0:00

This show was supported by

0:02

you, artisaner. Stick around

0:04

to live for the news to

0:07

hear some more about that.

0:09

This is Cup of Go

0:11

for Friday, April 4, 2025.

0:13

Keep up to date with

0:15

the important happenings in the

0:17

Go community in about 15

0:20

minutes or sometimes more.

0:22

Every week. I'm Jonathan

0:24

Hall. And I'm Shinachmaad.

0:26

Hey shy. How are you settling

0:29

in? I've upgraded half of my

0:31

projects to Golan, Sea Island, a

0:33

V2. That's what you're asking

0:35

about, right? Not like me

0:37

moving countries. That was the only

0:40

important thing I had in mind.

0:42

There are two migrations in

0:44

my life. Goring, Sea Island

0:47

configuration files and moving to the

0:49

US. No, man, the US is crazy.

0:51

I wanted to apply for an apartment.

0:53

So I have to pay a fee.

0:56

What the hell. Yes, I don't know.

0:58

Well, I actually have one month of

1:00

credit already. Okay. But it's just been

1:02

like dealing with all these like I'm

1:04

the first person who ever came to

1:07

the US like everybody was born here

1:09

and they just don't know how to

1:11

deal with someone who migrates from the

1:13

outside even though I'm in San Jose

1:15

where like 80% of the people, you

1:18

know, look not American. Let's say it

1:20

like right. Right. So yeah, I had to

1:22

run a lot of checks and I had

1:24

to get buy a lot of weird internet

1:26

forms. which is why I'm very happy to

1:29

discuss this first vulnerability

1:31

because it might have helped

1:33

me get through you know social

1:36

security or the Mazda you know

1:38

credit check internet form or whatever.

1:40

Go 124.2 and go 123.8 are

1:43

released. It's a minor point

1:45

release with one security fix

1:47

in the net slash HDP

1:49

package. Not telling you anything.

1:51

What do you think it's going to

1:54

be? I don't know, but it's got to be

1:56

something with malformed requests that can do nasty things.

1:58

I don't know. That is true. As

2:01

long-term listeners of the show, no.

2:03

Jonathan uses Linux. One of the

2:05

things you have to get used to,

2:07

like there are many differences between

2:10

Windows and Linux. Can you point out,

2:12

like a few of them, just the

2:14

top of your head? Well, let's see,

2:16

one of them works, and one of

2:19

them doesn't. I can't remember which Williams

2:21

works, but... Oh my God! Well,

2:23

let's just look at Bill Gates

2:25

Networth and Linus and compare.

2:27

Yeah, works is a fuzzy

2:29

term, right? Works for what

2:31

purpose? No, but seriously, technical

2:34

differences. Technical differences. Well, there's

2:36

quite a few, although they seem to be getting

2:38

narrower these days. I don't know. I

2:40

don't know what you're looking at. Looking

2:42

for one's open source, one is, and

2:44

that's maybe a big difference. Right. One

2:46

open source was in. Let's say if

2:49

you work with a Windows developer on

2:51

the same project development.

2:53

What's one thing that always trips you

2:55

up? And I'm like, go figure it

2:57

out. We're using a real operating system.

2:59

It's up to you, dude. That's nice. So

3:02

yeah, line endings. That was what

3:04

I was aiming towards. Maybe you

3:06

don't even remember, because you've been

3:08

on Linux for so long. But see,

3:10

RLLF versus LF. This is like so

3:12

archaic. Whenever I remember, this is a

3:14

thing. I just like, I can't stop laughing,

3:16

but. CR is carriage return which is

3:19

if you have a typewriter it's the

3:21

and the LF is the line like

3:23

line feed a new line which is

3:25

like the ding on the typewriter

3:27

right right anyway windows is CR

3:30

LF for a new line like the cursor

3:32

goes one of the line down sorry

3:34

it goes to the beginning of

3:36

the line and then goes one

3:39

line down that's how Windows represents

3:41

a new line which I'll say

3:43

after all the web just recent

3:45

bad math thing of windows conceptually

3:48

that makes more sense to me

3:50

than just the CR ending. Then there's the

3:52

LF ending, you mean? Yeah, because they are

3:54

two different things, right? Go to the beginning

3:56

and go down. In my mind, Windows makes

3:59

more sense even. though it's annoying since

4:01

it's the outlier. If everybody did

4:03

that, I wouldn't mind. The problem

4:06

is it's not universal. Like if

4:08

this was how humanity decided

4:10

to represent a new line in

4:12

a text file, nobody would have

4:15

a problem. But in Unix and

4:17

Linux and all that, a new line is just

4:19

line feed without the character. It's

4:21

just one character, which caused

4:23

unending suffering on the world.

