Message-digest hashing algorithm
POPULARITY
8 episodes with MD5
3 episodes with MD5
3 episodes with MD5
7 episodes with MD5
3 episodes with MD5
2 episodes with MD5
4 episodes with MD5
2 episodes with MD5
2 episodes with MD5
【プロモーション:コインチェック株式会社】2026/5/31までの期間限定!対象者全員に最大で2500円分のビットコインをプレゼントキャンペーン参加はこちらから:https://coincheck.com/ja/cp_lp/yurupc202605?utm_source=podcast暗号技術が破られるとはどういうことか? ハッシュ関数を例にして、直観的に説明しました。【目次】0:00 暗号技術は死んでいく5:54 ハッシュ関数って何?10:30 ハッシュ値を計算してみよう15:12 ハッシュ関数をハックしよう19:37 ハッシュはどこで使われている?23:41 業界を震撼させた無名の女性25:06 Web全部を揺るがす脆弱性29:52 日々進化し続ける暗号技術34:44 コインチェックとタイアップキャンペーン【参考文献】◯CRYPTO 2004 ( https://www.iacr.org/conferences/crypto2004/ )→国際学会 CRYPTOの詳細はこちらから。◯CITP Blog「Report from Crypto 2004」( https://blog.citp.princeton.edu/2004/08/18/report-crypto-2004/ )→ スタンディングオベーションが起きた話はここから。◯Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD ( https://eprint.iacr.org/2004/199.pdf )→ 王小雲が2004年のCRYPTOで発表したもの。◯Flame malware collision attack explained ( https://www.microsoft.com/en-us/msrc/blog/2012/06/flame-malware-collision-attack-explained/ )→ Flameについての詳細情報◯RFC 1321「The MD5 Message-Digest Algorithm」( https://www.ietf.org/rfc/rfc1321.txt )→ MD5の仕様、MD4の後継であること◯Online Etymology Dictionary「hash」 https://www.etymonline.com/word/hash→ hashの語源◯ Washington Post「U.S., Israel developed Flame computer virus」( https://www.washingtonpost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html )→ Flameが米国・イスラエルの合同でイラン攻撃用に開発された◯NIST「NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition」( https://www.nist.gov/news-events/news/2012/10/nist-selects-winner-secure-hash-algorithm-sha-3-competition )→ SHA-3について◯現代経済学の直観的方法(バリューブックス)→ https://www.valuebooks.jp/bp/VS0057255792(Amazon)→ https://amzn.to/42toyqQ【サポーターコミュニティへの加入はこちらから!】https://yurugengo.com/support【親チャンネル:ゆる言語学ラジオ】https://www.youtube.com/@yurugengo【実店舗プロジェクト:ゆる学徒カフェ】https://www.youtube.com/@yurugakuto【お仕事依頼はこちら!】info@pedantic.jp【堀元見プロフィール】慶應義塾大学理工学部卒。専攻は情報工学。理屈っぽいコンテンツを作り散らかすことで生計を立てている。Twitter→https://twitter.com/kenhori2noteマガジン→https://note.com/kenhori2/m/m125fc4524aca個人YouTube→https://www.youtube.com/@kenHorimoto【水野太貴プロフィール】1995年生まれ。愛知県出身。名古屋大学文学部卒。専攻は言語学。本業は雑誌編集者。著書に『会話の0.2秒を言語学する 』(新潮社)などがある。Podcast「神保町で会いましょう」のパーソナリティも務める。Twitter→https://x.com/yuru_mizuno神保町で会いましょう→https://open.spotify.com/show/6cYkvDO0HnJKLPgDBGUjjS
Parce que… c'est l'épisode 0x2F6! Shameless plug 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 24 et 25 juin 2026 - Troopers 26 et 27 juin 2026 - leHACK 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Notes IA ou Ghost in the shell Mythos ou le grand réveil Mozilla says AI helped squash 423 Firefox security bugs Opinion: Actually, Mythos is the best cybersecurity news we've ever had Spooked by Mythos, Trump suddenly realized AI safety testing might be good AI-BOMs replace SBOMs as way to track AI agents and bots AI didn't delete your database, you did Chrome installe en douce un modèle IA de 4 Go sur votre disque sans rien demander Malicious OpenClaw DeepSeek Skill Exploits Agentic AI Workflows to Deliver RAT and Stealer Hackers Hate AI Slop Even More Than You Do Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web Kevin Beaumont: “got owned by teenagers copying and pasting commands from PDFs written in 2019 by Jurass1cKn0b316” - Cyberplace La guerre, la guerre, c'est pas une raison pour se faire mal! Inside Israel's AI targeting system: How data from a phone become a death sentence Polish intelligence warns hackers attacked water treatment control systems Souveraineté ou vive le numérique libre! DHS Demanded Google Surrender Data on Canadian's Activity, Location Over Anti-ICE Posts Privacy ou cachez ces informations que je ne saurais voir Apple Security Updates: What They Mean for Mac and iPhone Privacy (1) Alberta voter list leak is a potential public safety disaster: Enforcement experts Canadian election databases use “canary traps”—and they work A college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitory PSA: Instagram Encrypted Messaging Ends on Friday, May 8 I am the law Protégeons nos enfants 16% of Parents Help Their Children Bypass Online Age Checks, Study Finds. One 15-Year-Old Just Uses a Fake Moustache Some children are drawing on fake moustaches to bypass online age checks, report finds Meta, Zuckerberg Sued Over Alleged Copyright Infringement by Book Publishers and Scott Turow One House Democrat is pressing Commerce on the government's spyware use Elon Musk faces criminal probe in France after ignoring summons in X case France Moves to Break Encrypted Messaging Red ou tout ce qui est brisé Copy for the fail CISA says ‘Copy Fail' flaw now exploited to root Linux systems ‘Copy Fail' is a real Linux security crisis wrapped in AI slop Ransomware is getting uglier as cybercriminals fake leaks and skip encryption entirely Microsoft Edge Stores Passwords in Process Memory, Posing Risk VoidStealer Malware Darts Past Google Chrome's Encryption Azure AD Conditional Access Bypassed Through Phantom Device Registration and PRT Abuse White House App Is a Terrifying Security Mess Guessable admin password exposes sloppy network security 60% of MD5 password hashes are crackable in under an hour Blue ou tout ce qui améliore notre posture Security Through Obscurity Is NOT Bad Achieving CVE Remediation in an Era of Escalating Vulnerabilities Divers ou parce que j'ai aucune idée où les placer 1 in 8 workers say selling company logins is justifiable Kevin Beaumont: “Always good when your EDR provider gets hit by a ransomware group.” - Cyberplace Collaborateurs Nicolas-Loïc Fortin Crédits Montage par Intrasecure inc Locaux réels par Moxy Montreal Downtown
Effy sits down with actor, comedian, and professional wrestler, Shane Hartline. Follow Shane everywhere:InstaTwitterNAW Youtube (including Effy's episode)Everywhere Else---See Effy:4/3 – GCW: The Last Call – Las Vegas, NV4/4 – GCW: Maniac – Los Angeles, CA4/15 – PWU Wrestling - Horseshoe Casino, Las Vegas, NV4/16 – NJPW Death Invitation - Horseshoe Casino, Las Vegas, NV4/17 – GCW: Joey Janela's Spring Break X – Las Vegas, NV4/18 – Effy's Big Gay Brunch – Las Vegas, NV4/23 – Freelance Wrestling – Chicago, IL4/25 – Uncanny Attractions: What Happens at Highland – Austin, TX5/1 – GCW: Ashes To Ashes – Baltimore, MD5/2 – GCW: One Night Only – Philadelphia, PA5/15 – GCW: So Much Fun – Detroit, MI5/22 – Freelance Wrestling – Chicago, IL5/29 – New South Wrestling – Alabama5/30 – Innovative Hybrid Wrestling – Riverview, NB, Canada6/13 – Wrestling Is Gay – Oklahoma City, OK6/26 – Freelance Wrestling – Chicago, IL---Get early episodes, bonus minisodes, merch discounts, Effy video blogs, puppy content and weather reports in the Pleasure Zone.Sponsor the podcast: weekendateffys@gmail.comSEND EFFY:650 Ponce De Leon Ave Ste. 300# 2936Atlanta, GA 30308Book EFFYWEAR EFFY-----Petár makes stuff too@lowskydance on insta and blueskyetsy shop - hand-painted analog projection art AI Slop Awareness Stickers
Effy sits down with friend and photographer extraordinaire, Nick Karp. Follow Nick:InstaTwitter---See Effy:4/3 – GCW: The Last Call – Las Vegas, NV4/4 – GCW: Maniac – Los Angeles, CA4/15 – PWU Wrestling - Horseshoe Casino, Las Vegas, NV4/16 – NJPW Death Invitation - Horseshoe Casino, Las Vegas, NV4/17 – GCW: Joey Janela's Spring Break X – Las Vegas, NV4/18 – Effy's Big Gay Brunch – Las Vegas, NV4/23 – Freelance Wrestling – Chicago, IL4/25 – Uncanny Attractions: What Happens at Highland – Austin, TX5/1 – GCW: Ashes To Ashes – Baltimore, MD5/2 – GCW: One Night Only – Philadelphia, PA5/15 – GCW: So Much Fun – Detroit, MI5/22 – Freelance Wrestling – Chicago, IL5/29 – New South Wrestling – Alabama5/30 – Innovative Hybrid Wrestling – Riverview, NB, Canada6/13 – Wrestling Is Gay – Oklahoma City, OK6/26 – Freelance Wrestling – Chicago, IL---Get early episodes, bonus minisodes, merch discounts, Effy video blogs, puppy content and weather reports in the Pleasure Zone.Sponsor the podcast: weekendateffys@gmail.comSEND EFFY:650 Ponce De Leon Ave Ste. 300# 2936Atlanta, GA 30308Book EFFYWEAR EFFY-----Petár makes stuff too@lowskydance on insta and blueskyetsy shop - hand-painted analog projection art AI Slop Awareness Stickers
Follow Keita everywhere:TwitterInstagramSpicy stuff---See Effy:4/3 – GCW: The Last Call – Las Vegas, NV4/4 – GCW: Maniac – Los Angeles, CA4/15 – PWU Wrestling - Horseshoe Casino, Las Vegas, NV4/16 – NJPW Death Invitation - Horseshoe Casino, Las Vegas, NV4/17 – GCW: Joey Janela's Spring Break X – Las Vegas, NV4/18 – Effy's Big Gay Brunch – Las Vegas, NV4/23 – Freelance Wrestling – Chicago, IL4/25 – Uncanny Attractions: What Happens at Highland – Austin, TX5/1 – GCW: Ashes To Ashes – Baltimore, MD5/2 – GCW: One Night Only – Philadelphia, PA5/15 – GCW: So Much Fun – Detroit, MI5/22 – Freelance Wrestling – Chicago, IL5/29 – New South Wrestling – Alabama5/30 – Innovative Hybrid Wrestling – Riverview, NB, Canada6/13 – Wrestling Is Gay – Oklahoma City, OK6/26 – Freelance Wrestling – Chicago, IL---Get early episodes, bonus minisodes, merch discounts, Effy video blogs, puppy content and weather reports in the Pleasure Zone.Sponsor the podcast: weekendateffys@gmail.comSEND EFFY:650 Ponce De Leon Ave Ste. 300# 2936Atlanta, GA 30308Book EFFYWEAR EFFY-----Petár makes stuff too@lowskydance on insta and blueskyetsy shop - hand-painted analog projection art AI Slop Awareness Stickers
Effy sits down with Gabriel Michael aka CHAYNMALE with the Dynamic Wrestling Association in Atlanta, Ga.---See Effy:4/3 – GCW: The Last Call – Las Vegas, NV4/4 – GCW: Maniac – Los Angeles, CA4/15 – PWU Wrestling - Horseshoe Casino, Las Vegas, NV4/16 – NJPW Death Invitation - Horseshoe Casino, Las Vegas, NV4/17 – GCW: Joey Janela's Spring Break X – Las Vegas, NV4/18 – Effy's Big Gay Brunch – Las Vegas, NV4/23 – Freelance Wrestling – Chicago, IL4/25 – Uncanny Attractions: What Happens at Highland – Austin, TX5/1 – GCW: Ashes To Ashes – Baltimore, MD5/2 – GCW: One Night Only – Philadelphia, PA5/15 – GCW: So Much Fun – Detroit, MI5/22 – Freelance Wrestling – Chicago, IL5/29 – New South Wrestling – Alabama5/30 – Innovative Hybrid Wrestling – Riverview, NB, Canada6/13 – Wrestling Is Gay – Oklahoma City, OK6/26 – Freelance Wrestling – Chicago, IL---Get early episodes, bonus minisodes, merch discounts, Effy video blogs, puppy content and weather reports in the Pleasure Zone.Sponsor the podcast: weekendateffys@gmail.comSEND EFFY:650 Ponce De Leon Ave Ste. 300# 2936Atlanta, GA 30308Book EFFYWEAR EFFY-----Petár makes stuff too@lowskydance on insta and blueskyetsy shop - hand-painted analog projection art AI Slop Awareness Stickers
Effy is innocence. Petár is also innocent. ---See Effy:4/3 – GCW: The Last Call – Las Vegas, NV4/4 – GCW: Maniac – Los Angeles, CA4/15 – PWU Wrestling - Horseshoe Casino, Las Vegas, NV4/16 – NJPW Death Invitation - Horseshoe Casino, Las Vegas, NV4/17 – GCW: Joey Janela's Spring Break X – Las Vegas, NV4/18 – Effy's Big Gay Brunch – Las Vegas, NV4/23 – Freelance Wrestling – Chicago, IL4/25 – Uncanny Attractions: What Happens at Highland – Austin, TX5/1 – GCW: Ashes To Ashes – Baltimore, MD5/2 – GCW: One Night Only – Philadelphia, PA5/15 – GCW: So Much Fun – Detroit, MI5/22 – Freelance Wrestling – Chicago, IL5/29 – New South Wrestling – Alabama5/30 – Innovative Hybrid Wrestling – Riverview, NB, Canada6/13 – Wrestling Is Gay – Oklahoma City, OK6/26 – Freelance Wrestling – Chicago, IL---Get early episodes, bonus minisodes, merch discounts, Effy video blogs, puppy content and weather reports in the Pleasure Zone.Sponsor the podcast: weekendateffys@gmail.comSEND EFFY:650 Ponce De Leon Ave Ste. 300# 2936Atlanta, GA 30308Book EFFYWEAR EFFY-----Petár makes stuff too@lowskydance on insta and blueskyetsy shop - hand-painted analog projection art AI Slop Awareness Stickers
Effy sits down with his friend Luiz Gonzales. Luis makes beautiful tattoos and you should follow him here. ---See Effy:4/23 – Freelance Wrestling – Chicago, IL4/25 – Uncanny Attractions: What Happens at Highland – Austin, TX5/1 – GCW: Ashes To Ashes – Baltimore, MD5/2 – GCW: One Night Only – Philadelphia, PA5/15 – GCW: So Much Fun – Detroit, MI5/22 – Freelance Wrestling – Chicago, IL5/29 – New South Wrestling – Alabama5/30 – Innovative Hybrid Wrestling – Riverview, NB, Canada6/13 – Wrestling Is Gay – Oklahoma City, OK6/26 – Freelance Wrestling – Chicago, IL---Get early episodes, bonus minisodes, merch discounts, Effy video blogs, puppy content and weather reports in the Pleasure Zone.Sponsor the podcast: weekendateffys@gmail.comSEND EFFY:650 Ponce De Leon Ave Ste. 300# 2936Atlanta, GA 30308Book EFFYWEAR EFFY-----Petár makes stuff too@lowskydance on insta and blueskyetsy shop - hand-painted analog projection art AI Slop Awareness Stickers
Effy is full of zeal and thumbtacks.Petár is jamming on jimmy stewart.---See Effy:4/3 – GCW: The Last Call – Las Vegas, NV4/4 – GCW: Maniac – Los Angeles, CA4/15 – ???4/16 – ???4/17 – GCW: Joey Janela's Spring Break X – Las Vegas, NV4/18 – Effy's Big Gay Brunch – Las Vegas, NV4/23 – Freelance Wrestling – Chicago, IL4/25 – Uncanny Attractions: What Happens at Highland – Austin, TX5/1 – GCW: Ashes To Ashes – Baltimore, MD5/2 – GCW: One Night Only – Philadelphia, PA5/15 – GCW: So Much Fun – Detroit, MI5/22 – Freelance Wrestling – Chicago, IL5/29 – New South Wrestling – Alabama5/30 – Innovative Hybrid Wrestling – Riverview, NB, Canada6/13 – Wrestling Is Gay – Oklahoma City, OK6/26 – Freelance Wrestling – Chicago, IL---Get early episodes, bonus minisodes, merch discounts, Effy video blogs, puppy content and weather reports in the Pleasure Zone.Sponsor the podcast: weekendateffys@gmail.comSEND EFFY:650 Ponce De Leon Ave Ste. 300# 2936Atlanta, GA 30308Book EFFYWEAR EFFY-----Petár makes stuff too@lowskydance on insta and blueskyetsy shop - hand-painted analog projection art AI Slop Awareness Stickers
Materi kuliah II3230 - Keamanan Informasi (2026). Tugas melakukan mining. Kompetisi. Siapa yang bisa mencari nonce yang menghasilkan MD5 hash yang paling kecil.#blockchain #mining
Are you ready to earn one of the most respected certifications in cybersecurity? In this episode, we break down the fundamental concepts, practical demonstrations, and exam-passing strategies for the 2026 CompTIA Security+ (SY0-701).We move beyond theory into practice, demonstrating how integrity is protected through MD5 hashing and how phishing attacks are launched using tools like ZFisher. We also clarify common exam pitfalls, such as the difference between tailgating and piggybacking, and why "Risk Acceptance" is often a calculated business decision rather than a security failure. Whether you're struggling with PKI architecture or trying to distinguish between MAC, DAC, and RBAC, this episode is your ultimate audio study guide.
