Shows
Cup o' Go⏲️ ⚡️ That feeling when your timer returns the wrong time & new 🌩️ lightning round!Conferences & CFPs🇮🇱 GopherCon Israel, Sept 9 @ Tel AvivCFP open until Jul 15🇦🇺 GopherCon AU, NoCFP open until Sept 15🇮🇳 GopherCon India, Dec 1 @ Jaipur🇩🇪 Fyne Conf, Sept 20 @ BerlinCFP open until Aug 16🇸🇬 GopherCon Singapore, October TBDCFP open until Aug 19Go 1.23 draft release notes⏲️ Blog: Resetting timers in Go by Anton Zhiyanov🌩️ Lightning RoundGeomys, A Blueprint for a Sustainable Open Source Maintenance Firm by Filippo Valsordagithub.com/openhue/openhue-go — A library for interacting with the Philips Hue smart lighting systems.github.com/frederikaverpil/neotest-golang — Reliable Neotest adapter for running Go tests in Neovim.github.com/AllenDang/giu — A rapid cross-platform GUI framework for Go.github.com/ergochat/ergo — A modern IRC server written i2024-07-1221 min
Late Night Linux Family All EpisodesLinux Dev Time – Episode 98We are joined by Allan Jude to talk about what it’s like to run a company that develops and maintains open source software with a focus on upstreaming as much code as possible.
Klara
November 2023 FreeBSD Vendor Summit – The Value of Upstream First
How to upstream code to open source projects
FiloSottile (Filippo Valsorda)
Support us on Patreon and get an ad-free RSS feed with early episodes sometimes
See our contact page for ways to...2024-05-1926 min
Linux Dev TimeLinux Dev Time – Episode 98We are joined by Allan Jude to talk about what it’s like to run a company that develops and maintains open source software with a focus on upstreaming as much code as possible.
Klara
November 2023 FreeBSD Vendor Summit – The Value of Upstream First
How to upstream code to open source projects
FiloSottile (Filippo Valsorda)
Support us on Patreon and get an ad-free RSS feed with early episodes sometimes
See our contact page for ways to...2024-05-1926 min
Go Time: Golang, Software EngineeringWhat's new in Go's cryptography libraries: Part 3The 3 Musketeers return! Filippo Valsorda, Roland Shoemaker & Nicola Murino continue their deep-dive conversation with Natalie about Go’s crypto libraries.
Also listen to Part 1 and Part 2!
Join the discussionChangelog++ members save 9 minutes on this episode because they made the ads disappear. Join today!Sponsors:FireHydrant – The alerting and on-call tool designed for humans, not systems. Signals puts teams at the center, giving you ultimate control over rules, policies, and schedules. No need to configure your services or do wonky work-arounds. Signals filters out the noise, alerting you only on w...2024-04-231h 07Changelog Master FeedWhat's new in Go's cryptography libraries: Part 3 (Go Time #313)The 3 Musketeers return! Filippo Valsorda, Roland Shoemaker & Nicola Murino continue their deep-dive conversation with Natalie about Go’s crypto libraries.
Also listen to Part 1 and Part 2!
Leave us a comment
Changelog++ members save 9 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
FireHydrant – The alerting and on-call tool designed for humans, not systems. Signals puts teams at the center, giving you ultimate control over rules, policies, and schedules. No need to configure your services or do wonky work-arounds. Signals filters out the noise, alerting you only...2024-04-231h 07
INNOQ Security PodcastDie XZ/OpenSSH BackdoorZerbrechliche Strukturen in Open-Source-Projekten
Links, Blogs, Artikel etc.