4:26

and probably lowered the total

4:28

GDP by who knows how

4:30

much now you have that like be

4:32

theming in mind and you know the

4:34

vulnerabilities the HTP

4:36

package right yeah try to come up

4:39

with where new life it's got

4:41

to be something that misinterprets

4:43

one of those treats new

4:45

lines or line feeds as

4:47

a continuation of a line

4:49

I'm guessing so actually it's

4:51

the other way around in

4:53

HCP You shouldn't use just

4:55

a bare LF as a new line,

4:57

right? Sometimes, go reject it,

5:00

but sometimes it accepts.

5:02

So go, so the HCT, if you

5:04

expect, agrees with Windows, is

5:06

what you're saying? I think so.

5:08

Okay. The line terminator. That seems

5:11

to make sense to me. I

5:13

think I remember that. There's, there's

5:15

a, errata for an RFC,

5:17

so it actually messed up

5:19

the HCP RFC as well,

5:21

where people were like asking.

5:23

that the line terminator should

5:25

be just a left and ignore

5:28

any proceeding CR, but actually HDP

5:30

wants to only use CR LF

5:32

and the difference is intentional

5:34

blah blah blah. So in one

5:36

specific case where you get chunks

5:39

of data like chunk data lines,

5:41

go rejects bare LFs, but accepts

5:43

them in the chunk size. And

5:46

then there's a super like this

5:48

is just a bug. It's not a

5:50

security issue yet. But if your

5:52

proxy... except LF and your

5:54

server, except if your proxy is

5:57

the go server, and therefore

5:59

accept. this LF is a new

6:01

request, and then your server is

6:03

a different implementation that

6:06

doesn't, you could smuggle requests.

6:08

You could send a single HDP

6:11

request and then smuggle it as

6:13

two, like smuggle like one in

6:15

the trunk in between these

6:17

LF lines, because a new line in

6:19

HDP, what it means, which is a

6:22

super cool vulnerability in my

6:24

opinion, because it's very

6:26

understandable. And the fix is

6:28

also very simple, just reject

6:30

Beryl F's in chunk data lines. So

6:32

I like it. You should obviously upgrade, like

6:34

other than learning about this. But it

6:37

only affects the if you're running a

6:39

go proxy HDCP server, is that correct?

6:41

You should upgrade anyways, right? It's a

6:43

minor patch release. It makes you look like

6:45

you're on top of things, even if it

6:47

doesn't affect you. At least that's why I

6:49

upgrade all the time. I've been super happy

6:52

with a dependable lately. I've started

6:54

using a dependable for automatic upgrades

6:56

in our repos and it's been

6:58

doing a pretty good job like

7:00

knowing when to open a PR

7:02

knowing when it's safe etc. Dependable

7:05

broke our go dot mod file recently.

7:07

I mean it didn't so it didn't

7:09

break it they removed the line feed

7:11

that go mod verified wanted to put

7:13

back so I broke our CI because our

7:15

CI runs go mod verify to make

7:17

sure that somebody didn't forget to run

7:20

go mod. New lines, new lines,

7:22

I don't care. So, and

7:24

one funny comment about

7:27

this issue that I just

7:29

have to put in, even

7:31

though it's not super

7:34

important, is that while

7:36

explaining it, the author

7:38

mistaken LF to CF as

7:41

well. So even

7:43

while describing the

7:45

vulnerability. they messed up CR&L. That's

7:47

how confusing it is. You just said

7:49

this is easy to understand. At one

7:52

level that's true. I have no idea

7:54

exactly what the problem is. Like is

7:56

it CL or R? Which one's missing

7:58

or which one shouldn't be? So there

8:00

isn't CL, right? There's

8:02

CR and LH. CL is not

8:04

a thing. I

8:07

can tell you that for a fact. Carrot

8:09

for you. Fine

8:11

return. Cool. So we have

8:13

a new vulnerability discovered and

8:15

fixed. Go fix it. And

8:17

if you're dealing anywhere with

8:20

new lines as a separator, you

8:22

should probably think again, new line is not

8:24

a good separator. What do you

8:26

have? Yeah, let's talk about something

8:29

that I don't think is quite

8:31

as intricate in terms of like,

8:33

which of two things do you have

8:35

to admit or not? But we have a proposal

8:37

that's been accepted. I think it's a good one, structured

8:40

output for test attributes. So

8:42

I don't know, how often do

8:44

you run your Go test suite? I

8:48

run my test

8:50

suite like 20

8:52

times at the end of every feature

8:55

because I'm at the end and then I

8:57

run the test once. It helps me find all

8:59

the problems. Then I repeatedly run the test

9:01

until I fix all of them, especially if

9:03

I did TDD. So between

9:05

five and 25 times for

9:07

every chunk of work, so

9:09

maybe 100 a day, I don't know. And how

9:11

do you scale about the output you get? I know that

9:13

you use, I can't remember the name of the tool, but

9:15

you use a tool that reformats your output. So this might

9:17

not to you. I used to use a Go test sum.