Big thank you to DeleteMe for sponsoring this video. Use my link http://joindeleteme.com/Bombal to receive a 20% discount or use the QR Code in the video. In this interview, David Bombal sits down with Dr. Mike Pound (Computerphile) to clear up one of the biggest crypto misconceptions on the Internet: hashing is not encryption, and hash functions are not reversible. In this video you'll learn what a hash function actually does (a deterministic, fixed-length, “random-looking” summary of data) and why the whole point is that you cannot take a hash and reconstruct the original file. Dr Mike explains the key properties of secure hashing, including the avalanche effect (tiny input change, massive output change), and why older algorithms like MD5 and SHA-1 became unsafe due to collisions. We also cover what “collisions” really mean, why they must exist in theory (the pigeonhole principle) and why they can appear sooner than expected (the birthday paradox). Then we tackle the YouTube-comments classic: rainbow tables. If hashes are one-way, how do attackers “crack” passwords? The answer: they don't reverse hashes. They guess passwords, hash them forward, and match the results. Mike breaks down how rainbow tables speed this up with precomputed hashes, and why salting makes those precomputations far less effective by forcing attackers to redo work per user. Finally, we zoom out into modern cryptography: why SHA-2 is widely used today, why SHA-3 exists as a structurally different backup option, what length extension attacks are, and what quantum computing changes (and doesn't change) for hashing and encryption. We also touch on how hashes power digital signatures, file integrity checks (like verifying an ISO download), and why AES dominates symmetric encryption. // Mike's SOCIAL // X: / _mikepound // YouTube Video REFERENCE // SHA: Secure Hashing Algorithm: • SHA: Secure Hashing Algorithm - Computerphile Birthday Paradox: • Hash Collisions & The Birthday Paradox - C... The Next Big SHA? SHA3 Sponge Function Explained: • The Next Big SHA? SHA3 Sponge Function Exp... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 01:09 - DeleteMe sponsored segment 02:54 - Hashing is not Encryption // Encryption and Hashing explained 09:47 - Hash functions are irreversible 15:22 - How hashing works 17:23 - Why MD5 is bad 20:09 - Recommended hashing function 21:47 - Birthday paradox explained 23:39 - Rainbow table explained 29:44 - Salting explained 33:35 - Pigeon Hole principle explained 36:35 - SHA-2 is the answer 37:17 - SHA-3 vs SHA-2 40:42 - The effect of quantum computing 42:47 - Quick summary 43:52 - Sign-In with private key 45:21 - Avalanche effect explained 49:10 - Where to learn more about hash functions 50:27 - Conclusion Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #cryptography #hashing #encryption
Wonder what those strange strings of numbers labelled things like MD5 or SHA mean next to a download? They're a way to double-check that a file is safe and complete. Here's how checksums work, why they matter, and when you might want to use them.
We had so many interviews from the MD5* high and plan on sharing them over the next couple weeks from the MD5* Radio which is provided by Taylor Harris Insurance Services during the Mars Maryland 5* at Fair Hill presented by Brown Advisory. This week is Dressage Day 2 and we talked to the Cross Country Course Designer Pierre le Goupil, Hayley Frielick, Maya Clarkson, Alyssa Phillips, Caitlin O'Roark, Maddie Tempkin, Colin Gaffney and Mike Pendelton. We are so excited to share these fun interviews with you and hope you enjoy them as much as we did!Please support our sponsors:https://cowboymagic.com/https://manentailequine.com/https://exhibitorlabs.com/https://www.triplecrownfeed.com/Sign up for our mailing list!https://mailchi.mp/b232b86de7e5/majorleagueeventingllc?fbclid=IwAR2Wp0jijRKGwGU3TtPRN7wMo-UAWBwrUy2nYz3gQXXJRmSJVLIzswvtClECheckout the Major League Eventing store!https://www.majorleagueeventing.com/shop
We are still on our MD5* high and plan on sharing our interviews over the next couple weeks from the MD5* Radio which is provided by Taylor Harris Insurance Services during the Mars Maryland 5* at Fair Hill presented by Brown Advisory. This week is Dressage Day 1 and we talked to Lainey Ashker, Jessica Phoenix, Tommy Greengard, Olivia Dutton, Shannon Lilley, Rory Frangos, Isabel Bosley, Lindsay Traisnel, Kiersten Miller and Anna Buffini. We are so excited to share these fun interviews with you and hope you enjoy them as much as we did!Please support our sponsors:https://cowboymagic.com/https://manentailequine.com/https://exhibitorlabs.com/https://www.triplecrownfeed.com/Sign up for our mailing list!https://mailchi.mp/b232b86de7e5/majorleagueeventingllc?fbclid=IwAR2Wp0jijRKGwGU3TtPRN7wMo-UAWBwrUy2nYz3gQXXJRmSJVLIzswvtClECheckout the Major League Eventing store!https://www.majorleagueeventing.com/shop
Topics covered in this episode: * PostgreSQL 18 Released* * Testing is better than DSA (Data Structures and Algorithms)* * Pyrefly in Cursor/PyCharm/VSCode/etc* * Playwright & pytest techniques that bring me joy* Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: PostgreSQL 18 Released PostgreSQL 18 is out (Sep 25, 2025) with a focus on faster text handling, async I/O, and easier upgrades. New async I/O subsystem speeds sequential scans, bitmap heap scans, and vacuum by issuing concurrent reads instead of blocking on each request. Major-version upgrades are smoother: pg_upgrade retains planner stats, adds parallel checks via -jobs, and supports faster cutovers with -swap. Smarter query performance lands with skip scans on multicolumn B-tree indexes, better OR optimization, incremental-sort merge joins, and parallel GIN index builds. Dev quality-of-life: virtual generated columns enabled by default, a uuidv7() generator for time-ordered IDs, and RETURNING can expose both OLD and NEW. Security gets an upgrade with native OAuth 2.0 authentication; MD5 password auth is deprecated and TLS controls expand. Text operations get a boost via the new PG_UNICODE_FAST collation, faster upper/lower, a casefold() helper, and clearer collation behavior for LIKE/FTS. Brian #2: Testing is better than DSA (Data Structures and Algorithms) Ned Batchelder If you need to grind through DSA problems to get your first job, then of course, do that, but if you want to prepare yourself for a career, and also stand out in job interviews, learn how to write tests. Testing is a skill you'll use constantly, will make you stand out in job interviews, and isn't taught well in school (usually). Testing code well is not obvious. It's a puzzle and a problem to solve. It gives you confidence and helps you write better code. Applies everywhere, at all levels. Notes from Brian Most devs suck at testing, so being good at it helps you stand out very quickly. Thinking about a system and how to test it often very quickly shines a spotlight on problem areas, parts with not enough specification, and fuzzy requirements. This is a good thing, and bringing up these topics helps you to become a super valuable team member. High level tests need to be understood by key engineers on a project. Even if tons of the code is AI generated. Even if many of the tests are, the people understanding the requirements and the high level tests are quite valuable. Michael #3: Pyrefly in Cursor/PyCharm/VSCode/etc Install the VSCode/Cursor extension or PyCharm plugin, see https://pyrefly.org/en/docs/IDE/ Brian spoke about Pyrefly in #433: Dev in the Arena I've subsequently had the team on Talk Python: #523: Pyrefly: Fast, IDE-friendly typing for Python (podcast version coming in a few weeks, see video for now.) My experience has been Pyrefly changes the feel of the editor, give it a try. But disable the regular language server extension. Brian #4: Playwright & pytest techniques that bring me joy Tim Shilling “I've been working with playwright more often to do end to end tests. As a project grows to do more with HTMX and Alpine in the markup, there's less unit and integration test coverage and a greater need for end to end tests.” Tim covers some cool E2E techniques Open new pages / tabs to be tested Using a pytest marker to identify playwright tests Using a pytest marker in place of fixtures Using page.pause() and Playwright's debugging tool Using assert_axe_violations to prevent accessibility regressions Using page.expect_response() to confirm a background request occurred From Brian Again, with more and more lower level code being generated, and many unit tests being generated (shakes head in sadness), there's an increased need for high level tests. Don't forget API tests, obviously, but if there's a web interface, it's gotta be tested. Especially if the primary user experience is the web interface, building your Playwright testing chops helps you stand out and let's you test a whole lot of your system with not very many tests. Extras Brian: Big O - By Sam Who Yes, take Ned's advice and don't focus so much on DSA, focus also on learning to test. However, one topic you should be comfortable with in algortithm-land is Big O, at least enough to have a gut feel for it. And this article is really good enough for most people. Great graphics, demos, visuals. As usual, great content from Sam Who, and a must read for all serious devs. Python 3.14.0rc3 has been available since Sept 18. Python 3.14.0 final scheduled for Oct 7 Django 6.0 alpha 1 released Django 6.0 final scheduled for Dec 3 Python Test Static hosting update Some interesting discussions around setting up my own server, but this seems like it might be yak shaving procrastination research when I really should be writing or coding. So I'm holding off until I get some writing projects and a couple SaaS projects further along. Joke: Always be backing up
Topics covered in this episode: * pandas is getting pd.col expressions* * Cline, At-Cost Agentic IDE Tooling* * uv cheatsheet* Ducky Network UI Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: pandas is getting pd.col expressions Marco Gorelli Next release of Pandas will have pd.col(), inspired by some of the other frameworks I'm guessing Pandas 2.3.3? or 2.4.0? or 3.0.0? (depending on which version they bump?) “The output of pd.col is called an expression. You can think of it as a delayed column - it only produces a result once it's evaluated inside a dataframe context.” It replaces many contexts where lambda expressions were used Michael #2: Cline, At-Cost Agentic IDE Tooling Free and open-source Probably supports your IDE (if your IDE isn't a terminal) VS Code VS Code Insiders Cursor Windsurf JetBrains IDEs (including PyCharm) You pick plan or act (very important) It shows you the price as the AI works, per request, right in the UI Brian #3: uv cheatsheet Rodgrigo at mathspp.com Nice compact cheat sheet of commands for Creating projects Managing dependencies Lifecycle stuff like build, publish, bumping version uv tool (uvx) commands working with scripts Installing and updating Python versions plus venv, pip, format, help and update Michael #4: Ducky Network UI Ducky is a powerful, open-source, all-in-one desktop application built with Python and PySide6. It is designed to be the perfect companion for network engineers, students, and tech enthusiasts, combining several essential utilities into a single, intuitive graphical interface. Features Multi-Protocol Terminal: Connect via SSH, Telnet, and Serial (COM) in a modern, tabbed interface. SNMP Topology Mapper: Automatically discover your network with a ping and SNMP sweep. See a graphical map of your devices, color-coded by type, and click to view detailed information. Network Diagnostics: A full suite of tools including a Subnet Calculator, Network Monitor (Ping, Traceroute), and a multi-threaded Port Scanner. Security Toolkit: Look up CVEs from the NIST database, check password strength, and calculate file hashes (MD5, SHA1, SHA256, SHA512). Rich-Text Notepad: Keep notes and reminders in a dockable widget with formatting tools and auto-save. Customizable UI: Switch between a sleek dark theme and a clean light theme. Customize terminal colors and fonts to your liking. Extras Brian: Where are the cool kids hosting static sites these days? Moving from Netlify to Cloudflare Pages - Will Vincent from Feb 2024 Traffic is a concern now for even low-ish traffic sites since so many bots are out there Netlify free plan is less than 30 GB/mo allowed (grandfathered plans are 100 GB/mo) GH Pages have a soft limit of 100 GB/mo Cloudflare pages says unlimited Michael: PyCon Brazil needs some help with reduced funding from the PSF Get a ticket to donate for a student to attend (at the button of the buy ticket checkout dialog) I upgraded to macOS Tahoe Loving it so far. Only issue I've seen so far has been with alt-tab for macOS Joke: Hiring in 2025 vs 2021 2021: “Do you have an in-house kombucha sommelier?” “Let's talk about pets, are you donkey-friendly?”, “Oh you think this is a joke?” 2025: “Round 8/7” “Out of 12,000 resumes, the AI picked yours” “Binary tree? Build me a foundational model!” “Healthcare? What, you want to live forever?”
