Sustain
Episode 48: Security and Cryptography with Nadim Kobeissi
Hello and welcome to Sustain! On today's episode, we have special guest, Nadim Kobeissi, who runs a small company in Paris called Symbolic Software. We are going to find out how Nadim got into doing security and cryptography and all about his new project called Verifpal. We will also learn more about PEPP-PT effort, RustTLS's code, Cure53, and we discuss the effectiveness of the Code of Conduct. Download this episode to find out all this and much more!
[00:00:45] Nadim tells us what Symbolic Software does and how he got into doing security and cryptography. He also tells us he's working on another project called Verifpal.
[00:06:28] On the topic of Verifpal, Nadim tells if he plans on building services around that with his consultancy or if it's strictly use it at your own discretion.
[00:08:45] Richard asks Nadim to talk about what's been going on in the world of cryptographically analyzing contract tracing apps and how they deal with privacy and what his thoughts are. He explains the PEPP-PT effort.
[00:19:47] Richard talks about contact apps being very useful for authoritarian regimes and privacy issues with Zoom. Nadim has a story about what they are doing in China with drones.
[00:25:20] Justin wants to know what Nadim did for RustTLS, how did he get paid, and what is Cure53?
[00:31:02] Nadim tells us his thoughts of the effectiveness of COC (Code of Conduct).
[00:40:17] Nadim has a great story about being approached while walking on the street by a Green Peace guy and Red Cross.
[00:42:32] Nadim talks about technology and it doesn't have to be tribal and maybe it could be political.
[00:43:40] Nadim lets us know where we could find him on the internet.
Spotlight:
- [00:44:17] Justin's spotlight Youper-a pocket AI therapist.
- [00:44:35] Eric's spotlight is the resume.io.
- [00:45:00] Richard's spotlight is Moxie Marlinspike's website, specifically his yacht stories.
- [00:45:58] Nadim's spotlight is a book called, Database Internals: A Deep Dive into How Distributed Data Systems Work by Alex Petrov.
Panelists:
Richard Littauer
Justin Dorfman
Eric Berry
Guest:
Nadim Kobeissi
Quotes:
[00:02:41] "What government told you…no, no, no, I was just poking fun at the fact that we had really severe security vulnerabilities and the Australian government at one point issued an advisory."
[00:18:29] "It confirms a lot of my worst fears in a way that's very visceral and dramatized with a multimillion-dollar budget behind it."
[00:18:48] "There's a saying at Google that in order to get promoted at Google you have to create a chat app."
[00:19:58] "A friend of mine was saying it looks like China has been particularly good at dealing with their population and COVID, and I'm like yeah, it's been really good at dealing with it if you only qualify certain amounts of people as citizens."
[00:29:00] "Personally, I don't think I could have written code this good myself."
[00:31:32] "The code of conduct, I don't think there's anything bad about them."
[00:33:55] "As a maintainer of my own open source project, I would love to have a code of conduct for contributors."
[00:35:38] "Putting a code into your repo doesn't do anything by itself most of the time."
[00:39:53] "One final thing I feel that is a bit problematic is that you find yourself in a position where by simply having any criticism at all, you already have to defend yourself as not being morally in a gray area or criticizing some sort of greater good."
[00:42:48] "There's a lot of tribalism that's entering open source software."
*Links: *
DP3T-Decentralized Privacy-Preserving Proximity Tracing
Pan-European Privacy-Preserving Proximity Tracing
Moxie Marlinspike Stories-Website
Database Internals: A Deep Dive into How Distributed Data Systems Work by Alex Petrov
Special Guest: Nadim Kobeissi.