Listen

Listened to Open Source Security Podcast: Episode 440 - "What is open source" talk Josh gave
Post details
and talk about a presentation Josh recently gave that was supposed to be about how open source works. The talk was the wrong topic for a security crowd, but there's a lot of interesting details in the questions and comments that emerged. It's clear a lot of security people don't really care about the fine details about what open source is, their primary goal is to help keep development secure. Show Notes

 Repost

Reposted phillmv (@phillmv@hachyderm.io)
Post details
@simon@simonwillison.net every now and then i feel like im taking crazy pills because i remember when aaron swartz killed himself because he was going to go to jail forever because he scraped JSTOR, and eleven years later your manager tells you “sshhhh it’s fine just scrape all of it don’t worry the CEO said it’s fine”

 Repost

Reposted Jeff (@overeducatedredneck@bitbang.social)
Post details
I used "crowdstrike" as a verb at work today, to paraphrase: "CI is broken because github crowdstruck us with a bad rust compiler update". AKA: usable any time an automatic update from a vendor breaks your infrastructure. All I'm saying is, if they didn't want this neologism, they shouldn't have ruined my flight home from Italy. #crowdstrike

 Listen

Listened to Open Source Security Podcast: Episode 439 - Where are all the youth in open source?
Post details
and talk about a story talking about the "graying" of open source. There doesn't seem to be many young people working on open source, but we don't really know why that is. There are many thoughts, but a better question is why should anyone get involved in open source anymore? The world has changed quite a lot since open source was created. Show Notes OSPOs for Good 2024

 Listen

Listened to Open Source Security Podcast: Episode 438 - CISA's bad OSS advice vs the Whitehouse good advice
Post details
and talk about two documents from the US government that discuss open source in very different ways. The CISA document lays out a way to measure open source, but we take issue with the idea of trying to measure which open source projects are "good". The Whitehouse on the other hand takes an approach that is very open source, get involved. Trying to measure open source isn't producing anything actionable, but getting involved is very actionable, and very much how open source works. Show Notes

 Repost

Reposted raganwald 🍓 (@raganwald@social.bau-ha.us)
Post details
I used to just block ads and leave it up to others to handle the Digital Panopticon. But now I ask myself, “Why am I giving these people oxygen? If they feel their creativity is best presented with a popup that is surrounded by a blur to force you to interact with it, and then when you make it go away there are header and footer ads, and every two paragraphs there is an ad… I can take a moment and find a different page.” I no longer link to pages that are ads interrupted with content. 🚫