AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Cup o' Go
Supply chain attacks ⛓️💥 Ghetto Logs 👊🏾 🪵 and Rust/AI cold takes 🧊 with Thorsten Ball
Feb 7, 2025
In this engaging discussion, Thorsten Ball, a software engineer at Sourcegraph and author of notable programming books, dives into pressing issues around supply chain security, highlighting threats like typo squatting and a dangerous malicious package in the Go ecosystem. He shares his insights on new Go language updates and tools like GoFix that automate code migration. Thorsten also explores the juxtaposition of Go and Rust, discussing preferences rooted in simplicity versus complexity, and wraps up with creative approaches to logging using AI.
01:14:46
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Recent Go releases highlight critical security updates addressing vulnerabilities like arbitrary code execution and timing side channel attacks.
- A new proposal in the Go community aims to automate migration processes for deprecated code, alleviating common developer pain points.
Deep dives
Security Fixes in Go Releases
Recent Go releases include crucial security updates that developers need to implement promptly. Noteworthy security vulnerabilities addressed involve arbitrary code execution during builds, which can occur due to improper flags used during compilation that could allow unwanted code execution on a machine. Additionally, a timing side channel attack was discovered in the elliptic cryptography package, specifically targeting a niche architecture. Such vulnerabilities highlight the importance of keeping Go environments up to date to prevent exploitation.
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode