Open Source Security

Josh and Kurt talk about open source and autonomy. This is even related to some recent return to office news. The conversation weaves between a few threads, but fundamentally there's some questions ab...

20 Touko 202432min

Josh and Kurt talk about a new to sign artifacts on GitHub. It's in beta, it's not going to be easy to use, it will have bugs. But that's all OK. This is how we start. We need infrastructure like this...

13 Touko 202437min

Josh and Kurt talk about a sudo replacement going into systemd called run0. It sounds like it'll get a lot right, but systemd is a pretty big attack surface and not everyone is a fan. We shall have to...

6 Touko 202430min

Josh and Kurt talk about a paper describing using a LLM to automatically create exploits for CVEs. The idea is probably already happening in many spaces such as pen testing and intelligence services. ...

29 Huhti 202437min

Josh and Kurt talk about a database of game cheaters. Cheating in games has many similarities to security problems. Anti cheat rootkits are also terrible. The clever thing however is using statistics ...

22 Huhti 202430min

Josh and Kurt talk about a Notepad++ fake website. It's possibly not illegal, but it's certainly ethically wrong. We also end up discussing why it seems like all these weird and wild things keep happe...

15 Huhti 202435min

Josh and Kurt talk about a new FCC program to provide a cybersecurity certification mark. Similar to other consumer safety marks such as UL or CE. We also tie this conversation into GrapheneOS, and wh...

8 Huhti 202432min

Josh and Kurt talk about the recent events around XZ. It's only been a few days, and it's amazing what we already know. We explain a lot of the basics we currently know with the attitude much of these...

1 Huhti 20241h 1min