Podcasts about DEFCON

Agency Of Technology - Become A Hacker _______________________________________________________________________________________________________________________ Website / Donations / Support - https://closednetwork.io Thank You Patreons! - Michael Bates - Privacy Bad Ass Richard G. - Privacy Bad Ass Support / Patreon / Donations: https://closednetwork.io/support/ TOP LIGHTNING BOOSTERS !!!! THANK YOU !!! - Turquoise Panda -@bon -SircussMedia -@Pixeljones -whitecoat Join Our Matrix Channels! Main - https://matrix.to/#/#closedntwrk:matrix.org Off Topic - https://matrix.to/#/#closednetworkofftopic:matrix.org Join Our Mastodon server! (currently under migration) https://closednetwork.social ________________________________________________________________________________________________________________________ Top US Spies Meet With Privacy Experts Over Surveillance ‘Crown Jewel' https://www.wired.com/story/section-702-privacy-meeting/ Car Companies: Stop Your Huge Data Collection Programs - " Add your name to ask car companies to stop collecting, sharing and selling our very personal information. " https://foundation.mozilla.org/en/privacynotincluded/articles/car-companies-stop-your-huge-data-collection-programs-en/ T-Mobile users say other people's account information is appearing in their app https://www.theverge.com/2023/9/20/23881825/t-mobile-account-security-breach-customer-information-leak MULLVAD VPN We have successfully completed our migration to RAM-only VPN infrastructure https://mullvad.net/en/blog/2023/9/20/we-have-successfully-completed-our-migration-to-ram-only-vpn-infrastructure/ THREEMA USERS Threema for iOS: Chat on the Computer Without a Connection to the Smartphone https://threema.ch/en/blog/posts/ios-new-desktop-md Why self host? You're data can never be sold. You never know what "privacy" company you are relying on now decides to sell. Google has only got to the behemoth that they are because they have acquired business. Same with Apple. DEF CON 31 - An Audacious Plan to Halt the Internet's Ensh*ttification - Cory Doctorow The enshittification of the internet follows a predictable trajectory: first, platforms are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die. https://www.youtube.com/watch?v=rimtaSgGz_4 The Hacktivist, Award Winning Short Film Documentary: Celebrity hacker Andrew 'Bunnie' Huang first clashed with US tech giant Microsoft for teaching others how to modify the Xbox. Almost 20 years later, he is suing the US government to push for the right to use and own technology, all while creating hackable hardware with other tech superstars like whistleblower Edward Snowden and firmware hacker Sean Cross. Bunnie is convinced that, “If you can't hack what you have, you don't own it.” This documentary tinkers with the hacker's mind on issues around transparency and privacy in the hardware world, all while Bunnie dismantles his childhood, his philosophy, and his controversy. Precursor Mobile, Open Hardware, RISC-V System-on-Chip (SoC) Development Kit https://www.crowdsupply.com/sutajio-kosagi/precursor https://www.bunniestudios.com/blog/?p=5921 https://www.youtube.com/watch?v=KyYsVeYzbik Opening Sound Clip: - Lee Tien - Senior Staff Attorney - EFF (Electronic Frontier Foundation)

As if we don't discuss world tragedies enough, today we have our coworker Gerry join the pod to discuss Hiroshima and his recent trip to Japan. Emily brings a gift for the boys and their jaws hit the floor. OCT 5 LA LIVE SHOW TICKETS: ticketweb.com/event/almost-friday-podcast-live-the-bourbon-room-tickets/13568858?pl=BourbonRoom FOLLOW OUR SOCIALS: https://www.flowcode.com/page/almostfridaypod SUBMIT CHARACTERS HERE: https://docs.google.com/forms/d/e/1FAIpQLSdh4-t1h_F7STZ6xRK2Ai5idy0FZni8psQMluBltbKtPL8wbA/viewform SUPPORT OUR SPONSORS: GET 10% OFF YOUR FIRST ORDER AT HELLOTUSHY.COM/ALMOSTFRIDAY HEAD TO FACTORMEALS.COM/ALMOSTFRIDAY50 TO GET 50% OFF (01:50) You Have To Want It (05:17) Russian Propaganda (07:30) Gerry's Trip to Japan (11:31) Gerry is a Monster (17:03) Hiroshima (22:13) Is Will fun to travel with? (26:13) Liam Brings Dead Birds (27:30) Defcon 5 (33:00) Leggo Play (35:55) Characters (56:40) Nick Chubb