XZ und OpenSSH
Die Nachricht das XZ eine Backdoor enthält
Infos über die Backdoor auf der offiziellen XZ Seite
Lasse Collin über seine mentalen Probleme
Everything I know about the XZ backdoor
Grafische Übersicht der XZ Backdoor
Timeline of the xz open source attack
The xz attack shell script
xz/liblzma: Bash-stage Obfuscation Explained
Demonstration der xz backdoor
Inside the failed attempt to backdoor SSH globally — that got caught by chance
Analyse von Filippo Valsorda
FAQ on the xz-utils backdoor (CVE-2024-3094)
Weitere Funktionalitäten der Backdoor
Reproducible/Repeatable Builds...2024-04-161h 36
Шо по коду?Найцікавіші новини місяця: березень 2024📚 Посилання на матеріали, що обговорювались у випуску:Everything I Know About the XZ BackdoorFAQ on the xz-utils backdoor (CVE-2024-3094)Filippo Valsorda on XZ BackdoorMicrosoft хоче безкоштовної пітримки FFmpegЛіцензійне фіаско Redis. Microsoft скористався моментом і випустив Garnet🌟 Слідкуйте за нами:YouTubeTelegramBuyMeaCoffee This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit shopokodu.substack.com2024-04-071h 08Cup o' Go🛡️ Focus on security & crypto w/ Filippo Valsorda🛡️ Security releases. Upgrade now!Go 1.22.1 & 1.21.8google.golang.org/protobuf v1.33.0👭 Happy International Women's Day!Upcoming meetups & events🇬🇧 London Gophers, March 20🇮🇱 Go Israel, March 12🇬🇧 GopherCon UKConference, August 14-16CFP is open!Accepted proposals: Migrate x/crypto packages into the standard libraryAround the communityGo enums suck (hackernews discussion)Reddit: Why does Go have so many traps?Blog: for Loop Semantic Changes in Go 1.22: Be Aware of the ImpactInterview with Filippo ValsordaPersonal web site: https://filippo.io/cryptopals.com challengesStanford Cryptography course on courseraRecurse CenterRead/sign up for Filippo's newsletter/blogThe blog post that started it all: I'm now a full-time professional open source maintainer
★ Sup...2024-03-081h 17Changelog Master FeedWhat's new in Go's cryptography libraries: Part 2 (Go Time #298)Filippo Valsorda & Roland Shoemaker from the Go Team return & bring Nicola Murino with them to continue catching us up on what’s new in Go’s crypto libraries.
This is everything we didn’t cover + deep dives from Part 1!
Leave us a comment
Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!
Sponsors:
Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery netwo...2023-12-121h 11Go Time: Golang, Software EngineeringWhat's new in Go's cryptography libraries: Part 2Filippo Valsorda & Roland Shoemaker from the Go Team return & bring Nicola Murino with them to continue catching us up on what’s new in Go’s crypto libraries.
This is everything we didn’t cover + deep dives from Part 1!
Join the discussionChangelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!Sponsors:Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to t...2023-12-121h 11Changelog Master FeedWhat's new in Go's cryptography libraries (Go Time #295)Filippo Valsorda & Roland Shoemaker from the Go Team sit down with Natalie to catch us up on what’s new in Go’s crypto libraries. No, not that crypto… good ol’ cryptography!
Leave us a comment
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
Fly.io – The home of Changelog.com — Deploy your apps and da...2023-11-0158 minGo Time: Golang, Software EngineeringWhat's new in Go's cryptography libraries: Part 1Filippo Valsorda & Roland Shoemaker from the Go Team sit down with Natalie to catch us up on what’s new in Go’s crypto libraries. No, not that crypto… good ol’ cryptography! Don’t miss Part 2!
Join the discussionChangelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!Sponsors:Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform. Learn more at fastly.com
Fly.io – The home of Changelog.com...2023-11-0158 min
Cyber BriefingOctober 10, 2023 - Cyber Briefing
👉 What's the latest in the cyber world today?
