More Open Source Security episodes
Published 12 Jan 2026
Duration: 40:07
Iocane protects self-hosted websites from aggressive web crawlers by using a sophisticated runtime that misdirects bots with rubbish content while preserving normal user experiences.
Josh talks to Gergely Nagy (algernon) about his tool Iocaine. Iocaine creates a maze to trap scraping bots in a world a fake pages they cannot escape....
The podcast outlines Iocane, a tool designed to defend self-hosted websites from aggressive web crawlers by serving misleading or nonsensical content to bots while ensuring normal functionality for human users. Iocane works as a runtime system that filters and processes requests using user-defined scripts, often redirecting bots through complex, randomly generated content created with techniques like Markov chains. The system is designed to avoid detection by bots while remaining invisible to legitimate users, using stealthy methods and leveraging cultural references, such as the poison from The Princess Bride, to enhance its approach.
The tools philosophy emphasizes speed, efficiency, and passive mitigation of bot traffic, with a focus on trapping and analyzing bots rather than simply blocking them. The discussion explores bot behavior, techniques for managing bot responses, and strategies for identifying and exploiting bot vulnerabilities, all aimed at helping website owners reclaim control over their content from automated threats. Iocane supports multiple scripting languages and is designed to be integrated seamlessly into existing web infrastructure, providing an innovative and adaptive solution for bot defense.
30 Mar 2026 Open Source Security at scale with Michael Wisner
The Alpha Omega Project addresses open-source security by targeting leverage points like Node.js and Python ecosystems, advocating for systemic solutions, dedicated security roles, sustainable funding, and registry infrastructure improvements to counter fragmented practices and downstream risks.
23 Mar 2026 2026 State of the Software Supply Chain with Brian Fox
The State of the Software Supply Chain Report underscores explosive open source growth (10T annual downloads) paired with critical challenges like malware proliferation (1.2M malicious packages), unresolved vulnerabilities (65% unaddressed), infrastructure strain, AI's dual role in risk (hallucinations) and potential (MCP systems), and urgent needs for improved tools, policies, and cost management amid regulatory and scalability pressures.
16 Mar 2026 MCP and Agent security with Luke Hinds
The text explores AI agent security risks like prompt injection and open-source vulnerabilities, emphasizing the No-NO project's kernel-based sandboxing with a deny-by-default model, hardware enclaves, and Rust-driven efficiency, alongside layered defenses, restricted commands, and collaborative efforts to tackle evolving threats like social engineering and insecure coding practices.
9 Mar 2026 The State of OpenSSL for pyca/cryptography with Alex Gaynor and Paul Kehrer
OpenSSL 3.0 is criticized for increased complexity, performance issues, and insufficient progress in testing and memory safety, sparking debate over its adoption and the need for alternative cryptographic libraries.
2 Mar 2026 Rust coreutils with Sylvestre Ledru
A modern rewrite of Unix command-line tools using Rust aims for memory safety, performance, and maintainability while achieving high compatibility.