Steve Tuck, Co-Founder & CEO of Oxide Computer Company, joins Corey on Screaming in the Cloud to discuss his work to make modern computers cloud-friendly. Steve describes what it was like going through early investment rounds, and the difficult but important decision he and his co-founder made to build their own switch. Corey and Steve discuss the demand for on-prem computers that are built for cloud capability, and Steve reveals how Oxide approaches their product builds to ensure the masses can adopt their technology wherever they are. About SteveSteve is the Co-founder & CEO of Oxide Computer Company.  He previously was President & COO of Joyent, a cloud computing company acquired by Samsung.  Before that, he spent 10 years at Dell in a number of different roles. Links Referenced: Oxide Computer Company: https://oxide.computer/ On The Metal Podcast: https://oxide.computer/podcasts/on-the-metal TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is brought to us in part by our friends at RedHat. As your organization grows, so does the complexity of your IT resources. You need a flexible solution that lets you deploy, manage, and scale workloads throughout your entire ecosystem. The Red Hat Ansible Automation Platform simplifies the management of applications and services across your hybrid infrastructure with one platform. Look for it on the AWS Marketplace.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. You know, I often say it—but not usually on the show—that Screaming in the Cloud is a podcast about the business of cloud, which is intentionally overbroad so that I can talk about basically whatever the hell I want to with whoever the hell I'd like. Today's guest is, in some ways of thinking, about as far in the opposite direction from Cloud as it's possible to go and still be involved in the digital world. Steve Tuck is the CEO at Oxide Computer Company. You know, computers, the things we all pretend aren't underpinning those clouds out there that we all use and pay by the hour, gigabyte, second-month-pound or whatever it works out to. Steve, thank you for agreeing to come back on the show after a couple years, and once again suffer my slings and arrows.Steve: Much appreciated. Great to be here. It has been a while. I was looking back, I think three years. This was like, pre-pandemic, pre-interest rates, pre… Twitter going totally sideways.Corey: And I have to ask to start with that, it feels, on some level, like toward the start of the pandemic, when everything was flying high and we'd had low interest rates for a decade, that there was a lot of… well, lunacy lurking around in the industry, my own business saw it, too. It turns out that not giving a shit about the AWS bill is in fact a zero interest rate phenomenon. And with all that money or concentrated capital sloshing around, people decided to do ridiculous things with it. I would have thought, on some level, that, “We're going to start a computer company in the Bay Area making computers,” would have been one of those, but given that we are a year into the correction, and things seem to be heading up into the right for you folks, that take was wrong. How'd I get it wrong?Steve: Well, I mean, first of all, you got part of it right, which is there were just a litany of ridiculous companies and projects and money being thrown in all directions at that time.Corey: An NFT of a computer. We're going to have one of those. That's what you're selling, right? Then you had to actually hard pivot to making the real thing.Steve: That's it. So, we might as well cut right to it, you know. This is—we went through the crypto phase. But you know, our—when we started the company, it was yes, a computer company. It's on the tin. It's definitely kind of the foundation of what we're building. But you know, we think about what a modern computer looks like through the lens of cloud.I was at a cloud computing company for ten years prior to us founding Oxide, so was Bryan Cantrill, CTO, co-founder. And, you know, we are huge, huge fans of cloud computing, which was an interesting kind of dichotomy. Instead of conversations when we were raising for Oxide—because of course, Sand Hill is terrified of hardware. And when we think about what modern computers need to look like, they need to be in support of the characteristics of cloud, and cloud computing being not that you're renting someone else's computers, but that you have fully programmable infrastructure that allows you to slice and dice, you know, compute and storage and networking however software needs. And so, what we set out to go build was a way for the companies that are running on-premises infrastructure—which, by the way, is almost everyone and will continue to be so for a very long time—access to the benefits of cloud computing. And to do that, you need to build a different kind of computing infrastructure and architecture, and you need to plumb the whole thing with software.Corey: There are a number of different ways to view cloud computing. And I think that a lot of the, shall we say, incumbent vendors over in the computer manufacturing world tend to sound kind of like dinosaurs, on some level, where they're always talking in terms of, you're a giant company and you already have a whole bunch of data centers out there. But one of the magical pieces of cloud is you can have a ridiculous idea at nine o'clock tonight and by morning, you'll have a prototype, if you're of that bent. And if it turns out it doesn't work, you're out, you know, 27 cents. And if it does work, you can keep going and not have to stop and rebuild on something enterprise-grade.So, for the small-scale stuff and rapid iteration, cloud providers are terrific. Conversely, when you wind up in the giant fleets of millions of computers, in some cases, there begin to be economic factors that weigh in, and for some on workloads—yes, I know it's true—going to a data center is the economical choice. But my question is, is starting a new company in the direction of building these things, is it purely about economics or is there a capability story tied in there somewhere, too?Steve: Yeah, it's actually economics ends up being a distant third, fourth, in the list of needs and priorities from the companies that we're working with. When we talk about—and just to be clear we're—our demographic, that kind of the part of the market that we are focused on are large enterprises, like, folks that are spending, you know, half a billion, billion dollars a year in IT infrastructure, they, over the last five years, have moved a lot of the use cases that are great for public cloud out to the public cloud, and who still have this very, very large need, be it for latency reasons or cost reasons, security reasons, regulatory reasons, where they need on-premises infrastructure in their own data centers and colo facilities, et cetera. And it is for those workloads in that part of their infrastructure that they are forced to live with enterprise technologies that are 10, 20, 30 years old, you know, that haven't evolved much since I left Dell in 2009. And, you know, when you think about, like, what are the capabilities that are so compelling about cloud computing, one of them is yes, what you mentioned, which is you have an idea at nine o'clock at night and swipe a credit card, and you're off and running. And that is not the case for an idea that someone has who is going to use the on-premises infrastructure of their company. And this is where you get shadow IT and 16 digits to freedom and all the like.Corey: Yeah, everyone with a corporate credit card winds up being a shadow IT source in many cases. If your processes as a company don't make it easier to proceed rather than doing it the wrong way, people are going to be fighting against you every step of the way. Sometimes the only stick you've got is that of regulation, which in some industries, great, but in other cases, no, you get to play Whack-a-Mole. I've talked to too many companies that have specific scanners built into their mail system every month looking for things that look like AWS invoices.Steve: [laugh]. Right, exactly. And so, you know, but if you flip it around, and you say, well, what if the experience for all of my infrastructure that I am running, or that I want to provide to my software development teams, be it rented through AWS, GCP, Azure, or owned for economic reasons or latency reasons, I had a similar set of characteristics where my development team could hit an API endpoint and provision instances in a matter of seconds when they had an idea and only pay for what they use, back to kind of corporate IT. And what if they were able to use the same kind of developer tools they've become accustomed to using, be it Terraform scripts and the kinds of access that they are accustomed to using? How do you make those developers just as productive across the business, instead of just through public cloud infrastructure?At that point, then you are in a much stronger position where you can say, you know, for a portion of things that are, as you pointed out, you know, more unpredictable, and where I want to leverage a bunch of additional services that a particular cloud provider has, I can rent that. And where I've got more persistent workloads or where I want a different economic profile or I need to have something in a very low latency manner to another set of services, I can own it. And that's where I think the real chasm is because today, you just don't—we take for granted the basic plumbing of cloud computing, you know? Elastic Compute, Elastic Storage, you know, networking and security services. And us in the cloud industry end up wanting to talk a lot more about exotic services and, sort of, higher-up stack capabilities. None of that basic plumbing is accessible on-prem.Corey: I also am curious as to where exactly Oxide lives in the stack because I used to build computers for myself in 2000, and it seems like having gone down that path a bit recently, yeah, that process hasn't really improved all that much. The same off-the-shelf components still exist and that's great. We always used to disparagingly call spinning hard drives as spinning rust in racks. You named the company Oxide; you're talking an awful lot about the Rust programming language in public a fair bit of the time, and I'm starting to wonder if maybe words don't mean what I thought they meant anymore. Where do you folks start and stop, exactly?Steve: Yeah, that's a good question. And when we started, we sort of thought the scope of what we were going to do and then what we were going to leverage was smaller than it has turned out to be. And by that I mean, man, over the last three years, we have hit a bunch of forks in the road where we had questions about do we take something off the shelf or do we build it ourselves. And we did not try to build everything ourselves. So, to give you a sense of kind of where the dotted line is, around the Oxide product, what we're delivering to customers is a rack-level computer. So, the minimum size comes in rack form. And I think your listeners are probably pretty familiar with this. But, you know, a rack is—Corey: You would be surprised. It's basically, what are they about seven feet tall?Steve: Yeah, about eight feet tall.Corey: Yeah, yeah. Seven, eight feet, weighs a couple 1000 pounds, you know, make an insulting joke about—Steve: Two feet wide.Corey: —NBA players here. Yeah, all kinds of these things.Steve: Yeah. And big hunk of metal. And in the cases of on-premises infrastructure, it's kind of a big hunk of metal hole, and then a bunch of 1U and 2U boxes crammed into it. What the hyperscalers have done is something very different. They started looking at, you know, at the rack level, how can you get much more dense, power-efficient designs, doing things like using a DC bus bar down the back, instead of having 64 power supplies with cables hanging all over the place in a rack, which I'm sure is what you're more familiar with.Corey: Tremendous amount of weight as well because you have the metal chassis for all of those 1U things, which in some cases, you wind up with, what, 46U in a rack, assuming you can even handle the cooling needs of all that.Steve: That's right.Corey: You have so much duplication, and so much of the weight is just metal separating one thing from the next thing down below it. And there are opportunities for massive improvement, but you need to be at a certain point of scale to get there.Steve: You do. You do. And you also have to be taking on the entire problem. You can't pick at parts of these things. And that's really what we found. So, we started at this sort of—the rack level as sort of the design principle for the product itself and found that that gave us the ability to get to the right geometry, to get as much CPU horsepower and storage and throughput and networking into that kind of chassis for the least amount of wattage required, kind of the most power-efficient design possible.So, it ships at the rack level and it ships complete with both our server sled systems in Oxide, a pair of Oxide switches. This is—when I talk about, like, design decisions, you know, do we build our own switch, it was a big, big, big question early on. We were fortunate even though we were leaning towards thinking we needed to go do that, we had this prospective early investor who was early at AWS and he had asked a very tough question that none of our other investors had asked to this point, which is, “What are you going to do about the switch?”And we knew that the right answer to an investor is like, “No. We're already taking on too much.” We're redesigning a server from scratch in, kind of, the mold of what some of the hyperscalers have learned, doing our own Root of Trust, we're doing our own operating system, hypervisor control plane, et cetera. Taking on the switch could be seen as too much, but we told them, you know, we think that to be able to pull through all of the value of the security benefits and the performance and observability benefits, we can't have then this [laugh], like, obscure third-party switch rammed into this rack.Corey: It's one of those things that people don't think about, but it's the magic of cloud with AWS's network, for example, it's magic. You can get line rate—or damn near it—between any two points, sustained.Steve: That's right.Corey: Try that in the data center, you wind into massive congestion with top-of-rack switches, where, okay, we're going to parallelize this stuff out over, you know, two dozen racks and we're all going to have them seamlessly transfer information between each other at line rate. It's like, “[laugh] no, you're not because those top-of-rack switches will melt and become side-of-rack switches, and then bottom-puddle-of-rack switches. It doesn't work that way.”Steve: That's right.Corey: And you have to put a lot of thought and planning into it. That is something that I've not heard a traditional networking vendor addressing because everyone loves to hand-wave over it.Steve: Well so, and this particular prospective investor, we told him, “We think we have to go build our own switch.” And he said, “Great.” And we said, “You know, we think we're going to lose you as an investor as a result, but this is what we're doing.” And he said, “If you're building your own switch, I want to invest.” And his comment really stuck with us, which is AWS did not stand on their own two feet until they threw out their proprietary switch vendor and built their own.And that really unlocked, like you've just mentioned, like, their ability, both in hardware and software to tune and optimize to deliver that kind of line rate capability. And that is one of the big findings for us as we got into it. Yes, it was really, really hard, but based on a couple of design decisions, P4 being the programming language that we are using as the surround for our silicon, tons of opportunities opened up for us to be able to do similar kinds of optimization and observability. And that has been a big, big win.But to your question of, like, where does it stop? So, we are delivering this complete with a baked-in operating system, hypervisor, control plane. And so, the endpoint of the system, where the customer meets is either hitting an API or a CLI or a console that delivers and kind of gives you the ability to spin up projects. And, you know, if one is familiar with EC2 and EBS and VPC, that VM level of abstraction is where we stop.Corey: That, I think, is a fair way of thinking about it. And a lot of cloud folks are going to pooh-pooh it as far as saying, “Oh well, just virtual machines. That's old cloud. That just treats the cloud like a data center.” And in many cases, yes, it does because there are ways to build modern architectures that are event-driven on top of things like Lambda, and API Gateway, and the rest, but you take a look at what my customers are doing and what drives the spend, it is invariably virtual machines that are largely persistent.Sometimes they scale up, sometimes they scale down, but there's always a baseline level of load that people like to hand-wave away the fact that what they're fundamentally doing in a lot of these cases, is paying the cloud provider to handle the care and feeding of those systems, which can be expensive, yes, but also delivers significant innovation beyond what almost any company is going to be able to deliver in-house. There is no way around it. AWS is better than you are—whoever you happen to—be at replacing failed hard drives. That is a simple fact. They have teams of people who are the best in the world of replacing failed hard drives. You generally do not. They are going to be better at that than you. But that's not the only axis. There's not one calculus that leads to, is cloud a scam or is cloud a great value proposition for us? The answer is always a deeply nuanced, “It depends.”Steve: Yeah, I mean, I think cloud is a great value proposition for most and a growing amount of software that's being developed and deployed and operated. And I think, you know, one of the myths that is out there is, hey, turn over your IT to AWS because we have or you know, a cloud provider—because we have such higher caliber personnel that are really good at swapping hard drives and dealing with networks and operationally keeping this thing running in a highly available manner that delivers good performance. That is certainly true, but a lot of the operational value in an AWS is been delivered via software, the automation, the observability, and not actual people putting hands on things. And it's an important point because that's been a big part of what we're building into the product. You know, just because you're running infrastructure in your own data center, it does not mean that you should have to spend, you know, 1000 hours a month across a big team to maintain and operate it. And so, part of that, kind of, cloud, hyperscaler innovation that we're baking into this product is so that it is easier to operate with much, much, much lower overhead in a highly available, resilient manner.Corey: So, I've worked in a number of data center facilities, but the companies I was working with, were always at a scale where these were co-locations, where they would, in some cases, rent out a rack or two, in other cases, they'd rent out a cage and fill it with their own racks. They didn't own the facilities themselves. Those were always handled by other companies. So, my question for you is, if I want to get a pile of Oxide racks into my environment in a data center, what has to change? What are the expectations?I mean, yes, there's obviously going to be power and requirements at the data center colocation is very conversant with, but Open Compute, for example, had very specific requirements—to my understanding—around things like the airflow construction of the environment that they're placed within. How prescriptive is what you've built, in terms of doing a building retrofit to start using you folks?Steve: Yeah, definitely not. And this was one of the tensions that we had to balance as we were designing the product. For all of the benefits of hyperscaler computing, some of the design center for you know, the kinds of racks that run in Google and Amazon and elsewhere are hyperscaler-focused, which is unlimited power, in some cases, data centers designed around the equipment itself. And where we were headed, which was basically making hyperscaler infrastructure available to, kind of, the masses, the rest of the market, these folks don't have unlimited power and they aren't going to go be able to go redesign data centers. And so no, the experience should be—with exceptions for folks maybe that have very, very limited access to power—that you roll this rack into your existing data center. It's on standard floor tile, that you give it power, and give it networking and go.And we've spent a lot of time thinking about how we can operate in the wide-ranging environmental characteristics that are commonplace in data centers that focus on themselves, colo facilities, and the like. So, that's really on us so that the customer is not having to go to much work at all to kind of prepare and be ready for it.Corey: One of the challenges I have is how to think about what you've done because you are rack-sized. But what that means is that my own experimentation at home recently with on-prem stuff for smart home stuff involves a bunch of Raspberries Pi and a [unintelligible 00:19:42], but I