Open Source Security

Josh and Kurt talk about the same topic everyone is talking about, Log4j. This episode was recorded on the Wednesday after the first Log4j issue. We point out all the gaps and difficulties for the def...

20 Dec 202133min

Josh and Kurt talk about the epic failure that was episode 300. But this ties nicely into the topic of the day which is new ways to do things. The example is a new way to hold a controller when playin...

13 Dec 202131min

the lawsuit is based on CFAA, not on copyright. We apologize for this enormous oversight. Josh and Kurt talk about Apple suing NSO using a copyright claim as their vehicle. Copyright is often used as ...

6 Dec 202131min

Josh and Kurt talk about an article about how expertise has a limited lifetime. We are all experts in something, but some of us will find our expert knowledge to be outdated eventually. We discuss wha...

29 Nov 202134min

Josh and Kurt talk to David A. Wheeler about everything OpenSSF. The Open Source Security Foundation is part of the Linux Foundation, and there are 6 OpenSSF working groups. David does a great job exp...

22 Nov 202138min

Josh and Kurt talk about the famous Phrack 49 article "Smashing the Stack for Fun and Profit" turning 25 years old. This paper created a massive amount of change in the industry, possibly more than an...

15 Nov 202133min

Josh and Kurt talk about the new Trojan Source bug. We don't always agree on if this is a vulnerability (it's not), but by the end we come to an agreement that ASCII is out, Unicode is in. We don't li...

8 Nov 202133min

Josh and Kurt talk about Josh's electric car and new job. We then talk about the recent UAParser.js malware incident. There have been a lot of calls to do more to secure open source, but nobody seems ...

1 Nov 202133min