Subscribe
Share
Share
Embed
- 🔐 Go 1.26.1 and Go 1.25.8 pre-announcement
- 🇮🇹 GoLab 2026, Nov 1-3 @ Bologna, Italy
- CFP Open through Apr 13
- ➖ Proposal: change go mod init default go directive back to 1.N
- ✔️ Accepted: generic methods for Go
- We talked about it in E143
- 📵 Blog: Turn Dependabot Off by Filippo Valsorda
- ⚡️ Lightning Round
Creators and Guests
What is Cup o' Go?
Stay up to date with the Go community in about 15 minutes per week
This is Cup o'Go for 02/27/2026. Keep up to date with the important happenings in the Go community in about twenty minutes per week. I'm Shay Nehmad. And I'm Jonathan Hall. And I forgot to say it at the top of the show, so this show is supported by you.
Shay Nehmad:Stick around till the air break to hear more about that. How are you doing?
Jonathan Hall:Hey. I'm good. My wife just got a job offer. We're getting ready to buy a new car, so we have two of them. How do go?
Shay Nehmad:So American.
Jonathan Hall:Yeah. We need it here. We live in the middle of nowhere. So
Shay Nehmad:I actually am I'm holding on so hard to having only one car. Israeli listeners who listen are like, what the hell are you talking about? But I tell you, after I moved here, it's very different. All the Europeans are like, what do you mean? What do you need the car for?
Shay Nehmad:You just
Jonathan Hall:One of the things I was looking for when we moved to The Netherlands was to not own a car, and we didn't own a car for the first year or so we were there. Then once we did buy a car, we used it once or twice a week at best. So, we use it daily now. And once my wife has a job, it'll be two days in the office in Atlanta, so that'll be she'll be commuting to work twice a week. We'll need two cars.
Shay Nehmad:I yesterday, I POC'd the new way to commute, took the train, Caltrain. So I biked to the train and then put my bike on the train and then got to San Francisco and biked off. And the entire way, I was talking to someone about Go. It was so cool. Someone from Airtable, they don't use Go there, they use TypeScript apparently.
Shay Nehmad:But I made a new Go Friend on the train. So if you're listening, Aaron, this is my podcast. Hey. Ostensibly, we talk about Go news, so let's talk about some Go news.
Jonathan Hall:Oh, that's a good idea.
Shay Nehmad:First up, we're just giving you a heads up that probably next week, one twenty six point one and one twenty five point eight are gonna have some security releases next week, Tuesday. So we don't know what those are yet. Four private CVEs, so we'll report next week. We promise to follow-up.
Jonathan Hall:Awesome. So security. Next week, we'll talk about that. Next up, GoLab is coming back in Italy. Bologna?
Jonathan Hall:Is that how you pronounce that word? Coming November, and the call for papers is open or call for proposals, I guess, until April 13. So if you want to be in Italy and wanna talk about Go, check out the show notes for the link or Google for it to find out how to submit your proposal to the GoLab conference.
Shay Nehmad:The common American pronunciation of the lunch meat Bologna is baloney.
Jonathan Hall:Yeah. So but I don't know. Is that how you pronounce that? Don't know how that's supposed to be pronounced in English.
Shay Nehmad:Yeah. That seems not like how you say it.
Jonathan Hall:Is it Bolognese, Italy? Because that that that sounds insulting, honestly.
Shay Nehmad:Bologna. Bologna. If you're
Jonathan Hall:an Italian or you speak Italian, let us know how this is is pronounced.
Shay Nehmad:What's up with this conference?
Jonathan Hall:It looks so good. So I haven't been to Golab before, although I had a friend at the Amsterdam Go meetup who presented there a couple years ago. Yeah. Don't don't really have any firsthand experience to share.
Shay Nehmad:It looks really good. I think last year their their website was I I really liked it as well. It's a funny thing to notice in a in a mostly back end language, but, yeah, it it looks good. Rust Lab twenty twenty six will happen on the same date. You know?
Shay Nehmad:You could you could maybe dance on both weddings sort of situation. Do one day at the Go conference, one day at the Rust conference. That sounds like a good way to spend your time, honestly, in Italy.
Jonathan Hall:Mhmm.
Shay Nehmad:Their talks that they're looking for are, like, forty five minute sessions and workshops as well. They can be three or six hours long, more like a practical case study in an interactive format. And I have a question about a workshop. Like six years ago, you know, I would go to a workshop three years ago, would go to a workshop, no problem. Right?
Shay Nehmad:Mhmm. Makes sense. Everybody opens their ID and codes together with the speaker. But what do you do in a workshop now? Just everybody looks at a Claude terminal for six hours?
