Security

Python Powered Journalistic Freedom With SecureDrop - Episode 228

The internet has made it easier than ever to share information, but at the same time it has increased our ability to track that information. In order to ensure that news agencies are able to accept truly anonymous material submissions from whistelblowers, the Freedom of the Press foundation has supported the ongoing development and maintenance of the SecureDrop platform. In this episode core developers of the project explain what it is, how it protects the privacy and identity of journalistic sources, and some of the challenges associated with ensuring its security. This was an interesting look at the amount of effort that is required to avoid tracking in the modern era.

Read More

Security, UX, and Sustainability For The Python Package Index - Episode 225

PyPI is a core component of the Python ecosystem that most developer’s have interacted with as either a producer or a consumer. But have you ever thought deeply about how it is implemented, who designs those interactions, and how it is secured? In this episode Nicole Harris and William Woodruff discuss their recent work to add new security capabilities and improve the overall accessibility and user experience. It is a worthwhile exercise to consider how much effort goes into making sure that we don’t have to think much about this piece of infrastructure that we all rely on.

Read More

Managing Application Secrets with Brian Kelly - Episode 181

Any application that communicates with other systems or services will at some point require a credential or sensitive piece of information to operate properly. The question then becomes how best to securely store, transmit, and use that information. The world of software secrets management is vast and complicated, so in this episode Brian Kelly, engineering manager at Conjur, aims to help you make sense of it. He explains the main factors for protecting sensitive information in your software development and deployment, ways that information might be leaked, and how to get the whole team on the same page.

Read More

Infection Monkey Vulnerability Scanner with Daniel Goldberg - Episode 177

How secure are your servers? The best way to be sure that your systems aren’t being compromised is to do it yourself. In this episode Daniel Goldberg explains how you can use his project Infection Monkey to run a scan of your infrastructure to find and fix the vulnerabilities that can be taken advantage of. He also discusses his reasons for building it in Python, how it compares to other security scanners, and how you can get involved to keep making it better.

Read More

Yosai with Darin Gordon - Episode 120

For any program that is used by more than one person you need a way to control identity and permissions. There are myriad solutions to that problem, but most of them are tied to a specific framework. Yosai is a flexible, general purpose framework for managing role-based access to your applications that has been decoupled from the underlying platform. This week the author of Yosai, Darin Gordon, joins us to talk about why he started it, his experience porting it from Java, and where he hopes to take it in the future.

Read More

Scapy with Guillaume Valadon - Episode 107

Network protocols are often inscrutable, but if you have an effective way to experiment with them then they expose a lot of power. This week Guillaume Valadon explains how Scapy can be used to inspect your network traffic, test the security of your systems, and develop brand new protocols, all in Python!

Read More

Duplicity with Kenneth Loafman - Episode 103

Everyone who uses a computer on a regular basis knows the importance of backups. Duplicity is one of the most widely used backup technologies, and it’s written in Python! This week Kenneth Loafman shares how Duplicity got started, how it works, and why you should be using it every day.

Read More

Digital Identity, Privacy, and Security with Brian Warner - Episode 102

As the internet and digital technologies continue to infiltrate our way of life, we are forced to consider how our concepts of identity and security are reflected in these spaces. Brian Warner joins me this week to discuss his work on privacy focused projects that he has worked on, including the Tahoe LAFS, Firefox Sync, and Magic Wormhole. He also has some intriguing ideas about how we can replace passwords and what it means to have an online identity.

Read More

The Update Framework: Securing Your Software Updates with Justin Cappos - Episode 99

If you write software then there’s a good probability that you have had to deal with installing dependencies, but did you stop to ask whether you’re installing what you think you are? My guest this week is Professor Justin Cappos from the Secure Systems Lab at New York University and he joined me to discuss his work on The Update Framework which was built to guarantee that you never install a compromised package in your systems.

Read More

Mycroft with Steve Penrod - Episode 82

Speech is the most natural interface for communication, and yet we force ourselves to conform to the limitations of our tools in our daily tasks. As computation becomes cheaper and more ubiquitous and artificial intelligence becomes more capable, voice becomes a more practical means of controlling our environments. This week Steve Penrod shares the work that is being done on the Mycroft project and the company of the same name. He explains how he met the other members of the team, how the project got started, what it can do right now, and where they are headed in the future.

Read More