Fallthrough

A recent Ars Technica article outlined a backdoor in the Go Module Mirror. Even though it's framed as a backdoor, and potentially a vulnerability, it's actually an exploit of a design choice designers of the module mirror made. Kris is joined by Matthew, Dylan, and guest host Jamie Tanna, to discuss this vulnerability-but-actually-feature, the implications for the Go community, and the wider reasons why something like this happened. We go on a journey through the history of modules, the Go community, and a whole lot more. We know this is a long one but we're sure you'll love it! Have thoughts? Reach out to us on social media and let us hear them!Thanks for tuning in and happy listening!Notes & Links:Go Module Mirror served backdoor to devs for 3+ yearsGo Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for PersistenceAbusing Go's infrastructure (from 8:38)#66653: x/pkgsite: links can point at source code that may not match what is served by the module proxyopenapi.tanna.dev/go/validator (from 22:15)#44550: proposal: cmd/go: make major versions optional in import paths (from 1:15:56)Comment from aboveSourceHut will (not) blacklist the Go module mirror (from 9:19)Chapters:(00:05) - Intro (01:38) - Introducing Jamie Tanna (02:21) - The vulnerability that's actually a feature (04:53) - The Go Module Mirror (14:02) - Paternalism (21:14) - What are vanity URLs? (23:02) - Not just the official Go Module Mirror (27:58) - Unforgiving Module Proxies (29:23) - #BringBackGOPATH (29:36) - Tags are mutable (33:44) - What does a version mean? (35:10) - Jamie's Hot Take (38:20) - The Trails and Tribulations of Modules (42:03) - It's humans! (44:40) - How might we fix this? (49:12) - Is it too easy to fetch dependencies? (52:25) - Decentralized versus Centralized (57:24) - A Proxy is not an Origin (01:03:14) - Can we revalidate? (01:05:14) - I can't believe it's not SemVer! (01:06:34) - Analogy Time, featuring The Web! (01:09:25) - Is this a problem elsewhere? (01:12:20) - The tooling should be better (01:16:47) - The Community that was (01:23:06) - Matthew's Is Go Dead? Perspective (01:23:59) - Jamie's Is Go Dead? Perspective (01:25:19) - What does Dead mean? (01:28:23) - Go should be able to do more (01:31:22) - Go as an identity (01:32:33) - Some added nuance (01:39:18) - A difference in leadership (01:43:03) - A lack of inclusion (01:57:34) - Blame the system, not the person (02:03:00) - Outro Hosts Kris Brandow - Host Dylan Bourque - Host Matthew Sanabria - Host Jamie Tanna - Host Socials:WebsiteBlueskyThreadsX/TwitterLinkedInInstagram

Go's steady cycle of releasing new versions every six months continues. On this episode, our "What's new in Go?" correspondent (a carry over from Go Time) joins special guest host Johnny Boursiquot to talk about the new features and changes coming in Go 1.24. As always, we've got some great unpopular opinions at the end.Thanks for tuning in and happy listening!Notes & Links:Carlana's WebsiteTime Is Not A Synchronization Primitive (from 19:04)sqlc (from 1:05:01)Chapters:(00:00) - Intro (02:20) - Introducing Carlana (03:29) - What's New In Go 1.24? (04:02) - package weak (10:17) - package runtime (16:55) - testing (27:37) - package os (32:28) - go tool (37:58) - generic type aliases (41:35) - minor changes (52:25) - Unpopular Opinions (52:35) - Carlana's Unpop (56:36) - Johnny's Unpop (01:05:43) - Outro Hosts Kris Brandow - Producer Johnny Boursiquot - Host Carlana Johnson - Guest Socials:WebsiteBlueskyThreadsX/TwitterLinkedInInstagram

Chris Allaire, Owner and CEO of Averity, brings nearly 30 years of tech recruiting expertise to the table. He dives into the vital traits that make a standout candidate and debates the future of recruiting in an AI-driven world. The conversation explores the evolution of tech recruiting, emphasizing personal connections and genuine communication over mere qualifications. Allaire also shares insights on navigating engineering roles, the importance of adaptability, and choosing a recruiter who genuinely cares about candidates' success.

Angelica Hill, a podcast producer with a keen eye on complexity in software development, dives into the multifaceted nature of technological challenges. She and her fellow guests discuss the paradox of advanced tools increasing complexity rather than simplifying processes. They explore the role of AI in managing these complexities and reflect on the intricacies of database choices and information management. The conversation also critiques the communication hurdles in product management, revealing how misunderstandings can exacerbate technological dilemmas.