Virtual lists are one of the most powerful and flexible techniques in FileMaker, giving developers the ability to generate custom reports, create dynamic pickers, and display complex data without storing it in fields.The team breaks down the essentials, like how global variables and JSON arrays feed into unstored calculations, how scripts can define headers and build arrays with SQL or looping, and why this approach is so effective for reporting and beyond.We also look at advanced use cases, from scaling large data sets and handling character limits to applying conditional formatting, integrating with WebViewer for interactive tables, and exploring Kevin Frank's MD5-hashed window method for running multiple virtual lists at once.
Virtual lists are one of the most powerful and flexible techniques in FileMaker, giving developers the ability to generate custom reports, create dynamic pickers, and display complex data without storing it in fields. The team breaks down the essentials, like how global variables and JSON arrays feed into unstored calculations, how scripts can define headers and build arrays with SQL or looping, and why this approach is so effective for reporting and beyond. We also look at advanced use cases, from scaling large data sets and handling character limits to applying conditional formatting, integrating with WebViewer for interactive tables, and exploring Kevin Frank's MD5-hashed window method for running multiple virtual lists at once.
Send us a textEver wondered how your sensitive messages stay secure in an increasingly dangerous digital landscape? The answer lies in message integrity controls, digital signatures, and certificate validation – the core components of modern cybersecurity we tackle in this episode.We begin with a timely breakdown of Microsoft's recent security breach by Russian hackers who stole source code by exploiting a test environment. This real-world example perfectly illustrates why proper security controls must extend beyond production environments – a lesson many organizations learn too late.Diving into the technical foundation of message security, we explore how basic checksums evolved into sophisticated hashing algorithms like MD5, SHA-2, and SHA-3. You'll understand what makes these algorithms effective at detecting tampering and why longer digests provide better protection against collision attacks.Digital signatures emerge as the cornerstone of secure communication, providing the crucial trifecta of integrity verification, sender authentication, and non-repudiation. Through practical examples with our fictional users Alice and Bob, we demonstrate exactly how public and private keys work together to safeguard information exchange.The episode culminates with an exploration of digital certificates and S/MIME protocols – the technologies that make secure email possible. You'll learn how certificate authorities establish chains of trust, what happens when certificates are compromised, and how the revocation process protects the entire ecosystem.Whether you're preparing for the CISSP exam or simply want to understand how your sensitive communications remain protected, this episode provides clear, actionable knowledge about the cryptographic building blocks that secure our digital world.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Send us a textWhat if quantum computing could unravel today's most secure encryption methods? Discover the potential future of cryptography on the CISSP Cyber Training Podcast, as we explore the profound impact of advanced quantum capabilities on public key systems like RSA and elliptic curve algorithms. This episode breaks down the "harvest now, decrypt later" strategy, revealing how adversaries might exploit encrypted data in the future. Cybersecurity professionals will gain essential insights into transforming their organization's cryptography practices to anticipate and counteract these emerging threats effectively. Our deep dive into cryptographic concepts and best practices offers a comprehensive Q&A session that highlights AES as the gold standard of symmetric encryption and examines the vulnerabilities of legacy algorithms like MD5. Get to grips with the advantages of ECC for devices with limited resources and unravel the complexities of asymmetric cryptography, from key exchanges to the power of digital signatures. We also unveil a tailored mentoring and coaching program, designed to guide you through passing the CISSP exam and mapping a successful career path in cybersecurity. Tune in for expert insights and strategies that equip you to excel in the ever-evolving world of cybersecurity.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Jude Bellingham & Carlo Ancelotti Pre-Match Press Conference | Liverpool v Real Madrid Jude Bellingham & Carlo Ancelotti speak to the media at Anfield ahead of Liverpool v Real Madrid in MD5 of the Champions League.Support this show http://supporter.acast.com/redmentv. Hosted on Acast. See acast.com/privacy for more information.
We are still on the Mars Maryland 5* Presented by Brown Advisory high! Karen and Robby were part of the MD5* Radio and for the next 2 weeks we will be bringing you all the great interviews that were done. Part 1 has interviews with Sinead Maynard, Harry Meade, David Doel, Crosby Green, Allie Knowles, Boyd Martin, Felix Parker from Fairfax & Favor, Tiana Coudray and Lainey Ashker. We want to thank everyone at the MD5* for trusting us to bring the audience content and also to our social media team Hannah Keegan, Caroline Brooke and Emily Murphy for all the fun Tik Tok videos that were done. In the next couple weeks, we will also release the interviews and press conference interviews that Hannah did. We hope you enjoy!Please support our sponsors:https://cowboymagic.com/https://manentailequine.com/https://exhibitorlabs.com/https://www.triplecrownfeed.com/Patricia Scott Insurance (484)319-8923Sign up for our mailing list!https://mailchi.mp/b232b86de7e5/majorleagueeventingllc?fbclid=IwAR2Wp0jijRKGwGU3TtPRN7wMo-UAWBwrUy2nYz3gQXXJRmSJVLIzswvtClECheckout the Major League Eventing store!https://www.majorleagueeventing.com/shop
Os campeões do Americas Challengers 2024 estão entre nós! Depois de um Md5 emocionante, o time Academy da paiN Gaming levou o título e consagrou Hidan, Tatu, Qats, Marvin e Guigs. O MD3 de hoje vai bater um papo com os campeões sobre o título, CBLOL Academy, o futuro e muito mais. Corre aqui pra ver que a painzuda chegou detonando!
Hear from Steve Cooper & Sean Dyche as Owynn Palmer-Atkin looks ahead to MD5.
A widely-used login system is still using MD5 which is bad news, miscreants took over some domains when they moved from Google to Squarespace, Linksys' sloppy app isn't a huge problem but is a bad sign, and why backing up an Android phone in one go is pretty much impossible without root. Plug Support […]
A widely-used login system is still using MD5 which is bad news, miscreants took over some domains when they moved from Google to Squarespace, Linksys' sloppy app isn't a huge problem but is a bad sign, and why backing up an Android phone in one go is pretty much impossible without root. Plug Support... Read More
The conversation discusses a recent article about a new attack on a 30-year-old protocol called RADIUS. The protocol is widely used in networks for client-server interactions, including VPN access, DSL and fiber connections, and 5G authentication. The attack, called Blast Radius, exploits vulnerabilities in the MD5 hash used in the protocol. The attack allows adversaries to elicit a response from the Radius server and gain unauthorized access to the network. The conversation highlights the importance of identifying and mitigating the vulnerabilities in the protocol to protect networks. Article: New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere https://arstechnica.com/security/2024/07/new-blast-radius-attack-breaks-30-year-old-protocol-used-in-networks-everywhere/?fbclid=IwZXh0bgNhZW0CMTAAAR24e6Catk5kfoECwbCrkcWDlpHdNmajX4dWBn5rw1ZIq4tfFw1nkXFY_4g_aem_EMmWxbRvyOaRTCMQchyQiQ Please LISTEN
Ep 238Marques Brownlee superstar sequencePravila Ultimate frizbijaSamsung: Hey Apple, can I copy your homework?@TrungTPhan on X: Steve Ballmer's net worth ($157.2B) just passed Bill Gates ($156.7B) for the first time ever.Exclusive: India antitrust probe finds Apple abused position in apps marketArs Technica — New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere. Ubiquitous RADIUS scheme uses homegrown authentication based on MD5. Yup, you heard right.Intel is selling defective CPUs - Alderon GamesJason Snell: Here's a thing I noticed today. macOS Sequoia changes how non-notarized apps are handled on first launch.@hrolnd on X: holy shit you guys werent kidding, the latest mac + Airpods firmware beta is black fucking magic.(fix explaned)Fatih Arslan — Automating my gate doorOn the origins of DS_storeDEVONtechnologies | Welcome (Back) Network UtilityZahvalniceSnimano 13.7.2024.Uvodna muzika by Vladimir Tošić, stari sajt je ovde.Logotip by Aleksandra Ilić.Artwork epizode by Saša Montiljo, njegov kutak na DevianartuTajna / Mystery33 x 45 cmulje / oil on canvas2014.privatno vlasništvo /private collection
Chris, Sam and Tom react to Day One of MD5 in EURO Fantasy. France and Spain progressed at the expense of Portugal and Germany. They also discuss captaincy plans for today's fixtures. ━━━━━━━━━━━━━ Get your At-Home Testosterone Blood Test from Manual! Promo code: FFS45 CLICK: https://www.manual.co/testosterone-replacement-therapy/initial-testosterone-blood-test?coupon=FFS45&utm_source=podcast&utm_medium=sspn&utm_campaign=FantasyFootballScout ━━━━━━━━━━━━━ WIN AT EURO FANTASY with Opta Data + Team reveals!
Ed reveals his Team Selection for EURO Fantasy 2024 MD5!━━━━━━━━━━━━━ Get your At-Home Testosterone Blood Test from Manual! Promo code: FFS45 Link: https://www.manual.co/testosterone-replacement-therapy/initial-testosterone-blood-test?coupon=FFS45&utm_source=podcast&utm_medium=sspn&utm_campaign=FantasyFootballScout ━━━━━━━━━━━━━ WIN AT EURO FANTASY with Opta Data + Team reveals!
Chris and Tom react to the final day of Round of 16 matches as Netherlands and Turkey triumph! The team also look ahead to MD5 of EURO Fantasy!━━━━━━━━━━━━━ Get your At-Home Testosterone Blood Test from Manual! Promo code: FFS45 CLICK: https://www.manual.co/testosterone-replacement-therapy/initial-testosterone-blood-test?coupon=FFS45&utm_source=podcast&utm_medium=sspn&utm_campaign=FantasyFootballScout ━━━━━━━━━━━━━ WIN AT EURO FANTASY with Opta Data + Team reveals!
Join us as we recount our recent travels to Argentina and the Techno Security & Digital Forensics conference. We'll share the highlights of our trips before diving into the core content.What could possibly go wrong with a feature designed for user convenience? We'll scrutinize Microsoft's controversial "Recall" feature, exploring its significant privacy concerns and implications for digital forensics. From unencrypted data to automatic opt-ins, we speculate on the potential user backlash. We'll also dive into the latest tech updates, including CCL Solutions Group's enhancements to the Rabbit Hole tool and how these advancements can revolutionize data analysis processes.Discover the capabilities of VFC from MD5 and the latest tools for examining data from platforms like Snapchat and Facebook. We'll introduce new and updated blogs, innovative Python scripts, and the latest additions to the LEAPPS in this packed episode. Stick around for an insightful discussion and a sneak peek at what's coming in future episodes.Notes- Rabbit Hole Updates and SQLite Blog/Cheatsheethttps://vimeo.com/948752153https://www.cclsolutionsgroup.com/post/time-travelling-with-sqlite-journals-and-walhttps://vimeo.com/953570512https://cdn.prod.website-files.com/5f02f2c93eab87a6ea84e2f3/665ed5e6ec5ef877d9d74dd2_sqlite-journal-cheatsheet.pdfCopilot+ Recall disaster & Forensic Applications of Microsoft Recall https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465ehttps://cybercx.com.au/blog/forensic-applications-of-microsoft-recall/Rising Star Jeremy McBroomhttps://yeahihaveaquestion.com/Analysis of Browser Artefacts from File Sharing Serviceshttps://us5.campaign-archive.com/?u=a5a2a1131e612711f02b96e2c&id=9555c3f865https://github.com/cclgroupltd/ccl_chromium_readerSQLite Freelist Page Checkerhttps://github.com/SpyderForensics/SQLite_ForensicsForensics StartMe Pagehttps://start.me/p/q6mw4Q/forensics?locale=en
Today we unravel the second ransomware extortion of Change Healthcare by RansomHub, the cunning malvertising campaign targeting IT pros with malware-laden ads for PuTTY and FileZilla, and the deceptive tactics on GitHub fooling developers into downloading malware. Discover protective strategies and engage with expert insights on bolstering defenses against these evolving cyber threats. Original URLs: https://www.securityweek.com/second-ransomware-group-extorting-change-healthcare/ https://www.helpnetsecurity.com/2024/04/10/malvertising-putty-filezilla/ https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html https://www.bleepingcomputer.com/news/security/malicious-visual-studio-projects-on-github-push-keyzetsu-malware/ Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, ransomware, malvertising, GitHub scams, Change Healthcare, IT professionals, data protection, cybercrime, malware, software development Search Phrases: How to protect against ransomware attacks Strategies to combat malvertising campaigns Tips for IT professionals on avoiding malicious ads Safeguarding software development from GitHub scams Change Healthcare ransomware extortion case study Cybersecurity advice for IT administrators Dealing with malware in system utilities ads Best practices for data protection in healthcare Understanding cybercrime tactics on GitHub Preventing repeated ransomware extortions Transcript: Transition (Long) 2 Welcome back to the Daily Decrypt. Change Healthcare falls victim to a second ransomware extortion in just a month, now at the hands of the Emergent Ransom Hub Group, wielding over 4 terabytes of sensitive data stolen in the February 2024 cyberattack. Which comes as a result from the Black Cat Exit Scam. Next, we're turning over to a new malvertising campaign where searching for essential utilities for IT professionals like Putty and Filezilla leads to malware laden ads, and you all know what I'm going to say about this. Don't click Google Ads. And finally, GitHub becomes a battlefield as cybercriminals exploit its search functionality to trick developers into downloading repositories full of malware. How can developers ensure the repositories they download from GitHub are safe and not just traps set by cybercriminals? All right, so at the end of February of this year, you may remember that Change Healthcare, which is a subsidiary of UnitedHealthcare, was the victim of a ransomware attack by the notorious and since disbanded ransomware group named Black Cat. Well, Change Healthcare finds itself in the crosshairs of a ransomware extortion scheme for the second time in just over a month, coming from a new ransomware group called Ransom Hub. There hasn't been a second attack. But this is believed to be a result of the exit scam that Black Cat pulled, where they kept all of the ransom payment that Change Healthcare had made. Allegedly, Optum, which is a subsidiary of Change Healthcare, paid Black Cat 22 million in ransom after the attack. Black Cat then pulled an apparent exit scam and disappeared without paying the affiliate who carried out the attack. And according to Qualys Cyber Threat Director Ken Dunham, it's not uncommon for companies that give in and pay these ransoms to quickly become additional targets or soft targets where their information is extorted again and again and again. Paying and giving into these ransomware artists might seem like a quick fix to your problems, but once you've proven that you will and can pay, they're gonna come after you again. The data doesn't just disappear or get deleted. It's very valuable, and in this case it's worth 22 million dollars, so even if the attackers say they're gonna delete it, maybe they won't and maybe they'll come hit you again. So even though Black Cat has disbanded, whether or not they were taken down by the FBI or performed an exit scam, The data that they pillaged from Change Healthcare is now in the hands, or supposedly in the hands, of a group called Ransomhub, which is extorting Change Healthcare all over again. IT professionals have found themselves at the crosshairs of an ongoing malvertising campaign. These attackers are using malicious Google Ads to disguise malware as popular system utilities, like Putty, which is a free SSH IntelNet client. And FileZilla, which is a FTP application. This research comes from Malwarebytes researcher Jerome Segura, and he points out that even after alerting Google about these malicious ads, the campaign continues unabated. This sophisticated scheme begins when IT administrators search for these utilities on Google. The top search results, or sponsored ads, lead them through a series of cloaking pages. These pages are designed to filter out non target traffic such as bots or security researchers, directing only potential victims to imitation sites. Unwittingly, when these IT administrators download what they believe to be legitimate software, they instead receive nitrogen malware, which is a dangerous software for cybercriminals, enabling them to infiltrate private networks or steal data, deploy ransomware attacks, and was used by the notorious Black Cat from the previous story. The method of infiltration is known as DLL sideloading, which involves the malware masquerading as a legitimate and signed executable to launch a DLL, thereby avoiding detection. So what this essentially means is these IT professionals are probably getting the tool, FileZilla, Putty, that they're looking for, The functionality might remain exactly the same, which only serves to benefit the attackers because once the IT professionals download the software, there's no indicators that it's incorrect or fake, but this software such as Putty or FileZilla will then launch a separate DLL, which is just an executable that contains the malware. So one way you can prevent this as someone downloading software from the web, is to find what's called an MD5 hash, which is essentially a signature of sorts that verifies the integrity of the file you've downloaded. Now, hashing isn't necessarily something we need to get into, Right now on this podcast, but all you need to know is it's sort of like math where you multiply the data from within this piece of software or do algebra or something to create this long string of characters. that can't be replicated if the files have been altered. So as soon as the files are altered, the mathematical equation puts out a different set of characters, right? So the creators of the software release this hash, they display it on their website, and then when you download the software, you run the same algorithm against that software to see if those two hashes match. Now I personally am guilty of Not always checking the hash for softwares. And I know a lot of other IT professionals are guilty of that as well, but it's time to set up a new good habit and consistently check these hashes, maybe even develop a web scraper that will go grab the hash and also run the software through it, comparing it, reducing the amount of work you have to do on the other end, but in summary, as I always say, do not click Google ads unless you absolutely have to, unless the thing you're searching for down below. Unless the thing you're specifically searching for is not in the search results below, and is only present in the advertisement, which will probably only be for things like thedailydecrypt. com, where I haven't been around long enough to boost my search result ranking naturally, so eventually maybe I'll start buying ad space, trying to get to people who are looking for the content that we're providing. But if you're going to download some software, there's no need to click the ads, especially something as popular as FileZilla or PuTTY, VS Code, whatever you're trying to download, go find it in the search results. Do not click the ad. And in a similar vein, let's talk about a scam on GitHub that's fooling developers into downloading dangerous malware. Cybercriminals are exploiting GitHub's search features, luring users into downloading fake yet seemingly popular repositories. This scheme has been identified to distribute malware hidden within Microsoft Visual Studio Code project files, which are cunningly designed to fetch further malicious payloads from remote URLs, as reported by checkmarks. So the attackers are mimicking popular repositories and employing automated updates and fake stars to climb GitHub's search rankings. So unlike Google, I don't believe there are ads you can buy in GitHub search to boost your search rankings. So attackers are becoming a little more creative. Making the repository look like it's consistently updated, helps boost the search rankings, and then naming the repositories, things that developers are constantly searching for will also help boost its rankings in its SEO. So since many of these repositories are disguised legitimate projects, it can be pretty tricky to identify them, but among the discoveries, some repositories were found downloading an encrypted file named feedbackapi. exe. which is an executable and is notably large at 750 megabytes. This executable is designed to bypass antivirus detection and deploy malware, similar to the Kizetsu Clipper, a notorious tool known for hijacking cryptocurrency transactions. And unlike softwares downloaded from the internet by clicking on Google ads in the previous story, there may or may not be hashes for these repositories. Most likely not. Sometimes if they're an executable or a package, they'll provide a hash. But if you're on the GitHub repository, you think it's legit, they might list the hash, but that's just the hash to their malware, giving you a false sense of security, just be extra vigilant when you're downloading anything to your computer, especially open source things that are generally found on GitHub, it can't be that hard to create. A thousand GitHub accounts, or maybe even you can buy them online. And that immediately gives your repo a thousand stars, making it look legitimate. So if you're looking for a tool, it's best to find it on the web within, from within a reputable website. GitHub search feature is not the most reliable. And that's all I've got for you today. Thanks so much for tuning in. Today I'll be traveling to Florida to Participate in the Hackspace conference where I'm really excited to learn a little bit more about how cybersecurity and satellites and other spacecraft intertwine. I'll also be meeting up with dogespan where we'll hopefully do a joint episode, our first ever one in person. So be sure to tune in tomorrow for that episode.
