More Open Source Security episodes
Published 12 Jan 2026
Duration: 40:07
Iocane protects self-hosted websites from aggressive web crawlers by using a sophisticated runtime that misdirects bots with rubbish content while preserving normal user experiences.
Josh talks to Gergely Nagy (algernon) about his tool Iocaine. Iocaine creates a maze to trap scraping bots in a world a fake pages they cannot escape....
The podcast outlines Iocane, a tool designed to defend self-hosted websites from aggressive web crawlers by serving misleading or nonsensical content to bots while ensuring normal functionality for human users. Iocane works as a runtime system that filters and processes requests using user-defined scripts, often redirecting bots through complex, randomly generated content created with techniques like Markov chains. The system is designed to avoid detection by bots while remaining invisible to legitimate users, using stealthy methods and leveraging cultural references, such as the poison from The Princess Bride, to enhance its approach.
The tools philosophy emphasizes speed, efficiency, and passive mitigation of bot traffic, with a focus on trapping and analyzing bots rather than simply blocking them. The discussion explores bot behavior, techniques for managing bot responses, and strategies for identifying and exploiting bot vulnerabilities, all aimed at helping website owners reclaim control over their content from automated threats. Iocane supports multiple scripting languages and is designed to be integrated seamlessly into existing web infrastructure, providing an innovative and adaptive solution for bot defense.
11 May 2026 Open source is critical infrastructure with Kat Cosgrove
Maintaining open source infrastructure is critical to prevent security risks from neglected projects, highlighting the need for sustainable funding, corporate collaboration beyond financial support, and systemic reforms to address coordination challenges, dependency fragility, and vulnerabilities.
4 May 2026 How to actually test a disaster plan with David Bernstein
A three-part disaster recovery framework emphasizing simplicity, clear roles, and collaboration, utilizing structured testing via HSEEP, real-world validation, and continuous improvement through exercises, while addressing pitfalls and balancing realism with psychological safety.
27 Apr 2026 Open Source Pledge with Vlad-Stefan Harbuz
Challenges in open source sustainability include undervaluing maintainers, dependency tracking issues, fragmented tooling, burnout, governance flaws, and paradoxical tool sustainability, necessitating financial support, sustainable governance, and collective action for long-term project viability.
20 Apr 2026 Building a plan for disaster with David Bernstein
Adaptive emergency management and disaster recovery demand dynamic strategies, structured frameworks like ISO 22301/NIST, cyclical preparedness, stress testing, stakeholder alignment, and resilience through collaboration and continuous learning to tackle evolving digital and physical risks.
13 Apr 2026 Open Source Malware with Paul McCarty
Open Source Malware (OSM) addresses the gap in detecting intentional malicious open-source components by cataloging threats, de-obfuscating code, extracting indicators of compromise, and providing post-incident data, while tackling challenges like persistent malicious packages, limitations of traditional tools against interpreted languages, fragmented collaboration, AI risks, and the need for improved CI/CD security, audit tools, and balanced AI-human oversight.