Open Source Security
Teknologia

Open Source Security

Open Source Security is a media project to help showcase and educate on open source security. Our goal is to give the community a platform educate both developers and users on how open source security works. There's a lot of good work happening that doesn't get attention because there's no marketing department behind it, they don't have a developer relations team posting on LinkedIn every two hours. Let's focus on those people and teams then learn what they do and how they do it. The goal is to hear from the people doing the work, they know what's up, they have a lot to teach us. We just have to listen.

Jaksot(526)

Episode 437 - CocoPods and proper funding for open source

Episode 437 - CocoPods and proper funding for open source

Josh and Kurt talk about a pretty big bug found in CocoPods ownership. We also touch on a paper that discusses the technical debt that open source should have. We discuss what the long term sustainabi...

15 Heinä 202436min

Episode 436 - OpenSSH and node-ip - it's all exponential growth

Episode 436 - OpenSSH and node-ip - it's all exponential growth

Josh and Kurt talk about the recent OpenSSH vulnerability and the node-ip project owner taking their project private. They're quasi related in the context of two open source projects handled bugs very...

8 Heinä 202432min

Episode 435 - polyfill.io - open source is too big to fix

Episode 435 - polyfill.io - open source is too big to fix

Josh and Kurt talk about the latest polyfill.io mess. Apparently someone took over a very popular project and started to serve malware. First XZ, now this. What does it mean for open source? We don't ...

1 Heinä 202438min

Episode 434 - Unreported vulnerabilities and everyone is getting hacked

Episode 434 - Unreported vulnerabilities and everyone is getting hacked

Josh and Kurt talk about three wangles of responsibility. We start with a story about a bike theft ring, bike theft doesn't usually get any attention, but this one is special. Then we ask why it seems...

24 Kesä 202431min

Episode 433 - Should OpenSSH block misbehaving clients?

Episode 433 - Should OpenSSH block misbehaving clients?

Josh and Kurt talk about a new proposal from OpenSSH to add a timeout to penalize clients misbehaving. But this then brings up the typical security conversation of "if it's not perfect we shouldn't do...

17 Kesä 202431min

Episode 432 - Flipper Zero with Alex Kulagin

Episode 432 - Flipper Zero with Alex Kulagin

Josh and Kurt talk to Alex Kulagin from Flipper about the Flipper Zero. It's one of the coolest hacker devices that exists on the market. We talk about what it is, how it started, what it can (and can...

10 Kesä 202433min

Episode 431 - Redirecting HTTP to HTTPS

Episode 431 - Redirecting HTTP to HTTPS

Josh and Kurt talk about a blog post titled "Your API Shouldn't Redirect HTTP to HTTPS". It's an interesting idea, and probably a good one. There is however a lot of baggage in this space as you'll he...

3 Kesä 202432min

Episode 430 - Frozen kernel security

Episode 430 - Frozen kernel security

Josh and Kurt talk about a blog post about frozen kernels being more secure. We cover some of the history and how a frozen kernel works and discuss why they would be less secure. A frozen kernel is fr...

27 Touko 202434min