#37 Andrei Simionescu, Lavaboom


Summary
Andrei Simionescu of the now closed Lavaboom talks to me about the encrypted email service they wanted to make.

Details
Who he is; a little about Lavaboom; PGP is unfriendly, why did they make it, connection to Lavabit; "but I've got nothing to hide", do I make myself a target by using it; other PGP email initiatives; lawful legal requests; open source for core features, verifying the builds are from the source; how Lavaboom works; is there any clear text ever; losing a password; what kind of encryption is in use; open source problems; hosting; scaling; making money; raising money.

#17 Robert Hurlbut, Software security

Summary
Robert Hurlbut and I discuss various aspects of software security

Details
Background, why security isn’t thought about enough, out of the box security with MVC, XSS, CSRF, model binding and parameter tampering; https everything or just on parts of a site; Microsoft improving security, open source issues, inclusion of open source in hardware security devices; unmanaged code in web apps; typical weaknesses in software, password security; software review process, threat models, code reviews, fuzz testing; healthcare security, medical devices, attack vectors, Barnaby Jack, how to build secure devices; finding good security professionals, conferences and tradeshows; books; dont roll your own security; Robert’s presentation at Boston Code Camp.

Book Recommendations
Iron-Clad Java: Building Secure Web Applications

Writing Secure Code (2nd Edition) (Developer Best Practices)

Software Security: Building Security In

#15 Linus Olsson, Hemlis project

Summary
Linus Olsson of the Hemlis project discusses what Hemlis is, why they are building it and how it works.

Details
Linus I and discuss his background, what is Hemlis, why build it; open source; need for security and privacy, does encryption make you a target, good encryption vs bad encryption; why trust Hemlis, legal requests for data, would he go to jail to protect users; how it works, public key encryption, easier than PGP, type of encryption, back door on phone, base band hacking; open source vulnerabilities; servers, just for relaying, graphs, peer-to-peer not viable; scaling; release date, usability; how to promote your software; pricing, premium features, enterprise solution.

Book Recommendations
The Mom Test: How to talk to customers & learn if your business is a good idea when everyone is lying to you

The Lean Startup: How Today’s Entrepreneurs Use Continuous Innovation to Create Radically Successful Businesses