This week on Destination Linux, we are joined by a special guest host: Craig Rowland, the CEO of Sandfly Security! We’re diving deep into the reality of modern security—specifically when third-party code knocks over your castle. From malicious VSCode extensions to the "React2Shell" vulnerability, we discuss why "Open Source" doesn't automatically mean "Safe" and how to protect your supply chain.

Then, is it possible to have the macOS experience without the Apple ecosystem? Ryan explores ravynOS, a daring new project with "macOS vibes and a BSD soul." It’s attempting to bring the Aqua interface—and eventually Mac app compatibility—to the open-source world.

Plus, Jill brings us massive news from Canonical and AMI. You might soon be installing Ubuntu directly from your motherboard's BIOS without ever needing a USB drive. We break down how this partnership changes the game for hardware.

Finally, we read an incredible listener story.

Show Notes:

00:00:00 Intro

00:02:39 Extended Intro: Open Source or Bust

00:03:08 Community Feedback: A Pentester’s Origin Story

00:10:03 Guest Host: Sandfly Security & Agentless Protection

00:15:53 Security Deep Dive: Supply Chain Attacks, Malicious VSCode Extensions & React2Shell

00:44:31 ravynOS: The Open Source Mac Killer?

00:56:05 News: Canonical + AMI: Installing Ubuntu from the BIOS

01:08:07 Outro

01:09:33 Post-Show Shenanigans

Support the Show:

Sponsored by Sandfly Security: destinationlinux.net/sandfly - Get 50% off the Home Edition with code DESTINATION50

Special Guest: Craig Rowland.