in-toto, with Santiago Torres-Arias

Kubernetes Podcast from Google

Episode | Podcast

Date: Wed, 30 Mar 2022 02:31:52 +0000

<p>When is it safe to run software? When is it safe to drink orange juice? Are we a better judge of one or the other? <a href="">Santiago Torres-Arias</a> is an Assistant Professor at Purdue University, the team lead of the <a href="">in-toto</a> project, and a contributor to <a href="">The Update Framework</a>. He joins <a href="">Craig</a> to talk security in both physical and software supply chains.</p> <p>Do you have something cool to share? Some questions? Let us know:</p> <ul> <li>web: <a href=""></a></li> <li>mail: <a href=""></a></li> <li>twitter: <a href="">@kubernetespod</a></li> </ul> <h3 id="chatter-of-the-week">Chatter of the week</h3> <ul> <li><a href="!_(American_game_show)"> Don’t Forget The Lyrics</a></li> <li><a href="">Gettin’ Jiggy Wit It</a></li> <li><a href="">Explained on Genius</a></li> <li><a href=""> Will Smith on Top Gear</a></li> <li><a href="">The Oscars thing</a> (CW: violence, cuss words that Will Smith didn’t used to have to rap to sell records)</li> <li><a href="">He’s The Greatest Dancer</a> by Sister Sledge; written by Bernard Edwards and Nile Rodgers of Chic</li> </ul> <h3 id="news-of-the-week">News of the week</h3> <ul> <li><a href=""> New Cisco Intersight Kubernetes features</a></li> <li><a href="">Red Hat OpenShift v4.10</a></li> <li><a href="">ChaosNative acquired by Harness</a></li> <li><a href="">Azure PlayFab launches Thundernetes</a> <ul> <li><a href="">Episode 26, with Cyril Tovena and Mark Mandel</a></li> <li><a href="">Hacker News commentary</a></li> </ul> </li> <li><a href=""> Weave GitOps v2022-03</a></li> <li><a href="">Qumulo for Kubernetes</a></li> <li><a href=""> SpectroCloud raises $40m</a></li> <li><a href=""> Pinterest: 99% to 99.9% SLO, high performance control plane</a></li> <li><a href=""> Uber: Avoiding CPU throttling in a containerized environment</a></li> </ul> <h3 id="links-from-the-interview">Links from the interview</h3> <ul> <li><a href="">in-toto</a></li> <li><a href="">The Update Framework</a></li> <li><a href="">Purdue University</a> <ul> <li><a href="">Elmore Family School of Electrical and Computer Engineering</a></li> <li><a href="">Purdue Boilermakers</a></li> <li><a href=";show=true&amp;type=undergrad"> Open Source Software Senior Design Projects</a></li> </ul> </li> <li><a href="">NYU</a> <ul> <li><a href="">Tandon School of Engineering</a></li> <li><a href="">Justin Cappos</a></li> </ul> </li> <li><a href="">PolyPasswordHasher</a></li> <li><a href=""> Episode 155, with Priya Wadhwa</a></li> <li><a href="">apt-secure for Debian packages</a></li> <li><a href=""> A keysigning</a> and <a href=";search=0x9AE9B6E4DBF5ED67"> a signed PGP key</a></li> <li><a href="">Farm to table attestation</a></li> <li><a href="">Potato tracking</a></li> <li><a href="">An example of E. coli in lettuce</a></li> <li><a href=""> in-toto record</a></li> <li><a href="">Project Trebuchet: How SolarWinds is Using Open Source to Secure Their Supply Chain in the Wake of the Sunburst Hack</a> by Trevor Rosen, Solarwinds</li> <li><a href=""> Reflections on Trusting Trust</a> by Ken Thompson</li> <li><a href=""> Secure Publication of Datadog Agent Integrations with TUF and in-toto</a></li> <li><a href=""> US Executive Order on Improving the Nation’s Cybersecurity</a></li> <li><a href=""> Readout of White House Meeting on Software Security</a></li> <li><a href="">sigstore</a> <ul> <li><a href=""> in-toto is the second most used format for sigstore</a></li> </ul> </li> <li><a href="">SPIFFE</a></li> <li><a href="">SLSA</a></li> <li><a href=""> in-toto moves to incubation in the CNCF</a></li> <li><a href="">CFSSL</a></li> <li><a href="">Math rock</a> <ul> <li><a href="">Covet: “falkor”</a></li> <li><a href="">TTNG: +3 Awesomeness Repels Water</a></li> </ul> </li> <li><a href="">Bird of the Year</a> <ul> <li><a href="">The kea</a></li> <li><a href="">Breaking a police car</a></li> </ul> </li> <li><a href="">Santiago Torres-Arias</a> on Twitter and at <a href=""></a></li> </ul>