Ian and Johnny discuss the polyfill.io supply chain attack, Go Proverbs, and the importance of dependency management. They explore risks of CDNs, transitioning to OpenTelemetry, vulnerability risks in Go libraries, updating dependencies, and learning C programming for software development.
Polyfill.io, a popular CDN serving JavaScript libraries for browser polyfills, was found to be sold to a different company, leading to malicious JavaScript injections affecting numerous websites. Websites like Hulu and JSTOR were found redirecting users to gambling sites due to this compromise, highlighting the severity of the situation. CDNs play a vital role in web performance, but the incident serves as a reminder of the potential risks associated with relying on third-party services like CDNs and the importance of monitoring and vetting them for security threats.
Security Consciousness in the Backend Development Community
The podcast delves into the difference in security consciousness between backend and front-end developers. Backend developers are perceived to be more security-conscious due to the critical nature of database protection and vulnerability implications. The discussion touches on the need for robust security measures when handling sensitive data and mentions the importance of proactive security practices in the backend development ecosystem.
Importance of Memory Management Awareness
The conversation shifts to the significance of memory management awareness in programming languages, specifically mentioning how the development industry often relies on garbage collection for memory management. However, it emphasizes the need for developers to understand memory allocation, garbage collection limitations, and resource optimization beyond automated processes. Highlighting the importance of manual memory management awareness, the podcast underscores the benefits of learning fundamental programming principles like memory management, even in languages with automated memory handling.
The Role of C Programming in Understanding Systems
C programming language is advocated as a foundational language for understanding system-level operations and low-level concepts in computing. The podcast suggests that learning C provides insights into memory allocation, machine functionalities, and fundamental computing aspects, aiding developers in comprehending the inner workings of software and hardware interfaces. By exploring C, individuals enhance their understanding of memory handling, machine operations, and system-level capabilities, contributing to more proficient and informed coding practices across higher-level programming languages.
Adopting a Security-First Approach in Programming
Emphasizing the need for a security-first approach in software development, the podcast highlights the necessity of prioritizing security measures in coding practices. By advocating for vigilance in handling dependencies, staying informed on vulnerabilities, and adopting secure coding practices, the discussion underscores the significance of proactive security measures to safeguard against potential threats and security breaches. Encouraging a security-conscious mindset, the podcast promotes ongoing diligence and awareness in software development to mitigate security risks effectively.
Dependencies! We need them, but how do we use them effectively and safely? In this week’s episode Kris is joined by Ian and Johnny to discuss the polyfill.io supply chain attack, the history of dependency management and usage in Go, and the Go Proverb that “a little copying is better than a little dependency”. Of course, we wrap up the episode with some Unpopular Opinions!
Changelog++ members save 5 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
Speakeasy – Production-ready, Enterprise-resilient, best-in-class SDKs crafted in minutes. Speakeasy takes care of the entire SDK workflow to save you significant time, delivering SDKs to your customers in minutes with just a few clicks! Create your first SDK for free!