In this episode of the Micro Binfie Podcast, hosts Dr. Andrew Page and Dr. Lee Katz delve into the fascinating world of hash databases and their application in cgMLST (core genome Multilocus Sequence Typing) for microbial bioinformatics. The discussion begins with the challenges faced by bioinformaticians due to siloed MLST databases across the globe, which hinder synchronization and effective genomic surveillance. To address these issues, the concept of using hash databases for allele identification is introduced. Hashing allows for the creation of unique identifiers for genetic sequences, enabling easier database synchronization without the need for extensive system support or resources. Dr. Katz explains the principle of hashing and its application in genomics, where even a single nucleotide polymorphism (SNP) can result in a different hash, making it a perfect solution for distinguishing alleles. Various hashing algorithms, such as MD5 and SHA-256, are discussed, along with their advantages and potential risks of hash collisions. Despite these risks, the use of more complex hashes has been shown to significantly reduce the probability of such collisions. The episode also explores practical aspects of implementing hash databases in bioinformatics software, highlighting the need for exact matching algorithms due to the nature of hashing. Existing tools like eToKi and upcoming software are mentioned as examples of applications that can utilize hash databases. Furthermore, the conversation touches on the concept of sequence types in cgMLST and the challenges associated with naming and standardizing them in a decentralized database system. Alternatives like allele codes are mentioned, which could potentially simplify the representation of sequence types. Finally, the potential for adopting this hashing approach within larger bioinformatics organizations like Phage or GMI is discussed, with an emphasis on the need for a standardized and community-supported framework to ensure the longevity and effectiveness of hash databases in microbial genomics. This episode provides a comprehensive overview of how hash databases can revolutionize microbial genomics by solving long-standing issues of database synchronization and allele identification, paving the way for more efficient and collaborative genomic surveillance worldwide.
Could your passwords withstand a cyber siege by expert Russian hackers? My latest podcast episode serves as a wakeup call to the cyber threats looming over us, showcasing the recent breach of Microsoft's test environment. As Sean Gerber, I dissect the pivotal missteps in password management and underscore the lifesaving grace of multi-factor authentication. We then shift gears to the bedrock of cyber training, examining message authenticity and integrity controls. By unpacking the intricacies of message digests and hashing algorithms, I highlight how they are the unsung heroes in maintaining data sanctity from sender to receiver.The digital realm's trust hinges on the integrity of digital signatures and certificates—crucial allies in the war against data manipulation. Tune in as I break down how hash functions like MD5 and SHA are your first line of defense on file-sharing platforms. But there's more: I pull back the curtain on the encrypted world of digital signatures, revealing their role in sender verification and message security. Diving into the complex trust web spun by Certificate Authorities and the X.509 standard, we explore how digital certificates serve as digital passports in the online world. Brace yourself for an enlightening journey through the landscape of email protection with S/MIME, ensuring that your virtual conversations are sealed, secure, and verifiably authentic.Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
Pablos: People are pissed off about social media all the time. They think that Facebook is making people vote for the wrong person. It's still very difficult to find somebody who thinks they voted for the wrong person because of Facebook, but they think everyone else did. Never mind that, there's this kind of, uh, very popular sensibility, which is to blame Facebook for all the problems in the world. They're doing fake news, they're doing, disinformation they're doing , every possible thing that could be wrong. Everybody wants to blame Facebook for getting wrong or Twitter or, any of the other social platforms. So if you think about it, in one sense, , yeah, Facebook got everybody together. I'm just going to use them as the example, we can extrapolate. They got everybody together. They, ended up getting too much content. you and your friends are posting too much shit. Nobody has time to see all of it. So you need the magical algorithm, which you should do like triple air quotes every time I say algorithm. They're like, the algorithm is supposed to figure out, okay, of all the shit that's supposed to be showing up on your feed, what's the coolest, or what's the stuff that you're gonna like the most? That's the job of the algorithm. And of course, we all believe the algorithm is tainted. And so, it's not really trying to find the things I care about the most or like the most. It's just gonna find the things that piss me off the most so that I get my, outrage, dopamine hit and keep coming back. So, which may all be true. We don't know. But, the point is, there's a fundamental problem, which is you cannot see everything that gets posted from all the people you follow. So, there does have to be some ranking. And then the second, thing is that you want that ranking to be tuned for you. And I think the thing that people, are missing about this is that you've got to have, a situation where it is very personalized because, not everybody's the same. Even if you and I followed the same thousand people, it doesn't mean we have identical interests. There are other factors that need to play into determining like what I want to see and what you want to see. And then I think that there's a whole bunch of things that, are classified as societal evils, that Facebook has to decide are not okay for anybody to follow. So if you have posts about Hitler, nobody should get to see those. Even if you're a World War II historian, nope, you don't get to see it. So there's a kind of, problem here, which is that all of this flies in the face of actual diversity, actual multiculturalism, we have 190 countries in the world. We have a lot of different peoples, different cultures, you and I just had a huge conversation about, different cultures and how they drive, we don't agree about these things. We have different ideas in different places in the world, even whole societies have different ideas about what's okay, and what's not okay, and that is the definition of Culture that is the definition of multiculturalism is valuing that that exists and letting everybody have their own ideas And and make let these different people operate in the way that suits them And when you travel, you get beaten over the head with that because, I can appreciate that people drive like this in Bangkok. That's not how I want to do it , that's kind of the fundamental point here. So anyway, what I'm trying to get at is you cannot create one set of rules for the entire world. That is not okay. Ash: 100% Pablos: And so what Facebook has chosen to do is try to create one set of rules for the entire world, at least the two billion people that are on Facebook. Ash: But then you become the government of Facebook. Pablos: You become the government of Facebook. And it's and we're all pissed off because they keep choosing rules that some people don't like or whatever. And so I think this is untenable and I don't think there's a solution there. I think it is a fool's errand and what I believe is, has gone wrong is that Facebook made the wrong choice long ago and they chose to control the knobs and dials and now they're living with the flack that comes with, every choice they make about where to set those knobs and dials. And what they should have done is given the user the knobs and dials. They should let me have buried six pages deep in the settings, have control over. What do you want more of? What do you want less of? Ash: More or less rant. Pablos: Yeah, They try to placate you with the like button and unfollow and all that, but it's not really control. So, contrast that with, the other fork in history that we didn't take, go back to like 2006, in the years before Facebook, We had this beautiful moment on the internet, with RSS. So RSS, which stands for Really Simple Syndication, that hardly matters, RSS was an open standard that allowed any website to publish the content in the form of posts in a kind of machine readable way. And then you could have an RSS reader that could subscribe to any website. So we didn't have the walled garden of Facebook, but, you remember all this, of course, but I'm just trying to break it down here. What we had was, this kind of open standard. , anybody in the world could publish on RSS using their website, all the blog software did this out of the box. WordPress does it out of the box. In fact, most websites, would support RSS. And then you had a reader app, that could be any reader app. This is again, open standards so get any reader you want. And if you just subscribe to any website in the world, you are following them directly. When they publish a post, it show up in your feed. And when you followed too many people, you could start making filters. So I've been making filters. I still do RSS. So by the way, all this machinery still works 15 years later. The machinery still works almost any website if you just put /RSS or / feed on the domain name you'll see an RSS feed and you can subscribe to that so it goes into my reader app And then I've been building filters over the years. So I have filters like -Trump because I got sick and tired of all this bullshit about Trump regardless what you think about Trump I just wanted to think about other things and it was painful to have a feed filled with Trump during the election So I have also -Biden, I have -Kanye, I have -Disney, I have minus all kinds of shit that I don't want to see, I still follow the publishers, but it's weeding out articles that are about those things. And so I get this feed that's pretty curated for me and my interests, and I get more of the stuff I like and less of the stuff I don't like, but I'm responsible for the knobs and dials, I'm controlling the settings, and I get to have my own autonomy about what I think is cool and not cool. And if I don't want Hitler, I can easily just -Hitler. And what we did instead is we kind of signed up for this sort of, babysitter culture of having Facebook make those choices for us. And people not, taking responsibility for their own choices has put us in this situation where we just have an internet full of people want to blame somebody else for everything that they think is going wrong. What we need to do is, figure out a way to, shift the world back to RSS. And out of the walled garden. So that's my, that's where I'm at, and I have ideas about that. Ash: And it's interesting, go back to Delphi, So Delphi internet... Pablos: One of the first, before, before internet, this was like an ISP, like a, like AOL. Centralized ISP. Ash: Right. So, so Delphi was sold to Murdoch, to News Corp and, and then the founder, Dan Burns brought that back. He purchased it, he re acquired the company and then invited a couple of ragtag individuals, myself and, and Palle again, and Rusty Williams. Chip Matthes, and we had like, you know, a room with a VAX in the back. I was doing a lot of the stuff, but we were running forums. Dan had this crazy idea. It was like, Hey, what if you could just make your own forum? And this would be like way pre Facebook, it's like 97, 98. And 98, we started supplying that ability to websites. And the first one we did was a guy named Gil . And like we said to him, it's like, Hey Gil, like you guys really should have some forums, like, yeah, we totally should be. Wait, so how do we do that? And we wrote like a little contract, right? like the first, I think, business development contract that you could probably make. He was head of, , business development, eBay. Right. So he did that. I mean, he's very well known sort of angel kind of lead syndicate guy. Now I like an angel is for like for, for ages. Pablos: Oh, Penchina. I know who you're talking about. Yeah. Ash: We still have like the first document, you will do this. I will do this. I will give you a forum. You will use it for people to talk about, I don't know, the, the, their beanie baby or whatever they were selling back then. And the, the reality was that that took off and then we started supplying this technology, which we then enabled, we RSS enabled it, by the way, of course, at some point, right. When it was, when the, when the XML feeds were like ready to go, we upgraded from XML And then we, we, we took that and we said, all right, let's go, let's go for it. And at some point we're doing 30 million a month, 30 million people a month. Unique. We're like on this thing and we never governed. You could, you could go hidden, right? Kind of like your locked Instagram page versus not, but we didn't govern anything. Forums had moderators, they were self appointed moderators of that domain of, of madness. So if you didn't like that person's moderation, You know, like, all right, screw this guy. You know, like, I don't, I don't want to listen to you. You're crazy. And what we found, and this was the piece of data that I think that was the wildest. Servers are expensive back then. You actually have to have servers. Or in our case we were beating everyone else. Cause we had a VAX that was locked in a, Halon secure room. No, because it came when we repurchased it for a dollar. Like the VAX was still there and Lachlan Murdoch's, office became our like conference room. No, I'm not kidding. It was, it was really crazy. There was a, it was just a VAX sitting there and, Hey, look, you could run UNIX on it. We were good. We didn't care. It loved threads and it was good. And it could do many, many, many, many threads. So we were running this, this thing highly efficiently. There's six people in a company doing that much. That was the company, literally six. I look today and how many people we hire and I'm like, there were six of us. It was wild, the iceberg effect took place. So what ended up happening is the percent, and this is where I think Facebook can't do or doesn't want to do, is how do you advertise below the waterline? And when we were sitting there with the traffic, we're like, dude, why is there so much traffic, but we can't see it, right? It looked like we only had 20, 000 forums or something, and there was like all this mad traffic going on. And. It was something like the 80, 20 rule the other way. It was like 20 percent was indexable that you could see that you could join a forum. And it was 80 percent were, were insane things like Misty's fun house. That by the way, is a legitimate. Forum at one point, right? It was Misty's fun house. So I'm just saying, cause we're trying to figure out what was going on. Where were the people chatting and talking? And that's what we did. We let them bury themselves deeper and deeper and deeper. Usenet did that. If you just go back in time, what do you think BBSs were? It's the same. Pablos: Exactly. Ash: We always love talking. Pablos: Yeah. People love talking. Ash: You just figure out which one you want to dial into. Pablos: Nobody's pissed off about who they're talking to really. Usually they're pissed off about who other people are talking. They're pissed off about some conversation they're not really a part of. Or a conversation they can be a spectator on, but doesn't match their culture. That's one of the big problems with Twitter it's like BBSs, and it's BBS culture. Elon was the winner of the Twitter game long before he bought Twitter, because, that's just BBS culture that he had in his mind, IRC or whatever. All kinds of people who are not part of that culture, are observing it and think that it's a horrible state, of society that people could be trolling each other and shit. And that's just part of the fun. You have this problem when you try to cram too many cultures into one place, it takes a lot of struggle to work that out if you're in, Jamaica, Queens, then you're gonna, you're gonna work it out over time, with a lot of struggle, you're going to work it out and the cultures are going to learn to get along. But in, but on Twitter, there's no incentive. Ash: That's why we still have states. The EU still has, like, how many languages? That's why we have Jersey for New Yorkers. Pablos: The EU in their way has figured out how these cultures can get along. I think there's a real simple fix to this. The big death blow to RSS in some sense was that the winning reader app was Google Reader. And so the vast majority, of the world that was using RSS was using Google Reader. And then I don't totally have insight on how this happened, but, Google chose to shut down Google Reader. And I don't know if they were trying to steer people into their, Facebook knockoff products or whatever at the time. in a lot of ways I think what it did is it just handed the internet over to Facebook. Because anybody who was being satisfied by that, and just ended up getting, into their Facebook news feed instead. So it just kind of ran into a walled garden. I don't really blame Facebook for this, the way a lot of people want to. I blame the users. You've got to take some responsibility, make your own choice, choose something that's good for you, and most people are not willing to do that. But, I think to make it easier for them, and there is a case to be made that , people got better things to do than architect their own rSS reader process, but we could kind of do it for them. And so I think there's one, one big kingpin missing, which is you could make a reader app that would be like an iPhone app now. And you could think of it as like open source Instagram. It's just an Instagram knockoff, but instead of following, other people on a centralized platform by Instagram, it just follows RSS. And then it only picks up RSS posts that have at least one picture, right? So any RSS post that has one picture and then the first time you post it automatically makes a WordPress blog for