tend to more or less categorize you the same way that I do AWS Outposts, as well as mythical creatures, like unicorns or giraffes, where I don't believe that all these things actually exist because I haven't seen them. And in fact, to get them in my house, all four of those things would theoretically require a loading dock if they existed, and that's a hard thing to fake on a demo signup form, as it turns out. How vaporware is what you've built? Is this all on paper and you're telling amazing stories or do they exist in the wild?Steve: So, last time we were on, it was all vaporware. It was a couple of napkin drawings and a seed round of funding.Corey: I do recall you not using that description at the time, for what it's worth. Good job.Steve: [laugh]. Yeah, well, at least we were transparent where we were going through the race. We had some napkin drawings and we had some good ideas—we thought—and—Corey: You formalize those and that's called Microsoft PowerPoint.Steve: That's it. A hundred percent.Corey: The next generative AI play is take the scrunched-up, stained napkin drawing, take a picture of it, and convert it to a slide.Steve: Google Docs, you know, one of those. But no, it's got a lot of scars from the build and it is real. In fact, next week, we are going to be shipping our first commercial systems. So, we have got a line of racks out in our manufacturing facility in lovely Rochester, Minnesota. Fun fact: Rochester, Minnesota, is where the IBM AS/400s were built.Corey: I used to work in that market, of all things.Steve: Really?Corey: Selling tape drives in the AS/400. I mean, I still maintain there's no real mainframe migration to the cloud play because there's no AWS/400. A joke that tends to sail over an awful lot of people's heads because, you know, most people aren't as miserable in their career choices as I am.Steve: Okay, that reminds me. So, when we were originally pitching Oxide and we were fundraising, we [laugh]—in a particular investor meeting, they asked, you know, “What would be a good comp? Like how should we think about what you are doing?” And fortunately, we had about 20 investor meetings to go through, so burning one on this was probably okay, but we may have used the AS/400 as a comp, talking about how [laugh] mainframe systems did such a good job of building hardware and software together. And as you can imagine, there were some blank stares in that room.But you know, there are some good analogs to historically in the computing industry, when you know, the industry, the major players in the industry, were thinking about how to deliver holistic systems to support end customers. And, you know, we see this in the what Apple has done with the iPhone, and you're seeing this as a lot of stuff in the automotive industry is being pulled in-house. I was listening to a good podcast. Jim Farley from Ford was talking about how the automotive industry historically outsourced all of the software that controls cars, right? So, like, Bosch would write the software for the controls for your seats.And they had all these suppliers that were writing the software, and what it meant was that innovation was not possible because you'd have to go out to suppliers to get software changes for any little change you wanted to make. And in the computing industry, in the 80s, you saw this blow apart where, like, firmware got outsourced. In the IBM and the clones, kind of, race, everyone started outsourcing firmware and outsourcing software. Microsoft started taking over operating systems. And then VMware emerged and was doing a virtualization layer.And this, kind of, fragmented ecosystem is the landscape today that every single on-premises infrastructure operator has to struggle with. It's a kit car. And so, pulling it back together, designing things in a vertically integrated manner is what the hyperscalers have done. And so, you mentioned Outposts. And, like, it's a good example of—I mean, the most public cloud of public cloud companies created a way for folks to get their system on-prem.I mean, if you need anything to underscore the draw and the demand for cloud computing-like, infrastructure on-prem, just the fact that that emerged at all tells you that there is this big need. Because you've got, you know, I don't know, a trillion dollars worth of IT infrastructure out there and you have maybe 10% of it in the public cloud. And that's up from 5% when Jassy was on stage in '21, talking about 95% of stuff living outside of AWS, but there's going to be a giant market of customers that need to own and operate infrastructure. And again, things have not improved much in the last 10 or 20 years for them.Corey: They have taken a tone onstage about how, “Oh, those workloads that aren't in the cloud, yet, yeah, those people are legacy idiots.” And I don't buy that for a second because believe it or not—I know that this cuts against what people commonly believe in public—but company execs are generally not morons, and they make decisions with context and constraints that we don't see. Things are the way they are for a reason. And I promise that 90% of corporate IT workloads that still live on-prem are not being managed or run by people who've never heard of the cloud. There was a decision made when some other things were migrating of, do we move this thing to the cloud or don't we? And the answer at the time was no, we're going to keep this thing on-prem where it is now for a variety of reasons of varying validity. But I don't view that as a bug. I also, frankly, don't want to live in a world where all the computers are basically run by three different companies.Steve: You're spot on, which is, like, it does a total disservice to these smart and forward-thinking teams in every one of the Fortune 1000-plus companies who are taking the constraints that they have—and some of those constraints are not monetary or entirely workload-based. If you want to flip it around, we were talking to a large cloud SaaS company and their reason for wanting to extend it beyond the public cloud is because they want to improve latency for their e-commerce platform. And navigating their way through the complex layers of the networking stack at GCP to get to where the customer assets are that are in colo facilities, adds lag time on the platform that can cost them hundreds of millions of dollars. And so, we need to think behind this notion of, like, “Oh, well, the dark ages are for software that can't run in the cloud, and that's on-prem. And it's just a matter of time until everything moves to the cloud.”In the forward-thinking models of public cloud, it should be both. I mean, you should have a consistent experience, from a certain level of the stack down, everywhere. And then it's like, do I want to rent or do I want to own for this particular use case? In my vast set of infrastructure needs, do I want this to run in a data center that Amazon runs or do I want this to run in a facility that is close to this other provider of mine? And I think that's best for all. And then it's not this kind of false dichotomy of quality infrastructure or ownership.Corey: I find that there are also workloads where people will come to me and say, “Well, we don't think this is going to be economical in the cloud”—because again, I focus on AWS bills. That is the lens I view things through, and—“The AWS sales rep says it will be. What do you think?” And I look at what they're doing and especially if involves high volumes of data transfer, I laugh a good hearty laugh and say, “Yeah, keep that thing in the data center where it is right now. You will thank me for it later.”It's, “Well, can we run this in an economical way in AWS?” As long as you're okay with economical meaning six times what you're paying a year right now for the same thing, yeah, you can. I wouldn't recommend it. And the numbers sort of speak for themselves. But it's not just an economic play.There's also the story of, does this increase their capability? Does it let them move faster toward their business goals? And in a lot of cases, the answer is no, it doesn't. It's one of those business process things that has to exist for a variety of reasons. You don't get to reimagine it for funsies and even if you did, it doesn't advance the company in what they're trying to do any, so focus on something that differentiates as opposed to this thing that you're stuck on.Steve: That's right. And what we see today is, it is easy to be in that mindset of running things on-premises is kind of backwards-facing because the experience of it is today still very, very difficult. I mean, talking to folks and they're sharing with us that it takes a hundred days from the time all the different boxes land in their warehouse to actually having usable infrastructure that developers can use. And our goal and what we intend to go hit with Oxide as you can roll in this complete rack-level system, plug it in, within an hour, you have developers that are accessing cloud-like services out of the infrastructure. And that—God, countless stories of firmware bugs that would send all the fans in the data center nonlinear and soak up 100 kW of power.Corey: Oh, God. And the problems that you had with the out-of-band management systems. For a long time, I thought Drax stood for, “Dell, RMA Another Computer.” It was awful having to deal with those things. There was so much room for innovation in that space, which no one really grabbed onto.Steve: There was a really, really interesting talk at DEFCON that we just stumbled upon yesterday. The NVIDIA folks are giving a talk on BMC exploits… and like, a very, very serious BMC exploit. And again, it's what most people don't know is, like, first of all, the BMC, the Baseboard Management Controller, is like the brainstem of the computer. It has access to—it's a backdoor into all of your infrastructure. It's a computer inside a computer and it's got software and hardware that your server OEM didn't build and doesn't understand very well.And firmware is even worse because you know, firmware written by you know, an American Megatrends or other is a big blob of software that gets loaded into these systems that is very hard to audit and very hard to ascertain what's happening. And it's no surprise when, you know, back when we were running all the data centers at a cloud computing company, that you'd run into these issues, and you'd go to the server OEM and they'd kind of throw their hands up. Well, first they'd gaslight you and say, “We've never seen this problem before,” but when you thought you've root-caused something down to firmware, it was anyone's guess. And this is kind of the current condition today. And back to, like, the journey to get here, we kind of realized that you had to blow away that old extant firmware layer, and we rewrote our own firmware in Rust. Yes [laugh], I've done a lot in Rust.Corey: No, it was in Rust, but, on some level, that's what Nitro is, as best I can tell, on the AWS side. But it turns out that you don't tend to have the same resources as a one-and-a-quarter—at the moment—trillion-dollar company. That keeps [valuing 00:30:53]. At one point, they lost a comma and that was sad and broke all my logic for that and I haven't fixed it since. Unfortunate stuff.Steve: Totally. I think that was another, kind of, question early on from certainly a lot of investors was like, “Hey, how are you going to pull this off with a smaller team and there's a lot of surface area here?” Certainly a reasonable question. Definitely was hard. The one advantage—among others—is, when you are designing something kind of in a vertical holistic manner, those design integration points are narrowed down to just your equipment.And when someone's writing firmware, when AMI is writing firmware, they're trying to do it to cover hundreds and hundreds of components across dozens and dozens of vendors. And we have the advantage of having this, like, purpose-built system, kind of, end-to-end from the lowest level from first boot instruction, all the way up through the control plane and from rack to switch to server. That definitely helped narrow the scope.Corey: This episode has been fake sponsored by our friends at AWS with the following message: Graviton Graviton, Graviton, Graviton, Graviton, Graviton, Graviton, Graviton, Graviton. Thank you for your l-, lack of support for this show. Now, AWS has been talking about Graviton an awful lot, which is their custom in-house ARM processor. Apple moved over to ARM and instead of talking about benchmarks they won't publish and marketing campaigns with words that don't mean anything, they've let the results speak for themselves. In time, I found that almost all of my workloads have moved over to ARM architecture for a variety of reason, and my laptop now gets 15 hours of battery life when all is said and done. You're building these things on top of x86. What is the deal there? I do not accept that if that you hadn't heard of ARM until just now because, as mentioned, Graviton, Graviton, Graviton.Steve: That's right. Well, so why x86, to start? And I say to start because we have just launched our first generation products. And our first-generation or second-generation products that we are now underway working on are going to be x86 as well. We've built this system on AMD Milan silicon; we are going to be launching a Genoa sled.But when you're thinking about what silicon to use, obviously, there's a bunch of parts that go into the decision. You're looking at the kind of applicability to workload, performance, power management, for sure, and if you carve up what you are trying to achieve, x86 is still a terrific fit for the broadest set of workloads that our customers are trying to solve for. And choosing which x86 architecture was certainly an easier choice, come 2019. At this point, AMD had made a bunch of improvements in performance and energy efficiency in the chip itself. We've looked at other architectures and I think as we are incorporating those in the future roadmap, it's just going to be a question of what are you trying to solve for.You mentioned power management, and that is kind of commonly been a, you know, low power systems is where folks have gone beyond x86. Is we're looking forward to hardware acceleration products and future products, we'll certainly look beyond x86, but x86 has a long, long road to go. It still is kind of the foundation for what, again, is a general-purpose cloud infrastructure for being able to slice and dice for a variety of workloads.Corey: True. I have to look around my environment and realize that Intel is not going anywhere. And that's not just an insult to their lack of progress on committed roadmaps that they consistently miss. But—Steve: [sigh].Corey: Enough on that particular topic because we want to keep this, you know, polite.Steve: Intel has definitely had some struggles for sure. They're very public ones, I think. We were really excited and continue to be very excited about their Tofino silicon line. And this came by way of the Barefoot networks acquisition. I don't know how much you had paid attention to Tofino, but what was really, really compelling about Tofino is the focus on both hardware and software and programmability.So, great chip. And P4 is the programming language that surrounds that. And we have gotten very, very deep on P4, and that is some of the best tech to come out of Intel lately. But from a core silicon perspective for the rack, we went with AMD. And again, that was a pretty straightforward decision at the time. And we're planning on having this anchored around AMD silicon for a while now.Corey: One last question I have before we wind up calling it an episode, it seems—at least as of this recording, it's still embargoed, but we're not releasing this until that winds up changing—you folks have just raised another round, which means that your napkin doodles have apparently drawn more folks in, and now that you're shipping, you're also not just bringing in customers, but also additional investor money. Tell me about that.Steve: Yes, we just completed our Series A. So, when we last spoke three years ago, we had just raised our seed and had raised $20 million at the time, and we had expected that it was going to take about that to be able to build the team and build the product and be able to get to market, and [unintelligible 00:36:14] tons of technical risk along the way. I mean, there was technical risk up and down the stack around this [De Novo 00:36:21] server design, this the switch design. And software is still the kind of disproportionate majority of what this product is, from hypervisor up through kind of control plane, the cloud services, et cetera. So—Corey: We just view it as software with a really, really confusing hardware dongle.Steve: [laugh]. Yeah. Yes.Corey: Super heavy. We're talking enterprise and government-grade here.Steve: That's right. There's a lot of software to write. And so, we had a bunch of milestones that as we got through them, one of the big ones was getting Milan silicon booting on our firmware. It was funny it was—this was the thing that clearly, like, the industry was most suspicious of, us doing our own firmware, and you could see it when we demonstrated booting this, like, a year-and-a-half ago, and AMD all of a sudden just lit up, from kind of arm's length to, like, “How can we help? This is amazing.” You know? And they could start to see the benefits of when you can tie low-level silicon intelligence up through a hypervisor there's just—Corey: No I love the existing firmware I have. Looks like it was written in 1984 and winds up having terrible user ergonomics that hasn't been updated at all, and every time something comes through, it's a 50/50 shot as whether it fries the box or not. Yeah. No, I want that.Steve: That's right. And you look at these hyperscale data centers, and it's like, no. I mean, you've got intelligence from that first boot instruction through a Root of Trust, up through the software of the hyperscaler, and up to the user level. And so, as we were going through and kind of knocking down each one of these layers of the stack, doing our own firmware, doing our own hardware Root of Trust, getting that all the way plumbed up into the hypervisor and the control plane, number one on the customer side, folks moved from, “This is really interesting. We need to figure out how we can bring cloud capabilities to our data centers. Talk to us when you have something,” to, “Okay. We actually”—back to the earlier question on vaporware, you know, it was great having customers out here to Emeryville where they can put their hands on the rack and they can, you know, put your hands on software, but being able to, like, look at real running software and that end cloud experience.And that led to getting our first couple of commercial contracts. So, we've got some great first customers, including a large department of the government, of the federal government, and a leading firm on Wall Street that we're going to be shipping systems to in a matter of weeks. And as you can imagine, along with that, that drew a bunch of renewed interest from the investor community. Certainly, a different climate today than it was back in 2019, but what was great to see is, you still have great investors that understand the importance of making bets in the hard tech space and in companies that are looking to reinvent certain industries. And so, we added—our existing investors all participated. We added a bunch of terrific new investors, both strategic and institutional.And you know, this capital is going to be super important now that we are headed into market and we are beginning to scale up the business and make sure that we have a long road to go. And of course, maybe as importantly, this was a real confidence boost for our customers. They're excited to see that Oxide is going to be around for a long time and that they can invest in this technology as an important part of their infrastructure strategy.Corey: I really want to thank you for taking the time to speak with me about, well, how far you've come in a few years. If people want to learn more and have the requisite loading dock, where should they go to find you?Steve: So, we try to put everything up on the site. So, oxidecomputer.com or oxide.computer. We also, if you remember, we did [On the Metal 00:40:07]. So, we had a Tales from the Hardware-Software Interface podcast that we did when we started. We have shifted that to Oxide and Friends, which the shift there is we're spending a little bit more time talking about the guts of what we built and why. So, if folks are interested in, like, why the heck did you build a switch and what does it look like to build a switch, we actually go to depth on that. And you know, what does bring-up on a new server motherboard look like? And it's got some episodes out there that might be worth checking out.Corey: We will definitely include a link to that in the [show notes 00:40:36]. Thank you so much for your time. I really appreciate it.Steve: Yeah, Corey. Thanks for having me on.Corey: Steve Tuck, CEO at Oxide Computer Company. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this episode, please leave a five-star review on your podcast platform of choice, along with an angry ranting comment because you are in fact a zoology major, and you're telling me that some animals do in fact exist. But I'm pretty sure of the two of them, it's the unicorn.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.