9:20

Yeah, that one. I like

9:22

it. It does like little dots,

9:24

but honestly, I just use, I normally

9:26

use a VS code like the internal

9:28

test explore because that's pretty good. You

9:31

can play and you can debug and it

9:33

works for me. But

9:35

at the first go around,

9:37

I use the Go test

9:40

sum. One thing that

9:42

I've always wanted to do better is to

9:44

have better results in CI because I imagine

9:46

the CI could be super beautiful, show me

9:48

what lines the problem, et cetera, et cetera.

9:50

But I always end up just reading a

9:52

huge blast of like log output.

9:54

So anyway, this will help you with that.

9:57

The basic thing is that

9:59

it's outputting a... attribute data with or

10:02

optionally output additional attribute

10:04

data if you do go test

10:06

Jason which can then be interpreted

10:08

by tools and CI for example

10:10

to color a 5 and reformat

10:13

your your output to be friendlier

10:15

so this is nice little screenshot

10:17

on the issue it shows the

10:19

standard output that you just get

10:21

from from go test and you know

10:23

it's it's fine but you know it's

10:25

it's pretty ugly it's pretty ugly yeah

10:28

At least by default it hides passing

10:30

tests. So at least you know the

10:32

output is failures. But to me that's

10:34

even worse because I don't know if

10:36

I remembered to uncommon like a test

10:39

that I may have commented out. Like

10:41

I like seeing all the tests running.

10:43

Yeah, that's fair. So anyway, with the

10:45

new output, it shows the passing tests

10:48

in green and the failing ones

10:50

in red and they're all collapsable.

10:52

Of course, this is in like,

10:54

I think this is gonna have

10:56

actions or showing a screenshot up.

10:58

So it's not that your terminal

11:00

is suddenly going to show collapsible

11:02

text, but it's an example of

11:04

what can be done with this new

11:07

metadata that will be output. So I think

11:09

it's kind of cool. I think what I'm

11:11

saying is here. Like you could add some

11:13

metadata to test, you know, if you

11:15

analyze the failing test, you could look

11:18

at the metadata and see, oh, it failed

11:20

on that user idea or that request

11:22

ID or like source code information

11:24

and things like that, right? I'm

11:26

wondering who's like the. Consumer. And

11:28

also, why are there so many comments on

11:31

this issue? So yeah, there is a lot of

11:33

discussion on the issue. It's kind

11:35

of interesting in the sort of

11:37

academic sense. I'm not going to

11:39

bother our listeners with it, but

11:41

if you really care, go read

11:43

it. It's about a hundred comments

11:45

and links to other issues. One of

11:47

those will call out though, since you've

11:50

mentioned shy that you use Go test some

11:52

or have in the past. This will

11:54

integrate very nicely with Go test some.

11:56

But it will enhance go to a

11:58

sum by providing additional. data to it

12:00

so it can take advantage

12:03

of that and even more previous

12:05

outputs further. Well I can

12:07

just highly recommend Go

12:10

To Some and it's a big

12:12

shout out to Daniel Neffen which

12:14

I think was like our second

12:16

interviewee on the show ever or

12:18

something. Yeah. Yeah so go test some.

12:21

is a tool for running tests and

12:23

it doesn't try to replace all of

12:25

what go test already does. Go test

12:28

already does a lot of great stuff.

12:30

What it tries to be is a

12:32

layer on top with a few extra

12:35

features that some people might might want.

12:37

So it uses in Go 110, they

12:39

added a dash Jason flag to

12:41

the Go test command. All right,

12:43

let's talk about a couple of

12:46

meetups that are coming up. The

12:48

first one. April 17 in Birmingham

12:50

in Birmingham. I'm going to, I'm

12:52

likely going to be in Birmingham,

12:54

but not then. I'm probably be

12:56

there in June. If you have

12:59

another meet up in June, let

13:01

me know. I'd love to come

13:03

hang out with you guys. But

13:05

anyway, April 17 in Birmingham. Birmingham.

13:08

Birmingham, UK, Alabama, right? Birmingham, UK.

13:10

Birmingham, Alabama, right? Birmingham, UK. Birmingham,

13:12

UK. We'll be talking, they'll be

13:14

talking about CI and CD,

13:17

building composable pipelines with dagger.

13:19

And I'm sure everybody will be talking

13:21

about all sorts of other fun things,

13:23

whether having drinks or snacks or whatever

13:25

other sort of refreshments they have there.

13:27

So check that out if you're in

13:30

the area. Second, also in the

13:32

UK, not in Alabama, the Manchester Gophers

13:34

have a new website. Manchester

13:36

Gophers.com. So if you're in Manchester,

13:38

go check at the website. They have some

13:40

information there about the organizers. You can

13:43

see photos of the handsome guys who

13:45

run that. They have a hollow fame.

