Alex Gaynor
We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerd...
Money for nothing, commits for free
dadrian.ioIn late March 2024, the open source community discovered a backdoor in XZ Utils, a suite of tools that use the xz compression algorithm. The xz backdoor was embedded inside liblzma, and took effect when liblzma was used in OpenSSH, a common remote-login tool. You can read about this extensively in many places elsewhere. Since then, many people leveraged the xz backdoor to highlight their favorite systemic issue in open source. Jen Easterly, the head of CISA, argued that the only way to stop another backdoor is by having more corporate support for open source. This opinion was echoed by Meredith Whitaker, the CEO of Signal. A similar opinion among developers is that the only way to secure the open source ecosystem is by offering some sort of Universal Basic Income (UBI) so that developers can work on open source full time.
Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor
The Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, ...