you, that's free. And then, posts your shit as RSS compliant blog posts, but the reader experience is still just very Instagramesque. So now it's completely decentralized in the sense that like you own your blog, yeah, WordPress is hosting it, but that's all open source. You could download it, move it to Guam if you want, whatever you want to do. So now all publishers have their own direct feeds. All users are publishers, which is kind of the main thing that Facebook solved. Ash: Content is no longer handed over to someone, right? That's the other big thing. Pablos: Exactly. The content is yours and then your followers are yours, right? When they follow you, they follow you at your URL. And so you can take them with you wherever you go. And then to make this thing more compelling, you just add a few tabs. You add the Twitteresque tab. You add the TikTokesque tab for videos. And, add, the podcast tab. So now, posts are just automatically sorted into the tab for the format that matches them. Because people have different modalities for, for consuming this shit. So, depending on what you're in the mood for, you might want to just look at pictures because you're on a conference call. Fine. Instagram. Or, you know, you might want to watch videos because you're on a flight. Who knows? So, the point being, all of this is easy to do. You and I could build that in a weekend. And then the reason that this works, the reason this will win is because you can win over the creators, right? Because the sales pitch to a creator, and those are the people who drive the following anyway, you see TikTok and everybody else kissing the ass of creators because that's who attracts the following. The creators win because they're not giving anything up to the platform. Because they make money off advertising. So fine. We make an advertising business and we still, take some cut of what the creators push out. But if they don't like us, there's a market for that, right? The market is I'm just pushing ads out along with my content to my followers. Some of them watch the ads. Some of them don't. I have this much of an impact. And so now you get the platforms out of the way. Ash: If you do it right, Google has ad networks that they drop everywhere. Pablos: Everybody has ad networks already for websites. You could just use that. Amazon has one. So you can sign up for that if you want. Or the thing that creators want to do, which is go do collabs, go do direct deals with brands. Now you're getting 100 percent of that income. You pump it out to your fans. And there's no ad network in the middle. Nobody's taking a cut. Alright, if you could cut your own deals, then great, but you're in control and you can't be shadow banned, you can't be deprioritized in the feed, because that's the game that's happening. These platforms, they figure out you're selling something, you immediately get deprioritized. And so the creators are all pissed off anyway. So I think we can win them over easily enough. And then the last piece of it is, there's one thing that doesn't exist, which is you still need to prioritize your feed. You still need an advanced algorithm to do it. You don't want to be twiddling knobs and dials all day. You might put in -Hitler if you want. But what should happen is you should also be able to subscribe to feed ranking services. So that could be, the ACLU, or the EFF, or the KKK, whoever you think should be ranking your feed. Ash: Well, I was actually thinking you could subscribe to a persona. So people could create their own recipes. So this is the world according to Ash, right? Here you go. Like, I've got my own thing. I've done my dials, my tuning, my tweaks, my stuff. And you want to see how I see the world. Here we go. The class I teach, that's the first day I tell people, take Google news and sit down and start tuning it. And everyone's like, well, let me just start to just add, put ups and downs, ups and downs, add Al Jazeera, do whatever you want. Just do everything that you want, just make them fight and put all of that in and then go down the rabbit hole. But there's no way to export that. When we start class, I always talk about viewpoints And how all content needs a filter because we are filter. But if I want to watch the world as Pablos, I can't, there's no, you can't give me your lens. So if we look at the lens concept, today you can tune Google News, there is a little subscribe capability, but you could tune it and poke it a little bit, and it will start giving you info. It's not the same, quite the same as RSS, but it's giving you all the news feeds from different places, right? Could get Breitbart, you could get, Al Jazeera, you could get all the stuff that you want. And if you go back in time to, to when I was working with the government, that was actually my sort of superpower, writing these little filters and getting, Afghani conversations in real time translated. And then find the same village, in the same way. So then I would have two viewpoints at the same time. The good thing was that when you did that what I haven't seen, and I would love, love this take place, is for someone to build a, Pablos filter,? And I could be like, "all right, let me, let me go see the world the way he sees it." his -Hitler, his minus, minus, -election, - Trump, -Biden, that's fine. And then, and now I have a little Pablos recipe. I can like click my glasses, and then, then suddenly I see the world, meaning I filter the world through Pablos's. Pablos: Yeah, I think that, I think we're saying a similar thing because then what you could do is you could, subscribe to that. You could subscribe to the Pablos filter. You could subscribe to the... Ash: exactly, I'm taking your ACLU thing one step further. I think ACLU is like narrow, but you could go into like personality. Pablos: You could even just reverse engineer the filter by watching what I read. My reader could figure out my filter by seeing the choices that I make. Ash: Yeah, if it's stored it right, if we had another format, but let's just say that we had an RSS feed filter format. 'cause it's there. It's really the parameters of your RSS anyway. But if you could somehow save that, config file, go back thousand years, right? If you could save the config.ini, that's what you want? And I could be like, Hey, Pablo, so I can hand that over. Let's share that with me. And now what's interesting is works really well. And it also helps because each person owning their own content, the, the beauty of that becomes, you never, you never filtered, you never blocked you, you, you're self filtering. Pablos: That's right. Ash: We're self subscribing to each other's filters. Pablos: Publishers become the masters of their domain. If you've got a problem with a publisher, you've got to go talk to them, not some intermediary. The problem is on a large scale, control is being exercised by these intermediaries. And they have their own ideas and agendas and things. The job here is to disintermediate - which was the whole point of the internet in the first place - communication between people. Ash: Then the metadata of that becomes pretty cool, by the way. If I figured out that, okay, now it looks like 85 percent of the population has, has gone -Biden, -Trump. Let's think about that. Suddenly you've got other info, right? Suddenly you're like, Oh, wait a minute. and if you're an advertiser or you're a product creator, or you're a, like just sitting there trying to figure out how can I get into the world, that becomes really valuable, right? Because you could. Go in and say, people just don't give a shit about this stuff, guys. I don't know what you're talking about. Whereas when you have one algorithmic machine somewhere in Meta/Facebook, whatever we want to call it, pushing things up, it could be pushing sand uphill, right? It could be like stimulating things that you don't necessarily know you want. The structure that you just described flips that on its head because it says, Hey, I just don't want to listen to this shit, guys. Like, I just could not give a crap about what you're saying. Pablos: Right. Ash: And if enough people happen to do that, then the content creators also have some, some idea of what's going on. We try to decode lenses all day long,? We spend our life, like you said, in meetings or in collaborations or business development. What do you think we do? We sit there, we're trying to figure out the other person's view. We're trying to understand if you're a salesperson, "Hey, can I walk a mile in that guy's shoes" or speak like that person, I've never heard of anyone sort of selling me, lending me, letting me borrow their RSS, like, their filter. That would be phenomenal, that'd be great. And I bet you, if you did it right, you might even solve a lot of problems in the world because then you could see what they see, you know, I don't want to touch the topics that we know are just absolute powder kegs, but every time we get to these topics, I always tell the person, can you show me what you, what are you reading? Pablos: Yeah. Ash: Like, where did you get? Pablos: Yeah. Ash: You ever, you ever asked someone like, "where did you get that?" and then they show you, they show you kind of their, feed. And you're just like, what is going on? Like, if you, if you go to someone, whether they're pro or anti vax, it doesn't matter where it is. And just look at their feed, look at what they're listening to, because it's not the same thing I'm listening to, because the mothership has, has decreed which, which one we each get. But you look at it and then you're like, okay, maybe the facts that they were presented with were either incomplete and maybe not maliciously? I get it in the beginning of this, you started like, okay, is it malicious and didn't do it would get changed. But if you just cut out, I don't know, let's just say there's like 10 pieces of news, but I only give you five and I give the other person the other five. And they're not synchronous, you're going to start a fight. There's no question. What we don't have is the ability to say, Hey, like, let me, let me be Pablos for a second before I start screaming, let me see what he sees. that will probably change that could change a lot. Pablos: Think it could. That and certainly there's a cognitive bias that feels comfortable in an echo chamber. This is one of the issues that we're really experiencing is that, the process of civilization, literally means "to become civil" to do that. It's sort of the long history of humans figuring out how to control obsolete biological instincts. We've been evolved to want to steal each other's food and girlfriends. That's not specifically valuable or relevant at this point. We've had to learn how to get along with more people, we've had to learn to become less violent, we've had to learn to, play the long game socially, those things. And, there's work to do on that as far as like how we consume all this, this information, all the media. You're using the wrong part of your brain to tune your feed right now. You're using the lazy Netflix part of your brain to tune your news, and that's not really , how are you going to get good results. There's work to do to evolve the tools and work to do to evolve the sensibilities around these things. And so, you know, what I'm suggesting is like, we're not going to get there by handing it over to the big wall garden. You got to get there through this, again, sort of. Darwinian process of trying a lot of things and so you've described some really cool things that we'd want to be able to try that are impractical to try because things are architected wrong and using Facebook is the central switchboard of these conversations or Twitter or whatever and so you know what we need is a more open platform where like you know we can all take a stab at figuring out how to design cool filters that express our point of view and share them. And that's not possible in the current architecture. I think the last thing is, there are certainly other frustrations and attempts to go solve some class of these, some subset of these problems. You've got Mastodon, of course, and the Fediverse, and you've got Blue Sky trying in their way to make a sort of open Twitter thing. And then you've got, these other attempts, but a lot of them are pretty heavy handed architecturally. As far as I can tell, most of them end up just being some suburb of people who are pissed off about one thing or another that they get its adoption, right? So, Mastodon is basically a place for people who are, backlashing against Twitter. As far as I can tell. Ash: Yeah, and we even worked on one, right? Called Ourglass. Pablos: I don't know that one. Ash: It was coming out and we actually did an entire session on it. I actually worked on some of the product thought design on, on how that works. , it was like, it's all on chain. Part of the, the thing that, we did was very similar to what you're talking about. You wanted the knobs and the controls, and you wanted people to rant in their space. I know it gets pretty dark when you say, okay, but what are they allowed to talk about in in the dark depths of that sort of internet and and I say, "well, they already talk about it, guys" Whether they get into a smoky back room or, there's somewhere else that if they don't say it, I feel we get more frustrated. Pablos: The fundamental difference here is between centralized services. That's certainly Facebook and Twitter, but it's also Delphi and AOL, versus open, decentralized protocols and the protocols in time win over the services like TCP/IP won over AOL, AOL was centralized service, TCP/IP, decentralized protocol. At the beginning it was a worse user experience, harder to use, but It's egalitarian and it won and I think that that's kind of the moment we're in right now with with the social media. We're still on centralized service mode and it needs to be architected as decentralized protocol and we had a chance to do that before Facebook and we lost and so now there's just like the next battle is like how do we get back on the track of decentralized protocol, and I think if we just define them... That's why I think RSS won because it's called Really Simple Syndication for a reason. Because it's really simple. It was easy for any developer to integrate. Everybody could do it. And so it just became ubiquitous almost overnight. You could design something cooler with the blockchain and whatnot. But it's probably over engineered for the job. And the job right now is just like, get adoption. Ash: We started going down that path. So Delphi's sort of twin. Was, called Prospero. So Prospero was, little Tempest reference, was designed. As a way that you could just adopt it. That was that, that first eBay deal. And then we did about.com and most of the stuff. And right now you see Discuss. It's at the bottom of, of some comments. It's a supported service where, you had one party taking care of all of the threads and handles and display methods and posts and logins. And, you were seamlessly logged into the other sites. MD5 sort of hash and we did the first single sign on type nonsense, and we used to build gateways between the two, you're going to go from one to another, but the whole idea was that you provide, the communication tool, As a, as an open or available service. And you could charge for for storing it. And then what happens is you don't do the moderation as a tool. That's your problem. You strip it back to "look, I'm going to provide you the car and I don't care how you drive it." Go back to our story, whether you're in Vietnam or Riyadh or whatever you're doing, we're going to, we're not there to tell you which lane to go into, but that's, that's your problem. I think that one of the challenges with like RSS, cause we were RSS compliant, by the way. I'm pretty sure Prospero and I'm sure it's still around because it went XML to RSS. And I remember the fact that you could subscribe to any forum that was Prospero powered. You could subscribe to it a lot, like directly through your RSS reader. And I remember what was great about it is that people were like, "we don't want, your viewer." Just like we didn't want your AOL view of like, "you've got mail." I want my own POP server and then IMAP or whatever it is. I think there does need to be, like you said, someone putting together a little toolkit that's super easy. They don't need to know it's got RSS. They don't need to know anything. But it's like, "own your post." it can be like an Own Your Post service. And then the Own Your Post service happens to publish RSS and everything else, and it's compliant. Pablos: I think you just make an iPhone app and when you set up the app it just automatically makes you a WordPress blog and if you want you can go move it later. Ash: You got it. All that other stuff is just automated. Pablos: You don't even have to know it's WordPress. It's behind the scenes. Ash: If you were going to do this, what you would do is you'd launch and I would launch it like three different companies. Like three different tools. I've got a, "keep your content" tool and the keep your content guys are something compliant, RSS. You keep bringing it back. It's published, it's out there and then some new company, Meta Two, Son of Meta, creates a reader. Anyone that's got a RSS tag on it, we're a reader for it. So anyone using Keep Your Content or, whatever. the idea being that now you're showing that there's some adoption. You almost don't have to rig it. There is a way to do this because no one wants to download a reader if there aren't sources. Pablos: The thing can bootstrap off of existing sources because there's so much RSS compliant content. You could imagine like day one. If you downloaded this reader today. You could follow Wall Street Journal and just everything online. And some of it you have to charge for it. Like Substack has RSS. I follow Substacks. You could just follow those things in the app Substack has a reader, but it only does Substacks, and probably Medium has one that only does Medium. But we have one that does both, plus New York Times and everything else. So now, like any other thing, you just follow a bunch of stuff. And then, there's a button that's like post. Sure, post. Boom. Now that fires up your own WordPress blog. Now you're posting. All your content's being saved. You control it. You got some followers or if you have