13:47

And they have a 3D gopher spinning

13:49

around. A 3D gopher, yes. Looks like

13:52

it came from like a Nintendo 64

13:54

era. Love those polygons. You work that,

13:56

you work those polygons, bro. Yeah, so

13:58

if you have a meetup. coming

14:00

up, let us know, send us an

14:02

email, find us on slash, let us

14:05

know about it. We'll be happy to

14:07

mention it on the show for you

14:09

as well. Okay, so I would like

14:12

to mention a meetup. So you could

14:14

mention it on the show. Yeah, tell

14:16

me about the meetup, you'd like to

14:19

mention on the show. So it's still

14:21

like, I'm not 100% sure how it

14:23

goes, because I opened the event, please

14:26

reach out to them. There is a

14:28

go meet-up in San Francisco where at

14:30

least two people are going to go.

14:32

That sounds exciting. Me and Andy, Andy

14:35

from Fine, Wednesday, May 28th, which is

14:37

like a month and a half from

14:39

now, everything is to be announced and

14:42

I would appreciate any help I could

14:44

get because I'm not from here and

14:46

I'm somehow got roped up into arranging

14:49

this. Is this going to be, is

14:51

this intended to be a full-fledged meet-up

14:53

like speakers and everything, and this is

14:56

just like casual go drinks. intended to

14:58

be a full-fledged meet-up in which we're

15:00

going to have 15 minutes of like

15:02

schmoozing 45 minutes of a live podcast

15:05

recording where we're going to do the

15:07

cup of go episode like that day

15:09

with you online and with whomever is

15:12

going to join then a brief break

15:14

and then a talk that's to be

15:16

determined talk is open like worst case

15:19

we're going to have Josh do something

15:21

like teach us about something cool or

15:23

show off his project but if you

15:26

actually have a talk Especially if you

15:28

haven't hosted this show before like Andy

15:30

or Josh, that would be super cool.

15:32

But yeah, it's me, Andy and Josh

15:35

probably, and I assume as the event

15:37

rolls up, more people will want to

15:39

join. So it's organized by me personally,

15:42

but I would love for like some

15:44

go group here in the Bay Area

15:46

or San Francisco or whatever, if you

15:49

know these people, please connect us. And

15:51

also if you have an office in

15:53

San Francisco, that would be cool. grab

15:56

a we workroom and that's going to

15:58

cost me credits. I don't want to

16:00

spend the credits because I need them

16:03

to review people. interview people. But yeah,

16:05

yeah, it's Wednesday, May 28th in San

16:07

Francisco, a location to be determined, 5

16:09

p.m. until 7 p.m. Pacific

16:11

time. All right, so let's

16:14

go back. Uh, no. No, I think

16:16

we should go back. No, I really

16:18

think we should go back.

16:20

No, because I have

16:22

travel resistance file APIs.

16:24

All right, this is something in Go

16:27

124 that we've been meaning to

16:29

talk about and just didn't get

16:31

the time. But it's another security

16:33

feature that's baked into Go, which

16:35

I love. My wife's been learning

16:37

for the certified bug bounty hunter

16:40

certification over at Hack the Box.

16:42

So, you know, every evening

16:44

conversation is like, oh, I did this

16:46

attack. I did a file inclusion attack.

16:49

I did a blah blah attack. One

16:51

of them. is a path traversal

16:53

attack. Just in case our listeners

16:55

don't know or haven't heard of

16:57

it before, what are path traversal

16:59

attacks, Jonathan? There's a couple different

17:02

varieties, I guess. I'm not an

17:04

expert on this, but they can involve

17:06

sim links, I suppose, but they

17:08

basically involve shenanigans with interpreted portions

17:10

of a file path, like a

17:12

dot, for example, or dot. So

17:15

dot, dot, like, go back, which

17:17

is why the... If you didn't

17:19

get the joke, now you're probably

17:21

laughing, right, after I explained. Yeah,

17:23

because it's always funnier after it's

17:25

explained. So basically the whole

17:27

gist of it is you

17:30

shouldn't give untrust of sources

17:32

access to file paths you didn't

17:34

mean to, right? If you open

17:36

a directory, 90% of the time

17:38

you just want your program to

17:40

operate under that directory and nowhere

17:42

else. You don't want to allow

17:44

the software to access. other directories

17:46

on your machine, especially

17:49

if it's a web server, right? You

17:51

can try to sanitize paths and

17:53

that is considered like the best

17:55

best practice, I guess, right? Just

17:58

look if you have a... dot

18:00

in the path and if so

18:02

reject it whatever and back and

18:04

go 120 there is like file

18:06

path that is local which could

18:08

help you understand if it's like

18:11

doesn't escape or if it's not

18:13

an absolute path or empty or

18:15

is not a reserve name by

18:17

the way talking on windows like

18:19

if you use calm one it's

18:21

like a reserve path for devices

18:23

and things like that. Devices that

18:26

nobody uses anymore? Well I'm sure

18:28

attackers do right? If you look

18:30

at recent shell codes, I'm sure

18:32

they have like calm one and

18:34

all these beautiful things. However, that's

18:36

not really enough. Like there are

18:39

many, many things you can do

18:41

with like Simlings, like you said,

18:43

a ton of other stuff. In

18:45

Go 124, there's a new API

18:47

in the OS package that allows

18:49

you to safely open a file

18:51

in a totally travel resistant fashion.

