The latest episode of the #osspodcast appropriately named "XZ Bonus Spectacular Episode" was informative, and while they made it abundantly clear there is not currently (possibly never in the current state of "things") a fix-all be-all solution, it is always fun to hear my fave #infosec old married couple bicker about OSS. And I am not just saying this because of the shout-outs (including the cell phone story), but because it helped emphasize an important thing I didn't realize - Debian's response to this was absolutely spectacular. I dare any commercially sponsored distro to do the same.
Debian seriously just when up in my book, and if you know me, that's something.
There's a huge disconnect for me rn in the IT space. Companies love to talk about an increasing deficit of smart, talented and skillful people available to help defend the cybers. Welp, a lot of those people are somehow now seeking gainful employment bc they've been laid off. Which is just nuts to me given the sheer scale, resources and effort our adversaries are throwing at everything now.
p.s. AI isn't going to fix anyone's security problems. If anything, it's going to compound them by orders of magnitude (at least in terms of data governance).
@briankrebs to quote @joshbressers incorrectly from a recent #osspodcast episode: “if a company gets hacked it’s not the technical person‘s problem. It’s the business is problem.” I would extend that but most business people aren’t all that tightly aligned with their company, indeed, the whole nature of companies is to limit liability for the people working for them from the company does. Which are done by the people who have protection from the liability of what they’re doing. I’m sure it’ll work out fine.
Good news: a new #osspodcast has dropped which talks about old security technology, some of which did not make it, some of which is still in use, and some of which spawned entire industries.
Weird news: @joshbressers has a high-pitched noise that some of you can hear (assuming you have nice speakers and such).
Bad news: mod_security is basically dead ("Trustwave is announcing the End-of-Life (EOL) of our support for ModSecurity effective July 1, 2024. We will then hand over the maintenance of ModSecurity code back to the open-source community.")
TL;DR: as always it's a weird and wonderful journey and I'm not sure where we are, or where we're going, but I'm pretty sure we're not lost. At least not in a dangerous way.
TL;DR: CISA did a REALLY Interesting thought experiment about 4 possible outcomes and you should probably read the paper they produced talking about them.
What is your favorite 10-20+ year old open source security technology? I’m talking things like tripwire, SATAN, fail2ban and so on. This is totally for harvesting content for a future #osspodcast episode.
Also I forgot the content warning, this holiday spectacular episode gets kind of real, especially around healthcare and houselessness/unhoused people and a bunch of other topics.
What happens when Santa uses AI to manage the naughty and nice list? As we all learned from "The good place" the points based system no longer works. Find out on the #osspodcast with @joshbressers at https://opensourcesecurity.io/2023/12/17/episode-407-should_santa-use-ai/ Also are elves people? What species are they? Are Santa's elves aquatic elves? Does everyone live on top of water? What about volcanoes? Also what's the maintenance cycle like for Santas sleigh? Is there a log book for this somewhere?
Good news: radios are getting really cheap and low power, heck we stuck one on the cats collar. Bad news: we're sticking radios in everything new, and relying on them, maybe too much? Also, it's amazing that things like GPS even work at all considering how weak the signals are. Find out more with @joshbressers on the #osspodcasthttps://opensourcesecurity.io/2023/12/10/episode-406-the-security-of-radio/ Also Kurt totally doesn't do illegal things with stuff that isn't legal to turn on, but he does know what happens when you turn on a GPS signal jammer.
@joshbressers Also listening to the #osspodcast I realize I really love nails, screws, bolts, fasteners, tapes, solvents (for chemical welding), and glues.
Not sure if you've changed something with syndication, but Google Podcasts has been having trouble syncing the #osspodcast lately. The oldest episodes all disappeared, and the newest one tends to phase in and out of existence. 🤷