Go Icon

Go

Go is a programming language built to resemble a simplified version of the C programming language.
583 Stories
All Topics

Julie Qiu go.dev

Vulnerability management for Go

Julie Qiu, announcing Go’s new support for vulnerability management:

Go provides tooling to analyze your codebase and surface known vulnerabilities. This tooling is backed by the Go vulnerability database, which is curated by the Go security team. Go’s tooling reduces noise in your results by only surfacing vulnerabilities in functions that your code is actually calling.

There’s a new govulncheck command you can/should install and run against your project. It surfaces only the vulnerabilities that actually affect you, which is awesome.

Govulncheck is a standalone tool to allow frequent updates and rapid iteration while we gather feedback from users. In the long term, we plan to integrate the govulncheck tool into the main Go distribution.

The Changelog The Changelog #504

Building actually maintainable software ♻️

This week we’re sharing the most popular episode of Go Time from last year — Go Time #196. We believe this episode was the most popular because it’s all about building actually maintainable software and what goes into that. Kris Brandow is joined by Johnny Boursiquot, Ian Lopshire, and Sam Boyer. There’s lots of hot takes, disagreements, and unpopular opinions.

This is part two of a three part mini-series led by Kris on maintenance. Make sure you check out Go Time #195 and Go Time #202 to continue the series.

Go Time Go Time #245

Inside GopherCon

Ever wondered how GopherCon came to be, and how it’s put together every year. In this show we will be chatted with Erik St. Martin, who has been there from the start about how GopherCon came to be, how this year’s conference came together, as well as why events like GopherCon as so great!

We are joined by Erik St. Martin, GopherCon Organizer and Co-Author Go in Action.

Go Time Go Time #244

The art of the PR: Part 2

In this episode, we’ll be further exploring PRs. Check out The art of the PR: Part 1 if you haven’t yet. What is it that makes a PR a good PR? How do you consider PRs in an open source repo? How do you vet contributions from people who aren’t a part of the repository? How does giving feedback and encouragement fit in to the PR process? We’ll be debating the details, and trying to help our fellow gophers perfect the art of the PR. We are joined by the awesome Anderson Queiroz, hosted by Natalie Pistunovich & Angelica Hill.

Go Time Go Time #243

The art of the PR: Part 1

In this episode, we will be exploring PRs. What makes a good PR? How do you give the best PR review? Is there such thing as too small, or big of a PR? We’ll be debating the details, and trying to help our fellow gophers perfect the art of the PR. We are joined by three wonderful guests Jeff Hernandez, Sarah Duncan, and Natasha Dykes. Hosted by Angelica Hill & Natalie Pistunovich.

Jamie Tanna jvt.me

Learning a new language, or how I gained familiarity with Go

Every so often, engineers need to pick up a new language. After ~6 years of professional development using Java, with a bit of Ruby sprinkled in, coming to Deliveroo meant that I’d be starting to work on some Go codebases.

So when it came to accepting the offer, I ended up thinking about getting started with learning Go, so I could hit the ground running. In this post I share different ways to get practical experience of the language, as well as thoughts on what Go is like to a newbie

SQLite observablehq.com

A SQLite extension for making HTTP requests

You can think of this like fetch() or curl but entirely in SQL:

select request_url, response_status, response_headers 
  from http_get('http://httpbin.org/get');

The cool thing is you can save everything from the request: status code, headers, the body (of course), timestamps, and more. Great for archiving!

-- initialize a table
create table snapshots as
  select * from http_get('https://changelog.com');

-- To add more rows later on
insert into snapshots
  select * from http_get('https://changelog.com');

Go Time Go Time #242

The pain of dependency management

Baruch Sadogursky (Chief Sticker Officer at JFrog) joins Natalie & Johnny to lament the current state of dependency management in Go and other languages. They discuss the problems dependency managers face, possible technical mitigations like SBOMs, people problems that will never be solved by tech, and take questions from listeners in the #gotimefm channel of Gophers Slack.

Go Time Go Time #240

What's new in Go 1.19

Go 1.18 was a major release where we saw the introduction of generics into the language as well as other notables such as fuzzing and workspaces. With Go 1.19 slated to come out next month, one has to wonder what’s next. Are we in store to be blown away by new and major features like we saw in 1.18? Not exactly but there are still lots of improvements to be on the lookout for.

Joining Mat & Johnny to touch on some of the most interesting ones is Carl Johnson, himself a contributor to the 1.19 release.

Ben Johnson github.com

A distributed SQLite replication system

Ben Johnson is at it again.

LiteFS is a FUSE-based file system for replicating SQLite databases across a cluster of machines. It works as a passthrough file system that intercepts writes to SQLite databases in order to detect transaction boundaries and record changes on a per-transction level in LTX files.

I believe Ben was alluding to this (then unreleased) tool on his recent Ship It! appearance

Go Time Go Time #239

Go for beginners ♻️

How do beginners learn Go? This episode is meant to engage both non-Go users that listen to sister podcasts here on Changelog, or any Go-curious programmers out there, as well as encourage those that have started to learn Go and want to level up beyond the basics. On this episode we’re aiming to answer questions about how to learn Go, identify resources that are available, and where you can go to continue your learning journey.

Go github.com

Comcast simulates trash network connections so you can build better systems

Testing distributed systems under hard failures like network partitions and instance termination is critical, but it’s also important we test them under less catastrophic conditions because this is what they most often experience. Comcast is a tool designed to simulate common network problems like latency, bandwidth restrictions, and dropped/reordered/corrupted packets.

It works by wrapping up some system tools in a portable(ish) way. On BSD-derived systems such as OSX, we use tools like ipfw and pfctl to inject failure. On Linux, we use iptables and tc. Comcast is merely a thin wrapper around these controls.

TFW you come up with the perfect name for your open source project ✨

Go Time Go Time #238

Might Go actually be OOP?

A conversation with Ronna Steinberg, who was an OOP developer for many years, and now is a Go Google Developer Expert. Ronna has been thinking about Go and OOP for awhile, asking herself whether or not Go is an object oriented programming language. Tune in to find out her answer and hear some of the options gophers have for object oriented design.

Matt Holt sourcegraph.com

How Caddy 2 works, a deep dive into the source

Matt Holt (creator of Caddy) gives a deep dive into how the web server works and some of the design decisions and patterns that make it reliable, extensible, and delightful.

One of the interesting things about the design of Caddy is that its core is just configuration management. It pushes out all other functionality into modules so that basically the only thing left in core is accepting and reacting to configuration changes.

Go Time Go Time #235

2053: A Go Odyssey

The year is 2053. The tabs-vs-spaces wars are long over. Ron Evans is the only Go programmer still alive on Earth. All he does is maintain old Go code. It’s terrible! He must find a way to warn his fellow gophers before it’s too late. Good thing he finally got that PDQ transmission system working…

  0:00 / 0:00