18:54

So instead of worrying about all

18:56

these edge cases. You just need

18:58

to use open root, OS.open root,

19:00

and it just basically solves everything

19:02

for you. You get a file

19:04

system that is in traversable, like

19:07

you can't escape outside of it,

19:09

but the path you give it

19:11

is a is a directory within

19:13

your machine. So... How does it

19:15

accomplish that? Does it just do

19:17

all these things behind the scenes

19:19

or does it have some OS

19:22

level magic that makes that unnecessary?

19:24

So it depends on the platform.

19:26

So it definitely has to be

19:28

OS-specific. So for example, if you're

19:30

GoOS as Windows, file names may

19:32

not reference null and calm one

19:35

and other reserved device names. And

19:37

in JavaScript, you know, it's still

19:39

vulnerable to time of check, time

19:41

of view stuff in SimLink validation.

19:43

And it basically says even with

19:45

OS. OS. route, I'm not promising

19:47

anything. And with. Plan 9, which

19:50

I don't even know what operating

19:52

like operating system that is. It

19:54

doesn't track. So it's like OS

19:56

specific, it basically protects against these

19:58

ones specifically, like every OS has

20:00

its specific like weirdness, which is

20:03

just a reality. And in most

20:05

platforms, it opens a file descriptor

20:07

referencing the directory. And if the

20:09

directory is moved, it keeps that

20:11

handle. So even if you try

20:13

to move the directory, you can't

20:15

escape from it outside, which is

20:18

pretty. smart and it simply doesn't

20:20

it it it like doesn't allow

20:22

you to follow symbolic links outside

20:24

the route so you can do

20:26

sim links inside the that file

20:28

system but not outside so you

20:31

can still use sim links and

20:33

you can still use like dot

20:35

dot slash within that that that

20:37

route yeah which is super nice

20:39

and useful for you as a

20:41

developer and just sort of does

20:43

it for you I assume if

20:46

you open the code you find

20:48

like a rats nest of stuff

20:50

and actually go code is pretty

20:52

easy to read so I might

20:54

just do that but I haven't.

20:56

I haven't read the code because

20:58

I sort of, I assume it's

21:01

going to be fine. It has

21:03

a similar-ish set of operations to

21:05

file system or as file system.

21:07

I don't think it's 100% compatible,

21:09

but it's compatible enough. You have

21:11

create, open, open file, remove, set,

21:14

like all the things you would

21:16

need. And if you have an

21:18

untrusted file, you can use OS.

21:20

OS. Open in route. So you

21:22

don't have to open route and

21:24

then do open inside it. that

21:26

someone sent you over the web,

21:29

the path to, right, like a

21:31

profile picture, if in an example

21:33

of a super simplistic web server.

21:35

So you can just use OS.open

21:37

in route, and that means that

21:39

the untrusted file name, like, won't

21:42

be able to traverse with tons

21:44

of caveats. So if you're actually

21:46

using Web Assembly or JS or

21:48

Plan 9 or like whatever, you're

21:50

going to have to read through

21:52

these caveats, because not everything is

21:54

100% on lockdown, but it should

21:57

be fine. Cool. I like it.

21:59

I'm going to use it. security

22:01

built into the to the to

22:03

the system. That's great. We have

22:05

one more news item here before

22:07

we jump to our break and

22:10

then we have some lightning round

22:12

items. So don't skip. Don't turn

22:14

off the podcast after the break

22:16

or before the break. The last

22:18

one here, this is a set

22:20

of new changes to the go

22:22

language, the standard library, a bunch

22:25

of different things. We're all announced

22:27

just a few days ago and

22:29

these will be really beneficial to

22:31

those meetups we just talked about

22:33

over in the UK. Go and,

22:35

and also a little bit unusual,

22:38

they announce these changes on Reddit

22:40

rather than on the official blog

22:42

post. But the changes are some

22:44

new localization for our British friends

22:46

over there across the pond. The

22:48

concern is that some commands like

22:50

Go build might feel unnatural. They

22:53

aren't the way people speak. So

22:55

they've added Go and build, a

22:57

new and sub command. They've added

22:59

some spelling variations. I know it's

23:01

really painful for our British friends

23:03

to type C-O-L-O-R, so now they

23:06

can do C-O-U-R if they're using

23:08

any things like that that are

23:10

built from the center library. C'lew.

23:12

C'lew. C'lew. U.S. version. How can

23:14

we both use the same one?

23:16

You don't have you as an

23:18

alias I suppose. So the new

23:21

directive is slash go colon Lange

23:23

and then the language there. Yeah,

23:25

yeah. So you can actually localize

23:27

your your documentation. That's the point.