Shay Nehmad:Like, what do you do? Honestly, I'm trying to figure it out, right? Because you could code, encode something in the workshop into a skill and just have Claude do it. I know the whole point is not to do it than to learn. Right.
Shay Nehmad:But don't you think that someone in the audience will just have Claude open with the voice mode and it will, like, automatically can you, like, have Claude attend a workshop and then synthesize it into a skill? Like, what are we doing?
Jonathan Hall:So I've I've I've been wondering about that in a broader sense of just, like, language programming courses and stuff like that. And even, like I I so I I wanna get back into the the live streaming by my live coding, But I'm like, I use Cloud now. Like, it would be boring to watch that, I think. It's not the same as it used to be. So I don't I don't even know.
Jonathan Hall:The whole thing has changed.
Shay Nehmad:Watching a compiler go in.
Jonathan Hall:Yeah. Does somebody wanna watch me Cloud code stuff? And and if so, is that even valuable? I mean, maybe it's interesting in the sort of, like, watching a train wreck sense or or or watching gamers but online or is it is it educational? I I don't know.
Shay Nehmad:Me neither. And the conference is, like, a while from now. Right? Is it happening? By November?
Shay Nehmad:Oh my god. Who knows what will happen by November?
Jonathan Hall:We'll have Opus twenty five out by then.
Shay Nehmad:I I I just wanna state, I'm not one of these doomers who's like, oh, there's no point in coding. Just yesterday, like, me and a coworker worked and Claude just misled us and I had to fix it, and I had to just actually read the code and think about it for a second. Even on low level coding stuff, I'm not even talking about the fact that, you know, you need a lot of context to get stuff done. But still, like, I don't know, I would feel kind of weird doing a six hour workshop on a very technical subject. Mhmm.
Shay Nehmad:Although I have some good ones, but in November, I don't know. If you have a good one, then then you should submit it to Go Live. And you're in Italy at the same time.
Jonathan Hall:So I I I saw a Charming, blog post. You wanna tell us about it?
Shay Nehmad:Nice. Nice. So you know Charm. They make cool stuff in the command line.
Jonathan Hall:Like, TUI stuff mostly. Right? Or is it is it true command line?
Shay Nehmad:I think it's considered terminal UI. They have all all these elements. I use Gum all the time, which is really nice.
Jonathan Hall:All right.
Shay Nehmad:Which is just for shell scripts. But it's all like building on top of another. They have like a physics based animation toolkit for the terminal and a little logger for the terminal, a markdown renderer, and SSH apps, and a style thing called lip gloss, and the form thing, and a and a user interface, like, infrastructure thing. It's a lot of stuff. I think their main product right now is called Crush, which is like a term talking about Claude, it's sort of a Claude code thing.
Shay Nehmad:It's like a terminal UI agentic coder. It's called Glamorous the description is Glamorous agentic coding for all. Yeah. It's it it that's what this company does. And in one fell swoop, they released all of their things in version two.
Shay Nehmad:Bubble Tea and Lip Gloss and Bubbles are all v twos now.
Jonathan Hall:Do you know did they actually implement breaking changes to justify that, or was this just a branding decision? Or, you know, why a V2 suddenly, and why all at the same time?
Shay Nehmad:So first of all, this is a breaking change. You do need an upgrade. It's very clear what sort of thing they believe in because the upgrade guide is like, you have a page called what's new, and they say that's for humans, and then they have a link called upgrade guide, which is for LLMs. So I think they expect you to go through this, like, migration checklist where you have to, you know, change view string to view type t view and replace t dot key message with t dot key press message. It's like a proper migration, so it's definitely a breaking change.
Shay Nehmad:And the way it's written, it seems like it's written for either a very, very pedantic person or a coding agent that needs to go through it. Why did they make this new release? So it's not just marketing. Although I do think, you know, they they do use it as a marketing opportunity, which is good.
Jonathan Hall:Of course.
Shay Nehmad:Yeah. Generally, their their belief is AI agents moved into the terminal, and suddenly the terminal is the most powerful way to interface with the operating system. I don't know. This is not news for me, but
Jonathan Hall:Suddenly, like, that's been true since before the GUI existed.
Shay Nehmad:But okay. I think it's a pendulum, right? People use the terminal and they're like, Oh, we should make GUI application. And then GUI applications I
Jonathan Hall:suppose I wouldn't wanna do image editing with a with a CLI.
Shay Nehmad:Yeah. What do you mean? You have FFmpeg. What's the problem? No.
Jonathan Hall:Have ImageMagick. What do I need? What else
Shay Nehmad:do every single flag. Yeah. Anyway, what they what they say is they changed the internal renderer because the terminal now needs to do a lot of things. So rendering is faster. What they say is for applications running over SSH, your changes are monetarily quantifiable, which I like as an approach.