this many followers, here's how much you can make in ad revenue. Boom, sign up for ad network. Now you're pushing ads out. All This could be done with existing stuff, just glued together, I think, and with the possible exception of the filter thing, which, needs to be more advanced probably worth revisiting. Ash: I think what You could do is maybe the very first thing you do, create the filter company, like your RSS glasses. So instead of having to do that heavy lift, curate Pablos's, I would love to get your RSS feed list. How do you give it to me? How could you give me your RSS configured viewer? Pablos: A lot of RSS readers make it really easy to like republish your own feed. So like all the things I subscribe to, then go into feed... Ash: But then, that's blended, right? Pablos: Oh, it's blended. Yeah, for sure. Ash: Is blended, right? So now it becomes your feed. I'm saying, can I get your configuration? Pablos: I don't know if there's a standard for that. Ash: I'm saying that's maybe the thing you create a meta, Meta. Pablos: Honestly, I think these days what you would do is just have a process that looks at everything I read, feeds it into an LLM, and tries to figure out like how do you define what Pablos is interested in that way. You probably would get a lot more nuance. Ash: That's to find out what you're interested in. Pablos: It's almost like you want your feed filtered through my lens. Ash: That's exactly what I want. I want to read the same newspaper you're reading, so to speak. So if you assume that that feed that you get is a collection of stories. That's your newspaper, the Pablos newspaper, right? That's what it is, Times of Pablos and you have a collection of stories that land on your page, right? It's been edited. Like you're the editor, you're the editor in chief of your little newspaper. If you think of all your RSS feeds ripped down your, your own newspaper, I'd like to read that newspaper. How do I do that? That doesn't exist. I don't think that's easy to do. And if I can do that, that'd be great. Pablos: If you're looking on Twitter and people are reposting, if I go look at your Twitter feed and all you do is repost stuff and then occasionally make a snarky comment, that's kind of what I'm getting. I'm getting the all the stuff you thought was interesting enough to repost and I think that's a big part of like why reposting merits having a button in Twitter because that's the signal you're getting out of it. I don't love it because it's part of what I don't like about Twitter is I'm not seeing a lot of unique thought from the people I follow. I'm just seeing shit they repost. And so my Twitter feed is kind of this amalgamation of all the things that were reposted by all the people I follow and and to me, that's what I don't want. I would rather just see the original post by those people. Twitter doesn't let me do that, so I'm scrolling a lot just to get to the, first person content. I think it is a way of substantiating what you're saying, though, which is "There's a value in being able to see the world through someone else's eyes." Repost might just be kind of a budget version of that. Ash: The reason I say that it's valuable, it's like the old days you'd sit on train and maybe even today and you had a physical copy of the New York Times, and everyone, and you could see who reads the New York Times and who reads the Journal. Right. And who reads The Post and The Daily News, that's what you can tell. And those people had their lenses, you go to the UK and everyone, this is the guardian, the independent, whatever. And you were like, Oh, that's a time, Times reader. That's a Guardian reader or someone looking at page three of the sun. I have no idea what they're doing, but, you knew immediately where they were. Pablos: It's the editorial layer. Ash: You got it. Pablos: it's what's missing in today's context. What's missing now is you got publishers, and you got the readers. but the editor is gone. Ash: Well, it's not gone, that's the problem, right? So what we did is , in the, in the world of press, there was a printing press and an editorial group took stories and they shoved them through the printing press. And then, the next minute, another editorial group came in and ran it through the printing press. so if you went out , and you were making your sort of manifestos, the printing press probably didn't care, right? The guy at like quickie print or whatever it was didn't care. Today, Facebook claims it's the place to publish, but it's not. Because it's editorial and publish so that so what they're doing is they're taking your IP They're taking a content and then there's putting their editorial layer on it. Even if it's a light touch or heavy touch, whatever it is. But it's sort of like if the guy that was the printing press like "I don't really like your font." " Dude, that's how I designed it." I want the font. Like I like Minion, Minion Pro is my thing, right? That's what I'm going to do. But, but if they just decided to change it, you'd be really pissed off. Now, Facebook claims to be an agnostic platform, but they're not an ISP. They're not a, an open architecture. like we would have had in the past where like you host what you wanted to host. There, you host what you want to host, but they're going to down promote you. They're going to boost you. They're going to unboost you. So wait a minute, hold on a second. You're, you're not really an open platform. And I think that's what you're getting at, which is, either you're a tool to publish or you're the editorial, the minute you're both. You're an editorial. You're actually no longer a tool. Pablos: That's exactly right. I think, that's the key thing, we've got to separate those things. Ash: That's the element. And I think that that tells you a lot about why we get frustrated. If Twitter was just a fast way to shove 140 characters across multiple SMS, which we didn't have, because we're in the U.S. We were silly and we didn't have GSM. That's what Twitter was, right? Twitter was kind of like the first version of like a unified messaging platform. Cause it was like, you could broadcast 140 characters and it would work on the lowest common denominator, which was your StarTAC flip phone. So the point was that Twitter was a not unmoderated open tool. Then it got editorial. And now it's then it's no longer. And I think that's the problem, right? It used to be, you had a wall on Facebook and you did whatever the hell you wanted to. And then Facebook said I need to make money and it became the publisher, became the editorial board. Pablos: Okay, so we have a lightweight plan to save the internet. Let's see if we can find somebody to go build this stuff. Ash: If you could build that last thing, I think it's not a, it's not a complicated one, but they, I think they just need to sit down and, grab your feed. Or someone can come up with a collection of, Mixtapes, let's call it. Pablos: Yeah, cool. Mixtapes, I like that. Ash: Internet Mixtapes. There you go.
Unlock the mysteries of modern cryptography and quantum computing's future impact on security protocols with your guide, Sean Gerber. Our CISSP Cyber Training Podcast takes you through an intricate journey, ensuring you're armed with the expertise needed to conquer the CISSP exam and remain ahead in the ever-evolving landscape of cybersecurity. We promise to transform your understanding of cryptographic concepts, from the supremacy of AES in symmetric encryption to the vulnerabilities plaguing older algorithms like MD5 and DES. Prepare to grasp the significance of ECC for devices with limited resources, and the pivotal roles of RSA and hashing algorithms in maintaining the integrity and authenticity of digital communications.Step up your career with the guidance and insight offered in our dedicated mentoring program chapter, a treasure trove for those navigating the complex paths of cybersecurity. Through CISSPcybertraining.com, we celebrate real success stories—like the one who aced the CISSP exam on their first attempt—attributing triumphs to the tailored mentoring and coaching strategies drawn from years of security experience. You'll get exclusive access to comprehensive CISSP training resources and one-on-one conversations with me, all designed to steer you towards a successful and fulfilling cybersecurity career. Embrace this episode as your beacon to a quantum-safe future and a robust understanding of digital security's best practices.Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
Sandworm was in Kyivstar's networks for months. Museums face online outages. Emsisoft suggests a ransomware payment ban. An ambulance service suffers a data breach. Mandiant's social media gets hacked. GXC Team's latest offerings in the C2C underground market. 23andMe blames their breach on password reuse. Lawyers are using outdated encryption. On today's Threat Vector segment, David Moulton chats with Garrett Boyd, senior consultant at Palo Alto Networks Unit 42 about the importance of internal training and mentorship in cybersecurity. And in Russia, holiday cheers turn to political jeers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Threat Vector segment with David Moulton features Garrett Boyd, a senior consultant at Unit 42 by Palo Alto Networks with a background as a Marine and professor, discusses the importance of internal training and mentorship in cybersecurity. He provides insights into how training prepares professionals for industry challenges and how mentorship fosters professional growth and innovation. Garrett emphasizes the need for a mentorship culture in organizations and the responsibility of both mentors and mentees in this dynamic. The episode highlights the transformative impact of mentorship through personal experiences and concludes with an invitation for listeners to share their stories and a reminder to stay vigilant in the digital world. Threat Vector To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. Selected Reading Compromised accounts and C2C markets. Cyberespionage and state-directed hacktivism. (CyberWire) Exclusive: Russian hackers were inside Ukraine telecoms giant for months (Reuters) Hackers linked to Russian spy agency claim cyberattack on Ukrainian cell network (reuters) Museum World Hit by Cyberattack on Widely Used Software (The New York Times) The State of Ransomware in the U.S.: Report and Statistics 2023 (Emsisoft) Nearly 1 million affected by ambulance service data breach (The Record) Mandiant's account on X hacked to push cryptocurrency scam (Bleeping Computer) Cybercriminals Implemented Artificial Intelligence (AI) For Invoice Fraud (Resecurity) 23andMe tells victims it's their fault that their data was breached (TechCrunch+) The Curious Case of MD5 (katelynsills) Firmware prank causes LED curtain in Russia to display ‘Slava Ukraini' — police arrest apartment owner (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
EPISODE #13: UCL Fantasy MD5: Preview & Team RevealsLouis & Dan chat all things UCL Fantasy. In this episode we preview MD5 and reveal our teams.A must listen for UCL Fantasy players! JOIN OUR MINI-LEAGUE! CODE: 49AFB3VR03Or click this link: Join Mini-League Learn more about your ad choices. Visit podcastchoices.com/adchoices
EPISODE #12: UCL Fantasy MD4 review.Ed, Louis & Dan chat all things UCL Fantasy. In this episode we review matchday 4 and answer some questions as we briefly look ahead to MD5. A must listen for UCL Fantasy players! JOIN OUR MINI-LEAGUE! CODE: 49AFB3VR03Or click this link: Join Mini-League Learn more about your ad choices. Visit podcastchoices.com/adchoices
• Guidelines, standards, and resources to address Remote Auditing•The purpose of auditing includes verifying the conformance of an organization's processes and management system to defined requirements. It depends on the type of audit and the objective, the stated criteria, which can vary. The standard/s which an audit may be conducted could be an organization's own internal procedures or work instructions, a management systems standard such as ISO 9001, AS9100, or International Automotive Task Force (IATF) 16949; ISO 22000, “Food Safety Management Systems (FSMS) customer-specified requirements; or government regulations such as FAA/Nadcap, NRC, etc...• Remote auditing has been a hot topic the last year, given the circumstances surrounding the COVID-19 pandemic over the last year. However, remote auditing has been around for over a decade. Its popularity now is being spurred by advances in technology and globalization. There has been a considerable increase in multi-site companies with operations scattered across the globe and more companies engaging in international supply chains that require auditing.• Regardless, proper planning is key for contingency and understanding the kind of risks to achieve audit objectives based upon the scope/criteria, and the most suitable and available technology, as well as the auditor and auditee's complete understanding of the (ICT) Information and Communications Technology, platform/s to be used.• Companies, Registrars, and Accreditation Organizations are now and must continue to reinvent and adapt to the “new normal” regarding “Remote Auditing” and figure out ways to achieve a balance in assuring Quality Management System conformance versus not auditing at all and maintaining the rigor and respect of a QMS and/or Accreditation program as we move forward.• ISO 19011-Annex A.1-option and A.16 for remote and virtual auditing and the ISO/IEC 17021 has recognized remote auditing since 2011. Considerations of the International Accreditation Forum (IAF) Mandatory Documents -MD4 and MD5-2019, Guidance ID3 are available, and links are included.• There are still limitations when considering issues like initial audits and/or critical processes and highly classified facilities and proprietary processes or problematic non-conforming systems previously audited.• Remote Auditing Practices and Resources *Remote Auditing: A Quick and Easy Guide for Management System Auditors Paperback –2020-Denise RobitailleLinks to relevant sourceshttps://www.iaf.nu/articles/Mandatory_Documents_/38•IAF MD4:2018, ICT is the use of technology for gathering, storing, retrieving, processing, analyzing, and transmitting information. It includes software and hardware such as smartphones, handheld devices, laptop computers, desktop computers, drones, video cameras, wearable technology, artificial intelligence, and others. The use of ICT may be appropriate for auditing/assessment both locally and remotely. • ISO 9001 Auditing Practices Group Guidance on: REMOTE AUDITS, provides for:* BACKGROUND INFORMATION ON ISO 19011:2018 AND IAF MD 4 *GENERAL RECOMMENDATIONS FOR REMOTE AUDITING *AUDIT PROGRAM *AUDIT PLANNING *AUDIT REALIZATION *AUDIT CONCLUSION**Annex: Example of identification of Risks and Opportunities for using remote auditing.https://committee.iso.org/files/live/sites/tc176/files/documents/ISO%209001%20Auditing%20Practices%20Group%20docs/Auditing%20General/APG-Remote_Audits.pdf• Remote Auditing aSupport the show
The guys are here to get you ready for MLS Matchday 5! We dig into our games to watch, the Rapids tough start and the effects of the international break. 6:24 - Arsenal named 2023 MLS All-Star opponent 14:54 - MLS teams getting hit hard by international call ups 28:21 - Austin v Colorado in a matchup of desperate teams 30:57 - Deep dive on what's gone wrong in Colorado 48:17 - Our matches to watch in MD5 59:06 - Dante Vanzeir Interview 1:17:57 - Mailbag
Episode 5: In this episode of Critical Thinking - Bug Bounty Podcast we talk about the new XSS Hunter, MD5 collisions and using ChatGPT for security, and much more!Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterSave All Resources Chrome Extension: https://chrome.google.com/webstore/detail/save-all-resources/abpdnfjocnmdomablahdcfnoggeeiedb?hl=enCorben's AMA: https://twitter.com/hacker_/status/1620514351521366016Collisions repo: https://github.com/corkami/collisions
The mighty CPU that wasn't. Hive ransomware takedown. Dutch data crime suspect busted. Samba finally gets rid of MD5. GitHub admits to an intrusion. Storing passwords securely. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity
El BCE advierte contra el Bitcoin / Cómo funcionan los reembolsos de Stadia / El software mágico de Disney para cambiar caras / Facebook está eliminando el contenido basura / Sorpresa de OnePlus Patrocinador: En Carrefour han tenido una idea que me parece muy innovadora. Se llama Mi Abono Carrefour Plus, y es una suscripción de 5,99 euros al mes que te permitirá ahorrar el 15% de todos los productos frescos que compres: pescado, carne, fruta, verduras, charcutería, panadería, los platos preparados, sushi.. etc. — Saca la calculadora, que seguro que te interesa. El primer mes es gratis. El BCE advierte contra el Bitcoin / Cómo funcionan los reembolsos de Stadia / El software mágico de Disney para cambiar caras / Facebook está eliminando el contenido basura / Sorpresa de OnePlus
A pioneer in the field of integrative medicine, James M. Greenblatt, MD, has treated patients since 1988. Dr. Greenblatt has lectured internationally on the scientific evidence for nutritional interventions in psychiatry and mental illness. James Greenblatt, MDPsychiatry RedefinedIntegrative Psychiatry & Functional Medicine BooksIf you are in a crisis or think you have an emergency, call your doctor or 911. If you're considering suicide, call 1-800-273-TALK to speak with a skilled trained counselor.RADICALLY GENUINE PODCASTRadically Genuine Podcast Website Twitter: Roger K. McFillin, Psy.D., ABPPInstagram @radgenpodTikTok @radgenpodRadGenPodcast@gmail.comADDITIONAL RESOURCES3:00 - James Greenblatt, MD5:30 - Integrative Medicine: What Is It, Types, Risks & Benefits6:30 - What is Functional Medicine? | Psychiatry Redefined11:00 - Antidepressants and the Placebo Effect - PMC16:00 - Key Nutrients for ADHD, OCD, and Tics - James Greenblatt, MD17:30 - Foods and additives are common causes of the attention deficit hyperactive disorder in children18:00 - Delayed Hypersensitivity - an overview | ScienceDirect Topics22:00 - Finally Focused: Mineral Imbalances & ADHD (Part 1: Zinc Deficiency & Copper Excess)23:00 - Magnesium: The Missing Link in Mental Health? | PR24:30 - Episode 40. Chris Palmer, MD27:00 - Diet Alert: Vegetarianism and the Risks of Anorexia Nervosa37:00 - Answers to Anorexia: Malnourished Minds | Psychiatry Redefined40:30 - Let Them Eat Dirt: Saving Your Child from an Oversanitized World42:00 - Association between naturally occurring lithium in drinking water and suicide rates: systematic review and meta-analysis of ecological studies44:00 - Lithium occurrence in drinking water sources of the United States - ScienceDirect45:00 - Nirvana – Lithium Lyrics