23:29

You're right. So go call in

23:31

Lange. Ian for the sort of

23:33

normalized English. That's probably not the

23:36

fair way to say that since

23:38

it. British came first with English,

23:40

but so then you could say

23:42

something like Acme Corp is a

23:44

company, blah blah blah. And then

23:46

if you want to do the

23:49

British version, you can do a

23:51

call in Lang, ENGB, Acme Corp

23:53

are a company, which sounds completely

23:55

weird to my ears, but I

23:57

understand that some people prefer that.

23:59

So when was this announced? Yeah,

24:01

it came on on April 1st.

24:03

No kidding. No kidding. Yeah, it

24:05

was the one of the only

24:07

April Fool's pranks that I really

24:09

like. Yeah. Good one, good one. You

24:12

almost got me. You almost got me.

24:14

I read it and I was like,

24:16

wait, what? If our show had come

24:18

out on April 1st, we probably would

24:21

have done something a lot

24:23

more elaborate ourselves, but it

24:25

didn't. So consider yourselves lucky.

24:28

Yeah, I love the quality of

24:30

life improvement in import maths.

24:32

Yes, that's the best one. The

24:35

top comment is great as well,

24:37

right? I was typing out a

24:39

long post that I really really

24:41

disagree with this. This is from

24:43

Satan's printer. Then I realized it

24:45

was April the first. Side note,

24:47

if this gets real, I stop

24:50

using go. All right, stick around.

24:52

We have a few more items

24:54

in our lighting round after a

24:56

quick break. Welcome

24:59

to our outbreak. First of all, we

25:02

want to say thanks to our patron

25:04

supporters. This show is a fun

25:06

hobby that Jonathan and I do

25:08

to learn about go and like

25:10

stay on top of things. Otherwise,

25:12

how would we know about Kullur?

25:14

Do you know that S&L sketch

25:16

where she says Kullur, Kullur? I'll

25:18

take it up for you. It's

25:20

really funny. Anyway, but it's

25:22

expensive. It takes up our time and

25:25

we pay for hosting

25:27

fees, editing fees, editing

25:29

fees. Apparently apartment submission

25:31

application fees, although that doesn't

25:34

come from the couple go fund.

25:36

But fees, fees everywhere. And the best

25:38

way to support the show and

25:40

keep it alive is to go

25:42

to patron and support us. You can

25:44

chip in for eight bucks a month and

25:46

we would really, really appreciate it.

25:48

It's just a super direct support.

25:51

We want to say hi to

25:53

our new paid member, Jess Brisson.

25:55

I hope I'm saying that correctly.

25:57

Thanks to us. We really really

25:59

appreciate it. Our little community here

26:01

is growing. I really really like it.

26:03

I like seeing like how people support

26:05

and like retain their support as well.

26:07

This is super super appreciated with 38

26:10

people in the patron, not all of

26:12

them paying, but still showing their support.

26:14

It really helps like make a dent

26:16

into these fees, which is nice. We're

26:19

still not in the black though, so

26:21

if you feel like chipping in, we

26:23

would really appreciate it. We would really

26:25

appreciate it. Find a link to the

26:27

patron and also our swag store and

26:30

also our slack channel on the Go

26:32

for Slack. You can go to couple

26:34

go. Dev. That is couple go. Dev.

26:36

You can also email us at news

26:39

at couple go. Dev. If all these

26:41

fancy shemency new communication methods are not

26:43

your thing. So thanks against Jess and

26:45

all the rest of the members. As

26:47

you probably noticed, we're on a new

26:50

schedule. How do you like it, Jonathan?

26:52

Like recording towards the end of the

26:54

end of the week. Yeah, it's nice.

26:56

My Thursdays had started to get full,

26:59

so it's nice to move something to

27:01

Friday. Although I still haven't remembered, I

27:03

made plans today, not interesting plans, plans

27:05

to get my car fixed. And then

27:08

I remembered that we had this, so

27:10

I rescheted that till Monday. Not a

27:12

big deal. It's just not second nature

27:14

for me yet. So our recording used

27:16

to be really fun when we were

27:19

both in European time zones. Then there

27:21

was a period where you moved to

27:23

the US, the US, I stayed in

27:25

Israel. That was rough because I was

27:28

like recording in the middle of the

27:30

night and free it was early morning

27:32

and we both like a very different

27:34

energy. Now we're both back on the

27:36

same time zone but we move the

27:39

recording to Fridays because I have the

27:41

microphone in San Jose but on Thursdays

27:43

I'm driving up to San Ramon to

27:45

a different office. So our episodes are

27:48

going to be Friday or Friday or

27:50

Saturday depending on like our editor schedule.

27:52

Yeah he's still in Italy so. Yeah,

27:54

it's all wonky. So we're not asking

27:56

him to adjust his schedule to accommodate

27:59

ours. Yeah, our news aren't that urgent.

