to work with our constraints. Show Notes Episode 77 – npm and the supply chain
Episode 374 - The event we called left-pad, Episode 77 remaster part 1
Josh and Kurt revisit Episode 77, which was named "npm and the supply chain" but was a discussion about the incident we all know now as "leftpad". We didn't understand what was happening at the time, but this would become an event we talk about for years to come. It's shocking how many of the things we discuss are still completely valid five years later. Show Notes Episode 77 – npm and the supply chain
Episode 373 – HHGG security, Episode 42 remaster part 2
This is the second part of remastering Episode 42 which is all about the security in the Hitchhiker’s Guide to the Galaxy movie. It's a fun show and it's shocking how many of these security themes are still relevant today. Show Notes Original Episode 42 Part 1
Episode 372 - HHGG security, Episode 42 remaster part 1
The podcast is on a hiatus for a little while due to some personal matters, but that creates an opportunity to remaster some fun old episodes. These shows are REALLY hard to listen to at the current quality (tools and talent has come a long way in the last few years). This is a remaster of Episode 42 which is all about the security in the Hitchhiker’s Guide to the Galaxy movie. It's a fun show and it's shocking how many of these security themes are still relevant today. Show Notes Original Episode 42
Episode 371 - pip install is the tool we deserve but not the tool we need
Josh and Kurt talk about a blog post about pip and virtual environments. This eventually turns into a larger conversation around packaging tools and how we see incremental changes over time. The package ecosystems were what we needed a few years ago, but our needs have changed. Show Notes One Does Not Simply 'pip install' Dag Wieers RPM Webfinger GitHub repo
Episode 370 - Open Source is bigger than you can imagine
Josh and Kurt talk about some data on the size of NPM. Josh wrote a blog post and a report about the amount of SEO spam in NPM was released. Open source is enormous, and it's mostly one person. It's hard to imagine how this all works sometimes and this lack of understanding can create challenges. Show Notes Josh's blog on the size of NPM One In Two New Npm Packages Is SEO Spam Right Now Linux Kernel power distribution graph
Episode 369 - OpenAI broke ChatGPT then tried to blame open source
Josh and Kurt talk about OpenAI having a bug in ChatGPT, then they tried to blame open source. It didn't go very well. In this episode Josh and Kurt argue a lot, maybe someday we'll know who was the least wrong. Show Notes ChatGPT Tweet ChatGPT Blog redis bug