Shay Nehmad:And they do more stuff. You can, do clipboard transfer over SSH. You can do inline images, which is super nice. So, you know, it's like they're they're taking full advantage of things, the terminal can do. So that's the version two.
Shay Nehmad:If you used any of the, like, either Bubble Tea, Lip Gloss, or Bubbles, so, like, the lower level, like, implementation libraries of, Charm, then you need to upgrade. If you use the apps like Pop, which is their email terminal thing, or, you know, Mods, which is their AI in the terminal thing, Wishlist or VHS or SoftServe, like all the or Glow or Skate, they have so many things going on over there, then, yeah, you need, you you don't need to upgrade. Their apps will just, like, work for you. And I'm I don't know. That sort of reminded me that at some point I wanted to try out Crush.
Shay Nehmad:I might I might just try it, like, today and let you know what I think next week.
Jonathan Hall:Yeah. That'd be awesome.
Shay Nehmad:I'm I'm very heavily into cloud right now, so Yeah. It'd be interesting to see what the competition offers. Although the main thing, like, it's mostly changing my workflow. Like, the the the specific terminal thing I'm using doesn't super matter. But, if it's in Go, I'm willing to try it for sure.
Jonathan Hall:Alright.
Shay Nehmad:So a v two for the upgrade. A v sorry. A v two for the terminal or at least some parts of it.
Jonathan Hall:Speaking of version numbers.
Shay Nehmad:Oh, nice. Was
Jonathan Hall:it last week or two weeks ago? I can't remember that we talked about
Shay Nehmad:It was minus one or minus two? Yeah. Is that what you were just asking?
Jonathan Hall:Exactly. Yeah. Was it episode minus episode dot n minus one or minus two? We talked about GoMod init changes that were introduced in 01/1926. So if you do GoMod init and actually, we talked about I know I remember now.
Jonathan Hall:We talked about it both of the previous two episodes because I made a mistake in how I described it two episodes ago, corrected it last episode. So the new feature is that go mod init will now init a new module to the previous version of Go. So if you're using 1.26, it will init to 1.25. This has upset a few people. Highlights, there's a new proposal now to change it back to the old behavior.
Jonathan Hall:Highlights that I'll just call out and maybe you have something to add. It never went through a proposal process, apparently, so there wasn't really this community opportunity to comment on it and, you know, hash it out. It just kinda happened and kinda sprung on the community as a
Shay Nehmad:surprise us. How did it happen how did it happen if it didn't go through the proposal process?
Jonathan Hall:I'm not sure. I've but a lot of things, I think, do that. Most of them are noncontroversial, so it doesn't matter. Okay. I I I I don't know.
Jonathan Hall:This is my guess. The GO team has control over the GO project, and they can implement things that make sense. And the proposal process is a way for the community to get involved. So if it's something internal to the GO team and they don't think it's gonna be controversial, they may not do that. I don't think there was anybody trying to pull the wool over anyone's eyes.
Jonathan Hall:It was there was no ill intent here. It seemed like a pretty obvious quick win, I think, to to the people who did it, and it got some surprising backlash. I guess from you included, right, you didn't like the the new the new feature.
Shay Nehmad:Backlash is a strong word. I didn't like it. Yeah. Like, I would I would have to remember to upgrade every time I ran Go mod in it. Yeah.
Shay Nehmad:How often do I run Go mod in it? You know? Come
Jonathan Hall:on. Yeah. I mean, I only do it two or three times a day, so it's not that big of a deal.
Shay Nehmad:Anyway. Do three times a day? What the hell? Just keep giving up on projects.
Jonathan Hall:It looks like the consensus on the conversation here is towards a revert with a small change, and that is that when you make when you do go modern, it'll probably display something on the console saying, you initialize this with Go version X, be aware of the consequences of doing that. So people who are unintentionally creating modules with versions that are too new will at least have some visual reminder to consider changing that if they want to. Seems to me like a fair compromise. I don't don't don't know. I I could go either way on this one.
Jonathan Hall:I don't have a strong opinion.
Shay Nehmad:What I liked is that now that the consensus seems to be let's change it back, they're like, okay, let's do it super fast. Let's release it in the next version and just forget this ever happened. Put it behind us.
Jonathan Hall:I guess this isn't the compatibility issue. Right? Because, you know, it's So not part of it's just tooling. And it it doesn't even break tooling compatibility, so it's a pretty easy thing to revert if they choose to do that.
