The Stack Overflow podcast is a weekly conversation about working in software development, learning to code, and the art and culture of computer programming. Hosted by Paul Ford and Ben Popper, the series features questions from our community, interviews with fascinating guests, and hot takes on what’s happening in tech. Founded in 2008, Stack Overflow is empowering the world to develop technology through collective knowledge. It’s best known for being the largest, most trusted online community for developers and technologists. More than 100 million people come to Stack Overflow every month to ask questions, help solve coding problems, and develop new skills.
Who's going to pay to fix open source security?
Will no one think of the maintainers? As The New Stack points out, watching millions of projects fail because of a bug in an open source library has become common enough that we shrug and reply, "Told you so." It's gotten so bad, big tech companies are visiting the White House to discuss the issue as a matter of national security.
There is a great post up on the Stack Overflow blog examining this issue, but it's not about color.js, it's about Log4J. Traffic to questions on this logging library grew more than 1000% percent after the recent revelations about a new vulnerability.
Also discussed in this episode: cryptographer and Signal creator Moxie Marlinspike stepped down from his role as CEO of the encrypted messaging service. That's news, but he actually made bigger waves in tech circles with an unrelated blog post detailing his first experience with Web3. Spoiler alert: it's not as decentralized or divorced from Web2 as you might have thought.
You can find Cassidy Williams on Twitter and her website.
Ben Popper can be found on Twitter here.
Ryan Donovan can be found on Twitter, or writing for the Stack Overflow blog.