Filippo Valsorda:

Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats (Go cryptography, transparency tooling, age, mkcert, yubikey-agent…), iterated on the model since September, and I’m happy to report that I am now a full-time independent open-source maintainer.

People like Filippo are still (unfortunately) the exception, not the rule. BUT! I’ll celebrate every time an open source maintainer makes it to the promised land, hopefully paving the way for others to follow after.

I’m sharing details about my progress to hopefully popularize the model, and eventually help other maintainers adopt it, although I’m not quite ready to recommend anyone else drop everything to try this just yet.

A deep dive on Fuzzing and a close look at the official Fuzzing proposal for Go.

It features small explicit keys, no config options, and UNIX-style composability.

$ age-keygen -o key.txt
Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
$ tar cvz ~/data | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.age
$ age -d -i key.txt data.tar.gz.age > data.tar.gz

If Rust is more your thing, check out the perfectly named port: rage.

Mat, Filippo, Johan, and Roberto discuss security in Go. Does Go make it easy to secure your code? What common mistakes are Gophers making? What is fuzzing? How can attackers abuse your code if you use the default http mux?

Filippo Valsorda joined the show to talk about his project Hellogopher, whosthere (whoami.filippo.io), $GOPATH, TLS 1.3, Cloudflare’s secret reverse proxy, and more.