🚨 #CyberAlerts
Cyber Battle Erupts Amid Israeli-Palestinian Conflict
Source: Cyber news Research Team
Vulnerability in libcue Library Puts GNOME Linux Systems at Risk of RCE Attacks
Source: GitHub Security Lab
Magecart Attackers Exploit 404 Pages to Steal Credit Cards
Source: Akamai
Cybercriminal Exposes HelloKitty Ransomware's Source Code on Dark Web
Source: @3xp0rtblog
Grayling Unleashes Attacks on Taiwan's Vital Sectors
Source: Symantec
Large-Scale Citrix NetScaler Hack Targets User Cr...2023-10-1010 min
TheRadio.CC: LinuxLoungeLL268 Poker um GNUCashNeues aus dem Repo
Videoeditor OpenShot 3.1
Private Finanzverwaltung: GnuCash 5.0
Hound - Self-hostable TV Show, Movie & Game Tracker
eXo Community Edition 6.4 - Digital Workplace software
Android Fernsteuerung: scrcpy v2.0 GitHub Release
Relationale Tabellen: Grist 1.0.9
PDF4Teachers erleichtert digitale Korrekturen
Self-Host Planning Poker
Wayland 1.22
Borg Backup 1.2.4| VortaBackup| BorgBase| borgmatic| Pika Backup
Tier - Pricing as code
Rust basierte UI library Slint 1.0.0 veröffentlicht
Monica - An open source personal relationship management system
BigBlueButton v2.6 bringt neue UI Features
Newsflash
PineTab2 and PineTab-V Linux tablets will launch April 11
MagicMirror² - Immer noch da | Alte Folge zum Nachhören
Mullvad pos...2023-04-091h 57TheRadio.CC: LinuxLoungeLL268 Poker um GNUCashNeues aus dem Repo
Videoeditor OpenShot 3.1
Private Finanzverwaltung: GnuCash 5.0
Hound - Self-hostable TV Show, Movie & Game Tracker
eXo Community Edition 6.4 - Digital Workplace software
Android Fernsteuerung: scrcpy v2.0 GitHub Release
Relationale Tabellen: Grist 1.0.9
PDF4Teachers erleichtert digitale Korrekturen
Self-Host Planning Poker
Wayland 1.22
Borg Backup 1.2.4| VortaBackup| BorgBase| borgmatic| Pika Backup
Tier - Pricing as code
Rust basierte UI library Slint 1.0.0 veröffentlicht
Monica - An open source personal relationship management system
BigBlueButton v2.6 bringt neue UI Features
Newsflash
PineTab2 and PineTab-V Linux tablets will launch April 11
MagicMirror² - Immer noch da | Alte Folge zum Nachhören
Mullvad pos...2023-04-091h 57TheRadio.CC: LinuxLoungeLL268 Poker um GNUCashNeues aus dem Repo
Videoeditor OpenShot 3.1
Private Finanzverwaltung: GnuCash 5.0
Hound - Self-hostable TV Show, Movie & Game Tracker
eXo Community Edition 6.4 - Digital Workplace software
Android Fernsteuerung: scrcpy v2.0 GitHub Release
Relationale Tabellen: Grist 1.0.9
PDF4Teachers erleichtert digitale Korrekturen
Self-Host Planning Poker
Wayland 1.22
Borg Backup 1.2.4| VortaBackup| BorgBase| borgmatic| Pika Backup
Tier - Pricing as code
Rust basierte UI library Slint 1.0.0 veröffentlicht
Monica - An open source personal relationship management system
BigBlueButton v2.6 bringt neue UI Features
Newsflash
PineTab2 and PineTab-V Linux tablets will launch April 11
MagicMirror² - Immer noch da | Alte Folge zum Nachhören
Mullvad pos...2023-04-091h 57
The Changelog: Software Development, Open SourceA new path to full-time open source (Interview)After years of working for Google on the Go Team, Filippo Valsorda quit last year to experiment with more sustainable paths for open source maintainers. Good news, it worked! Filippo is now a full-time open source maintainer and he joins Jerod on this episode to tell everyone exactly how he’s making the equivalent to his total compensation package at Google in open source.
Join the discussionChangelog++ members get a bonus 7 minutes at the end of this episode and zero ads. Join today!Sponsors:Postman – Build APIs together — More than 20 millio...2023-03-291h 04Changelog InterviewsA new path to full-time open sourceAfter years of working for Google on the Go Team, Filippo Valsorda quit last year to experiment with more sustainable paths for open source maintainers. Good news, it worked! Filippo is now a full-time open source maintainer and he joins Jerod on this episode to tell everyone exactly how he’s making the equivalent to his total compensation package at Google in open source.
Join the discussionChangelog++ members get a bonus 7 minutes at the end of this episode and zero ads. Join today!Sponsors:Postman – Build APIs together — More than 20 millio...2023-03-291h 04
Changelog Master FeedA new path to full-time open source (The Changelog #533)After years of working for Google on the Go Team, Filippo Valsorda quit last year to experiment with more sustainable paths for open source maintainers. Good news, it worked! Filippo is now a full-time open source maintainer and he joins Jerod on this episode to tell everyone exactly how he’s making the equivalent to his total compensation package at Google in open source.
Discuss on Changelog News
Changelog++ members get a bonus 7 minutes at the end of this episode and zero ads. Join today!
