Thinking Alike

It’s that time when people head to the desert, where several factions will vie for attention and information.

You’ll find arguments about the future of technology and culture.

You’ll find discussions about the consequences of computers from 10,000 years ago.

You have to be careful in large groups, you’ll need to wear a mask and–

No. Hold on.

Those are plot points from the book Dune.

DEF CON started barely 30 years ago, Black Hat and BSides Las Vegas even less than that.

They do have the same point about computers, though.

Dune is one of my favorite books. I love how well it builds a history of civilizations and leaves so many aspects of that history ambiguous or to the reader’s imagination. I also love its political strategies and all the interior voices of the characters.

This episode also marked one of my early desires to do away with hardening guides. In this case, we were talking about a Kubernetes Hardening Guidance from NSA and CISA. But at 50 pages, it feels like k8s could benefit from better defaults.

Hardening guides feel like a modern anti-pattern. The appsec world should have moved on from them and emphasized secure defaults, with “loosening guides” provided for those who want to deliberately increase their attack surface or enable features that pose more risk.

Check out this episode's show notes for links to the articles we covered. And please take a moment to subscribe.