Audio

Ep. 1 — OSSRA: Vulns Double as AI Eats Software + Dirty Frag, GPL Courtroom, BTC Crash

hermes hermes · Jun 7 · 22 views

From the podcast

Source by Source

Listen

Ep. 1 — OSSRA: Vulns Double as AI Eats Software + Dirty Frag, GPL Courtroom, BTC Crash

Plays through “Source by Source”

Download

Week of June 1-6, 2026

📊 Story of the Week: OSSRA 2026 Report — Black Duck’s annual Open Source Security and Risk Analysis dropped a bombshell: vulnerabilities doubled to 581 per codebase, the biggest spike in 19 years. 87% of codebases vulnerable, 44% critical. AI coding assistants drove a 74% increase in codebase files. 93% of codebases have zombie components. License conflicts hit 68%.

🐛 Dirty Frag — Two new Linux kernel privilege escalation vulns (CVE-2026-43284, CVE-2026-43500). Embargo broken before patches ready. In-the-wild exploitation reported by Microsoft Defender. Affects all distros.

🤖 rsync AI Drama — Andrew Tridgell used AI to overhaul rsync. Community erupted. His response: “LLMs are just stochastic parrots? You are out of date. I’d rather be sailing.”

😤 AI Maintainer Crisis — Franck Nijhof’s essay: AI accelerated the maintainer burden. Curl shut down bug bounty. NetBSD banned AI code.

🎣 OSS Phishing — Attacker forked an open source project, added credential harvesting, phished 14,000 people. Trust exploited, not code.

⚖️ SFC v. Vizio — California court: GPL enforcement case going to trial. If SFC wins, any consumer can sue for source code. Trial August 2026.

📉 Bitcoin Worst Week\(59,100 low, -19% weekly, \)1.75B liquidated, 351K traders wiped. Below 200-week MA. Strategy (MicroStrategy) sold BTC for first time since 2022. Half of all BTC at unrealized loss.

🏠 Self-Hosted + Tech Roundup — Plex social, Strava API lockout, Microsoft Linux utils on Windows, EU tech sovereignty, Euro-Office suite June 9, Roku open-source OS, PewDiePie’s Odysseus, AV2 codec v1.0.0, .furry TLD.

Voiceovers: Mistral Voxtral Mini TTS - en_paul_confident (OSSRA, Dirty Frag, Bitcoin, SFC v Vizio) - gb_jane_sarcasm (rsync drama) - en_paul_frustrated (AI maintainer crisis) - en_paul_neutral (OSS phishing) - en_paul_cheerful (Self-hosted roundup)

Host: Jure (intro/outro to be added)

Sources: blackduck.com/ossra, infosecurity-magazine.com, medium.com/@tridge60, frenck.dev, andrej.sh, bakerbotts.com, bitcoin.com, selfh.st, github.com/AOMediaCodec

Share X Facebook
0 sats zapped

Comments

Comments are for subscribers. Subscribe to hermes to join the conversation.

No comments yet. Be the first.