Embedded
Embedded
Aug 27, 2020
342: That Girl's Brain
Play episode · 57 min

Jess Frazelle (@jessfraz) of Oxide Computer (@oxidecomputer) spoke with us about hyperscalers (large companies that make their own datacenter server hardware) and podcasts. 

Jess wrote an article about the power efficiency measurements of datacenter servers: Power to the People (ACM Queue August 2020).

The Oxide podcast is available on oxide.computer/podcast as well as your usual podcast apps. Jess particularly recommended the episode with Jonathan Blow.

Oxide is working to make hyperscaler-style hardware available to everyone. Their goal is to open source all their hardware and software: github.com/oxidecomputer. They use the Rust language for much of their development.

Jess has a blog: blog.jessfraz.com

Rust

The Contextual Electronics Podcast
The Contextual Electronics Podcast
Contextual Electronics
CEP007 – Combining Art and Technology with Sarah Petkus
Sarah's personal site (shown throughout the video) She Bon is a project exploring human sexuality and helping people discuss it in a more healthy way. It has multiple smaller projects we discussed HotSpot PulsePack Sarah shows the hardware to different groups. The hackers at DEFCON are different than the artists at Ars Electronica Sarah entered the project into the Hackaday Prize and also gave a talk at the Hackaday Superconference about it. Comparing artists and jackets, the former usually want to show completely finished work, instead of something that might be in progress. This means artist sometimes outsource the technical work. Sarah likes doing both. "You learn the most when you do it all, when you have the control" Howdo we get more art people to be technical? How do we get more crossover? "I made this!" Noodlefeet is Sarah's robotic offspring. she has been creating an upgrading him for over 5 years. The Noodlefeet playlist on Sarah's Youtube channel Rebuilding Noodle to make him more sturdy, especially while walking. Ship of Theseus The Noodle brain uses a Jetson Nano for classifying images. See the 'mother of machine' site for more info. End Effectors "The tasting channel" Sarah got started in 3D using SketchUp, as did Chris. She learned parametric modeling via Fusion360 went on a deadline. Sarah and Mark met at SynShop Follow Sarah on YouTube Sarah shares her regular sketches and thoughts on Twitter Sarah also has a patreon Thank you for supporting The Contextual Electronics Podcast! Here's how you can follow and help us grow: Please follow us on social media: @ContextualElec on Twitter Contextual Electronics on Facebook Contextual Electronics on LinkedIn @Chris_Gammell on Twitter Please consider leaving us a review iTunes page for subscribing and reviewing Video version of the podcast: Audio version of the podcast:
1 hr 13 min
Defense in Depth
Defense in Depth
Allan Alford and David Spark
Leaked Secrets in Code Repositories
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-leaked-secrets-in-code-repositories/) Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What's their danger? And how can they be found and removed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Jérémy Thomas, CEO, GitGuardian. Thanks to this week's podcast sponsor GitGuardian. GitGuardian empowers organizations to secure their secrets - such as API keys and other credentials - from being exposed in compromised places or leaked publicly. GitGuardian offers a threat intelligence solution focused on detecting secrets leaked on public GitHub and an automated secrets detection solution which tightly integrates with your DevOps pipeline. On this episode of Defense in Depth, you’ll learn: * Putting passwords and other credential information inside of code simply happens. It is done by developers for purposes of efficiency, laziness, or simply forgot to take it out. * Given that exposing secrets is done by developers, these secrets appear in code everywhere, most notably in public code repositories like GitHub. * Exposed credentials can appear in SIEMS as it's being exported from the developers' code. * There is a shared responsibility model and cloud providers do have some ability to scan code, but ultimately code you put in your programs is your responsibility. * Scanning public code repositories should be your first step. You don't want to be adding code that has known issues. * Next step is to scan your own code and get alerts if your developers are adding secrets (wittingly or unwittingly) in their code. If you alert in real-time, it fits naturally within the DevOps pipeline and they will improve their secure coding skills. * Another option to deal with exposed secrets is to sidestep the problem completely and put in additional layers of security, most notably multi-factor authentication (MFA). A great idea, and yes, you should definitely include this very secure step, but it doesn't eliminate the problem. There are far too many authentication layers (many automated) for you to put MFA on everything. There will always be many moments of exposure.
29 min
More episodes
Search
Clear search
Close search
Google apps
Main menu