Florentino Portero, Daniel Lacalle y Manuel Fernández Ordóñez repasan la actualidad económica, energética y de relaciones internacionales en España.

Today on the Heartland Multifamily Show, Trot and I are talking about Defcon 3. What is it? Why do investors get to Defcon 3? How can you get out of Defcon 3, and what opportunities are there if you want to buy a property that's at Defcon 3? Defcon 3, meaning Defense Condition 3, is a phrase that dates back to the Cold War. The Defense Condition went from Defcon 5, meaning peaceful but aware of threats, to Defcon 1, which is a full-scale nuclear attack. This analogy also applies to multifamily real estate investing. When you are at Defcon 3, you are inching closer to disaster, but you have the opportunity to right the ship before things get so bad that you can't fix them. And on the other side of it, if you are an investor who sees another property at Defcon 3 and you have done your due diligence, you can get a good deal to buy and fix up a property that the previous owner has mismanaged. Watch this episode to learn the basics of Defcon 3.

What if an GPC project OAUTH access token wasn't deleted? This could expose databases to bad actors. Tal Skeverer from Asterix discusses his DEF CON 31 presentation GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps. Transcript here.

Victoria and Will interview Rishi Malik, the Founder of Backstop.it and VP of Engineering at Varo Bank. They talk about Rishi's recent adventure at DEF CON, the renowned annual security conference that he's attended for six years, and describes how it has transformed from a mere learning experience into a thrilling competition for him and his team. The conference = their playground for tackling an array of security challenges and brain-teasing puzzles, with a primary focus on cloud security competitions. They talk about the significance of community in such events and how problem-solving through interaction adds value. Rishi shares his background, tracing his path from firmware development through various tech companies to his current roles in security and engineering management. The vital topic of security in the fintech and banking sector highlights the initial concerns people had when online banking emerged. Rishi navigates through the technical intricacies of security measures, liability protection, and the regulatory framework that safeguards online banking for consumers. He also highlights the evolving landscape, where technological advancements and convenience have bolstered consumer confidence in online banking. Rishi shares his unique approach to leadership and decision-making, and pearls of wisdom for budding engineers starting their careers. His advice revolves around nurturing curiosity and relentlessly seeking to understand the "why" behind systems and processes. __ Backstop.it (https://backstop.it/) Follow Backstop.it on X (https://twitter.com/wearebackstop). Varo Bank (https://www.varomoney.com/) Follow Varo Bank on Instagram (https://www.instagram.com/varobank/), Facebook (https://www.facebook.com/varomoney/), X (https://twitter.com/varobank), YouTube (https://www.youtube.com/varomoney), or LinkedIn (https://www.linkedin.com/company/varobank/). Follow Rishi Malik on LinkedIn (https://www.linkedin.com/in/rishilmalik/). Follow thoughtbot on X (https://twitter.com/thoughtbot) or LinkedIn (https://www.linkedin.com/company/150727/). Become a Sponsor (https://thoughtbot.com/sponsorship) of Giant Robots! Transcript: VICTORIA: This is the Giant Robots Smashing Into Other Giant Robots podcast, where we explore the design, development, and business of great products. I'm your host, Victoria Guido. WILL: And I'm your other host, Will Larry. And with us today is Rishi Malik, Founder of Backstop.it and VP of Engineering at Varo Bank. Rishi, thank you for joining us. RISHI: Thanks for having me. I'm excited to be here. VICTORIA: Yes, Rishi. I'm so excited to talk with you today about your security background and get into your role at Varo and Backstop IT. But first, I wanted to hear a little bit more about your recent experience attending DEF CON. How was that? RISHI: It was awesome. I do have quite the background in security at this point. And one of the things I started doing early on, as I was getting up to speed and learning more about the security-specific side of things, was beginning to attend DEF CON itself. So, I've now gone six years straight. And it started out as just kind of experiencing the conference and security and meeting folks. But it's progressed to where I now bring a team of people where we go and we compete. We have a good time. But we do get to kind of bring the security side of things into the software engineering and engineering leadership stuff that we all do on a day-to-day basis. VICTORIA: Yeah. And what kind of puzzles do you solve with your team when you attend DEF CON? RISHI: There's definitely a lot of variety there, which I think is part of the fun. So, DEF CON frequently has electronic badges, you know, with random puzzles on there that you have to solve. Some of it are cryptographic. Some of them are kind of random cultural things. Sometimes there's music challenges based around it. Sometimes, it's social and interactive. And you have to go find the right type of badge or the right person behind it to unlock something. So, all of those, you know, typically exist and are a ton of fun. Primarily, in the last few years, we've been focusing more on the cloud CTF. So, in this case, it's our team competing against other teams and really focused on cloud security. So, it's, you know, figuring out vulnerabilities in, you know, specially designed puzzles around AWS and GCP, the application side of things as well, and competing to see how well you can do. Three years ago, the last couple of years, we've not won it, but we've been pretty competitive. And the great thing is the field is expanding as more and more people get into CTF themselves but, more importantly, into cloud infrastructure and cloud knowledge there. So, it's just great to see that expansion and see what people are into, what people are learning, and how challenging some of these things can be. VICTORIA: I love the idea of having a puzzle at a conference where you have to find a specific person to solve it. And yeah, I'm always interested in ways where we can have these events where you're getting together and building community and growing expertise in a field but in a way that makes it fun [laughs] and isn't just life-draining long, like, talks about random stuff. RISHI: [laughs] I think what you're touching on there is crucial. And you said the word community, and, to me, that is, you know, a big part of what DEF CON and, you know, hacking and security culture is. But it is, I think, one of the things that kind of outside of this, we tend to miss it more, you know, specifically, like, focused conferences. It is more about kind of the content, you know, the hallway track is always a thing. But it's less intentional than I personally, at this stage, really prefer, you know. So, I do like those things where it is encouraging interaction. For me, I'd rather go to happy hour with some people who are really well versed in the subject that they're in rather than even necessarily listening to a talk from them on what they're doing. Simply because I think the community aspect, the social aspect, actually gets you more of the information that is more relevant to what you're doing on a day-to-day basis than just consuming it passively. VICTORIA: I agree because consuming it passively or even intentionally remotely, there are things that you didn't even think to think about [laughs] that aren't going to come up just on your own. You have to have another person there who's...Actually, I have a good friend who's co-working with me this week who's at Ticketmaster. And so, just hearing about some of the problems they have and issues there has been entertaining for me. So yeah, I love that about DEF CON, and I love hearing about community stories and fun ways that companies can get a benefit out of coming together and just putting good content out there. RISHI: Absolutely. I think problem-solving is where you get the most value out of it as a company and as a business. VICTORIA: Yeah, maybe that's a good segue to tell me a little bit more about your background and how you came to be where you are today. RISHI: Yeah. For me growing up, I was always that problem-solver type of person. So, I think that's what kind of naturally gravitated me towards tech and, you know, hardware and software engineering. You know, so, for me, I go back quite a while. I'd been doing a lot of development, you know, in the early days of my career. I started out doing firmware development back in the days of large tape libraries, right? So, if you think about, like, big businesses back before cloud was a big thing and even back before SSDs were a thing, you know, it was all spinning disks. It was all tape. And that's kind of the area that I started in. So, I was working on robots that actually move tapes around these giant tape libraries that are, you know, taller than I am that you can walk inside of because they're so big, for big corporations to be able to backup their data on an overnight basis. You have to do that kind of stuff. Then I started going into smaller and smaller companies, into web tech, into startups, then into venture-backed startups. And then, eventually, I started my own company and did that for a while. All of this is really just kind of, you know, software engineering in a nutshell, lots of different languages, lots of different technologies. But really, from the standpoint of, here's a whole bunch of hard problems that need to be solved. Let's figure out how we can do that and how we can make some money by solving some of these problems. That eventually kind of led me down the security path as well and the engineering management side of things, which is what I do now, both at Backstop...is a security consulting business and being VP of Engineering at Varo Bank. WILL: How was your journey? Because you started as an intern in 2003. RISHI: [laughs] WILL: And then, you know, 20 years later. So, how was your journey through all of that? [laughs] RISHI: [laughs] You know, I hadn't actually put it together that it has been 20 years this year until you said that. So, that's awesome. It's been a blast, you know. I can honestly say it's been wildly different than what I imagined 20 years ago and interesting in different ways. I think I'm very fortunate to be able to say that. When I started out as an intern in 2003, technologies were very different. I was doing some intern shifts with the federal government, you know, so the pace was wildly different. And when I think of where technology has come now, and where the industry has gone, and what I get to do on a day-to-day basis, I'm kind of just almost speechless at just how far we've come in 20 years, how easy some things are, how remarkably hard some other things are that should honestly be easy at this point, but just the things that we can do. I'm old enough that I remember cell phones being a thing and then smartphones coming out and playing with them and being like, yeah, this is kind of mediocre. I don't really know why people would want this. And the iPhone coming out and just changing the game and being like, okay, now I get it. You know, to the experience of the internet and, you know, mobile data and everywhere. It's just phenomenal the advances that we've had in the last 20 years. And it makes me excited for the next 20 years to see what we can do as we go forward. VICTORIA: I'm going to take personal offense to someone knowing that technology being too old [laughs], but, yeah, because it really wasn't that long ago. And I think one thing I always think about having a background in civic tech and in financial tech as well is that the future is here; it's just not evenly distributed. So, now, if you're building a new company, of course, the default is to go straight to the cloud. But many companies and organizations that have been around for 60-80 years and using the internet right when it first came out are still in really old technologies that just simply work. And maybe they're not totally sure why, and change is difficult and slow. So, I wonder if you have any experience that you can take from the banking or fintech industry on how to make the most out of modern security and compliance platforms. RISHI: Yeah, you know, I think most people in tech especially...and the gray hairs on me are saying the younger folks in tech especially don't realize just how much older technologies still exist and will exist for quite some time. When you think of banking itself, you know, most of the major companies that you can think of, you know, in the U.S. especially but kind of across the world that are the top tier names of banks, and networks, and stuff like that, still run mainframes. When you swipe your credit card, there's a very good chance that is processed on a mainframe. And that's not a bad thing. But it's just, you know when you talk to younger engineers, it's not something that kind of crosses their mind. They feel like it is old-tech. The bulk of businesses don't actually run on the cloud. Having been through it, I've racked and stacked servers and had to figure out how to physically take hardware across, you know, country borders and things like those lines. And now, when I do want to spin up a server somewhere else, it's just a different AWS region. So, it's remarkably easy, at this point, to solve a lot of those problems. But once you're up and live and you have customers, you know, where downtime is impactful or, you know, the cost of moving to the cloud or modernizing your technology is substantial, things tend to move a lot slower. And I think you see that, especially when it comes to security, because we have more modern movements like DevOps bringing security into it. And with a lot of the, you know, the modern security and compliance platforms that exist, they work very, very well for what they do, especially when you're a startup or your whole tech stack is modernized. The biggest challenges, I think, seem to come in when you have that hybrid aspect of it. You do have some cloud infrastructure you have to secure. You do have some physical data centers you have to secure. You have something that is, you know, on-premise in your office. You have something that is co [inaudible 10:01] somewhere else. Or you also have to deal with stuff like, you know, much less modern tech, you know, when it comes to mainframes and security and kind of being responsible for all of that. And I think that is a big challenge because security is one of those things where it's, you know, if you think of your house, you can have the strongest locks on your door and everything else like that. But if you have one weak point, you have a window that's left open, that's all it takes. And so, it has to be all-inclusive and holistic. And I think that is remarkably hard to do well, even despite where technology has come to these days. WILL: Speaking of securities, I remember when the Internet banking started a couple of years ago. And some of the biggest, I guess, fears were, like, the security around it, the safety. Because, you know, your money, you're putting your money in it, and you can't go to a physical location to talk to anyone or anything. And the more and more you learn about it...at first, I was terrified of it because you couldn't go talk to someone. But the more and more I learned about it, I was like, oh, there's so much security around it. In your role, what does that look like for you? Because you have such a huge impact with people's money. So, how do you overcome that fear that people have? RISHI: There's, I think, a number of steps that kind of go into it. And, you know, in 2023, it's certainly a little bit easier than it used to be. But, you know, very similar, I've had the same questions, you know, and concerns that you're describing. And I remember using one of the first banks that was essentially all digital and kind of wondering, you know, where is my money going? What happens if something goes wrong? And all of those types of things. And so, I think there is kind of a number of different aspects that go into it. One is, you know, obviously, the technical aspects of security, you know, when you put your credit card number in on the internet, you know, is it encrypted? You know, is it over, you know, TLS? What's happening there? You know, how safe and secure is all that kind of thing? You know, at this point, pretty much everyone, at least in the U.S., has been affected by credit card breaches, huge companies like Home Depot and Target that got cards accessed or, you know, just even the smaller companies when you're buying something random from maybe something...a smaller website on the internet. You know, that's all a little bit better now. So, I think what you have there was just kind of a little bit of becoming comfortable with what exists now. The other aspect, though, I think, then comes into, well, what happens when something goes wrong? And I think there's a number of aspects that are super helpful for that. I think the liability aspect of credit card, you know, companies saying, you know, and the banks "You're not liable for a fraudulent transaction," I think that was a very big and important step that really helps with that. And on top of that, then I think when you have stuff like the FDIC, you know, and insurance in the U.S., you know, that is government-backed that says, you know what? Even if this is an online-only digital bank, you're safe. You're protected. The government's got your back in that regard. And we're going to make sure that's covered. At Varo, that's one of the key things that we think about a lot because we are a bank. Now, most FinTechs, actually, aren't banks, right? They partner with other third-party banks to provide their financial services. Whereas at Varo, we are federally regulated. And so, we have the full FDIC protection. We get the benefits of that. But it also means that we deal with the regulation aspects and being able to prove that we are safe and secure and show the regulators that we're doing the right things for our customers. And I think that's huge and important because, obviously, it's safety for customers. But then it changes how you begin to think about how you're designing products, and how you're [inaudible 13:34] them, and, you know, how you're marketing them. Are we making a mobile app that shows that we're safe, and secure, and stable? Or are we doing this [inaudible 13:42] thing of moving too fast and breaking things? When it's people's money, you have to be very, very dialed into that. You still have to be able to move fast, but you have to show the protection and the safety that people have because it is impactful to their lives. And so, I think from the FinTech perspective, that's a shift that's been happening over the last couple of years to continue that. The last thing I'll say, too, is that part of it has just come from technology itself and the comfort there. It used to be that people who were buying, you know, items on the internet were more the exception rather than the rule. And now with Amazon, with Shopify, with all the other stuff that's out there, like, it's much more than a norm. And so, all of that just adds that level of comfort that says, I know I'm doing the right things as a consumer, that I'm protected. If I, you know, do have problems, my bank's got my back. The government is watching out for what's happening and trying to do what they can do to regulate all of that. So, I think all of that has combined to get to that point where we can do much more of our banking online and safely. And I think that's a pretty fantastic thing when it comes to what customers get from that. I am old enough that I remember having to figure out times to get to the bank because they're open nine to five, and, you know, I have to deposit my paycheck. And, you know, I work nine to five, and maybe more hours pass, and I had no idea when I can go get that submitted. And now, when I have to deposit something, I can just take a picture with my phone, and it safely makes it to my account. So, I think the convenience that we have now is really amazing, but it has certainly taken some time. And I think a number of different industry and commercial players kind of come together and make that happen. MID-ROLL AD: Now that you have funding, it's time to design, build, and ship the most impactful MVP that wows customers now and can scale in the future. thoughtbot Liftoff brings you the most reliable cross-functional team of product experts to mitigate risk and set you up for long-term success. As your trusted, experienced technical partner, we'll help launch your new product and guide you into a future-forward business that takes advantage of today's new technologies and agile best practices. Make the right decisions for tomorrow today. Get in touch at thoughtbot.com/liftoff. VICTORIA: I appreciate that perspective on approaching security from the user experience of wanting safety. And I'm curious if we can talk in contrast from that experience to the developer experience with security. And how do you, as a new leader in this financial product company, prioritize security and introduce it from a, like, building a safety culture perspective? RISHI: I think you just said that very eloquently. It is a safety culture. And cultural changes are hard. And I think for quite some time in the developer industry, security was either an afterthought or somebody else's problem. You know, it's the security team that has to think about it. It's, you know, and even these days, it's the red team that's going to go, you know, find these answers or whatever I'm shipping as a developer. My only thing to focus on is how fast I can ship, or, you know, what I'm shipping, rather than how secure is what I'm shipping. And so, I think to really be effective at that, it is a cultural shift. You have to think and talk about security from the outset. And you have to bake those processes into how you build product. Those security conversations really do need to start at the design phase. And, you know, thinking about a mobile app for a bank as an example, you know, it starts when you're just thinking about the different screens on a mobile app that people are going to go through. How are people interpreting this? You know, what is the [inaudible 17:23], and the feeling, and the emotions, that we're building towards? You know, is that safe and secure or, you know, is it not? But then it starts getting to the architecture and the design of the systems themselves to say, well, here's how they're going to enter information, here's how we're passing this back and forth. And especially in a world where a lot of software isn't just 100% in-house, but we're calling other partners for that, you know, be it, you know, infrastructure or risk, you know, or compliance, or whatever else it may be, how are we protecting people's data? How are we making sure our third parties are protecting people's data? You know, how are we encrypting it? How are we thinking about their safety all the way through? Again, even all the way down to the individual developer that's writing code, how are we verifying they're writing good, high-quality, secure code? Part of it is training, part of it is culture, part of it is using good tooling around that to be able to make sure and say, when humans make mistakes because we are all human and we all will make mistakes, how are we catching that? What are the layers do we have to make sure that if a mistake does happen, we either catch it before it happens or, you know, we have defense in depth such that that mistake in and of itself