proposal: container/hash: insertion ordering
Read on GitHub Proposal Details By default, a container/hash.Map ( 69559) behaves like the built-in maps during iteration, yielding its items in a random order. Some
Issue #37
Hijacked Go packages deploy infostealer via VS Code tasks
The supply-chain story leads: researchers found 16 Go packages, alongside hijacked npm modules, smuggling fake font files that abuse VS Code tasks to drop a Python infostealer. Audit your go.sum before the long weekend. On the language side, jba has filed a proposal to add insertion ordering to the still-incubating container/hash.Map, so iteration could optionally behave less like the built-in map's random walk. Elsewhere, a Medium piece argues that Green Tea GC shipping as the default has quietly invalidated a lot of latency dashboards, with alerts firing for the wrong reasons against the new pause model. A good prompt to revisit those thresholds.
Tuesday, June 30, 2026 · Issue #37
🐿️ Hijacked Go packages deploy infostealer via VS Code tasks
The supply-chain story leads: researchers found 16 Go packages, alongside hijacked npm modules, smuggling fake font files that abuse VS Code tasks to drop a Python infostealer. Audit your go.sum before the long weekend.
On the language side, jba has filed a proposal to add insertion ordering to the still-incubating container/hash.Map, so iteration could optionally behave less like the built-in map's random walk.
Elsewhere, a Medium piece argues that Green Tea GC shipping as the default has quietly invalidated a lot of latency dashboards, with alerts firing for the wrong reasons against the new pause model. A good prompt to revisit those thresholds.
Proposals 1
Discussions 8
Is there any Go equivalent of the canonical Rust book?
Read on Reddit Rust has the Rust book which gives you a great overview of all of Rust. Brown University recently made it interactive and it's quite fun to go through that. But Go doesn't have anything like that. I g
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
Read on Reddit Researchers found hijacked npm packages and 16 Go packages using fake font files and VS Code tasks to deploy a Python infostealer.
Small Projects
Read on Reddit This is the weekly thread for Small Projects. The point of this thread is to have looser posting standards than the main board. As such, projects are pretty much only removed from here by the mods for
Follow-up: benchmarked owner-goroutine vs mutex for my Redis clone
Read on Reddit Last post I was debating concurrency models, ended up going with owner goroutine based on the advice I got. Benchmarked it against mutex and yeah the reads are way slower: |Benchmark|Owner Goroutine|R
Solod v0.2: Networking, new targets, friendlier interop
Read on Lobsters A system-level language with Go syntax and a familiar standard library.
What is the purpose of the vendor/modules.txt file
Read on Reddit Isn't that file completely redundant? When resolving an import path one could just run a longest matching prefix match on the require list in the go.mod file and construct a path \ , and if that direc
Golang context with Value key management
Read on Reddit So i learned that context with Value keys should not be strings to avoid collision. You should create custom keys. So what's the best practice and way to store these keys ?? Should I define them in th
Events 1
Google I/O Golang Reaction
Read on Meetup Join Nairobi Gophers @ Online on Sat Jul 4
Articles 5
Lockbox: A Minimal, Secure CLI Password Manager in Go — Setup & Usage Guide
Read on Medium Most password managers want to live in your browser, sync to someone’s cloud, and ask you to trust a service you can’t audit. Continue reading on Medium »
5 reasons why you should use gRPC for your projects(even for on-device processing)
Read on Medium In this story I will explain why gRPC is the future of the microservice architecture and how you can start use it today Continue reading on Medium »
Green Tea GC Is Default. Your Dashboards Are Still Lying.
Read on Medium The GC pauses shortened. But our latency alerts were tuned for the old model and fired for entirely the wrong reasons. Continue reading on Medium »
Inside Volcano Scheduler: Sessions, Actions, and the Scheduling Cycle That Prevents Deadlocks (Part…
Read on Medium A code-first breakdown of how Volcano decides where distributed job pods land. Continue reading on Medium »
Every Kubernetes Controller Runs the Same 4-Step Loop. Here’s What It Actually Does.
Read on Medium And why Argo Rollouts, the Deployment controller, and cert-manager are all the same thing underneath. Continue reading on Medium »
Videos 5
"Go's Secret Compiler Trick That Kills Garbage Collection"
Read on YouTube Escape analysis is how Go's compiler decides where your variables live — Stack or Heap. Variables that stay local = Stack (fast, ...
Mythfall - MMO Development (Golang)
Read on YouTube Welcome! Here we do all things programming. Mostly in Golang, but sometimes in other languages. My main objective is to write ...
IA sem Nuvem em Golang | Jefferson Marchetti
Read on YouTube LinkedIn: https://www.linkedin.com/in/jeffersonmarchetti/ 🎙️ Novo na transmissão ou querendo melhorar? Confira o StreamYard ...
Go (Golang) Programming Language Skillset Learning for Students from Youth Buddy | #shorts
Read on YouTube Post Link: https://www.youthbuddy.in/2025/08/skillset-learning-go-programming.html For full video use this link: ...
Trending 4
daeuniverse/dae
Read on GitHub Trending eBPF-based Linux high-performance transparent proxy solution.
rilldata/rill
Read on GitHub Trending The fastest business intelligence tool for humans and agents.
pomerium/pomerium
Read on GitHub Trending Pomerium is an identity and context-aware access proxy.
wal-g/wal-g
Read on GitHub Trending Archival and Restoration for databases in the Cloud
Social 1
I wrote about why I started building my own CI/CD system and what I learned alon
Read on Bluesky I wrote about why I started building my own CI/CD system and what I learned along the way. dev.to/xescugc/how-... cicd devops golang opensource