Open Source Security

Josh talk to the founder and CEO of Nextcloud, Frank Karlitschek about digital sovereignty. There's a lot of attention lately around digital sovereignty and often that conversation also includes Nextcloud. Frank tells us all about how Nextcloud works, how it can be used to free your data, and has some great insight into what decentralization already looks like and what it could look like soon. The show notes and blog post for this episode can be found at

Open Source Security

Josh talks to David Bernstein about the world of crisis management and business continuity. David is a certified emergency manager and tell us about preparing for both digital and physical disruptions. Everything is IT now, so the way we think about disaster preparedness is changing. We talk about understanding risks, creating plans, and the role of practice in the world of crisis management. This is a super interesting universe and Dave was very patient and kind. I learned a lot and can't wait for Dave to come back. The show notes and blog post for this episode can be found at...

Open Source Security

William Brown is back! This time Josh chats with him about Passkeys. WTF are they? A Passkey is a form of multi factor authentication, but it's not super obvious what that really means. William does a fantastic job explaining what a Passkey is, how we got to where we are today with Passkeys. He shares a ton of explanations about the whole world of authentication along the way. Some of this stuff is basically magic. The show notes and blog post for this episode can be found at

Open Source Security

Josh discusses Suricata with Victor Julien, the founder and lead developer of the project. Victor explains the history of the project, its impact on cybersecurity, and the community that keeps it all running. Challenges like encrypted traffic and the evolution of open-source projects. Victor even gives us a glimpse into what he sees as the future of the project. There's a lot to learn about Suricata in this one. The show notes and blog post for this episode can be found at

Open Source Security

Josh talks to Gergely Nagy (algernon) about his tool Iocaine. Iocaine creates a maze to trap scraping bots in a world a fake pages they cannot escape. algernon tells us how Iocaine effectively traps bots by serving them endless loops of nonsensical URLs and web pages. It's an extremely clever tool that's designed to be completely hidden from normal users, but not hidden to the scrapers. The show notes and blog post for this episode can be found at

Open Source Security

Josh chats with Xe Iaso, the creator of Anubis the web AI firewall. We discuss how Anubis is tackling bots and scrapers. The discussion around the scrapers is fascinating and challenging, these things are everywhere and don't behave very nicely. There's also discussion about running a successful open source project. Xe has a lot of experience to share with us, you're going to learn something new with this one. The show notes and blog post for this episode can be found at

Open Source Security

Josh talk to Dirkjan and Joe about Rustls (pronounced rustles), a Rust-based TLS library. Dirkjan and Joe are developers on Rustls. We talk about the history that got us to this point. The many many challenges in writing a TLS library (Rust or not). We also chat about some of what's to come. Rustls has an OpenSSL compatibility layer which makes is a really interesting project. The show notes and blog post for this episode can be found at

Open Source Security

Josh welcomes back Daniel Thompson explore the rather silly question of whether Santa Claus needs to be compliant with the Cyber Resilience Act (CRA). This episode was intended to be silly, but it ended up being an incredibly interesting conversation. Daniel explained a great deal about how the CRA works and how it could apply to Santa Claus. The TL;DR is even if he's giving out free stuff, the CRA almost certainly applies. Daniel also fills us in on his book (you can email Josh to enter into a drawing for a copy), and his work on web browsers for the CRA. It's an incredibly informative...

Open Source Security

Josh has a chat with Gabriele Columbro, Executive Director of the Fintech Open Source Foundation and General Manager of Linux Foundation Europe. We of course discuss the Cyber Resilience Act (CRA), the evolving landscape of open source regulation, and the collaborative efforts of major foundations. Open source is everywhere, but there's also a ton of work to do now. Gabriele has really good insight into where things are today and where they are heading in the future for open source and regulation. The show notes and blog post for this episode can be found at

Open Source Security

Josh discusses updating open source dependencies with Jamie Tanna. Jamie works on Renovate which gives them a lot of insight into the challenges of keeping your open source updated. We discuss the challenges of semantic versioning, supply chain security, and AI-generated code. If you're new or old to the world of open source dependencies, there's something to learn from this chat. The show notes and blog post for this episode can be found at