Software Security, Open Source, and the xz affair
March 31, 2024
Recently, the Free and Open Source (FOSS) community, and especially the Linux ecosystem part of it, has been shocked by a malicious backdoor being inserted in the xz compression library, apparently with a goal to compromise SSH (Secure Shell) connections. You can read about the details in articles from the Register, Ars Technica, and a […]
Performative Data Security is Bad Data Security
March 17, 2023
Most of us have been there. In these days of GDPR and scams, when you call large companies you will usually be told you need to answer some questions to prove who you are before they will discuss your account or case. This makes perfect sense. Most large companies, on the rare occaision they have […]