Category: 3-SometimeTechTalk

In this episode of The BlueHat Podcast, host Nic Fillingham and Wendy Zenone are joined by Mike Macelletti from Microsoft’s MSRC Vulnerabilities and Mitigations team to explore Redirection Guard, a powerful mitigation designed to tackle a long-standing class of file path redirection vulnerabilities in Windows. Mike shares how his interest in security began, the journey behind developing Redirection Guard, and how it's helping reduce a once-common bug class across Microsoft products. He also explains how the feature works, why it's impactful, and what developers can do to adopt it. Plus, a few fun detours into Solitaire hacking, skiing, and protein powder. 

 

 

In This Episode You Will Learn:  

 

• What Redirection Guard is and how it helps prevent file system vulnerabilities 
• How Microsoft identifies and addresses common bug classes across their ecosystem 
• Why some vulnerabilities still slip past Redirection Guard and what’s out of scope 

 

Some Questions We Ask: 

 

• What is a junction and how is it different from other redirects? 
• How does Redirection Guard decide which shortcuts to block? 
• Are there vulnerabilities Redirection Guard doesn’t cover? 

   

  

Resources:      

View Mike Macelletti on LinkedIn     

View Wendy Zenone on LinkedIn   

View Nic Fillingham on LinkedIn  

 

  

Related Microsoft Podcasts:   

  

• Microsoft Threat Intelligence Podcast   
• Afternoon Cyber Tea with Ann Johnson   
• Uncovering Hidden Risks   

  

  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

---

Hosted on Acast. See acast.com/privacy for more information.

SPONSORED BY HEROKU

Heroku is a platform-as-a-service (PaaS) for deploying, scaling, and managing apps. 

Connect with Vish on X and LinkedIn. 

Congrats to Populist badge winner AmaDaden  for their answer to How to generate a legend with colors in PlantUML?.

Austin Federa has a non-traditional path into the blockchain world. In college, he studied political & environmental science, and economics. Interestingly enough, those studies map a lot to the blockchain first principles. He was seriously looking to do his PhD, but fell out of love with that space, and joined NPR as a journalist for a while. Then, of course, he got bit by the startup bug. Outside of tech, he enjoys living in Brooklyn, photography, and engaging in some form of learning at all times. He enjoys reading, mention the Children of Time series, as though it was fiction, it had a lot of interwoven psychology and communal themes.

Austin acknowledges that though we all love the internet, it's actually not very good... for high performant systems. And though companies are trying to build dedicated networks in the world, there hasn't been one created for blockchain - IE, not centralized around single party.

This is the creation story of DoubleZero.

Sponsors

• Paddle.com
• Sema Software
• PropelAuth
• Postman
• Meilisearch

Links

• https://doublezero.xyz/
• https://www.linkedin.com/in/austin-federa/

Our Sponsors:
* Check out Vanta: https://vanta.com/CODESTORY


Support this podcast at — https://redcircle.com/code-story/donations

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy

Ryan and Ben welcome Alex Malcoci, CEO and founder of MiniProto, to talk innovations in hardware prototyping, the evolving complexities of the global supply chain, the impact of the US-China trade war on manufacturing, and how automation in production could lead to new training programs for future engineers.

Episode notes:

MiniProto is a US-based prototyping manufacturer revolutionizing the way we develop and interact with hardware. 

Connect with Alex on LinkedIn.

Shoutout to an Unsung Hero of Stack Overflow, Hamed Jimoh, who deserves upvotes for their more than 10 accepted answers with a zero score.

Topics covered in this episode:

• * The Python Language Summit 2025*
• Fixing Python Properties
• * complexipy*
• * juvio*
• Extras
• Joke

Watch on YouTube

About the show

Sponsored by Posit: pythonbytes.fm/connect

Connect with the hosts

• Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
• Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
• Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: The Python Language Summit 2025

• Write up by Seth Michael Larson
• How can we make breaking changes less painful?: talk by Itamar Oren
• An Uncontentious Talk about Contention: talk by Mark Shannon
• State of Free-Threaded Python: talk by Matt Page
• Fearless Concurrency: talk by Matthew Parkinson, Tobias Wrigstad, and Fridtjof Stoldt
• Challenges of the Steering Council: talk by Eric Snow
• Updates from the Python Docs Editorial Board: talk by Mariatta
• PEP 772 - Packaging Governance Process: talk by Barry Warsaw and Pradyun Gedam
• Python on Mobile - Next Steps: talk by Russell Keith-Magee
• What do Python core developers want from Rust?: talk by David Hewitt
• Upstreaming the Pyodide JS FFI: talk by Hood Chatham
• Lightning Talks: talks by Martin DeMello, Mark Shannon, Noah Kim, Gregory Smith, Guido van Rossum, Pablo Galindo Salgado, and Lysandros Nikolaou

Brian #2: Fixing Python Properties

• Will McGugan
• “Python properties work well with type checkers such Mypy and friends. … The type of your property is taken from the getter only. Even if your setter accepts different types, the type checker will complain on assignment.”
• Will describes a way to get around this and make type checkers happy.
• He replaces @property with a descriptor. It’s a cool technique.
• I also like the way Will is allowing different ways to use a property such that it’s more convenient for the user. This is a cool deverloper usability trick.