28:01

But let us know. We could like

28:03

move it around the week. So if

28:05

you're liking this like episode in the

28:08

weekend, that's great. If not, let us

28:10

know. It's a new schedule and we

28:12

sort of want to hear your opinions

28:14

about it. Finally, we mentioned it at

28:16

the show, but there's a chance to

28:19

meet us. You can meet me in

28:21

the San Francisco Meetup. We're arranging. I'll

28:23

put the link in the show notes.

28:25

Actually, that would be smart, right? So

28:28

I'll put it right here. So, if

28:30

you want to meet us, there are

28:32

two places where you can do that,

28:34

like in real life. You can meet

28:36

me in San Francisco and the go

28:39

meet up that I'm arranging, organizing, apparently,

28:41

towards the back end of the year,

28:43

back end, you could meet the Jonathan

28:45

and CubCon, because it's the back end

28:48

of the, no, like somewhere October, November

28:50

that's going to be CubCon and Jonathan's

28:52

going to be there as well. That

28:54

does it for the ad break. One

28:57

last thing we could ask you is...

28:59

to leave a review and share the

29:01

show. We don't pay to advertise and

29:03

the show's been growing only on word-to-mouth.

29:05

I haven't opened the Analytics in a

29:08

while, but my CEO actually asked me,

29:10

hey, what's like, what is the listener

29:12

ship for your show? So I actually

29:14

pulled up the the Analytics and we're

29:17

like at 654 subscribers. We had a

29:19

big jump recently with almost a thousand

29:21

people downloading every episode, which is insane.

29:23

We appreciate it very much, like a

29:25

thousand people listening to my voice right

29:28

now. Oh my God, thank you so

29:30

much. Is like, are you nervous in

29:32

front of people in front of crowds?

29:34

No, I'm fine. Like I have you

29:37

to blame. So anything that's wrong, I

29:39

could be like, well, Jonathan's the actual

29:41

podcast. This is just like my first

29:43

podcast. I have a fall guy, you

29:45

know what I mean? So that's good.

29:48

If you want to see these numbers

29:50

growing like us, please leave a review

29:52

on Spotify or Apple podcast or like

29:54

wherever you listen to the podcast and

29:57

share the show with a friend or

29:59

a co-worker, then over. cast just overtook

30:01

Spotify, so I should change that

30:03

tagline on our staff. But yeah,

30:05

just share the show. We would really,

30:08

really appreciate it. Well, to the lighting

30:10

round. Lightning round. Lightning round.

30:12

Lightning round. Lightning round. Yeah,

30:15

so I guess I'll be a

30:17

coupon. I don't know. I haven't bought

30:19

my ticket yet. Whether I'm there or

30:21

not, or just hanging out for the

30:23

party or side party, whatever. I

30:26

have an item that's relevant to

30:28

people who might want to go

30:30

to Cuba. A side car party.

30:32

Yeah, there we go. So friend

30:34

of the show, listener of the

30:36

show, David MDM, shouted out a

30:38

project that he's been working on

30:41

called Yoke. The documentation

30:43

for Yoke says that it is infrastructure

30:45

as code for Kubernetes. So

30:47

if you're one of the

30:49

kinds of people who wants

30:51

to go to Kim Khan. This

30:53

might be me for you. I

30:55

haven't been using Kubernetes for a

30:58

while. Are you using Kubernetes? Shall

31:00

I? Happily, no. I've used it

31:02

in the last two companies, one

31:04

unjustifyingly, just like totally over-geniers from

31:06

the start, and in a real

31:08

company that actually needed it. And

31:10

the one that's over-engineered, we didn't

31:13

need Kubernetes anyway. We just sort

31:15

of got roped into it. But

31:17

in the other one, in Orca, like

31:19

this looks like a pretty good project.

31:21

for like packages in Kubernetes

31:23

described as code, things like

31:26

control flow test frameworks, typing, blah

31:28

blah blah, all these things. I

31:30

would try it, but just remember it's

31:32

still not version one. So it's like,

31:35

it could have breaking changes very

31:37

early. If this seems like the

31:39

sort of things you want to jump

31:41

on, it's a good chance to jump

31:43

on it. If you're working on something

31:46

similar, or if you had like this

31:48

particular problem, but I wouldn't go with

31:50

it like. for your production pipeline at

31:53

the moment. To be clear it works

31:55

with Helms, this isn't like a replacement

31:57

or... Yeah, yeah, of course. It's helm

31:59

inspired. mean? Yeah, yeah. Cool. Yeah, I'm

32:01

not using Kubernetes either. Whenever I

32:04

am again, I'll have to give this

32:06

look as well. Hoping for you that

32:08

you won't have to. It's a bit

32:10

too complicated for. I enjoy Kubernetes, but

32:12

it has to fit the problem and

32:15

it doesn't. Yeah. I don't know. I'm

32:17

not Google at the moment. One thing

32:19

I want to shut out is Princess

32:21

Beef Heavy Industries. As I come out

32:23

with a banger in February and somehow

32:26

I missed it. There's static mocking

32:28

mocking in wiretap. If all the

32:30

words I said right now didn't make

32:32

sense, go back and listen to our

32:34

interview with Dave Shaneley about Princess Beef

32:37

Heavy Industries, but there's a

32:39

tool called wiretap. It's an API tool

32:41

that allows you to validate API requests

32:43

and responses that make sure that's

32:45

compliant with the schema and like

32:48

a development server so you can

32:50

test APIs and some diagnostic to

32:52

debug API requests and responses.