About DanDan Moore is head of developer relations for FusionAuth, where he helps share information about authentication, authorization and security with developers building all kinds of applications.A former CTO, AWS certification instructor, engineering manager and a longtime developer, he's been writing software for (checks watch) over 20 years.Links Referenced: FusionAuth: https://fusionauth.io Twitter: https://twitter.com/mooreds TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by our friends at AWS AppConfig. Engineers love to solve, and occasionally create, problems. But not when it's an on-call fire-drill at 4 in the morning. Software problems should drive innovation and collaboration, NOT stress, and sleeplessness, and threats of violence. That's why so many developers are realizing the value of AWS AppConfig Feature Flags. Feature Flags let developers push code to production, but hide that that feature from customers so that the developers can release their feature when it's ready. This practice allows for safe, fast, and convenient software development. You can seamlessly incorporate AppConfig Feature Flags into your AWS or cloud environment and ship your Features with excitement, not trepidation and fear. To get started, go to snark.cloud/appconfig. That's snark.cloud/appconfig.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig secures your cloud from source to run. They believe, as do I, that DevOps and security are inextricably linked. If you wanna learn more about how they view this, check out their blog, it's definitely worth the read. To learn more about how they are absolutely getting it right from where I sit, visit Sysdig.com and tell them that I sent you. That's S Y S D I G.com. And my thanks to them for their continued support of this ridiculous nonsense.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I am joined today on this promoted episode, which is brought to us by our friends at FusionAuth by Dan Moore, who is their head of DevRel at same. Dan, thank you for joining me.Dan: Corey, thank you so much for having me.Corey: So, you and I have been talking for a while. I believe it predates not just you working over at FusionAuth but me even writing the newsletter and the rest. We met on a leadership Slack many years ago. We've kept in touch ever since, and I think, I haven't run the actual numbers on this, but I believe that you are at the top of the leaderboard right now for the number of responses I have gotten to various newsletter issues that I've sent out over the years.And it's always something great. It's “Here's a link I found that I thought that you might appreciate.” And we finally sat down and met each other in person, had a cup of coffee somewhat recently, and the first thing you asked was, “Is it okay that I keep doing this?” And at the bottom of the newsletter is “Hey, if you've seen something interesting, hit reply and let me know.” And you'd be surprised how few people actually take me up on it. So, let me start by thanking you for being as enthusiastic a contributor of the content as you have been.Dan: Well, I appreciate that. And I remember the first time I ran across your newsletter and was super impressed by kind of the breadth of it. And I guess my way of thanking you is to just send you interesting tidbits that I run across. And it's always fun when I see one of the links that I sent go into the newsletter because what you provide is just such a service to the community. So, thank you.Corey: The fun part, too, is that about half the time that you send a link in, I already have it in my queue, or I've seen it before, but not always. I talked to Jeff Barr about this a while back, and apparently, a big Amazonian theme that he lives by is two is better than zero. He'd rather two people tell him about a thing than no one tells him about the thing. And I've tried to embody that. It's the right answer, but it's also super tricky to figure out what people have heard or haven't heard. It leads to interesting places. But enough about my nonsense. Let's talk about your nonsense instead. So, FusionAuth; what do you folks do over there?Dan: So, FusionAuth is an auth provider, and we offer a Community Edition, which is downloadable for free; we also offer premium editions, but the space we play in is really CIAM, which is Customer Identity Access Management. Very similar to Auth0 or Cognito that some of your listeners might have heard of.Corey: If people have heard about Cognito, it's usually bracketed by profanity, in one direction or another, but I'm sure we'll get there in a minute. I will say that I never considered authentication to be a differentiator between services that I use. And then one day I was looking for a tool—I'm not going to name what it was just because I don't really want to deal with the angry letters and whatnot—but I signed up for this thing to test it out, and “Oh, great. So, what's my password?” “Oh, we don't use passwords. We just every time you want to log in, we're going to email you a link and then you go ahead and click the link.”And I hadn't seen something like that before. And my immediate response to that was, “Okay, this feels like an area they've decided to innovate in.” Their core business is basically information retention and returning it to you—basically any CRUD app. Yay. I don't think this is where I want them to be innovating.I want them to use the tried and true solutions, not build their own or be creative on this stuff, so it was a contributor to me wanting to go in a different direction. When you start doing things like that, there's no multi-factor authentication available and you start to wonder, how have they implemented this? What corners have they cut? Who's reviewed this? It just gave me a weird feeling.And that was sort of the day I realized that authentication for me is kind of like crypto, by which I mean cryptography, not cryptocurrency, I want to be very clear on, here. You should not roll your own cryptography, you should not roll your own encryption, you should buy off-the-shelf unless you're one of maybe five companies on the planet. Spoiler, if you're listening to this, you are almost certainly not one of them.Dan: [laugh]. Yeah. So, first of all, I've been at FusionAuth for a couple of years. Before I came to FusionAuth, I had rolled my own authentication a couple of times. And what I've realized working there is that it really is—there a couple of things worth unpacking here.One is you can now buy or leverage open-source libraries or other providers a lot more than you could 15 or 20 years ago. So, it's become this thing that can be snapped into your architecture. The second is, auth is the front door to application. And while it isn't really that differentiated—I don't think most applications, as you kind of alluded to, should innovate there—it is kind of critical that it runs all the time that it's safe and secure, that it's accessible, that it looks like your application.So, at the same time, it's undifferentiated, right? Like, at the end of the day, people just want to get through authentication and authorization schemes into your application. That is really the critical thing. So, it's undifferentiated, it's critical, it needs to be highly available. Those are all things that make it a good candidate for outsourcing.Corey: There are a few things to unpack there. First is that everything becomes commoditized in the fullness of time. And this is a good thing. Back in the original dotcom bubble, there were entire teams of engineers at all kinds of different e-commerce companies that were basically destroying themselves trying to build an online shopping cart. And today you wind up implementing Shopify or something like it—which is usually Shopify—and that solves the problem for you. This is no longer a point of differentiation.If I want to start selling physical goods on the internet, it feels like it'll take me half an hour or so to wind up with a bare-bones shopping cart thing ready to go, and then I just have to add inventory. Authentication feels like it was kind of the same thing. I mean, back in that song from early on in internet history “Code Monkey” talks about building a login page as part of it, and yeah, that was a colossal pain. These days, there are a bunch of different ways to do that with folks who spend their entire careers working on this exact problem so you can go and work on something that is a lot more core and central to the value that your business ostensibly provides. And that seems like the right path to go down.But this does lead to the obvious counter-question of how is it that you differentiate other than, you know, via marketing, which again, not the worst answer in the world, but it also turns into skeezy marketing. “Yes, you should use this other company's option, or you could use ours and we don't have any intentional backdoors in our version.” “Hmm. That sounds more suspicious and more than a little bit frightening. Tell me more.” “No, legal won't let me.” And it's “Okay.” Aside from the terrible things, how do you differentiate?Dan: I liked that. That was an oddly specific disclaimer, right? Like, whenever a company says, “Oh, yeah, no.” [laugh].Corey: “My breakfast cereal has less arsenic than leading brands.”Dan: Perfect. So yeah, so FusionAuth realizes that, kind of, there are a lot of options out there, and so we've chosen to niche down. And one of the things that we really focus on is the CIAM market. And that stands for Customer Identity Access Management. And we can dive into that a little bit later if you want to know more about that.We have a variety of deployment options, which I think differentiates us from a lot of the SaaS providers out there. You can run us as a self-hosted option with, by the way, professional-grade support, you can use us as a SaaS provider if you don't want to run it yourself. We are experts in operating this piece of software. And then thirdly, you can move between them, right? It's your data, so if you start out and you're bare bones and you want to save money, you can start with self-hosted, when you grow, move to the SaaS version.Or we actually have some bigger companies that kickstart on the SaaS version because they want to get going with this integration problem and then later, as they build out their capabilities, they want the option to move it in-house. So, that is a really key differentiator for us. The last one I'd say is we're really dev-focused. Who isn't, right? Everyone says they're dev-focused, but we live that in terms of our APIs, in terms of our documentation, in terms of our open development process. Like, there's actually a GitHub issues list you can go look on the FusionAuth GitHub profile and it shows exactly what we have planned for the next couple of releases.Corey: If you go to one of my test reference applications, lasttweetinaws.com, as of the time of this recording at least, it asks you to authenticate with your Twitter account. And you can do that, and it's free; I don't charge for any of these things. And once you're authenticated, you can use it to author Twitter threads because I needed it to exist, first off, and secondly, it makes a super handy test app to try out a whole bunch of different things.And one of the reasons you can just go and use it without registering an account for this thing or anything else was because I tried to set that up in an early version with Cognito and immediately gave the hell up and figured, all right, if you can find the URL, you can use this thing because the experience was that terrible. If instead, I had gone down the path of using FusionAuth, what would have made that experience different, other than the fact that Cognito was pretty clearly a tech demo at best rather than something that had any care, finish, spit and polish went into it.Dan: So, I've used Cognito. I'm not going to bag on Cognito, I'm going to leave that to—[laugh].Corey: Oh, I will, don't worry. I'll do all the bagging on Cognito you'd like because the problem is, and I want to be clear on this point, is that I didn't understand what it was doing because the interface was arcane, and the failure mode of everything in this entire sector, when the interface is bad, the immediate takeaway is not “This thing's a piece of crap.” It's, “Oh, I'm bad at this. I'm just not smart enough.” And it's insulting, and it sets me off every time I see it. So, if I feel like I'm coming across as relatively annoyed by the product, it's because it made me feel dumb. That is one of those cardinal sins, from my perspective. So, if you work on that team, please reach out. I would love to give you a laundry list of feedback. I'm not here to make you feel bad about your product; I'm here to make you feel bad about making your customers feel bad. Now please, Dan, continue.Dan: Sure. So, I would just say that one of the things that we've strived to do for years and years is translate some of the arcane IAM Identity Access Management jargon into what normal developers expect. And so, we don't have clients in our OAuth implementation—although they really are clients if you're an RFC junkie—we have applications, right? We have users, we have groups, we have all these things that are what users would expect, even though underlying them they're based on the same standards that, frankly, Cognito and Auth0 and a lot of other people use as well.But to get back to your question, I would say that, if you had chosen to use FusionAuth, you would have had a couple of advantages. The first is, as I mentioned, kind of the developer friendliness and the extensive documentation, example applications. The second would be a themeability. And this is something that we hear from our clients over and over again, is Cognito is okay if you stay within the lines in terms of your user interface, right? If you just want to login form, if you want to stay between lines and you don't want to customize your application's login page at all.We actually provide you with HTML templates. It's actually using a language called FreeMarker, but they let you do whatever the heck you want. Now, of course, with great power comes great responsibility. Now, you own that piece, right, and we do have some more simple customization you can do if all you want to do is change the color. But most of our clients are the kind of folks who really want their application login screen to look exactly like their application, and so they're willing to take on that slightly heavier burden. Unfortunately, Cognito doesn't give you that option at all, as far as I can tell when I've kicked the tires on it. The theming is—how I put this politely—some of our clients have found the theming to be lacking.Corey: That's part of the issue where when I was looking at all the reference implementations, I could find for Cognito, it went from “Oh, you have your own app, and its branding, and the rest,” and bam, suddenly, you're looking right, like, you're logging into an AWS console sub-console property because of course they have those. And it felt like “Oh, great. If I'm going to rip off some company's design aesthetic wholesale, I'm sorry, Amazon is nowhere near anywhere except the bottom 10% of that list, I've got to say. I'm sorry, but it is not an aesthetically pleasing site, full stop. So, why impose that on customers?”It feels like it's one of those things where—like, so many Amazon service teams say, “We're going to start by building a minimum lovable product.” And it's yeah, it's a product that only a parent could love. And the problem is, so many of them don't seem to iterate beyond that do a full-featured story. And this is again, this is not every AWS service. A lot of them are phenomenal and grow into themselves over time.One of the best rags-to-riches stories that I can recall is EFS, their Elastic File System, for an example. But others, like Cognito just sort of seem to sit and languish for so long that I've basically given up hope. Even if they wind up eventually fixing all of these problems, the reputation has been cemented at this point. They've got to give it a different terrible name.Dan: I mean, here's the thing. Like, EFS, if it looks horrible, right, or if it has, like, a toughest user experience, guess what? Your users are devs. And if they're forced to use it, they will. They can sometimes see the glimmers of the beauty that is kind of embedded, right, the diamond in the rough. If your users come to a login page and see something ugly, you immediately have this really negative association. And so again, the login and authentication process is really the front door of your application, and you just need to make sure that it shines.Corey: For me at least, so much of what's what a user experience or user takeaway is going to be about a company's product starts with their process of logging into it, which is one of the reasons that I have challenges with the way that multi-factor auth can be presented, like, “Step one, login to the thing.” Oh, great. Now, you have to fish out your YubiKey, or you have to go check your email for a link or find a code somewhere and punch it in. It adds friction to a process. So, when you have these services or tools that oh, your session will expire every 15 minutes and you have to do that whole thing again to log back in, it's ugh, I'm already annoyed by the time I even look at anything beyond just the login stuff.And heaven forbid, like, there are worse things, let's be very clear here. For example, if I log in to a site, and I'm suddenly looking at someone else's account, yeah, that's known as a disaster and I don't care how beautiful the design aesthetic is or how easy to use it is, we're done here. But that is job zero: the security aspect of these things. Then there's all the polish that makes it go from something that people tolerate because they have to into something that, in the context of a login page I guess, just sort of fades into the background.Dan: That's exactly what you want, right? It's just like the old story about the