The One Million Bytes Podcast

A podcast by Rich Infante — featuring bite-sized episodes about technology, programming, the web, and more!
For more content like this, check out my blog!

Latest Episodes

S1E3 - Github Actions - Supply Chain Attacks

3/26/2025

In this episode, we discuss the recent tj-actions/changed-files github action compromise. I propose some ways we can apply existing solutions to this problem, in a way that doesn’t add too much extra friction, but can greatly lessen the number of users impacted by a compromise like this.

I also mention some information from Step Security’s blog post on the topic, which I’d recommend reading: https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised

See also: This episode in blog form

Edit: I have published a revised version of this episode clarifying the current state of dependabot for managing action updates.

S1E2 - Privilege Escalation in EC2, using Session Manager

3/23/2025

A companion to my blog post on permissions misconfigurations and how ssm:StartSession and similar AWS APIs can be abused to traverse across your network or escalate privileges.

S1E1 - The Rebirth of PebbleOS

3/11/2025

I discuss the rebirth of Pebble, and a recent hacking project where I upgraded major parts of the Toolchain/SDK to run on modern Python 3.

Eric’s blog posts: Success and Failure at Pebble (2021), How to help us build open source Pebble software! (2025)

My Watchfaces can be found on the Rebble app store. You can also find my fork for RebbleTool here on Github: https://github.com/richinfante/rebbletool, and further info on my blog.

Hello World

3/1/2025
In this episode, I introduce the podcast and talk about what I hope to accomplish.
a rich infante production. © 2024-2025