Go isn’t secure?!? feat. Low Level Learning | Backend Banter 053
Recently, there has been some concern in the software development community about the security of Go programming language. In this episode of Backend Banter, we dive into the topic of Go’s security and talk about the importance of low level learning.
Is Go really insecure?
Go, also known as Golang, is a popular programming language developed by Google. It is known for its simplicity, efficiency, and concurrency support. However, some developers have raised concerns about its security.
One of the main criticisms of Go’s security is its lack of memory safety features, such as automatic garbage collection and pointer arithmetic. This can lead to vulnerabilities such as buffer overflows and memory leaks if not properly managed by the developer.
Low Level Learning
One way to address the security concerns with Go is to have a solid understanding of low level programming concepts. By diving into topics such as memory management, pointer manipulation, and assembly language, developers can better understand how their code interacts with the underlying system.
Low level learning can help developers write more secure and efficient code, as they are better equipped to handle potential vulnerabilities and understand how to optimize performance.
Conclusion
While Go may have some security challenges, it is still a powerful and versatile programming language that can be used to build a wide range of applications. By incorporating low level learning into their skill set, developers can mitigate security risks and write more robust code.
Tune in to the latest episode of Backend Banter to learn more about the security of Go and the importance of low level learning in software development.
6:12 You can't do a SQL query to check user login today, what are you talking about?!? That's way too advanced today. Today you need to use a platform service that can hande auth for you, you can't do that complicated stuff yourself, are you crazy?!
28:55 listening to stories from my friend that works in automotive embedded C/C++ of terrible code and hacks that get approved in there. And then listening to LLL talking about peoples lives being on the line makes me wish Rust and Zig would get adopted faster
My fist YouTube comment ever, just to tell how betrayed I feel about the clickbait title. The episode was great, and I love Low Level Learning, but I expected to learn something about how secure go is. Did I miss something? Now I have trust issues with Backend Banter….
This is great !
The biggest challenge is porting your projects across platforms.
clickbait title
What does "ft." mean?
40:34 WOO! Go GNU nano!
I used nano professionally for at least six years. As long as you don't need LSP, it really is fantastic. Way more features in nano than most people give it time of day for. At the same time, the configuration is just one file. ONE CONFIG FILE! ONE!
43:24
If that was the case I doubt anybody would even bother using nvim, it'd be too hard to replicate your config across environment without wasting an insane amount of time. I just export the nvim config folder and have it compressed/backed up somewhere so I can transfer it between environments easily. You can also just make it a git repo (default starter configs like AstroNvim come as repos and usually encourage you to host your own for your configuration)
Still no judgement though, I don't know why people make such a big deal about it anyway. I use nvim mainly and still wind up using vscode sometimes (ex: pairing, code sharing extension)
Relational database to models was fun but models to relational database is just on another level of comfort.
I think people only say that because hackers kinda like it and it’s starting to replace Python as the LOC for tooling and shells.
for a second i thought both were the same person talking
One way to avoid the issues of threads in C is to use select/poll based servers. I've written a number of highly performant apps that way. Dunno if it still exists but there was a webserver called Thor that was done that way and generally outperformed most other things.
My favorite Micro$oft product ever is the wired ergonomic keyboard. It takes a few hours to adjust and recover to 80% of your previous speed on a non-ergonomic keyboard, but the reduction in repetitive strain injury likelihood is disproportionate to the relatively minor reduction in speed. The main sticking point is learning not to cross your hands at all, e.g. don't hit T with right index or Y with left index.
I only ever use Nano by accident, and it leaves me feeling like I need to shower.
I do embedded development on small devices running linux buildroot and microcontrollers. C is just a means to an end, if I had to choose something I'd go for python, nim or c++. The lack of templates makes making anything with var args a pain, typedef enum means absolutely nothing, and void* is way too easy. Too many footguns and no way to define guarantees. Idk this Stockholm syndrome thing of revering c began, but it seems to come from people that use it in full blown OS' where there's a vast selection of debugging tools.
They missed a little point. Rust will let you reach down to the same low level as C, fiddling with I/O ports, bits and bytes with small fast binaries on tiny micro-controllers. Rust with its type system, structs, methods, traits, standard library and crates eco system it reaches a level of abstraction comparable to C++, Javascript, Python etc. So yes Rust is low level like C, it's also as high level as many other languages in common use.
I love GO with raw SQL
I learned so much from you guys, great talk!
39:40, What!? No way! Bloodshed was the IDE I used when I started out, too! I've never heard another soul reference it before!