isn't enough to cause a, you know, compromise or a problem for our customers? So, I think it starts right from the start. And then, every kind of step along the way for delivering value for customers, also let's add that security and privacy and compliance perspective in there as well. VICTORIA: Yes, I agree. And I don't want to work for a company where if I make a small human mistake, I'm going to potentially cost someone tens or however many thousands of dollars. [laughs] WILL: I have a question around that. How, as a leader, how does that affect you day to day? Because I feel like there's some companies, maybe thoughtbot, maybe other companies, that a decision is not as critical as working as a bank. So, you, as a leader, how do you handle that? RISHI: There's a couple of things I try and consider in any given big or important decision I have to make, the aspects around, like, you know, the context, what the decision is, and that type of stuff. But from a higher level, there's kind of two things I try and keep in mind. And when I say keep in mind, like, when it's a big, impactful decision, I will actually go through the steps of, you know, writing it down or talking this out loud, sometimes by myself, sometimes with others, just, again, to make sure we are actually getting to the meat of it. But the first thing I'm trying to think of is kind of the Amazon idea of one-way versus two-way doors. If we make this decision and this is the wrong decision, what are the ramifications of that? You know, is it super easy to undo and there's very little risk with it? Or is it once we've made this decision or the negative outcome of this decision has happened, is it unfixable to a certain degree? You know, and that is a good reminder in my head to make sure that, you know, A, I am considering it deeply. And that, B, if it is something where the ramifications, you know, are super huge, that you do take the time, and you do the legwork necessary to make sure you're making a good, valid decision, you know, based on the data, based on the risks involved and that there's a deep understanding of the problem there. The second thing I try to think of is our customers. So, at Varo, our customers aren't who most banks target. A lot of banks want you to take all your money, put it in there, and they're going to loan that money out to make their money. And Varo is not that type of bank, and we focus on a pretty different segment of the market. What that means is our customers need their money. They need it safely and reliably, and it needs to be accurate when they have it. And what I mean by that is, you know, frequently, our customers may not have, you know, hundreds or a thousand dollars worth of float in their bank accounts. So, if they're going and they're buying groceries and they can't because there's an error on our side because we're down, and because the transactions haven't settled, then that is very, very impactful to them, you know, as an individual. And I think about that with most of these decisions because being in software and being in engineering I am fortunate enough that I'm not necessarily experiencing the same economic struggles that our customers may have. And so, that reminder helps me to think about it from their perspective. In addition, I also like to try and think of it from the perspective...from my mom, actually, who, you know, she is retired age. She's a teacher. She's non-technical. And so, I think about her because I'd say, okay, when we're making a product or a design decision, how easy is it for her to understand? And my biases when I think about that, really kind of come into focus when I think about how she would interpret things. Because, you know, again, for me, I'm in tech. I think about things, you know, very analytically. And I just have a ton of experience across the industry, which she doesn't have. So, even something as simple as a little bit of copy for a page that makes a ton of sense to me, when I think about how she would interpret it, it's frequently wildly different. And so, all of those things, I think, kind of come together to help make a very strong and informed decision in these types of situations where the negative outcomes really do matter. But you are, you know, as Varo is, you're a startup. And you do need to be able to build more products quickly because our customers have needs that aren't being met by the existing banking industry. And so, we need to provide value to them so that their lives are a bit better. VICTORIA: I love that focus on a specific market segment and their needs and solving for that problem. And we know that if you're at a certain income level, it's more expensive [laughs] because of the overdraft fees and other things that can cause you problems. So, I really appreciate that that's the mission at Varo, and that's who you're focusing on to create a better banking product that makes more sense. I'm curious if there were any surprises and challenges that you could share from that discovery process and finding out, you know, exactly what were those things where your mom was, like, uh, actually, I need something completely different. [laughs] RISHI: Yeah, so, [chuckles] I'm chuckling because, you know, it's not, like, a single kind of time or event. It's, you know, definitely an ongoing process. But, you know, as actually, we were talking, you know, about earlier in terms of being kind of comfortable with doing things digital and online, that in and of itself is something that even in 2023, my mom isn't as comfortable or as confident as, you know, say, maybe the three of us are. As an example, when sending money, you know, kind of like a peer-to-peer basis, like, if I'm sending my mom a little bit of money, or she's sending me something, you're kind of within the family. Things that I would think would be kind of very easy and straightforward actually do cause her a little bit more concern. Okay, I'm entering my debit card number into this so that it can get, you know, the cash transferred into my bank account. You know, again, for me, it didn't even cross my mind, actually, that that would be something uncomfortable. But for my mom, that was something where she actually had some concerns about it and was messaging me. Her kind of personal point of view on that was, I would rather use a credit card for this and get the money on a credit card instead of a debit card because the debit card is linked to a bank account, and the security around that needs to be, you know, much tighter. And so, it made her more uncomfortable entering that on her phone. Whereas even a credit card it would have given her a little bit more peace of mind simply because it wasn't directly tied to her bank account. So, that's just, you know, the most recent example. I mean, honestly, that was earlier today, but it's something I hadn't thought of. And, again, for most of our customers, maybe that's not the case and how they think. But for folks that are at that retirement age, you know, in a world where there are constant barrages of scam, you know, emails, and phone calls, and text messages going around, the concern was definitely there. VICTORIA: That happened to me. Last week, I was on vacation with my family, and we needed to pay my mom for the house we'd rented. And I had to teach her how to use Zelle and set up Zelle. [laughter] It was a week-long process. But we got there, and it works [laughs] now. But yeah, it's interesting what concerns they have. And the funny part about it was that my sister-in-law happens to be, like, a lawyer who prevents class action lawsuits at a major bank. And she reassured us that it was, in fact, secure. [laughs] I think it's interesting thinking about that user experience for security. And I'm curious, again, like, compare again with the developer experience and using security toolings. And I wonder if you had any top recommendations on tools that make the developer experience a little more comfortable and feeling like you're deploying with security in mind. RISHI: That, in particular, is a bit of a hard question to answer. I try and stay away from specific vendors when it comes to that because I think a lot of it is contextual. But I could definitely talk through, like, some of the tools that I use and the way I like to think about it, especially from the developer perspective. I think, first off, consider what aspect of the software development, you know, lifecycle you're in. If you are an engineer writing, you know, mostly application code and dealing with building product and features and stuff like that, start from that angle. I could even take a step back and say security as an industry is very, very wide at this point. There is somebody trying to sell you a tool for basically every step in the SDLC process, and honestly, before and after to [inaudible 26:23]. I would even almost say it's, to some extent, kind of information and vendor overload in a lot of ways. So, I think what's important is to think about what your particular aspect of that is. Again, as an application engineer, or if you're building cloud infrastructure, or if you're an SRE, you know, or a platform team, kind of depending on what you are, your tooling will be different. The concepts are all kind of similar ideas, but how you go about what you build will be different. In general, I like to say, from the app side of things, A, start with considering the code you're writing. And that's a little bit cultural, but it's also kind of more training. Are you writing code with a security mindset? are you designing systems with a security mindset? These aren't things that are typically taught, you know, in school if you go get a CS degree, or even in a lot of companies in terms of the things that you should be thinking about. So, A, start from there. And if you don't feel like you think about, you know, is this design secure? Have we done, you know, threat modeling on it? Are we considering all of the error paths or the negative ways people can break the system? Then, start from that and start going through some of the security training that exists out there. And there's a lot of different aspects or avenues by which you can get that to be able to say, like, okay, I know I'm at least thinking about the code I write with a security mindset, even if you haven't actually changed anything about the code you're writing yet. What I actually think is really helpful for a lot of engineers is to have them try and break things. It's why I like to compete in CTFs, but it's also why I like to have my engineers do the same types of things. Trying to break software is both really insightful from the aspect that you don't get when you're just writing code and shipping it because it's not something you have time to do, but it's also a great way to build up some of the skills that you need to then protect against. And there's a lot of good, you know, cyber ranges out there. There's lots of good, just intentionally vulnerable applications that you can find on GitHub but that you can just run, you know, locally even on your machine and say, okay, now I have a little web app stood up. I know this is vulnerable. What do I do? How do I go and break it? Because then all of a sudden, the code that you're writing you start to think about a little bit differently. It's not just about how am I solving this product problem or this development problem? But it's, how am I doing this in a way that is safe and secure? Again, as an application side of things, you know, just make sure you know the OWASP Top 10 inside and out. Those are the most basic things a lot of engineers miss. And it only takes, again, one miss for it to be critical. So, start reviewing it. And then, you start to think about the tooling aspect of it. People are human. We're going to make mistakes. So, how do we use the power of technology to be able to stop this? You know, and there is static scanning tools. Like, there's a whole bunch of different ones out there. You know, Semgrep is a great one that's open source just to get started with that can help you find the vulnerable code that may exist there. Consider the SQL queries that you're writing, and most importantly, how you're writing them. You know, are you taking user input and just chucking it in there, or are you sanitizing it? When I ask these questions, for a lot of engineers, it's not usually yes or no. It's much more of an, well, I don't know. Because in software, we do a really good job of writing abstraction layers. But that also means, you know, to some extent, there may be a little bit of magic in there, or a lack thereof of magic that you don't necessarily know about. And so, you have to be able to dive into the libraries. You have to know what you're doing to even be able to say something like, oh no, this SQL query is safe from this user input because we have sanitized it. We have, you know, done a prepared statement, whatever it may be. Or, no, actually, we are just doing something here that's been vulnerable, and we didn't realize we were, and so now that's something we have to address. So, I think, like, that aspect in and of itself, which isn't, you know, a crazy ton of things. It's not spending a ton of money on different tools. But it's just internalizing the fact that you start to think a little bit differently. It provides a ton of value. The last thing on that, too, is to be able to say, especially if you're coming from a development side, or even just from a founder or a startup side of things, what are my big risks? What do I need to take care of first? What are the giant holes or flaws? You know, and what is my threat model around that? Obviously, as a bank, you have to care very deeply right from the start. You know, if you're not a bank, if you're not dealing with financial transactions, or PII, or anything like that, there are some things that you can deal with a little bit later. So, you have to know your industry, and you have to know what people are trying to do and the threat models and the threat vectors that can exist based on where you are. WILL: That's amazing. You know, earlier, we talked about you being an engineer for 20 years, different areas, and stuff like that. Do you have any advice for engineers that are starting out right now? And, you know, from probably year one to year, you know, anything under ten years of experience, do you have any advice that you usually give engineers when you're chatting with them? RISHI: The advice I tend to give people who are just starting out is be the type of person that asks, "How does this work?" Or "Why does this work?" And then do the work to figure out the answer. Maybe it is talking to someone; maybe it's diving into the details; maybe it's reading a book in some aspect that you haven't had much exposure to. When I look at my career and when I look at the careers of folks around me and the people that I've seen be most successful, both in engineering but also on the business side, that desire to know why something is the case is I think, one of the biggest things that determines success. And then the ability to answer that question by putting in the right types of work, the right types of scientific method and processes and such, are the other factor. So, to me, that's what I try and get across to people. I say that mostly to junior folks because I think when you're getting started, it's really difficult. There's a ton out there. And we've, again, as software engineers, and hardware engineers, and cloud, and all this kind of stuff, done a pretty good job of building a ton of abstraction layers. All of our abstraction layers [inaudible 32:28] to some degree. You know, so as you start, you know, writing a bunch of code, you start finding a bunch of bugs that you don't necessarily know how to solve and that don't make any sense in the avenue that you've been exposed to. But as soon as you get into the next layer, you understand how that works begin to make a lot more sense. So, I think being comfortable with saying, "I have no idea why this is the case, but I'm going to go find out," makes the biggest difference for people just starting out their career. WILL: I love that advice. Not too long ago, my manager encouraged me to write a blog post on something that I thought that I really knew. And when I started writing that blog post, I was like, oh boy, I have no idea. I know how to do it, but I don't know the why behind it. And so, I was very thankful that he encouraged me to write a blog post on it. Because once you start explaining it to other people, I feel you really have to know the whys. And so, I love that advice. That's really good advice. VICTORIA: Me too. And it makes sense with what we see statistically as well in the DORA research. The DevOps Research Association publishes a survey every year, the State of DevOps Report. And one of the biggest findings I remember from last year's was that the most secure and reliable systems have the most open communication and high trust among the teams. And so, being able to have that curiosity as a junior developer, you need to be in an environment where you can feel comfortable asking questions [laughs], and you can approach different people, and you're encouraged to make those connections and write blog posts like Will was saying. RISHI: Absolutely, absolutely. I think you touched on something very important there as well. The psychological safety really makes a big difference. And I think that's critical for, again, like, folks especially earlier in their career or have recently transitioned to tech, or whatever the case may be. Because asking "Why?" should be something that excites people, and there are companies where that's not necessarily the case, right? Where you asking why, it seems to be viewed as a sign that you don't know something, and therefore, you're not as good as what you should be, you know, the level you should be at or for whatever they expect. But I do think that's the wrong attitude. I think the more people ask why, the more people are able and comfortable to be able to say, "I don't know, but I'm going to go find out," and then being able to be successful with that makes way better systems. It makes way safer and more secure systems. And, honestly, I think it makes humans, in general, better humans because we can do that. VICTORIA: I think that's a great note to start to wrap up on. Is there any questions that you have for me or Will? RISHI: Yeah. I would love to hear from both of you as to what you see; with the experiences that you have and what you do, the biggest impediments or speed bumps are when it comes to developers being able to write and ship secure code. VICTORIA: When we're talking with new clients, it depends on where they are in really the adoption of their product and the maturity of their organization. Some early founders really have no technology experience. They have never managed an IT organization. You know, setting up basic employee account access and IDs is some of the initial steps you have to take to really get to where you can do identity management, and permissions management, and all the things that are really table stakes for security. And then others have some progress, and they have a fair amount of data. And maybe it's in that situation, like you said before, where it's really a trade-off between the cost and benefit of making those changes to a more secure, more best practice in the cloud or in their CI/CD pipeline or wherever it may be. And then, when you're a larger organization, and you have to make the trade-offs between all of that, and how it's impacting your developer experience, and how long are those deployed times now. And you might get fewer rates of errors and fewer rates of security vulnerabilities. But if it's taking three hours for your deployments to go out [laughs] because there's so many people, and there's so many checks to go through, then you have to consider where you can make some cuts and where there might be more efficiencies to be gained. So, it's really interesting. Everyone's on a different point in their journey. And starting with the basics, like you said, I love that you brought up the OWASP Top 10. We've been adopting the CIS Controls and just doing a basic internal security audit ourselves to get more ready and to be in a position where... What I'm familiar with as well from working in federal agencies, consulting, maintaining some of the older security frameworks can be a really high cost, not only in terms of auditing fees but what it impacts to your organization to, like, maintain those things [laughs] and the documentation required. And how do you do that in an agile way, in a way that really focuses on addressing the actual purpose of the requirements over needing to check a box? And how do we replicate that for our clients as well? RISHI: That is super helpful. And I think the checkbox aspect that you just discussed I think is key. It's a difficult position to be in when there are boxes that you have to check and don't necessarily actually add value when it comes to security or compliance or, you know, a decrease in risk for the company. And I think that one of the challenges industry-wide has always been that security and compliance in and of itself tends to move a little bit slower from a blue team or a protection perspective than the rest of the industry. And so, I mean, I can think of, you know, audits that I've been in where, you know, just even the fact that things were cloud-hosted just didn't make sense to the auditors. And it was a struggle to get them to understand that, you know, there is shared responsibility, and this kind of stuff exists, and AWS is taking care of some things, and we're taking care of some other things when they've just been developed with this on-premise kind of mentality. That is one of the big challenges that still exists kind of across the board is making sure that the security work that you're doing adds security value, adds business value. It isn't just checking the box for the sake of checking the box, even when that's sometimes necessary. VICTORIA: I am a pro box checker. RISHI: [laughs] VICTORIA: Like, I'll get the box checked. I'll use Trello and Confluence and any other tool besides Excel to do it, too. We'll make it happen with less pain, but I'd rather not do it [laughs] if we don't have to. RISHI: [laughs] VICTORIA: Let's make it easy. No, I love it. Is there anything else that you want to promote? RISHI: No, I don't think there's anything else I want to promote other than I'm going to go back to what I said just earlier, like, that culture. And if, you know, folks are out there and you have junior engineers, you have engineers that are asking "Why?", you have people that just want to do the right thing and get better, lean into that. Double down on those types of folks. Those are the ones that are going to make big differences in what you do as a business, and do what you can to help them out. I think that is something we don't see enough of in the industry still. And I would love for that to change. VICTORIA: I love that. Thank you so much, Rishi, for joining us. RISHI: Thanks for having me. This was a great conversation. I appreciate the time. VICTORIA: You can subscribe to the show and find notes along with a complete transcript for this episode at giantrobots.fm. If you have questions or comments, email us at hosts@giantrobots.fm. And you can find me on Twitter @victori_ousg. WILL: And you could find me on Twitter @will23larry. This podcast is brought to you by thoughtbot and produced and edited by Mandy Moore. Thanks for listening. See you next time. ANNOUNCER: This podcast is brought to you by thoughtbot, your expert strategy, design, development, and product management partner. We bring digital products from idea to success and teach you how because we care. Learn more at thoughtbot.com. Special Guest: Rishi Malik.