sysadmin. People only notice when things are going wrong. People only care about authentication when it stops them from getting into what they actually want to do, right? No one ever says, “Oh, my gosh, that login experience was so amazing for that application. I'm going to come back to that application,” right? They notice when it's friction, they noticed when it's sand in the gears.And our goal at FusionAuth, obviously, security is job zero because as you said, last thing you want is for a user to have access to some other user's data or to be able to escalate their privileges, but after that, you want to fade in the background, right? No one comes to FusionAuth and builds a whole application on top of it, right? We are one component that plugs into your application and lets you get on to the fundamentals of building the features that your users really care about, and then wraps your whole application in a blanket of security, essentially.Corey: I'll take even one more example before we just drive this point home in a way that I hope resonates with folks. Everyone has an opinion on logging into AWS properties because “Oh, what about your Amazon account?” At which point it's “Oh, sit down. We're going for a ride here. Are you talking about amazon.com account? Are you talking about the root account for my AWS account? Are you talking about an IAM user? Are you talking about the service formerly known as AWS SSO that's now IAM Identity Center users? Are you talking about their Chime user account? Are you talking about your repost forum account?” And so, on and so on and so on. I'm sure I'm missing half a dozen right now off the top of my head.Yeah, that's awful. I've been also developing lately on top of Google Cloud, and it is so far to the opposite end of that spectrum that it's suspicious and more than a little bit frightening. When I go to console.cloud.google.com, I am boom, there. There is no login approach, which on the one hand, I definitely appreciate, just from a pure perspective of you're Google, you track everything I do on the internet. Thank you for not insulting my intelligence by pretending you don't know who I am when I log into your Cloud Console.Counterpoint, when I log into the admin portal for my Google Workspaces account, admin.google.com, it always re-prompts for a password, which is reasonable. You'd think that stuff running production might want to do something like that, in some cases. I would not be annoyed if it asked me to just type in a password again when I get to the expensive things that have lasting repercussions.Although, given my personality, logging into Gmail can have massive career repercussions as soon as I hit send on anything. I digress. It is such a difference from user experience and ease-of-use that it's one of those areas where I feel like you're fighting something of a losing battle, just because when it works well, it's glorious to the point where you don't notice it. When authentication doesn't work well, it's annoying. And there's really no in between.Dan: I don't have anything to say to that. I mean, I a hundred percent agree that it's something that you could have to get right and no one cares, except for when you get it wrong. And if your listeners can take one thing away from this call, right, I know it's we're sponsored by FusionAuth, I want to rep Fusion, I want people to be aware of FusionAuth, but don't roll your own, right? There are a lot of solutions out there. I hope you evaluate FusionAuth, I hope you evaluate some other solutions, but this is such a critical thing and Corey has laid out [laugh] in multiple different ways, the ways it can ruin your user experience and your reputation. So, look at something that you can build or a library that you can build on top of. Don't roll your own. Please, please don't.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate. Is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other; which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at honeycomb.io/screaminginthecloud. Observability: it's more than just hipster monitoring.Corey: So, tell me a little bit more about how it is that you folks think about yourselves in just in terms of the market space, for example. The idea of CIAM, customer IAM, it does feel viscerally different than traditional IAM in the context of, you know, AWS, which I use all the time, but I don't think I have the vocabulary to describe it without sounding like a buffoon. What is the definition between the two, please? Or the divergence, at least?Dan: Yeah, so I mean, not to go back to AWS services, but I'm sure a lot of your listeners are familiar with them. AWS SSO or the artist formerly known as AWS SSO is IAM, right? So, it's Workforce, right, and Workforce—Corey: And it was glorious, to the point where I felt like it was basically NDA'ed from other service teams because they couldn't talk about it. But this was so much nicer than having to juggle IAM keys and sessions that timeout after an hour in the console. “What do you doing in the console?” “I'm doing ClickOps, Jeremy. Leave me alone.”It's just I want to make sure that I'm talking about this the right way. It feels like AWS SSO—creature formerly known as—and traditional IAM feels like they're directionally the same thing as far as what they target, as far as customer bases, and what they empower you to do.Dan: Absolutely, absolutely. There are other players in that same market, right? And that's the market that grew up originally: it's for employees. So, employees have this very fixed lifecycle. They have complicated relationships with other employees and departments in organizations, you can tell them what to do, right, you can say you have to enroll your MFA key or you are no longer employed with us.Customers have a different set of requirements, and yet they're crucial to businesses because customers are, [laugh] who pay you money, right? And so, things that customers do that employees don't: they choose to register; they pick you, you don't pick them; they have a wide variety of devices and expectations; they also have a higher expectation of UX polish. Again, with an IAM solution, you can kind of dictate to your employees because you're paying them money. With a customer identity access management solution, it is part of your product, in the same way, you can't really dictate features unless you have something that the customer absolutely has to have and there are no substitutes for it, you have to adjust to the customer demands. CIAM is more responsive to those demands and is a smoother experience.The other thing I would say is CIAM, also, frankly, has a simpler model. Most customers have access to applications, maybe they have a couple of roles that you know, an admin role, an editor role, a viewer role if you're kind of a media conglomerate, for an example, but they don't have necessarily the thicket of complexity that you might have to have an eye on, so it's just simpler to model.Corey: Here's an area that feels like it's on the boundary between them. I distinctly remember being actively annoyed a while back that I had to roll my marketing person her own entire AWS IAM account solely so that she could upload assets into an S3 bucket that was driving some other stuff. It feels very much like that is a better use case for something that is a customer IAM solution. Because if I screw up those permissions even slightly, well, congratulations, now I've inadvertently given someone access to wind up, you know, taking production down. It feels like it is way too close to things that are going to leave a mark, whereas the idea of a customer authentication story for something like that is awesome.And no please if you're listening to this, don't email me with this thing you built and put on the Marketplace that “Oh, it uses signed URLs and whatnot to wind up automatically federating an identity just for this one per—” Yes. I don't want to build something ridiculous and overwrought so a single person can update assets within S3. I promise I don't want to do that. It just ends badly.Dan: Well, that was the promise of Cognito, right? And that is actually one of the reasons you should stick with Cognito if you have super-detailed requirements that are all about AWS and permissions to things inside AWS. Cognito has that tight integration. And I assume—I haven't looked at some of the other big cloud providers, but I assume that some of the other ones have that similar level of integration. So yeah, so that my answer there would be Cognito is the CIAM solution that AWS has, so that is what I would expect it to be able to handle, relatively smoothly.Corey: A question I have for you about the product itself is based on a frustration I originally had with Cognito, which is that once you're in there and you are using that for authentication and you have users, there's no way for me to get access to the credentials of my users. I can't really do an export in any traditional sense. Is that possible with FusionAuth?Dan: Absolutely. So, your data is your data. And because we're a self-hosted or SaaS solution, if you're running it self-hosted, obviously you have access to the password hashes in your database. If you are—Corey: The hashes, not the plaintext passwords to be explicitly clear on this. [laugh].Dan: Absolutely the hashes. And we have a number of guides that help you get hashes from other providers into ours. We have a written export guide ourselves, but it's in the database and the schema is public. You can go download our schema right now. And if—Corey: And I assume you've used an industry standard hashing algorithm for this?Dan: Yeah, we have a number of different options. You can bring your own actually, if you want, and we've had people bring their own options because they have either special needs or they have an older thing that's not as secure. And so, they still want their users to be able to log in, so they write a plugin and then they import the users' hashes, and then we transparently re-encrypt with a more modern one. The default for us is PDK.Corey: I assume you do the re-encryption at login time because there's no other way for you to get that.Dan: Exactly. Yeah yeah yeah—Corey: Yeah.Dan: —because that's the only time we see the password, right? Like we don't see it any other time. But we support Bcrypt and other modern algorithms. And it's entirely configurable; if you want to set a factor, which basically is how—Corey: I want to use MD5 because I'm still living in 2003.Dan: [laugh]. Please don't use MD5. Second takeaway: don't roll your own and don't use MD5. Yeah, so it's very tweakable, but we shipped with a secured default, basically.Corey: I just want to clarify as well why this is actively important. I don't think people quite understand that in many cases, picking an authentication provider is one of those lasting decisions where migrations take an awful lot of work. And they probably should. There should be no mechanism by which I can export the clear text passwords. If any authentication provider advertises or offers such a thing, don't use that one. I'm going to be very direct on that point.The downside to this is that if you are going to migrate from any other provider to any other provider, it has to happen either slowly as in, every time people log in, it'll check with the old system and then migrate that user to the new one, or you have to force password resets for your entire customer base. And the problem with that is I don't care what story you tell me. If I get an email from one of my vendors saying “You now have to reset your password because we're migrating to their auth thing,” or whatnot, there's no way around it, there's no messaging that solves this, people will think that you suffered a data breach that you are not disclosing. And that is a heavy, heavy lift. Another pattern I've seen is it for a period of three months or whatnot, depending on user base, you will wind up having the plug in there, and anyone who logs in after that point will, “Ohh you need to reset your password. And your password is expired. Click here to reset.” That tends to be a little bit better when it's not the proactive outreach announcement, but it's still a difficult lift and it adds—again—friction to the customer experience.Dan: Yep. And the third one—which you imply it—is you have access to your password hashes. They're hashed in a secure manner. And trust me, even though they're hashed securely, like, if you contact FusionAuth and say, “Hey, I want to move off FusionAuth,” we will arrange a way to get you your database in a secure manner, right? It's going to be encrypted, we're going to have a separate password that we communicate with you out-of-band because this is—even if it is hashed and salted and handled correctly, it's still very, very sensitive data because credentials are the keys to the kingdom.So, but those are the three options, right? The slow migration, which is operationally expensive, the requiring the user to reset their password, which is horribly expensive from a user interface perspective, right, and the customer service perspective, or export your password hashes. And we think that the third option is the least of the evils because guess what? It's your data, right? It's your user data. We will help you be careful with it, but you own it.Corey: I think that there's a lot of seriously important nuance to the whole world of authentication. And the fact that this is such a difficult area to even talk about with folks who are not deeply steeped in that ecosystem should be an indication alone that this is the sort of thing that you definitely want to outsource to a company that knows what the hell they're doing. And it's not like other areas of tech where you can basically stumble your way through something. It's like “Well, I'm going to write a Lambda to go ahead and post some nonsense on Twitter.” “Okay, are you good at programming?” “Not even slightly, but I am persistent and brute force is a viable strategy, so we're going to go with that one.” “Great. Okay, that's awesome.”But authentication is one of those areas where mistakes will show. The reputational impact of losing data goes from merely embarrassing to potentially life-ruining for folks. The most stressful job I've ever had from a data security position wasn't when I was dealing with money—because that's only money, which sounds like a weird thing to say—it was when I did a brief stint at Grindr where people weren't out. In some countries, users could have wound up in jail or have been killed if their sexuality became known. And that was the stuff that kept me up at night.Compared to that, “Okay, you got some credit card numbers with that. What the hell do I care about that, relatively speaking?” It's like, “Yeah, it's well, my credit card number was stolen.” “Yeah, but did you die, though?” “Oh, you had to make a phone call and reset some stuff.” And I'm not trivializing the importance of data security. Especially, like, if you're a bank, and you're listening to this, and you're terrified, yeah, that's not what I'm saying at all. I'm just saying there are worse things.Dan: Sure. Yeah. I mean, I think that, unfortunately, the pandemic showed us that we're living more and more of our lives online. And the identity online and making sure that safe and secure is just critical. And again, not just for your employees, although that's really important, too, but more of your customer interactions are going to be taking place online because it's scalable, because it makes people money, because it allows for capabilities that weren't previously there, and you have to take that seriously. So, take care of your users' data. Please, please do that.Corey: And one of the best ways you can do that is by not touching the things that are commoditized in your effort to apply differentiation. That's why I will never again write my own auth system, with a couple of asterisks next to it because some of what I do is objectively horrifying, intentionally so. But if I care about the authentication piece, I have the good sense to pay someone else to do it for me.Dan: From personal experience, you mentioned at the beginning that we go back aways. I remember when I first discovered RDS, and I thought, “Oh, my God. I can outsource all this scut work, all of the database backups, all of the upgrades, all of the availability checking, right? Like, I can outsource this to somebody else who will take this off my plate.” And I was so thankful.And I don't—outside of, again, with some asterisks, right, there are places where I could consider running a database, but they're very few and far between—I feel like auth has entered that category. There are great providers like FusionAuth out there that are happy to take this off your plate and let you move forward. And in some ways, I'm not really sure which is more dangerous; like, not running a database properly or not running an auth system properly. They both give me shivers and I would hate to [laugh] hate to be forced to choose. But they're comparable levels of risk, so I a hundred percent agree, Corey.Corey: Dan, I really want to thank you for taking so much time to talk to me about your view of the world. If people want to learn more because you're not in their inboxes responding to newsletters every week, where's the best place to find you?Dan: Sure, you can find more about me at Twitter. I'm @mooreds, M-O-O-R-E-D-S. And you can learn more about FusionAuth and download it for free at fusionauth.io.Corey: And we will put links to all of that in the show notes. I really want to thank you again for just being so generous with your time. It's deeply appreciated.Dan: Corey, thank you so much for having me.Corey: Dan Moore, Head of DevRel at FusionAuth. I'm Cloud Economist Corey Quinn. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice, along with an angry, insulting comment that will be attributed to someone else because they screwed up by rolling their own authentication.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
Wild Winsday This episode was recorded LIVE on July 7th, 2022 with the MD5 group at Antioch Baptist in Conway Arkansas. Fitness is of the body and Faith is of the spirit. Where do they intersect in our lives? Learn More About Men's Discipleship 5! https://www.mdfive.org Join our awesome community! https://betterdaily.live
© 2020-2026 Ivy Podcast Discovery LLC