Brian #3: complexipy

• Calculates the cognitive complexity of Python files, written in Rust.
• Based on the cognitive complexity measurement described in a white paper by Sonar
• Cognitive complexity builds on the idea of cyclomatic complexity.
• Cyclomatic complexity was intended to measure the “testability and maintainability” of the control flow of a module. Sonar argues that it’s fine for testability, but doesn’t do well with measuring the “maintainability” part. So they came up with a new measure.
• Cognitive complexity is intended to reflects the relative difficulty of understanding, and therefore of maintaining methods, classes, and applications.
• complexipy essentially does that, but also has a really nice color output.
• Note: at the very least, you should be using “cyclomatic complexity”
  • try with ruff check --select C901
• But also try complexipy.
• Great for understanding which functions might be ripe for refactoring, adding more documentation, surrounding with more tests, etc.

Michael #4: juvio

• uv kernel for Jupyter
• ⚙️ Automatic Environment Setup: When the notebook is opened, Juvio installs the dependencies automatically in an ephemeral virtual environment (using uv), ensuring that the notebook runs with the correct versions of the packages and Python
• 📁 Git-Friendly Format: Notebooks are converted on the fly to a script-style format using # %% markers, making diffs and version control painless
• Why Use Juvio?
  • No additional lock or requirements files are needed
  • Guaranteed reproducibility
  • Cleaner Git diffs
• Powered By
  • uv – ultra-fast Python package management
  • PEP 723 – Python inline dependency standards

Extras

Brian:

• Test & Code in slow mode currently. But will be back with some awesome interviews.

Joke: The 0.1x Engineer

• via Balázs
• Also
  • StormTrooper vlog
  • BIGFOOT VLOG - ATTACKED BY WENDIGO!

Ranjan Roy from Margins is back for our weekly discussion of the latest tech news. We cover: 1) OpenAI and Microsoft's tension boils as business relationship grows complex 2) Is Microsoft being anticompetitive? 3) How much money OpenAI owes Microsoft 4) Who holds the power in the relationship? 5) OpenAI discounts ChatGPT enterprise 6) New study shows using ChatGPT leads to eroding critical thinking skills 7) Does ChatGPT help or hurt education? 8) Andy Jassy says AI will replace Amazon workers 9) Is this really just a ploy to get workers using AI tools? 10) Zuck hires more AI execs 11) Waymo arrives in NYC.... kinda

---

Enjoying Big Technology Podcast? Please rate us five stars ⭐⭐⭐⭐⭐ in your podcast app of choice.

Want a discount for Big Technology on Substack? Here’s 25% off for the first year: https://www.bigtechnology.com/subscribe?coupon=0843016b

Questions? Feedback? Write to: bigtechnologypodcast@gmail.com

The Trust and Safety team is using aliases in this episode. Learn more about who the Community Management team is at Stack Overflow. 

Explore how we keep our community safe in our Code of Conduct. 

Congratulations to Lifeboat badge recipient Arvin Yorro, who won it for their helpful answer to the question Docker Desktop - WSL update failed.

Tim Eades grew up poor, but forced himself into college. He is a 4 time CEO, an investor, and on the boards of several different companies - but more interestingly, he is an old punk. He saw the Sex Pistols live back in the day, which he mentioned had great sound quality. He's been married for 25 years, and is on the board of a charity that his wife runs. That charity delivery 20,000 birthday cakes to underprivileged children a year.

Being a multi-time CEO, Tim has some experience around starting companies. He interviewed many cybersecurity leaders, asking about identity and why vulnerabilities around it was still a problem. During a Liverpool game, he downloaded a powerpoint template and put together a pitch to build a company and solve this problem.

This is the creation story of Anetac.

Sponsors

• Paddle.com
• Sema Software
• PropelAuth
• Postman
• Meilisearch

Links

• https://anetac.com/
• https://www.linkedin.com/in/tieades/

Our Sponsors:
* Check out Vanta: https://vanta.com/CODESTORY


Support this podcast at — https://redcircle.com/code-story/donations

Advertising Inquiries: https://redcircle.com/brands

Privacy & Opt-Out: https://redcircle.com/privacy

Dane shares his excitement about the Model Context Protocol (MCP), exploring its potential impact on the future of technology. The discussion turns to the growing need for sustainable content monetization and fair compensation for creators in an AI-driven world, and how this connects to Cloudflare’s mission to build a better internet.

The conversation also:

• Explores how Cloudflare leverages AI internally to enhance developer productivity and improve code quality while keeping developers as owners of their work.
• Covers Cloudflare’s innovative organizational structure and their journey toward becoming an AI-first company.

Episode notes:

• Connect with Dane on LinkedIn or X, and learn more about Cloudflare.
• Read more about Knowledge Solutions, a data licensing offering that provides continuous access to Stack Overflow’s public dataset.
• Learn more about creating a private instance of Stack Overflow for your team or org with Stack Overflow for Teams.

Dwarkesh Patel is the host of the Dwarkesh Podcast. He joins Big Technology Podcast to discuss the frontiers of AI research, sharing why his timeline for AGI is a bit longer than the most enthusiastic researchers. Tune in for a candid discussion of the limitations of current methods, why continuous AI improvement might help the technology reach AGI, and what an intelligence explosion looks like. We also cover the race between AI labs, the dangers of AI deception, and AI sycophancy. Tune in for a deep discussion about the state of artificial intelligence, and where it’s going.

---

Enjoying Big Technology Podcast? Please rate us five stars ⭐⭐⭐⭐⭐ in your podcast app of choice.

Want a discount for Big Technology on Substack? Here’s 25% off for the first year: https://www.bigtechnology.com/subscribe?coupon=0843016b

Questions? Feedback? Write to: bigtechnologypodcast@gmail.com