Episode 207 of the Unsecurity Podcast is now live! This week, Brad and Pinky discuss Defcon 2023, Huntin' Ground, and the recent CloudNordic ransom case.CloudNordic says it can't, and won't, pay the ransom demand (article): https://www.theregister.com/2023/08/23/ransomware_wipes_cloudnordic/Send any questions, comments, or feedback to unsecurity@protonmail.com.

Todd and Jerry talk about Nick Bosa and how worried they are and if they think he'll miss games.Plus, a full NFL preview.It's going into week 1, let all the fun begin!

College football insider Tom Luginbill joins the show on the Farm Bureau guest line talking about the next big college football games. Bo asks Tom about the level of panic for LSU and Clemson and Tom says it's reasonable to be in Def-Con 2. Tom talks about how both teams got pushed around in the 4th quarter and that the new clock rules make it harder to come back late. Tom thinks it's too easy to overreact about North Carolina because their opponents will get better and South Carolina looked really bad. Bo asks Tom about Jayden De Lura, the QB for Arizona, and Tom talks about how he is small and scrappy similar to Johnny Manziel. Tom looks at Arizona's roster and doesn't know what the Wildcats really have to show against MSU. Tom breaks down the week 2 game between Texas and Alabama and talks about what each team needs to do to win. Tom says that Texas needs to establish the run game and Jalen Milroe needs to be uncontainable. Tom thinks that Texas played down to their competition and Alabama played hard over the weekend. Learn more about your ad choices. Visit megaphone.fm/adchoices

Delincuentes pro-rusos consiguen detener múltiples trenes en Polonia con un ataque de lo menos sofisticado Fallos de privacidad en el diseño de Bluetooth Low Energy en dispositivos Apple siguen dando la tabarra: o cómo un investigador de seguridad causó pánico entre los asistentes de la DEF CON 31. Notas y referencias en https://www.tierradehackers.com/episodio-105 👁️ YouTube: https://www.youtube.com/tierradehackers 👀 Twitch: https://www.twitch.tv/tierradehackers ➡️ Twitter: https://www.twitter.com/tierradehackers ➡️ LinkedIn: https://www.linkedin.com/company/tierradehackers ➡️ Instagram: https://www.instagram.com/tierradehackers ➡️ Facebook: https://www.facebook.com/tierradehackers ➡️ TikTok: https://www.tiktok.com/@tierradehackers No olvides unirte a nuestra comunidad de Discord: 👾 https://www.tierradehackers.com/discord Si te gusta lo que hacemos, considera apoyarnos en Patreon para que podamos seguir creciendo y crear aun más contenido 🫶 https://www.patreon.com/tierradehackers/ Gracias también a los patrocinadores de este episodio: 👉 Monad (https://www.monad.com) Si quieres venirte a la conferencia organizada por EUROPOL en conjunto con fuerzas y cuerpos de seguridad de España, puedes unirte a la red EDEN en este enlace, y tendrás un descuento en la entrada 👉 https://www.europol.europa.eu/europol-data-protection-experts-network-eden 👉 https://www.europol.europa.eu/publications-events/events/11th-eden-event-whisperers-of-contrast-madrid-spain

Bo and the crew talk about which game took over the weekend, the confidence of the SEC West after LSU's game and the biggest shock of the weekend in the first hour of the show live in the BankPlus Studio. The guys break down week one of the college football season and talk about what each Mississippi school did to their FCS opponents. Bo talks about Deion Sanders and how Colorado made a statement to the doubters after winning a game they were 21 point underdogs in. The guys look at which game should earn the title of game of the weekend and the upset between LSU and FSU. Bo and the crew break down what LSU's loss means for the rest of the SEC West and who earned the title of coach of the week. College football insider Tom Luginbill joins the show on the Farm Bureau guest line talking about Duke shocking Clemson Monday night, Texas travelling to Alabama and what Mike Wright showed for MSU live in the BankPlus Studio. Tom talks about how Duke shocked college football by taking advantage of the mistakes Clemson would make throughout the game. Bo and Tom talk about the talent gap between Clemson and Duke and look at the success Duke had last year with similar talent. Tom looks at the experience Duke has on their defensive line and how they seemed faster than Clemson's offense. Tom breaks down how Duke traded size for speed on defense and how Clemson now has a question mark at QB. Bo asks Tom about the level of panic for LSU and Clemson and Tom says it's reasonable to be in Def-Con 2. Tom talks about how both teams got pushed around in the 4th quarter and that the new clock rules make it harder to come back late. Tom thinks it's too easy to overreact about North Carolina because their opponents will get better and South Carolina looked really bad. Bo asks Tom about Jayden De Lura, the QB for Arizona, and Tom talks about how he is small and scrappy similar to Johnny Manziel. Tom looks at Arizona's roster and doesn't know what the Wildcats really have to show against MSU. Tom breaks down the week 2 game between Texas and Alabama and talks about what each team needs to do to win. Tom says that Texas needs to establish the run game and Jalen Milroe needs to be uncontainable. Tom thinks that Texas played down to their competition and Alabama played hard over the weekend. Looking at the Texas A&M vs Miami game, Tom talks about how good Connor Weigman looked over the weekend and thinks the Aggies have the talent to beat Miami. Bo and Tom turn to Hugh Freeze at Auburn and talk about how he seemed prepared like Deion at Colorado and how dangerous Robby Ashford is in the scheme. Tom compares Mike Wright's abilities to Robby Ashford and says that MSU has to utilize him. Tom talks about the Ole Miss vs Tulane game and how the QB battle is the most effecient in all of college football. Learn more about your ad choices. Visit megaphone.fm/adchoices

Bo and the crew talk about the BankPlus Player of the Week, the best food at the beach and all things college football in the third hour of the show live in the BankPlus Studio. The guys talk about the most productive high school player in the area over the weekend and name Ny Johnson out of Germantown the high school player of the week. Johnson helped the Mavericks topple Canton with two touchdowns and 127 receiving yards. Bo and the crew talk about Jason's recent trip to the beach and all of the best food around Orange Beach. Bo talks about one of his old favorite spots and the best food around town. College football insider Tom Luginbill joins the show on the Farm Bureau guest line talking about Duke shocking Clemson Monday night, Texas travelling to Alabama and what Mike Wright showed for MSU live in the BankPlus Studio. Tom talks about how Duke shocked college football by taking advantage of the mistakes Clemson would make throughout the game. Bo and Tom talk about the talent gap between Clemson and Duke and look at the success Duke had last year with similar talent. Tom looks at the experience Duke has on their defensive line and how they seemed faster than Clemson's offense. Tom breaks down how Duke traded size for speed on defense and how Clemson now has a question mark at QB. Bo asks Tom about the level of panic for LSU and Clemson and Tom says it's reasonable to be in Def-Con 2. Tom talks about how both teams got pushed around in the 4th quarter and that the new clock rules make it harder to come back late. Tom thinks it's too easy to overreact about North Carolina because their opponents will get better and South Carolina looked really bad. Bo asks Tom about Jayden De Lura, the QB for Arizona, and Tom talks about how he is small and scrappy similar to Johnny Manziel. Tom looks at Arizona's roster and doesn't know what the Wildcats really have to show against MSU. Tom breaks down the week 2 game between Texas and Alabama and talks about what each team needs to do to win. Tom says that Texas needs to establish the run game and Jalen Milroe needs to be uncontainable. Tom thinks that Texas played down to their competition and Alabama played hard over the weekend. Looking at the Texas A&M vs Miami game, Tom talks about how good Connor Weigman looked over the weekend and thinks the Aggies have the talent to beat Miami. Bo and Tom turn to Hugh Freeze at Auburn and talk about how he seemed prepared like Deion at Colorado and how dangerous Robby Ashford is in the scheme. Tom compares Mike Wright's abilities to Robby Ashford and says that MSU has to utilize him. Tom talks about the Ole Miss vs Tulane game and how the QB battle is the most efficient in all of college football. Learn more about your ad choices. Visit megaphone.fm/adchoices

College football insider Tom Luginbill joins the show on the Farm Bureau guest line talking about Duke shocking Clemson Monday night, Texas travelling to Alabama and what Mike Wright showed for MSU live in the BankPlus Studio. Tom talks about how Duke shocked college football by taking advantage of the mistakes Clemson would make throughout the game. Bo and Tom talk about the talent gap between Clemson and Duke and look at the success Duke had last year with similar talent. Tom looks at the experience Duke has on their defensive line and how they seemed faster than Clemson's offense. Tom breaks down how Duke traded size for speed on defense and how Clemson now has a question mark at QB. Bo asks Tom about the level of panic for LSU and Clemson and Tom says it's reasonable to be in Def-Con 2. Tom talks about how both teams got pushed around in the 4th quarter and that the new clock rules make it harder to come back late. Tom thinks it's too easy to overreact about North Carolina because their opponents will get better and South Carolina looked really bad. Bo asks Tom about Jayden De Lura, the QB for Arizona, and Tom talks about how he is small and scrappy similar to Johnny Manziel. Tom looks at Arizona's roster and doesn't know what the Wildcats really have to show against MSU. Tom breaks down the week 2 game between Texas and Alabama and talks about what each team needs to do to win. Tom says that Texas needs to establish the run game and Jalen Milroe needs to be uncontainable. Tom thinks that Texas played down to their competition and Alabama played hard over the weekend. Looking at the Texas A&M vs Miami game, Tom talks about how good Connor Weigman looked over the weekend and thinks the Aggies have the talent to beat Miami. Bo and Tom turn to Hugh Freeze at Auburn and talk about how he seemed prepared like Deion at Colorado and how dangerous Robby Ashford is in the scheme. Tom compares Mike Wright's abilities to Robby Ashford and says that MSU has to utilize him. Tom talks about the Ole Miss vs Tulane game and how the QB battle is the most effecient in all of college football. Learn more about your ad choices. Visit megaphone.fm/adchoices

Technology correspondent Mark Pesce joins Kathryn to talk about what appears to be the biggest hack of the year so far - the mass exploitation of MOVEit Transfer software which has affected at least 60m people - probably more. He'll look at the Clop ransomware and the gang behind it, the threats they've made and who's been affected so far. There's been a cyber attack that has taken massive telescopes offline in Hawaii and Chile. Thousands of 'white hat' hackers at DEFCON have tried to break the latest AI chatbots in an attempt to point out their vulnerabilities - we should all be a bit worried. And Zoom's CEO has been caught out in a moment of honesty.

