Episode 108: Sarah Gran and Josh Aas: Sustainable Digital Infrastructure with Memory Safe Code
vor 4 Jahren
Sarah Gran and Josh Aas of ISRG go in-depth about their work on
Prossimo to bring memory safe code to critical digital
infrastructure and some other projects they are investing in this
year.
Podcast
Podcaster
Beschreibung
vor 4 Jahren
Guest Sarah Gran | Josh Aas Panelists Richard Littauer | Justin
Dorfman Show Notes Hello and welcome to Sustain! The podcast where
we talk about sustaining open source for the long haul. We are
super excited to have two guests today, Sarah Gran and Josh Aas,
who both work for ISRG, the Internet Security Research Group which
consists of three projects: Let’s Encrypt, Divvi Up, and Prossimo.
Sarah is a VP of Communication and fundraising for ISRG, and Josh
is the Executive Director at ISRG. They are both working on
Prossimo to bring memory safe code to critical digital
infrastructure, which they will explain more in depth today. We
also learn about some other projects they are investing in this
year, and Sarah and Josh share some positive things they’re really
excited about happening in 2022 with Prossimo. Go ahead and
download this episode now to find out more! [00:02:03] We find out
what ISRG is and how they choose which projects to focus on.
[00:04:53] Josh explains the difference between Prossimo and Rust.
[00:07:07] Josh and Sarah explain why memory allocation is so
important. [00:10:33] Justin wonders if Log4j is on their radar in
terms of funding, if that’s something ISRG can help them with, and
how that has brought more attention to memory safe languages.
[00:13:03] We hear about the relationship ISRG has with the Linux
Foundation. [00:15:21] Sarah shares what they’ve done so far to
make the Prossimo project sustainable. [00:18:21] We find out what
the budget is for running ISRG, and how they make that budget for
what they are trying to accomplish. [00:22:40] Josh tells us about
using Linkerd if you’re looking for memory safety in that space.
[00:24:40] Besides working on major projects that have had massive
impacts like he had with Let’s Encrypt, Josh shares things that
have been difficult for him this year. [00:27:02] Josh explains how
Cloudflare deals with DDoS attacks, and if there’s been any open
line of communication with NginX. [00:29:55] Josh and Sarah detail
what they’re doing to get the word out about Prossimo which
includes four criteria they use to decide what they’re going to
engage with. [00:33:18] We hear about some projects they are
investing in this year, such as Rustls, Linux kernel, and NTP.
[00:35:07] What are Sarah and Josh most excited about happening in
2022? [00:41:35] Find out where you can follow Josh, Sarah, and
Prossimo online. Quotes [00:04:05] “We just like to do a lot
research about what we’re doing. We’re not a throw it at the wall
and see what sticks organization.” [00:12:05] “From my perspective
in communications and fundraising, I think this is a great moment
for us to help people understand that memory safety isn’t at the
crux of Log4j.” [00:14:31] “Rising tides raises all ships.”
[00:25:27] “We have a huge amount of history that tells us C++ code
is not safe.” [00:29:25] “I really hope that ten years from now,
the number one web server is not written in C, that cannot happen,
we can’t allow that to happen. Popular web servers written in C
need to go.” [00:36:37] “We can have a plan to boot OpenSSL off the
internet. That’s a dream of mine and I think that’s an achievable
goal.” Spotlight [00:38:09] Justin’s spotlight is Twitter
communities. [00:38:33] Richard’s spotlight is Karl Becker.
[00:39:14] Sarah’s spotlight is Crowdin. [00:40:43] Josh’s
spotlight is Qubes OS. Links SustainOSS (https://sustainoss.org/)
SustainOSS Twitter
(https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor)
SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS
Podcast (https://podcast.sustainoss.org/) Josh Aas Twitter
(https://twitter.com/0xjosh?lang=en) Josh Aas LinkedIn
(https://www.linkedin.com/in/josh-aas-406a772) Sarah Gran Twitter
(https://twitter.com/sarahgrrrrrrran) Sarah Gran LinkedIn
(https://www.linkedin.com/in/sarah-gran-saline) Internet Security
Research Group (https://www.abetterinternet.org/) Prossimo
(https://www.memorysafety.org/) Let’s Encrypt
(https://letsencrypt.org/) Apache Log4j
(https://logging.apache.org/log4j/2.x/index.html) Linkerd
(https://linkerd.io/) Justin Dorfman Twitter
(https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor)
Crowdin (https://crowdin.com/) Karl Becker GitHub
(https://github.com/karlbecker) Qubes OS
(https://www.qubes-os.org/) Credits Produced by Richard Littauer
(https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree
Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr
Peachtree Sound (https://www.peachtreesound.com/) Special Guests:
Josh Aas and Sarah Gran.
