I've seen great people in our industry crushed under the weight of the secrets they carry into a singularity from which no information can emerge. In some ways the lesson from apache_nosejob.c https://www.exploit-db.com/exploits/21560 was that we cannot take ourselves seriously, that at the heart of our discipline there must remain a jester, that we must float upon the stream of endless information rather than absorb it into our darkened core.

To that end I often listen to infosec podcasts while doing other things:

1. The Three Buddy Problem https://securityconversations.com/podcast/security-conversations/ with Ryan Naraine, Costin Raiu and JAGs. This is probably my new favorite podcast, with an uncensored take on current infosec events, largely from an incident response standpoint, but in general covering all the bases and courageously offending everyone at great length.

2. Risky.Biz https://risky.biz/RB775/: Still excellent after all these years, partially because Adam is such an experienced penetration tester and Patrick is a good host, and I generally learn things about events that are poorly covered in the news from their perspective, without having to go through and do fact checking myself (aka, why the Struts bug is so bad, etc.)

Also, happy New Year everyone! -dave