This week on This Week in Enterprise Tech, host Lou Maresca and co-hosts Curt Franklin and Brian Chee explore the key takeaways from the 2023 Black Hat and DEF CON cybersecurity conferences. They discuss the proliferation of AI, especially in relation to security. Guest Michael Amori, CEO of Virtualitics, talks about how AI is impacting data analytics and access. Curtis Franklin shares highlights from Black Hat and DEFCON 2023, noting generative AI was the dominant theme across both events. He breaks down differences between classic and generative AI models, quantifying risk, and other topics like IoT/OT security. IBM revealed Code Assistant for IBM Z, an AI code translation tool that can convert legacy COBOL code to Java. The hosts reflect on converting other legacy code, and the risks of AI-generated code. Michael Amori explains how Virtualitics is using AI and data visualization to help enterprises explore and understand their data, serving as an "AI assistant" for analysts. He discusses responsible and ethical AI, maintaining privacy, the need for explainability, and Virtualitics' tools like Network Extractor. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Michael Amori Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Miro.com/podcast kolide.com/twiet panoptica.app

This week on This Week in Enterprise Tech, host Lou Maresca and co-hosts Curt Franklin and Brian Chee explore the key takeaways from the 2023 Black Hat and DEF CON cybersecurity conferences. They discuss the proliferation of AI, especially in relation to security. Guest Michael Amori, CEO of Virtualitics, talks about how AI is impacting data analytics and access. Curtis Franklin shares highlights from Black Hat and DEFCON 2023, noting generative AI was the dominant theme across both events. He breaks down differences between classic and generative AI models, quantifying risk, and other topics like IoT/OT security. IBM revealed Code Assistant for IBM Z, an AI code translation tool that can convert legacy COBOL code to Java. The hosts reflect on converting other legacy code, and the risks of AI-generated code. Michael Amori explains how Virtualitics is using AI and data visualization to help enterprises explore and understand their data, serving as an "AI assistant" for analysts. He discusses responsible and ethical AI, maintaining privacy, the need for explainability, and Virtualitics' tools like Network Extractor. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Michael Amori Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Miro.com/podcast kolide.com/twiet panoptica.app

This week on This Week in Enterprise Tech, host Lou Maresca and co-hosts Curt Franklin and Brian Chee explore the key takeaways from the 2023 Black Hat and DEF CON cybersecurity conferences. They discuss the proliferation of AI, especially in relation to security. Guest Michael Amori, CEO of Virtualitics, talks about how AI is impacting data analytics and access. Curtis Franklin shares highlights from Black Hat and DEFCON 2023, noting generative AI was the dominant theme across both events. He breaks down differences between classic and generative AI models, quantifying risk, and other topics like IoT/OT security. IBM revealed Code Assistant for IBM Z, an AI code translation tool that can convert legacy COBOL code to Java. The hosts reflect on converting other legacy code, and the risks of AI-generated code. Michael Amori explains how Virtualitics is using AI and data visualization to help enterprises explore and understand their data, serving as an "AI assistant" for analysts. He discusses responsible and ethical AI, maintaining privacy, the need for explainability, and Virtualitics' tools like Network Extractor. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Michael Amori Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Miro.com/podcast kolide.com/twiet panoptica.app

This week on This Week in Enterprise Tech, host Lou Maresca and co-hosts Curt Franklin and Brian Chee explore the key takeaways from the 2023 Black Hat and DEF CON cybersecurity conferences. They discuss the proliferation of AI, especially in relation to security. Guest Michael Amori, CEO of Virtualitics, talks about how AI is impacting data analytics and access. Curtis Franklin shares highlights from Black Hat and DEFCON 2023, noting generative AI was the dominant theme across both events. He breaks down differences between classic and generative AI models, quantifying risk, and other topics like IoT/OT security. IBM revealed Code Assistant for IBM Z, an AI code translation tool that can convert legacy COBOL code to Java. The hosts reflect on converting other legacy code, and the risks of AI-generated code. Michael Amori explains how Virtualitics is using AI and data visualization to help enterprises explore and understand their data, serving as an "AI assistant" for analysts. He discusses responsible and ethical AI, maintaining privacy, the need for explainability, and Virtualitics' tools like Network Extractor. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Michael Amori Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Miro.com/podcast kolide.com/twiet panoptica.app

In this episode, nyxgeek joins us to change your mind about enumeration and federation, Producer Skyler Tuter tells us what happened at DEF CON in Vegas, and we hear from Security Consultant Whitney Phillips about her presentation and augmented reality. Security Noise is hosted by Geoff Walton and Producer/Contributor Skyler Tuter.

Erich and Javvad are back after taking a couple of weeks off to vacation and to attend BSides Las Vegas, Blackhat and DEFCON. In this episode they talk about the conference and what has been happening in the cyber world for the past couple of weeks   Stories from the show: Danish cloud host says customers ‘lost all data' after ransomware attack https://techcrunch.com/2023/08/23/cloudnordic-azero-cloud-host-ransomware/ Cybercriminals turn to AI to bypass modern email security measures https://www.helpnetsecurity.com/2023/08/23/ai-enabled-email-threats/ TP-Link smart bulbs can let hackers steal your WiFi password  https://www.bleepingcomputer.com/news/security/tp-link-smart-bulbs-can-let-hackers-steal-your-wifi-password/ Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal https://www.bbc.co.uk/news/technology-60864283

What were the lessons from Defcon 31? What were the most noteworthy experiences of the conference (Hint: it's not all about the talks and villages). On this episode of the SecureAF Podcast, join Alias Security Team Lead Tanner Shinn and Security Engineer Keelan Knox to hear what they learned and what went down this year at Defcon. Watch the full video at youtube.com/@aliascybersecurity.Catch the whole episode now at secureafpodcast.comListen on Apple Podcasts, Spotify and anywhere you get you're podcasts.

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: (NOTE: This podcast was initially pushed out into the Risky Business News podcast feed in error. Sorry about that!) US Government warnings to private space sector on cyber risk Ukrainian hackers dump the inbox of Russian Duma deputy chair Absentee voting in Ecuador's election disrupted by DDoS attack South Korea warns of Chinese “spy chips” Much, much more! This week's show is brought to you by Airlock Digital. Its co-founders Daniel Schell and David Cottingham join this week's show to talk about Powershell Constrained Language mode. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Risky Biz News: US warns space sector of hacks, spying, IP theft, and sabotage Safeguarding the US Space Industry - DocumentCloud Ukrainian hackers claim to leak emails of Russian parliament deputy chief Feature Interview: How Sandworm prepared Ukraine for a cyber war - Risky Business British intelligence is tipping off ransomware targets to disrupt attacks Ecuador's national election agency says cyberattacks caused absentee voting issues Chinese-made 'spy chip' found in Korean state-run weather agency system : r/korea [단독]중국산 기상장비에 ‘스파이칩' 첫 발견 | 채널A 뉴스 Legitimate software tainted in attacks on Hong Kong organizations, report says Chinese hackers accused of targeting Southeast Asian gambling sector Risky Biz News: PowerShell's official package repo is a supply chain mess Zoom's AI terms overhaul sets stage for broader data use scrutiny | Cybersecurity Dive Fifty minutes to hack ChatGPT: Inside the DEF CON competition to break AI | CyberScoop Ivanti: Customers ‘impacted' by new zero-day vulnerability CISA, experts warn of Citrix vulnerabilities being exploited by hackers Zero Networks Connect - Zero Networks | Contain The Next Breach Australia's .au domain administrator denies data breach after ransomware posting Hackers are increasingly hiding within services such as Slack and Trello to deploy malware | CyberScoop ‘Extreme' user abuse leads AnonFiles operators to shut down hosting service Millions stolen from crypto platforms Exactly Protocol and Harbor Protocol Windows feature that resets system clocks based on random data is wreaking havoc | Ars Technica Did a Journalist Violate Hacking Law to Leak Fox News Clips? The Government Thinks He Did.

Cloud Security Pentest is not just a Cloud configuration review ! Blackhat 2023 & Defcon 31 conversations included Cloud Security Podcast asking traditional and experienced pentesters about their opinion on cloud security pentesting and the divide was between it being a config review or a product pentest. For this episode we have Seth Art from Bishop Fox to clarify the myth. Episode YouTube: ⁠ ⁠Video Link⁠⁠⁠⁠ Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠) Guest Socials: Seth Art's Linkedin ⁠⁠⁠⁠⁠⁠(⁠⁠Seth Art Linkedin) Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Question (00:00) Introduction (05:17) A bit about Seth Art (06:44) Network vs Infrastructure Security Pentest (08:00) Internal vs External Network Security Pentest (10:26) Assumed vs Objective Based Pentest (12:51) Is network pentest dead? (14:04) How to approach network and cloud pentests? (20:12) Cloud pentest is more than config review (24:04) Examples of cloud pentest findings (30:07) Scaling pentests in cloud (32:25) Traditional skillsets to cloud pentest (36:58) A bit about cloudfoxable (39:31) Cloud pentest and Zero Trust (40:54) Staying ahead of CSP releases (44:31) Third party shared responsibility (47:35) 1 fun question (48:36) Boundary for cloud pentest (52:21) Last 2 fun questions These are some of the resources that Seth shared during the episode along with the tools he has created ⁠CloudFox CloudFoxable flAWS flAWS 2 iamvulnerable Cloud Goat See you at the next episode!

Seth and Ken run through their experiences implementing Machine Learning for different application security activities. A break down the duo's experience at DEF CON 31, interesting talks, and happy hour results.

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”   New RSS Feed link: https://feed.podbean.com/pebcak/feed.xml   Find us on our newly launched YouTube channel: https://www.youtube.com/@pebcakpodcast Follow me on Mastodon: https://infosec.exchange/@Clouie   DEFCON 31 canceled https://www.reddit.com/r/Defcon/comments/15ppt2s/bomb_threat_defcon/ https://techcrunch.com/2023/08/14/researcher-says-they-were-behind-iphone-popups-at-def-con/ https://flipperzero.one/how-to-buy   Cell phone carriers auto-join Wi-Fi https://howmobileworks.com/wp-content/uploads/2021/06/T-Mobile-Passpoint-Indoor-Coverage-Solution-Tech-Overview-012621.pdf https://www.reddit.com/r/ATT/comments/ysqjnz/mobilitie_passpoint_att_wifi_passpoint/   Bitcoin Bonnie and Clyde Plead Guilty https://news.yahoo.com/crypto-couple-pleading-guilty-alleged-115801983.html   Oblivious Chris Stories https://old.reddit.com/r/AskReddit/comments/15h1w7m/whats_the_biggest_hint_youve_ever_missed_from_a/   Dad Joke of the Week (DJOW)   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/

It's the end of our four part, Fool Us, Defcon, Magic Live crazy recording schedule and we can't let Brian Brushwood go without getting real with him. Gabriella Lester talking about discovering Brian at 11 years old. Spadoni drops in to announce his Milk Leg show. Jock Vs. Nerd Trivia.

In this episode of the Redefining CyberSecurity podcast, host Sean Martin along with guests Kirsten Renner and Marco Ciappelli, share their experiences and insights from DEF CON, the annual hacking conference taking place in Las Vegas, Nevada.Kirsten reflects on her nerves and excitement about speaking on the welcome panel at DEF CON, which was interrupted multiple times by alarms. Despite the interruptions, Kirsten highlights the positive reception from the audience and the approachability of well-known figures like Dark Tangent (DT) - (aka Jeff Moss). The conversation emphasizes the importance of engaging with others at conferences like DEF CON and offers tips on how to approach and interact with people.Kirsten also talks about the car hacking village, including the unique experiences like a Tesla being pummeled and hacked for a capture the flag (CTF) prize. The hosts and guest discuss the culture of badges at DEF CON, with the car hacking badges being functional and allowing participants to plug them into their cars.They mention the inclusiveness and welcoming nature of the DEF CON community and the impact of the research and content being presented. Throughout the episode, there is a comical element as Kirsten shares her experiences of speaking on stage during the alarm interruptions and the humorous interactions with the audience. The conversation also touches on Kirsten's son's involvement at DEF CON and the excitement of collecting badges, which are powered and customizable, adding to the overall sense of community and engagement at the conference.This episode offers a glimpse into the excitement, challenges, and camaraderie of attending and speaking at DEF CON, while emphasizing the importance of inclusiveness and the impact of the research being presented. Listen now to get a sense of this year's event - and be sure to follow Kirsten and the rest of the car hacking village crew to learn more about creating a safe and secure connected car ecosystem.About The Car Hacking VillageThe primary goal of the Car Hacking Village is to build a community around discovering weaknesses and exposing vulnerabilities that could significantly impact the safety and security of all drivers and passengers on the road today.  Educating security researchers on the functionality of vehicle systems coupled with providing them with the opportunity to gain hands-on experience working side by side with experts in this field is a plus for the attendees.   Leveraging the vast amount of experience the security research community brings to the Village may increase the safety and security of vehicles on the road today and for generations to come.  Breaches of automotive systems have been in the forefront of the global media for more than a year.  Wired and wireless exploitation of vehicle systems has become a critical safety concern for the automotive industry, the National Highway Traffic Safety Administration, Congress, the Department of Homeland Security, and consumers. Car Hacking Village plays an important role for researchers interested in the safety and security of the more than one billion vehicles on the road worldwide.  In 2015, over 16.5 million vehicles were sold in the United States.  On average, motor vehicles are driven over 15,000 miles annually and consumers spend upwards of 730 hours per year in their cars.Be sure to catch all of our conversations from Black Hat and DEF CON 2022 at https://www.itspm.ag/bhdc22____________________________Guest: Kirsten Renner, Community Volunteer at DEF CON 101On Linkedin | https://www.linkedin.com/in/krenner/On Twitter | https://twitter.com/KrennerOn YouTube | https://www.youtube.com/playlist?list=PLxjvVVSu5Q3-ttIUdxxyCvJiN-TXuJ7j0____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a____________________________ResourcesDEF CON 101 - Welcome to DEF CON Panel: https://forum.defcon.org/node/246130More info about the DEFCON31 Car Hacking Village Badge: https://www.youtube.com/watch?v=yvvOl6LfodQLive from the Car Hacking Village Interview (hack a Tesla Y): https://www.youtube.com/watch?v=2YyyTkMdWikITSP Black Hat 25 & DEF CON 30 Live Streaming Coverage with ITSPmagazine with Car Hacking Village: https://www.youtube.com/watch?v=1jMXUIW9FRESean and Kristen with their Car Hacking Village badge: https://twitter.com/Krenner/status/1028385017037115392?s=20Kristen on DC101 Panel (photo): https://twitter.com/bigrinnyo/status/1689807935096930304?s=20Car Hacking Village website: https://www.carhackingvillage.com/Car Hacking Village Talks | https://www.carhackingvillage.com/talksAt DEF CON: https://forum.defcon.org/node/240928____________________________For more Black Hat and DEF CON  Event Coverage podcast and video episodes visit: https://www.itspmagazine.com/black-hat-2022-and-def-con-hacker-summer-camp-las-vegas-usa-cybersecurity-event-and-conference-coverageAre you interested in telling your story in connection with Black Hat and DEF CON by sponsoring our coverage?