32:55

And it's beeping awesome. It's really, really,

32:57

really good. I love this tool and it

32:59

now has static mocking. So basically it

33:02

does what wire mock does. So if you

33:04

use wire mock to like, you know,

33:06

put in responses like test responses

33:08

for your local development servers, now

33:10

you can just do it with

33:12

wiretap. You get all the benefits

33:14

of wiretap and get rid of wire mock,

33:17

just super great. There actually have

33:19

been four minor releases since then with

33:21

a lot of fixes and things like

33:23

that. This is pretty stable at

33:25

this point. I just, we just like

33:27

missed it. on the on the backlog but

33:30

really really cool release they've

33:32

keep in common you go to

33:34

PlayStation I had every generation until

33:36

five so you've had one through

33:39

four yes and one is the best

33:41

one but two was pretty good as

33:43

well two was pretty good as well

33:45

two was my first one and I've

33:47

had a three and I had a

33:49

four I don't have any of them

33:51

anymore I got a steam deck and

33:53

gave away my PlayStation four before I

33:56

left Europe You can now

33:58

run go on the PlayStation 2.

34:00

Timely. Yes. This is actually quite

34:02

an interesting blog post. It's

34:04

simply called Go Lying on a

34:07

PlayStation 2 by Ricardo. Don't know

34:09

the last name. But he goes through

34:11

the challenge of getting Go to run

34:13

on PS2, which is, it's not just

34:15

like, oh, this is a weird piece of

34:18

hardware. It's like, Go doesn't

34:20

quite support the CPU architecture.

34:22

And there's just a lot of

34:24

weird nuance to getting this to work.

34:27

Stuff I... Obviously, I shouldn't say

34:29

obviously, but so I personally would

34:32

never bother to do because I don't

34:34

need go to run on my PlayStation

34:36

too that I don't have anymore. But

34:38

it's really interesting read. If you

34:40

like sort of legacy code hacking

34:43

stuff, you'll enjoy this a lot. So

34:45

we'll have a link. Legacy. It's

34:47

only 25 years old. That is super

34:49

cool. I love this like low level

34:51

nonsense stuff and dealing with like

34:54

old hardware. Generally, the PS2

34:56

aesthetic is pretty good, right? This

34:58

is not useful for anything though,

35:00

right? It's just for fun. I

35:02

think so. I mean, in principle, I

35:05

suppose you could run a web server

35:07

or a web proxy with go one

35:09

point 24 to at least safely on

35:11

your PlayStation 2, but yeah, I think

35:13

it's it's for obvious. I love the

35:16

go build directive, by the way slash

35:18

go colon build PS2. You need

35:20

to have go and build added

35:22

for this. One final item for

35:24

the lighting round. Go Zero reaches

35:27

30,000 get-up stars. I never

35:29

heard of it. Have you heard

35:31

of Go Zero? No. So it

35:33

just shows to show you that

35:35

there are cultural and like country

35:37

differences even in the software world.

35:39

It's a super ubiquitous... microservices framework

35:42

with a CLI tool that actually

35:44

looks pretty good and is very

35:46

productive includes API gateway with a

35:48

ton of features and services with

35:50

a ton of features like authorization

35:52

interservices cash control stats monitoring timeout

35:54

control circuit breakers tracing blah blah

35:56

blah is just Chinese that's why

35:58

I haven't heard of it. But

36:00

it's used by a ton of

36:02

logos here that are all Chinese

36:04

companies. I have no idea if

36:06

these are like huge companies that

36:09

employ thousands of developers or like

36:11

I have no idea. It seems

36:13

like Lenovo China is there and Indo

36:15

Chat which I've heard the name of

36:17

and 33.cN which I heard the name

36:20

of but like I don't know a

36:22

lot about the Chinese market. but it

36:24

has 30,000 stars, which is pretty

36:26

cool. You know, has support for

36:28

cashes and DBs and blah blah.

36:31

Seems very productive. Like if I

36:33

had to implement a V2 of

36:35

a microservice architecture at like a

36:38

bigish company, I would definitely give this

36:40

a look. Seems pretty cool. And

36:42

it reached a pretty high milestone

36:44

of like stars and forks. It

36:46

seems very popular as well. Go

36:48

dash zero. If that sounds relevant

36:51

to you, go check it up.

36:53

Program Exited. Program Exited. We will

36:55

see how we do the episode

36:57

next week since it's Passover, but

37:00

we will definitely fit it

37:02

somewhere on the schedule. Program

37:04

Exited, everybody.