Sponsors:
Postman – Build APIs together — More than 20...2023-03-291h 04Cup o' GoEarly look at Go 1.21 changes, ChatGPT plugin templates for Go, and releases in the Git universeComing in Go 1.21Blog post: Planning Go 1.21 Cryptography Work by Filippo Valsordadisallow anonymous interface cyclespurego implementation of hash/maphashReleasesv8go v0.9.0gitea v1.19.0go-github v50.2.0Community newsShay Nehmad's make-git-better CTFGo Time podcastchatGPT-plugin-template on GitHubThe tweetDaniel Nephin's gotest.tools and gotestsumGitHub Actions and Go by Oleg Kovalovgolangci-lint
★ Support this podcast on Patreon ★
2023-03-2720 min
Security Cryptography WhateverMatrix with Martin Albrecht and Dan JonesNo not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable CryptographicVulnerabilities in Matrix".Transcript:https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/Links: https://nebuchadnezzar-megolm.github.io/static/paper.pdfhttps://nebuchadnezzar-megolm.github.ioSignal Private Group system: https://eprint.iacr.org/2019/1416.pdfhttps://signal.org/blog/signal-private-group-system/https://spec.matrix.org/latest/WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdfhttps://www.u...2022-11-021h 06
TRAPPIST167: Come i repubblicani hanno (quasi) vinto la battaglia sull’abortoCon ospiti speciali Viola Stefanello @violastefanello e Filippo Valsorda @filosottilePOLITICO ha ottenuto la bozza del documento con cui il giudice Samuel Alito spiega la posizione della maggioranza dei giudici della Corte suprema statunitense, che in una votazione interna si sono espressi per superare la storica sentenza Roe v. Wade — che dal 1973 protegge il diritto all’interruzione volontaria di gravidanza negli Stati Uniti. È la prima volta che un documento interno della Corte suprema viene pubblicato mentre l’alta corte sta ancora dibattendo il caso. Il documento è datato 10 febbraio, e trattandosi di una bozza non riporta un voto definitivo, ma indic...2022-05-061h 03
DevOps ParadoxIs Open Source Sustainable?#144: Filippo Valsorda recently wrote a blog post titled “Professional Maintainers: A Wake-up Call" in which he discusses his thoughts about the sustainability of open source. Where do you think open source will be in the coming years? https://blog.filippo.io/professional-maintainers/ YouTube channel: https://youtube.com/devopsparadox/ Books and Courses: Catalog, Patterns, And Blueprints https://www.devopstoolkitseries.com/posts/catalog/ Kubernetes Chaos Engineering With Chaos Toolkit And Istio https://www.devopstoolkitseries.com/posts/chaos/ ...2022-02-0226 min
Bardolino - Der AudiotourDer Valsorda-Weg2021-08-0101 min
Bardolino - The audiotourThe Valsorda route2021-08-0102 min
Bardolino - L'audiotourPercorso della Valsorda2021-08-0101 minSecurity Cryptography WhateverThe Great "Roll Your Own Crypto" Debate with Filippo ValsordaSpecial guest Filippo Valsorda joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general.After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: https://dadrian.io/blog/posts/roll-your-own-crypto/Transcript: https://securitycryptographywhatever.com/2021/07/31/the-great-roll-your-own-crypto-debate-with-filippo-valsorda/Links:https://peter.website/meow-hash-cryptanalysishttps://arxiv.org/pdf/2107.04940.pdfhttps://ristretto.grouphttps://filippo.io/heartbleedFind us at:https://twitter.com/durumcrustulumhttps://twitter.c...2021-08-011h 00
VareseNews PodcastVareseNews - Le notizie del 9 luglio 2021Le principali notizie di venerdì 9 luglioLiberate le strade dopo la tempesta, weekend col soleDopo gli attimi di paura vissuti da molti automobilisti sulla strada provinciale della Rasa, la Valganna e la Valsorda e i tanti alberi caduti in tutta la provincia la situazione è ritornata alla normalità nella serata di giovedì e il centro geofisico prealpino di Varese prevede per ampie schiarite: sabato dove è previsto clima asciutto e temperature senza variazioni anche se in serata ci saranno temporali in transito sulle Alpi e localmente sulle Prealpi. Il tempo dovrebbe reggere anche per la giornata di domenica, giorn...2021-07-0905 minGo Time: Golang, Software EngineeringFüźžįñgA deep dive on Fuzzing and a close look at the official Fuzzing proposal for Go.
Join the discussionChangelog++ members save 4 minutes on this episode because they made the ads disappear. Join today!Sponsors:DigitalOcean – DigitalOcean’s developer cloud makes it simple to launch in the cloud and scale up as you grow. They have an intuitive control panel, predictable pricing, team accounts, worldwide availability with a 99.99% uptime SLA, and 24/7/365 world-class support to back that up. Get your $100 credit at do.co/changelog.