For years we've been told that everyone needs to learn to code. As career software people, what are our thoughts on this? Should you learn to code? Is coding the right career for you? In this first episode of a two part series, the panel discusses how they learned to code, whether they think everyone should learn to code, and of course they offer up some unpopular opinions.And if you're thinking, "I already know how to code", don't worry, this episode contains valuable advice for you as well.As always thanks for tuning in and happy listening!Notes & Links:Ben Eater's YouTube Channel (from 53:00)John Carmack's Fast Inverse Square Root (from 1:01:47)This is actually from Quake, not Doom.Change Interviews #581 It's Not Always DNS (from 1:04:15)Chapters:(00:00) - Intro (01:33) - How're we doing? (04:41) - Why did we learn to code? (06:10) - Why Kris learned to code (07:44) - Why Ian learned to code (08:54) - Why Dylan learned to code (10:36) - Why Matthew learned to code (14:22) - Computer Assembly Not Required (16:51) - Tangent: Why Are USB-C Cables? (17:36) - Should you focus on a specific language? (22:45) - Do you want to solve problems? (24:53) - Coding & Woodworking (27:09) - Curiosity & Itches that need scratching (31:07) - What do we mean when we say "code"? (32:34) - You should learn Excel (39:35) - Coding Is Configuring Computers (43:32) - Discrete Math, Not Binary (47:03) - Learn the low level stuff... eventually (53:42) - The desire to learn (57:41) - Sidequest: Networking (01:05:52) - Learning Design & Being Load Bearing (01:12:10) - Continual Learning (01:14:33) - What of AI and Automation? (01:21:49) - Share What You Learn (01:24:24) - Should You Learn To Code? (01:24:57) - Teaser: Episode 5 - Is Coding The Career For You? (01:26:02) - Unpopular Opinions (01:26:08) - Matthew's Unpop (01:28:51) - Ian's Unpop (01:29:29) - Dylan's Unpop (01:33:52) - Kris' Unpop (01:36:50) - Tangent: Chopper? (01:37:27) - Outro Hosts Kris Brandow - Host Ian Wester-Lopshire - Host Dylan Bourque - Host Matthew Sanabria - Host Socials:WebsiteBlueskyThreadsX/TwitterLinkedInInstagram

Dive into the fascinating world of Go programming where the hosts uncover both its gems and warts! Discover the strengths of net/http, the quirks of defer, and the robust handling of errors as values. They highlight testing built into the language and the power of Go's composition over inheritance. Tackle the challenges of URL management and the magic of struct field tags. The conversation is peppered with humor and personal anecdotes that make learning about Go's complexities both entertaining and insightful!

Dive into the wild world of tech war stories as the hosts share hilarious tales of coworker annoyances and absurd software bugs. From time zone debacles to deciphering API authentication woes, their experiences are both relatable and eye-opening. Discover how symbolic links can turn into security headaches and why different command implementations can lead to chaos. They wrap things up with some eye-catching unpopular opinions that spark lively debate. Prepare for some laughs and insightful reflections on the tech journey!

Welcome to Fallthrough! In our first episode, properly numbered 0, we're discussing what this podcast is and many of the things we hope to discuss on future episodes of the podcast. If you loved Go Time, we hope that you'll love Fallthrough. Happy listening!(00:00) - Welcome to Fallthrough! (00:29) - What's in a name? (01:55) - A New Perspective (03:33) - Introduction: Ian Wester-Lopshire (04:02) - Introduction: Matthew Sanabria (05:43) - Introduction: Dylan Bourque (06:19) - From the prospective of Go (06:34) - Prospective Podcast Content: Dylan (07:46) - Prospective Topic: Other languages from the Go perspective (13:39) - Prospective Topic: The missing bits from the standard library (15:17) - Prospective Topic: The "Don't touch that!" parts of Go (19:04) - Prospective Topic: The No Build movement (23:21) - Prospective Topic: Removing old Go habits (23:47) - Prospective Topic: Union, Sum, or Option types (25:41) - Prospective Topic: Documentation, Code Readability, & Error Planning (32:16) - Prospective Topic: If, Else, Switch, & Strong Opinions (36:55) - Podcast format changes (38:19) - Things we're planning to keep (38:58) - Opinions of the unpopular variety (39:29) - Ian's Unpopular Opinion (40:56) - Matthew's Unpopular Opinion (43:08) - Dylan's Unpopular Opinion (45:31) - Kris' Unpopular Opinion (46:20) - Bonus: A Popular Opinion (47:06) - Wrap up Hosts Kris Brandow - Host Ian Wester-Lopshire - Host Dylan Bourque - Host Matthew Sanabria - Host Socials:WebsiteBlueskyThreadsX/TwitterLinkedInInstagram

We're hard at work preparing the first episode of Fallthrough, but in the meantime we put together a short trailer to tease some of that episode's content. Make sure to subscribe so you'll be notified when the first episode ships. Happy listening!(00:00) - Introduction (01:09) - Clip 1: The Unsafe & Reflect Packages (04:03) - Clip 2: Documentation & Errors (06:04) - Clip 3: Internet Speeds (07:16) - Outro Hosts Kris Brandow - Host Matthew Sanabria - Host Dylan Bourque - Host Ian Wester-Lopshire - Host Socials:WebsiteBlueskyThreadsX/TwitterLinkedInInstagram