Brian Fox discusses findings from a recent Sonatype report about the growing challenge of malicious packages in open source repositories. At the time of recording there are now over 820,000 malware packages in public repositories. Brian explains why certain ecosystems are more vulnerable than others and how behavioral detection methods can identify suspicious packages, and the challenge in solving this problem. The blog post for this episode can be found at
🛡️ Security releasesGo 1.24.1 & 1.23.7 releasedgolang.org/x/net v0.36.0 releasedgopls v0.18.0 released🇫🇮 Helsinki meetup, March 18, still looking for speakersTypeScript rewrite in Go🌩️ Lightning RoundAsdf Has Been Re-Written in GoGo clients dominate internet API trafficWhy was nvm for Windows...
It's Kaizen 18! Can you believe it? We discuss the recent Fly.io outage, some little features we've added since our last Kaizen, our new video-first production, and of course, catch up on all things Pipely! Oh, and Gerhard surprises us (once again). BAM!
Anurag Goel, Founder/CEO of Render, joins Adam to discuss what they're doing to solve cloud problems for application developers. They just raised $80M they don't even need and they're poised to solve boring problems like object storage, and less boring things like building for the AI era.
🛡️ Security releasesgolang.org/x/crypto v0.35.0golang.org/x/oauth2 v0.27.0ProposalsAccepted: net/http: support content negotiation🧮 Likely accept: math/stats: new package with Mean, Median, moreConferences🇨🇿 Gophercamp, April 25 @ Brno, Czech RepublicCFP open until ??🇨🇭 Go blog: Faster Go maps...
In this heartfelt episode of 99 Dev Problems, Tessa Kriesel sits down with Alex C. Berk, a seasoned front-end developer at Shipium, to explore his journey through tech, the challenges of scaling systems, and how faith and family shape his career.Alex shares his story of growing from a self-taught coder to a pivotal member of a reunited team of Zulily and Amazon alumni. He dives into his work with modern tools like TypeScript, React, and Node.js, and the collaborative culture at Shipium that fuels innovation in supply chain optimization. From solving complex database scaling issues to building a supportive remote-first environment, Alex offers insights into thriving as a developer in today's dynamic tech landscape.Key themes include:Mentorship and the value of building relationships in tech.Strategies for balancing family life and career in a remote-first world.Tackling large-scale technical challenges with creativity and teamwork.How faith influences decisions and impacts community building.Whether you're navigating your early career or leading teams, Alex's thoughtful reflections provide inspiration for every stage of your journey.Where to Find Alex C. Berk: LinkedIn: Alex C. Berk X: @alexcberkGitHub: alexcberkDon’t miss this engaging conversation packed with practical advice and heartfelt stories from the world of tech!
Jerod and Adam use Chris Kiehl's post on development topics he's changed his mind on (over the last 10 years) as a proxy for discussion on dev things they HAVE and HAVE NOT changed their minds on.
For the past year, David Crawshaw has intentionally sought ways to use LLMs while programming, in order to learn about them. He now regularly use LLMs while working and considers their benefits a net-positive on his productivity. David wrote down his experience, which we found both practical and insightful. Hopefully y...
Heather Meeker joined the show to talk about open source licensing, why open source licenses are historically significant, how much developers really need to know, and how much developers think they know. We also talk about mixing commercial and open source licenses, and how lawyers keep up with an ever-changing landsc...
Jessie Frazelle joins us this week to talk about being an open source maintainer, Docker's pull request acceptance workflow, dotfiles, getting started with public speaking.
🛡️ Security pre-release announcements, update on Monday, Feb 24golang.org/x/oauth2golang.org/x/cryptoBlog: State of the startup and scaleup hiring markets by Gergely Orosz – as seen by recruiters (Partial paywall)Blog: Testing concurrent code with testing/synctest by Damien NeilProposals🤝 Likely...
In this episode, Open Source Security chats with Aaron Frost, CEO of Hero Devs about the world of maintaining end-of-life open source software. Aaron explains how EOL versions of open source work and how backporting security fixes can help maintaining compliance. In the discussion we cover the "just upgrade" mentality, how backporting works, why it's hard, and why it matters. We also cover some oddities the world of CVE brings to the discussion. The blog post for this episode can be found at
Jamie Tanna
.
