More Open Source Security episodes

Iocaine poisons bots with Gergely Nagy thumbnail

Iocaine poisons bots with Gergely Nagy

Published 12 Jan 2026

Duration: 40:07

Iocane protects self-hosted websites from aggressive web crawlers by using a sophisticated runtime that misdirects bots with rubbish content while preserving normal user experiences.

Episode Description

Josh talks to Gergely Nagy (algernon) about his tool Iocaine. Iocaine creates a maze to trap scraping bots in a world a fake pages they cannot escape....

Overview

The podcast outlines Iocane, a tool designed to defend self-hosted websites from aggressive web crawlers by serving misleading or nonsensical content to bots while ensuring normal functionality for human users. Iocane works as a runtime system that filters and processes requests using user-defined scripts, often redirecting bots through complex, randomly generated content created with techniques like Markov chains. The system is designed to avoid detection by bots while remaining invisible to legitimate users, using stealthy methods and leveraging cultural references, such as the poison from The Princess Bride, to enhance its approach.

The tools philosophy emphasizes speed, efficiency, and passive mitigation of bot traffic, with a focus on trapping and analyzing bots rather than simply blocking them. The discussion explores bot behavior, techniques for managing bot responses, and strategies for identifying and exploiting bot vulnerabilities, all aimed at helping website owners reclaim control over their content from automated threats. Iocane supports multiple scripting languages and is designed to be integrated seamlessly into existing web infrastructure, providing an innovative and adaptive solution for bot defense.

Recent Episodes of Open Source Security

22 Jun 2026 Packagist and Composer security with Jordi Boggiano

Strategies for securing open-source ecosystems include malware detection via third-party feeds, transparency logs, rapid incident response, blocking malicious downloads, private registry controls, immutable package releases, standardized workflows, MFA enforcement, and technical proposals like artifact validation and build attestation, while addressing challenges like maintainer hacking, AI risks, usability trade-offs, and the need for ecosystem-wide alignment and human verification.

15 Jun 2026 Sustaining Open VSX with Mike and Thabang

Eclipse Foundation's OpenVSX, a VS Code extension repository, surged to 600M monthly downloads, evolved to a commercial model with enterprise SLAs and security teams, while addressing scalability, open-source balance, and funding challenges for AI expansion.

8 Jun 2026 Hacking your CI/CD with Francois Proulx

Critical vulnerabilities in open source CI/CD pipelines, including hijacking and supply chain attacks via social engineering or compromised builds, are highlighted through incidents like TJ Actions and Ultralytics, with mitigation strategies emphasizing secure credentials, externalized workflows, threat modeling, and tools like *Smoked Meat* and *Bagel* to enhance incident response and supply chain security.

1 Jun 2026 Open source verification with Sal Kimmich

Cybersecurity challenges include complex application ecosystems, overlooked kernel vulnerabilities, supply chain risks, and systemic risks from under-resourced organizations prioritizing surface-level controls, alongside calls for regulatory reforms, proactive threat modeling, secure development practices, and addressing tribal nations' unique legal and sovereignty concerns.

25 May 2026 Vulnerability disclosure with Casey Ellis

The evolution of vulnerability disclosure highlights challenges in prioritizing critical issues, outdated legal frameworks, and the role of initiatives like Disclosed.io in standardizing policies, alongside AI's impact on detection, open-source risks, triage complexities, and the need for collaboration and transparency to address systemic security barriers.

More Open Source Security episodes