Podcast Episodes
Back to Search
CocoPods and proper funding for open source
Episode 437
Josh and Kurt talk about a pretty big bug found in CocoPods ownership. We also touch on a paper that discusses the technical debt that open source sh…
1 year, 11 months ago
OpenSSH and node-ip - it's all exponential growth
Episode 436
Josh and Kurt talk about the recent OpenSSH vulnerability and the node-ip project owner taking their project private. They're quasi related in the co…
2 years ago
polyfill.io - open source is too big to fix
Episode 435
Josh and Kurt talk about the latest polyfill.io mess. Apparently someone took over a very popular project and started to serve malware. First XZ, now…
2 years ago
Unreported vulnerabilities and everyone is getting hacked
Episode 434
Josh and Kurt talk about three wangles of responsibility. We start with a story about a bike theft ring, bike theft doesn't usually get any attention…
2 years ago
Should OpenSSH block misbehaving clients?
Episode 433
Josh and Kurt talk about a new proposal from OpenSSH to add a timeout to penalize clients misbehaving. But this then brings up the typical security c…
2 years ago
Flipper Zero with Alex Kulagin
Episode 432
Josh and Kurt talk to Alex Kulagin from Flipper about the Flipper Zero. It's one of the coolest hacker devices that exists on the market. We talk abo…
2 years, 1 month ago
Redirecting HTTP to HTTPS
Episode 431
Josh and Kurt talk about a blog post titled "Your API Shouldn't Redirect HTTP to HTTPS". It's an interesting idea, and probably a good one. There is …
2 years, 1 month ago
Frozen kernel security
Episode 430
Josh and Kurt talk about a blog post about frozen kernels being more secure. We cover some of the history and how a frozen kernel works and discuss w…
2 years, 1 month ago
The autonomy of open source developers
Episode 429
Josh and Kurt talk about open source and autonomy. This is even related to some recent return to office news. The conversation weaves between a few t…
2 years, 1 month ago
GitHub artifact attestation
Episode 428
Josh and Kurt talk about a new to sign artifacts on GitHub. It's in beta, it's not going to be easy to use, it will have bugs. But that's all OK. Thi…
2 years, 2 months ago