Dorfman Show Notes Hello and welcome to Sustain! The podcast where
we talk about sustaining open source for the long haul. We are
super excited to have two guests today, Sarah Gran and Josh Aas,
who both work for ISRG, the Internet Security Research Group which
consists of three projects: Let’s Encrypt, Divvi Up, and Prossimo.
Sarah is a VP of Communication and fundraising for ISRG, and Josh
is the Executive Director at ISRG. They are both working on
Prossimo to bring memory safe code to critical digital
infrastructure, which they will explain more in depth today. We
also learn about some other projects they are investing in this
year, and Sarah and Josh share some positive things they’re really
excited about happening in 2022 with Prossimo. Go ahead and
download this episode now to find out more! [00:02:03] We find out
what ISRG is and how they choose which projects to focus on.
[00:04:53] Josh explains the difference between Prossimo and Rust.
[00:07:07] Josh and Sarah explain why memory allocation is so
important. [00:10:33] Justin wonders if Log4j is on their radar in
terms of funding, if that’s something ISRG can help them with, and
how that has brought more attention to memory safe languages.
[00:13:03] We hear about the relationship ISRG has with the Linux
Foundation. [00:15:21] Sarah shares what they’ve done so far to
make the Prossimo project sustainable. [00:18:21] We find out what
the budget is for running ISRG, and how they make that budget for
what they are trying to accomplish. [00:22:40] Josh tells us about
using Linkerd if you’re looking for memory safety in that space.
[00:24:40] Besides working on major projects that have had massive
impacts like he had with Let’s Encrypt, Josh shares things that
have been difficult for him this year. [00:27:02] Josh explains how
Cloudflare deals with DDoS attacks, and if there’s been any open
line of communication with NginX. [00:29:55] Josh and Sarah detail
what they’re doing to get the word out about Prossimo which
includes four criteria they use to decide what they’re going to
engage with. [00:33:18] We hear about some projects they are
investing in this year, such as Rustls, Linux kernel, and NTP.
[00:35:07] What are Sarah and Josh most excited about happening in
2022? [00:41:35] Find out where you can follow Josh, Sarah, and
Prossimo online. Quotes [00:04:05] “We just like to do a lot
research about what we’re doing. We’re not a throw it at the wall
and see what sticks organization.” [00:12:05] “From my perspective
in communications and fundraising, I think this is a great moment
for us to help people understand that memory safety isn’t at the
crux of Log4j.” [00:14:31] “Rising tides raises all ships.”
[00:25:27] “We have a huge amount of history that tells us C++ code
is not safe.” [00:29:25] “I really hope that ten years from now,
the number one web server is not written in C, that cannot happen,
we can’t allow that to happen. Popular web servers written in C
need to go.” [00:36:37] “We can have a plan to boot OpenSSL off the
internet. That’s a dream of mine and I think that’s an achievable
goal.” Spotlight [00:38:09] Justin’s spotlight is Twitter
communities. [00:38:33] Richard’s spotlight is Karl Becker.
[00:39:14] Sarah’s spotlight is Crowdin. [00:40:43] Josh’s
spotlight is Qubes OS. Links SustainOSS (https://sustainoss.org/)
SustainOSS Twitter
(https://twitter.com/SustainOSS?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor)
SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS
Podcast (https://podcast.sustainoss.org/) Josh Aas Twitter
(https://twitter.com/0xjosh?lang=en) Josh Aas LinkedIn
(https://www.linkedin.com/in/josh-aas-406a772) Sarah Gran Twitter
(https://twitter.com/sarahgrrrrrrran) Sarah Gran LinkedIn
(https://www.linkedin.com/in/sarah-gran-saline) Internet Security
Research Group (https://www.abetterinternet.org/) Prossimo
(https://www.memorysafety.org/) Let’s Encrypt
(https://letsencrypt.org/) Apache Log4j
(https://logging.apache.org/log4j/2.x/index.html) Linkerd
(https://linkerd.io/) Justin Dorfman Twitter
(https://twitter.com/jdorfman?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor)
Crowdin (https://crowdin.com/) Karl Becker GitHub
(https://github.com/karlbecker) Qubes OS
(https://www.qubes-os.org/) Credits Produced by Richard Littauer
(https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree
Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr
Peachtree Sound (https://www.peachtreesound.com/) Special Guests:
Josh Aas and Sarah Gran.
Weitere Episoden
34 Minuten
vor 9 Monaten
46 Minuten
vor 9 Monaten
40 Minuten
vor 9 Monaten
38 Minuten
vor 10 Monaten
Kommentare (0)
Melde Dich an, um einen Kommentar zu schreiben.