Retool – Retool makes it super simple to build...2020-09-0358 min
BSD Now358: OpenBSD Kubernetes ClustersYubikey-agent on FreeBSD, Managing Kubernetes clusters from OpenBSD, History of FreeBSD part 1, Running Jitsi-Meet in a FreeBSD Jail, Command Line Bug Hunting in FreeBSD, Game of Github, Wireguard official merged into OpenBSD, and more
NOTES
This episode of BSDNow is brought to you by Tarsnap
Headlines
yubikey-agent on FreeBSD
Some time ago Filippo Valsorda wrote yubikey-agent, seamless SSH agent for YubiKeys. I really like YubiKeys and worked on the FreeBSD support for U2F in Chromium and pyu2f, getting yubikey-agent ported looked like an interesting project. It took some...2020-07-0943 minGo Time: Golang, Software EngineeringSecurity for GophersMat, Filippo, Johan, and Roberto discuss security in Go. Does Go make it easy to secure your code? What common mistakes are Gophers making? What is fuzzing? How can attackers abuse your code if you use the default http mux?
Join the discussionChangelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!Sponsors:KubeCon + CloudNativeCon – The Cloud Native Computing Foundation’s flagship Kubernetes community conference which gathers adopters and technologists from leading open source and cloud native communities. Learn more and register — get 10% off wi...2019-10-0357 minGo Time: Golang, Software EngineeringHellogopher, whosthere?Filippo Valsorda joined the show to talk about his project Hellogopher, whosthere (whoami.filippo.io), $GOPATH, TLS 1.3, Cloudflare’s secret reverse proxy, and more.
Join the discussionChangelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!Sponsors:Linode – Our cloud server of choice. Get one of the fastest, most efficient SSD cloud servers for only $5/mo. Use the code changelog2017 to get 4 months free!
Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their...2017-02-021h 01
Changelog Master FeedHellogopher, whosthere? (Go Time #32)Filippo Valsorda joined the show to talk about his project Hellogopher, whosthere (whoami.filippo.io), $GOPATH, TLS 1.3, Cloudflare’s secret reverse proxy, and more.2017-02-0200 min
Greater Than CodeEpisode 010: Citizen Cybersecurity with Jesse Pollak00:16 – Welcome to “Who’s Line of Code is it Anywhere?…” …we mean, “Greater Than Code!”
01:37 – Getting Started with Computer-ing & Security
PGP = Pretty Good Privacy
Filippo Valsorda: I’m giving up on PGP
09:28 – Clef and Two-factor Authentication (2FA)
12:33 – Citizen Cybersecurity Due to the Rise of Mass Surveillance
Quincy Larson: How to encrypt your entire life in less than an hour
Signal by Whisper Systems
17:27 – Evaluating Service Providers
Tor
As devs, we have the opportunity to make software and tools more secure and more priva...2016-12-0856 min
Greater Than CodeEpisode 010: Citizen Cybersecurity with Jesse Pollak00:16 – Welcome to “Who’s Line of Code is it Anywhere?…” …we mean, “Greater Than Code!”
01:37 – Getting Started with Computer-ing & Security
PGP = Pretty Good Privacy
Filippo Valsorda: I’m giving up on PGP
09:28 – Clef and Two-factor Authentication (2FA)
12:33 – Citizen Cybersecurity Due to the Rise of Mass Surveillance
Quincy Larson: How to encrypt your entire life in less than an hour
Signal by Whisper Systems
17:27 – Evaluating Service Providers
Tor
As devs, we have the opportunity to make software and tools more secure and more private or...2016-12-0856 min
thEndUsr PodcastthEndUsr Episode 167: The Swiping WayChris and Taylor talk about the Heartbleed SSL bug, Windows Phone 8.1 and Windows 8.1 news from Build and much more!
Click here to download episode #167
http://ia902507.us.archive.org/16/items/thEndUsr167/thEndUsr167.mp3
Subscribe via RSS
Subscribe via iTunes
Top News
Everything you need to know about the Heartbleed SSL bug via Troy Hunt
Heartbleed Explanation via XKCD
Vicious Heartbleed bug bites millions of Android phones, other devices via ArsTechnica
Heartbleed vulnerability may have been exploited months before patch via ArsTechnica
The Heartbleed Hit List: The Passwords You Need to Change Right Now via...2014-04-1600 min