Katie Hockman blog.golang.org

Go's fuzzing effort now in beta

We first talked fuzzing with Katie Hockman back in August of 2020. Fast-forward 10 months and native fuzzing in Go is ready for beta testing! Here’s Katie explaining fuzzing, for the uninitiated:

Fuzzing is a type of automated testing which continuously manipulates inputs to a program to find issues such as panics or bugs. These semi-random data mutations can discover new code coverage that existing unit tests may miss, and uncover edge case bugs which would otherwise go unnoticed. Since fuzzing can reach these edge cases, fuzz testing is particularly valuable for finding security exploits and vulnerabilities.

It looks like the feature won’t be landing in Go 1.17, but they’re planning on it sometime after that. Either way, you can use fuzzing today on its development branch.

Cockroach Labs Icon Cockroach Labs – Sponsored

Running CockroachDB on Kubernetes

logged by @logbot permalink

How does CockroachDB fit in a cloud-native Kubernetes world?

Managing resilience, scale, and ease of operations in a containerized world is largely what Kubernetes is all about—and one of the reasons platform adoption has doubled since 2017. And as container orchestration continues to become a dominant DevOps paradigm, the ecosystem has continued to mature with better tools for replication, management, and monitoring of our workloads.

And as Kubernetes grows, so does CockroachDB as we’ve recently simplified some of the day 2 operations associated with our distributed database with our Kubernetes Operator. Ultimately, however, our overall goal in the cloud-native community is singular: ease the deployment of stateful workloads on Kubernetes.

Google deps.dev

Google's experimental Open Source Insights project

Open Source Insights is an experimental service developed and hosted by Google to help developers better understand the structure, construction, and security of open source software packages. The service examines each package, constructs a full, detailed graph of its dependencies and their properties, and makes the results available to anyone who could benefit from them. The goal is to provide developers with a picture of how their software is put together, how that changes as dependencies change, and what the consequences might be.

It currently indexes GitHub, npm, and pkg.go.dev. Plus they recently added a dedicated security advisory page. For an example, check out left-pad’s page which shows 441 direct dependents and 15315 indirect dependents.

Go Time Go Time #182

Go Battlesnake Go!

In the past decade a variety of games have emerged where players need to create an AI to play the game rather than play the game directly. In this episode we speak with the creator of one of those games - Battlesnake. Brad Van Vugt joins us to talk about building a game engine using Go, making programming games easier for beginners to get started with, the long term vision for games like Battlesnake, and more.

Stack Overflow wsj.com

Stack Overflow sold to tech giant Prosus for $1.8 billion

I hadn’t heard of Prosus prior to this announcement, so if you’re at all like me, this is for you:

Prosus invests globally across a range of online platforms focused on areas such as food delivery, classifieds and fintech. It also maintains a more than $200 billion holding in Tencent. Prosus’ parent company, Naspers Ltd., acquired the Tencent stake in 2001 for $34 million.

Turning $34 million into $200 billion is quite the feat. They’re a savvy bunch, if nothing else. Joel Spolsky also wrote about the acquisition on his blog, ensuring us that everything is going to be okay:

Prosus is an investment and holding company, which means that the most important part of this announcement is that Stack Overflow will continue to operate independently, with the exact same team in place that has been operating it, according to the exact same plan and the exact same business practices.

I hope he’s right, but color me skeptical. Stack Overflow surely isn’t perfect as is, but it’d be a huge set back to the software world if it were to decline from here.

LaunchDarkly Icon LaunchDarkly – Sponsored

Software release management best practices

logged by @logbot permalink

For software development teams, a thorough release management plan is the difference between a smooth launch and a frantic scramble where you’re putting out fires all day.

In this post from our friends at LaunchDarkly, they outline the five phases of releasing software, explain the essential roles in the process, and share best practices for a successful launch.

Craig Kerstiens blog.crunchydata.com

Better JSON in Postgres with PostgreSQL 14

Craig Kerstiens:

Postgres has had “JSON” support for nearly 10 years now. I put JSON in quotes because well, 10 years ago when we announced JSON support we kinda cheated. We validated JSON was valid and then put it into a standard text field. Two years later in 2014 with Postgres 9.4 we got more proper JSON support with the JSONB datatype. My colleague @will likes to state that the B stands for better. In Postgres 14, the JSONB support is indeed getting way better.

A small but solid improvement to how you query JSONB, making it more JSON-y than ever.

CSS web.dev

An evergreen CSS course and reference to level up your web styling expertise

This is the resource that Una Kravets said we’d put in the show notes on JS Party #176. I thought it was worth a direct linking in News as well, since it’s so freakin’ well-done and useful:

You’ll learn CSS fundamentals like the box model, cascade and specificity, flexbox, grid and z-index. And, along with these fundamentals, you’ll learn about functions, color types, gradients, logical properties and inheritance to make you a well-rounded front-end developer, ready to take on any user interface.

Command line interface github.com

Command-line tools for speech and intent recognition on Linux

This isn’t merely a speech-to-text thing. It also provides intent recognition, which makes it great for doing voice commands. For example, when trained with this template, the following command:

$ voice2json transcribe-wav \
      < turn-on-the-light.wav | \
      voice2json recognize-intent | \
      jq .

Produces this JSON event:

{
    "text": "turn on the light",
    "intent": {
        "name": "LightState"
    },
    "slots": {
        "state": "on"
    }
}

And it can be retrained quickly enough to do it at runtime. Cool stuff!

Ship It! Ship It! #4

OODA for operational excellence

This week on Ship It! Gerhard talks with Ben Ford, former Royal Marine and founder of Commando Development, about the OODA loop (observe, orient, decide, act). Shipping is just a small part of it. The OODA loop that you know is probably the wrong one. We explore Mission & Command, Situational Awareness and a few other practices that will help you deal with complexity as you code and ship. As a former Royal Marine Commando, Ben learned these skills the hard way, and then refined them over many years as a software engineer. Check out the diagrams in the show notes - they are a work of art and precision.

0:00 / 0:00