Thousands of security experts, hackers, and college students competed to trick powerful text-generation systems into revealing their dark sides at the Defcon hacker conference in Las Vegas. Read this story here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Justin has a report on the feasibility of hacking voting machines from DEFCON. We cover the US District Court for the District of Columbia ruling on copyrighting AI generated content. And YouTube issues new policies on AI generated music. Plus the Wall Street Journal's sources say a full desktop version of Instagram's Threads could launch early this week. Starring Tom Merritt, Sarah Lane, Justin Robert Young, Joe, Amos To read the show notes in a separate page click here! Support the show on Patreon by becoming a supporter!

Justin has a report on the feasibility of hacking voting machines from DEFCON. We cover the US District Court for the District of Columbia ruling on copyrighting AI generated content. And YouTube issues new policies on AI generated music. Plus the Wall Street Journal's sources say a full desktop version of Instagram's Threads could launch early this week.Starring Tom Merritt, Sarah Lane, Justin Robert Young, Roger Chang, Joe.Link to the Show Notes. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.

This week's Affinity Protocol (hosted by the Affinity Innovations, Inc. Team) episode, the Team tells what went down at this year's DEFCON while joined by Tiff and her husband Rob. Why did Affinity Innovations, Inc. go to DEFCON? And was there really a bomb threat that shut it all down? Find out this and more in this episode. Hosts/Guest Hosts: Chris, Paul, Little Chris, Tiff, and Rob [NOTE: Check links under description!] ---------- Edited by Munkee Bawlz Media https://www.munkeebawlzmedia.com/ ---------- Affinity Newsletter Bi-Weekly Newsletter of Affinity Innovations, Inc. ---------- Find out more about Affinity https://affinitybsc.com/ ---------- Affinity Innovations, Inc. https://affinityinc.tech/ ---------- Already Using Crypto? Checkout ADAPT! https://www.adapt.exchange/ ---------- **LINKS TO CHECK OUT** GRAB YOUR DV RADIO MERCH NOW! https://bit.ly/DVR_Store ---------- EVERYTHING DYSFUNCTIONAL VETERANS https://whereisdv.carrd.co  ---------- Grab DV Radio's Battlegrounds From Ubora Coffee At: http://bit.ly/DVR-BattlegroundCoffee  ---------- DV RADIO PARTNERS, SPONSORS, and AFFILIATES https://dvr-listen-support.carrd.co   Please remember that any information in this show is given strictly as educational and informative purposes only, using them for your own and personal investment decisions is done so at YOUR OWN discretion.

A banal Mac app to granularly adjust Light Mode and Dark Mode was bought out by a shady company, and enlists Macs in a botnet. A new Intel CPU vulnerability may affect older Macs. And a lot of LinkedIn accounts have been hacked; we offer some suggestions on how to protect your account. Show Notes: Apple Security Update info Video of "Join This Apple TV?" iPhone alerts that kept appearing at DEF CON Downfall This $70 device can spoof an Apple device and trick you into sharing your password LinkedIn accounts hacked in widespread hijacking campaign August 15 was iMac's 25th birthday Did the NightOwl app really join Macs to a botnet army? Maker of Chrome extension with 300,000+ users tells of constant pressure to sell out Full transcript of this episode Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.

DC went all out for a major hacking convention this week. On today's POLITICO Tech, Steven Overly and Mohar Chatterjee discuss the unconventional but necessary alliance between the federal government and the hacking community, and what to expect next.

On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: More victims identified in Chinese breach of Microsoft email accounts Cyber Safety Review Board to investigate Microsoft We got some stuff wrong last week More details on Viasat hack revealed Special guest Heather Adkins talks about the CSRB's Lapsus$ report Much, much more This week's show is brought to you by RunZero. Its co-founder HD Moore is this week's sponsor guest. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska - The Washington Post US cyber board to investigate Microsoft hack of government emails | TechCrunch Richard: "@briankrebs @metlstorm @riskyb…" - Mastodon.Radio Mastodon.Radio An SSRF, privileged AWS keys and the Capital One breach | by Riyaz Walikar | Appsecco Chamber of Commerce urges SEC to delay cyber rule implementation | Cybersecurity Dive Satellite hack on eve of Ukraine war was a coordinated, multi-pronged assault | CyberScoop Microsoft to freeze license extensions for Russian companies Takedown of Lolek bulletproof hosting service includes arrests, NetWalker indictment Ransomware Diaries V. 3: LockBit's Secrets How the FBI goes after DDoS cyberattackers | TechCrunch Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT' – Krebs on Security Multiple zero days found affecting crypto platforms Lawmakers press FCC for action on Chinese-made cellular modules Panasonic Warns That IoT Malware Attack Cycles Are Accelerating | WIRED Rapid7 to cut 18% of workforce, shutter certain offices | Cybersecurity Dive SecureWorks layoffs affect 15% staff | TechCrunch Researcher says they were behind iPhone popups at Def Con | TechCrunch Review of the Attacks Associated with LAPSUS$ and Related Threat Groups US should crack down on SIM swapping following Lapsus$ attacks: DHS review Kevin Collier: "Def Con is over and nobody hac…" - Infosec Exchange

This week in the Security News, Dr. Doug talks: DEFCON, ScrutisWeb, DoubleDrive, GitHub, npms, AI Cheating advice, More news and Jason Wood Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-318

OUTLINE of today's show with TIMECODES Trump's latest indictment is the most over-the-top yet— as both Democrats and Trump escalate the rage for their own purposes. 20% of the population is would approve of violence to keep Trump out of White House or to put him back in. This is the REAL danger to the country. (2:06)Documentary film "The Trump I Know" — are we talking about the same guy? I don't recognize this Trump (34:21)LOL, Trump announced his 2024 candidacy 666 days after he left office. And you won't guess what "MAGA" means in the Church of Satan (40:12)GOP Debates. The whole loyalty oath thing as a qualification for participating in the debates. Multiple candidates, in order to meet requirements for NUMBER of donors, are offering to send you $20 if you send them $1. Just like the big guys, except you get a million times less money (40:55)Senator Ron Johnson: the pandemic was pre-planned. Good to hear even one Seantor say it. (1:02:12)"The Essential Church" documentary. (1:07:52)"I Was a Paycheck" — Who Paid Hospitals to Kill People? From the beginning I called it "financially incentivized medical malpractice". As time passes and information comes in we see that in many cases it was malicious murder or attempted murder. One woman's story of "pandemic care"… (1:16:57)Hawaii: Climate Change? Directed Energy?Why was it so bad?How is it being used?What can we prove and what needs to be done about what we know?It's very easy to be distracted from action and also discredit the truth if we focus on sensational, unproven speculation. (1:25:56)RFKj and Nikki Haley shoot themselves in the foot in their abortion messaging. Neither is pro-life and BOTH have alienated voters on both sides of the issue. And, multiple papers refuse to run a story about a female golf pro who continues to play while 7 months pregnant. The offense? She's a committed pro-life Christian (2:01:37)AI stealing passwords, DEFCON, BlackHat Conference, and disastrous recipes (2:26:20)Tranny insanity strikes the Ayn Rand Objectivists — who now are subjective and don't know "What is a Woman". Infowars continues to mock Bud Light type promotion by Skittles after they just did the same with Blaire White (2:45:09)Find out more about the show and where you can watch it at TheDavidKnightShow.comIf you would like to support the show and our family please consider subscribing monthly here: SubscribeStar https://www.subscribestar.com/the-david-knight-showOr you can send a donation throughMail: David Knight POB 994 Kodak, TN 37764Zelle: @DavidKnightShow@protonmail.comCash App at: $davidknightshowBTC to: bc1qkuec29hkuye4xse9unh7nptvu3y9qmv24vanh7Money is only what YOU hold: Go to DavidKnight.gold for great deals on physical gold/silverFor 10% off Gerald Celente's prescient Trends Journal, go to TrendsJournal.com and enter the code KNIGHT

OUTLINE of today's show with TIMECODES Trump's latest indictment is the most over-the-top yet— as both Democrats and Trump escalate the rage for their own purposes. 20% of the population is would approve of violence to keep Trump out of White House or to put him back in. This is the REAL danger to the country. (2:06)Documentary film "The Trump I Know" — are we talking about the same guy? I don't recognize this Trump (34:21)LOL, Trump announced his 2024 candidacy 666 days after he left office. And you won't guess what "MAGA" means in the Church of Satan (40:12)GOP Debates. The whole loyalty oath thing as a qualification for participating in the debates. Multiple candidates, in order to meet requirements for NUMBER of donors, are offering to send you $20 if you send them $1. Just like the big guys, except you get a million times less money (40:55)Senator Ron Johnson: the pandemic was pre-planned. Good to hear even one Seantor say it. (1:02:12)"The Essential Church" documentary. (1:07:52)"I Was a Paycheck" — Who Paid Hospitals to Kill People? From the beginning I called it "financially incentivized medical malpractice". As time passes and information comes in we see that in many cases it was malicious murder or attempted murder. One woman's story of "pandemic care"… (1:16:57)Hawaii: Climate Change? Directed Energy?Why was it so bad?How is it being used?What can we prove and what needs to be done about what we know?It's very easy to be distracted from action and also discredit the truth if we focus on sensational, unproven speculation. (1:25:56)RFKj and Nikki Haley shoot themselves in the foot in their abortion messaging. Neither is pro-life and BOTH have alienated voters on both sides of the issue. And, multiple papers refuse to run a story about a female golf pro who continues to play while 7 months pregnant. The offense? She's a committed pro-life Christian (2:01:37)AI stealing passwords, DEFCON, BlackHat Conference, and disastrous recipes (2:26:20)Tranny insanity strikes the Ayn Rand Objectivists — who now are subjective and don't know "What is a Woman". Infowars continues to mock Bud Light type promotion by Skittles after they just did the same with Blaire White (2:45:09)Find out more about the show and where you can watch it at TheDavidKnightShow.comIf you would like to support the show and our family please consider subscribing monthly here: SubscribeStar https://www.subscribestar.com/the-david-knight-showOr you can send a donation throughMail: David Knight POB 994 Kodak, TN 37764Zelle: @DavidKnightShow@protonmail.comCash App at: $davidknightshowBTC to: bc1qkuec29hkuye4xse9unh7nptvu3y9qmv24vanh7Money is only what YOU hold: Go to DavidKnight.gold for great deals on physical gold/silverFor 10% off Gerald Celente's prescient Trends Journal, go to TrendsJournal.com and enter the code KNIGHT

Apple released its first iMac 25 years ago today. Is September 12th the rumored date for Apple's upcoming event? And, could Amazon's One palm reading payment service directly compete with Google and Apple in the digital wallet space? iMac turns 25 today. Apple Event September 12, 2023: Apple Watch Series 9, Ultra 2; Watch X later. An Apple malware-flagging tool is 'trivially' easy to bypass. Five new features coming to AirPods Pro 2. Apple didn't infringe on Bluetooth pairing lawsuit, court declares. Amazon wants you to pay with your palm. It's a sneak attack on Apple and Google. Why do people save their empty Apple boxes? Ford hires ex-Apple TV Plus chief Peter Stern to lead the customer software team. Ireland's Alchemy battles e-waste by giving Apple products a new life. Lionel Messi's inter Miami CF journey subject of new Apple TV+ docuseries. Apple to Finally Pay Out $500M Over iPhone Slowdown Lawsuit, after final appeal nixed by judge. iPhone 14 satellite emergency call 'literally' saved a family trapped in the Hawaii wildfires. Researcher says they were behind iPhone popups at Def Con. An underrated icon shines in Snoopy Presents: One-of-a-Kind Marcie. Picks of the Week Jason's Pick: Callsheet by Casey Liss Alex's Pick: Feather Andy's Pick: The Nib Leo's Pick: LG StanbyME Go Portable Smart Touch Screen. Hosts: Leo Laporte, Alex Lindsay, Andy Ihnatko, and Jason Snell Download or subscribe to this show at https://twit.tv/shows/macbreak-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: joindeleteme.com/twit promo code TWIT GO.ACILEARNING.COM/TWIT Brooklinen.com Use Code MACBREAK