Cup o' Go cover image

Cup o' Go

Supply chain attacks ⛓️‍💥 Ghetto Logs 👊🏾 🪵 and Rust/AI cold takes 🧊 with Thorsten Ball

Feb 7, 2025
In this engaging discussion, Thorsten Ball, a software engineer at Sourcegraph and author of notable programming books, dives into pressing issues around supply chain security, highlighting threats like typo squatting and a dangerous malicious package in the Go ecosystem. He shares his insights on new Go language updates and tools like GoFix that automate code migration. Thorsten also explores the juxtaposition of Go and Rust, discussing preferences rooted in simplicity versus complexity, and wraps up with creative approaches to logging using AI.
01:14:46

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • Recent Go releases highlight critical security updates addressing vulnerabilities like arbitrary code execution and timing side channel attacks.
  • A new proposal in the Go community aims to automate migration processes for deprecated code, alleviating common developer pain points.

Deep dives

Security Fixes in Go Releases

Recent Go releases include crucial security updates that developers need to implement promptly. Noteworthy security vulnerabilities addressed involve arbitrary code execution during builds, which can occur due to improper flags used during compilation that could allow unwanted code execution on a machine. Additionally, a timing side channel attack was discovered in the elliptic cryptography package, specifically targeting a niche architecture. Such vulnerabilities highlight the importance of keeping Go environments up to date to prevent exploitation.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode