The BSOD CrowdStrikes back
Robert Ross joins us in CrowdStrike’s wake to dissect the largest outage in the history of information technology… and what it means for the future of the (software) world.
Robert Ross joins us in CrowdStrike’s wake to dissect the largest outage in the history of information technology… and what it means for the future of the (software) world.
Adam & Jerod discuss the news! But first, we discuss how you can keep up with the software world (good question, Tyler Boyd!) On the docket: Developer job postings trend, the Ladybird Browser Initiative, the Polyfill.js supply chain attack & is the future self-hosted?
Jacob DePriest, VP and Deputy Chief Security Officer at GitHub, joins the show this week to talk about securing GitHub. From Artifact Attestations, profile hardening, preventing XZ-like attacks, GitHub Advanced Security, code scanning, improving Dependabot, and more.
In this episode, Ben Burkert & Chris Stolt join Johhny to explore the ups & downs of trying to get secure local development environments set up, why it’s hard & what you can do about it.
Autumn and Justin are joined by Chris Swan to discuss tech industry trends like AI and sustainability, gamifying the software development process and motivating devs to write more secure code, OpenSSF Scorecards and how they offer a way to measure and improve the security and compliance of GitHub repos, the scoring system, and the security posture of a repository.
Angelica is joined by Neil S Primmer & Benji Vesterby to share their experience organizing “Capture the Flag” at GopherCon 2023. CTF events involve teams vying for supremacy as they strive to gather digital flags (presented as strings) and successfully submit them to the competition organizers. In essence, it’s a thrilling “scavenger hunt for nerds.” Join us as we unravel the intricacies and excitement of this unique gaming experience!
This week we’re going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member.
We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it’s a matter of “when” not “who.”
Filippo Valsorda & Roland Shoemaker from the Go Team return & bring Nicola Murino with them to continue catching us up on what’s new in Go’s crypto libraries.
This is everything we didn’t cover + deep dives from Part 1!
Mat Ryer returns with his guitar, an unpopular opinion & his favorite internet virus.
Filippo Valsorda & Roland Shoemaker from the Go Team sit down with Natalie to catch us up on what’s new in Go’s crypto libraries. No, not that crypto… good ol’ cryptography! Don’t miss Part 2!
Jared Henderson joins us to discuss the state of the art in software parental controls and how we protect our children and lock down our home networks from the constant onslaught of malicious and unwanted content.
Michael Quiqley from NetFoundry joins Natalie to discuss Zero Trust concepts, why they are important for secure systems & how to implement them in Go.
This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!
This week we’re joined by Haroon Meer from Thinkst — the makers of Canary and Canary Tokens. Haroon walks us through a network getting compromised, what it takes to deploy a Canary on your network, how they maintain low false-positive numbers, their thoughts and principles on building their business (major wisdom shared!), and how a Canary helps surface network attacks in real time.
Darcy Clarke, former GitHub Staff Engineering Manager and founder of vlt, joins us to discuss a major bug in the npm ecosystem that he recently disclosed. We cover the bug’s timeline, nuances, and impact, all while setting some important context on npm packages, clients, and registries. Tune in to learn how to protect your codebase and gain a deeper understanding of this crucial part of the JavaScript ecosystem.
This week we’re talking about Passkeys with Anna Pobletts, Head of Passwordless, at 1Password. Will Passkeys enable a passwordless future? Time will tell. Anna shares the what, the why, how, and the when on Passkeys.
Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code
Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.
Our “Hacking with Go” series continues! This time Natalie & Johnny are joined by Ivan Kwiatkowski & Juan Andrés Guerrero-Saade and the conversation is we’re focused around generics and AI.
Ivan Kwiatkowski joins Natalie once again for a follow-up episode to Hacking with Go: Part 2. This time we’ll get Ivan’s perspective on the way Go’s security features are designed and used, from the user/hacker perspective. And of course we will also talk about how AI fits into all this…
Online platforms and their users are susceptible to a barrage of threats – from disinformation to extremism to terror. Daniel and Chris chat with Matar Haller, VP of Data at ActiveFence, a leader in identifying online harm – is using a combination of AI technology and leading subject matter experts to provide Trust & Safety teams with precise, real-time data, in-depth intelligence, and automated tools to protect users and ensure safe online experiences.
In today’s episode, we talk about distroless, ko
, apko
, melange
, musl and glibc. The context is Wolfi OS, a community Linux OS designed for the container and cloud-native era. If you are looking for the lightest possible container base image with 0 CVEs and both glibc and musl support, Wolfi OS & the related chainguard-images are worth checking out.
Ariadne Conill is an Alpine Linux TSC member & Software Engineer at Chainguard.
We’re once again exploring hacking in Go from the eyes of security researchers. This time, Natalie & Ian are joined by Ivan Kwiatkowski (a.k.a. Justice Rage)!
Austin Gil joins the show and KBall continues an old email correspondence about the JS community and growth. Then, the gang plays a round of TIL where Austin shares his learnings about the HTML capture
attribute. Finally, Austin shares what it’s like to have a blog post blow up.
Adam and Jerod are joined by Ken Kantzer, co-founder of PKC Security. Ken and his team performed upwards of 20 code audits on well-funded startups. Now that it’s 7 or 8 years later, he wrote up 16 surprising observations and things he learned looking back at the experience. We gotta discuss ’em all!