Shay Nehmad:Well, I guess next week, we'll update on the update on the update, on the fix, on the update. Yeah. Final thing we wanna mention this week in the news section at least is a really good blog post from a friend of the show, Filippo. Filippo was here when wow. That was so long ago.
Shay Nehmad:Right? Now that now suddenly, I'm about to say it. I'm I don't even remember. Was it two years ago?
Jonathan Hall:No. Really? It was 03/08/2024, almost exactly two years ago.
Shay Nehmad:I have a good sense of time. I have a good internal clock. And here's the snippet from that interview.
Filippo Valsorda:Hi, everyone. So I'm Filippo Valsorda. I've been, maintaining the Go cryptography standard library since 2018. I've done that first, at Google, as the lead of the Go security team, and these days, I'm doing it as a independent independent open source maintainer.
Shay Nehmad:Anyway, so Filippo put out a really good blog post called Turn Dependabot Off. And I'll start by saying, I use Dependabot and I have to use it, and I have an SLA for looking at alerts, it pops up, to fulfill my, like, legal obligations to my customers.
Jonathan Hall:Aren't you in a in a leadership role? Can't you change your SLAs?
Shay Nehmad:I'm like, no. It's the SLA is from SOC two. It's like just a legal thing.
Jonathan Hall:Right? Take care of us specifically Dependabot.
Shay Nehmad:The compliance is sort of just vague enough, but what it says is if it's you have to have something that pops up security issues. Okay. And based on their severity, you have X time to answer, and we will measure it. And sorry, and you have to measure it, and when the auditors come, you have to prove that you're doing it. And you know what?
Shay Nehmad:Like, that is actually
Jonathan Hall:good. Yeah. I don't have a problem with that.
Shay Nehmad:Yeah. However, Dependabot specifically pisses me off. I use it with, PnPM, and PnPM itself has, security vulnerabilities as well, so I have to keep that stuff updated. Dependable doesn't support the latest versions of PNPM. So I end up like having to getting alerts from Dependable, but even having to fix them manually.
Shay Nehmad:And a lot of them are not correct. A lot of them are like, oh, you know, this dev server that you're using that's not even in your production thing, that's just happening when you run a linter, that has a medium level severity. And then I have to like, you know what I mean, just dismiss it, spend some time, spend some effort. Only have so much effort during the day. So my general consensus when I look at this stuff is is toil that you have to do and you have to take it seriously because sometimes it does pull up serious things.
Shay Nehmad:It creates a lot of noise, which was why I was so happy to see this blog post from Filippo starting with the words turn Dependabot off. Dependabot is a noise machine. I highly recommend reading it. It's not that long. But if you use Go, Filippo has a offer here for a better dependency vulnerability management process, like supply chain security process, which takes into consideration the concept of reachability.
Shay Nehmad:What does that mean, Jonathan? What does reachability mean?
Jonathan Hall:Just because a package and and he uses his own his own package as an example. Right? Just because a package has a security vulnerability, it doesn't mean that your code executes that code. Exactly. And so so this this particular vulnerability in fact, I've I've seen Dependabot trigger this on some of my own projects, and I've just ignored it now that I you know, for the time since I read his blog post.
Jonathan Hall:Yeah. So he provided a security fix for an obscure function that almost nobody uses and a feature that almost nobody uses,
Shay Nehmad:but that triggers Even a type within that function, if you call it, it's not necessarily relevant to you. It's not necessarily reachable.
Jonathan Hall:So it's this very obscure corner case in in obscure code that virtually nobody uses, but it's now more correct. But it depends about what have you believe. Oh my gosh. All my all my SSH keys are are are unsecure now or, you know, effectively.
Shay Nehmad:And, you know, obviously, our show doesn't have or me personally, I don't have anything against GitHub specifically. There are a lot of security scanners that do the same thing. Right. However, Filippo points out there's one that doesn't, GoVonCheck. So GoVonCheck does take reachability into consideration.
Shay Nehmad:And if you run GoVonCheck instead, you'll get a a silent report. Also important to know that the package he's talking about with that obscure function, is imported by MySQL. So, like, a ton of people, like thousands of PRs have been opened. Again, even though in reality, MySQL doesn't call it. So obviously, transitively, you don't call it as well, and you don't import it directly, so you have no way to call this function, basically.
Shay Nehmad:So it's a totally useless PR, a lot of noise. I'm wondering how did we get here? That's like maybe a bit of a philosophical discussion. Like someone in the GitHub organization has a KPI to create. Has an SLA.
Shay Nehmad:Once a thing has been released, you have to give it a CV score and you have to open the PRs as fast as possible, blah blah blah. But generally, I think a very sensible advice. If you use Go, you can use a GoVonCheck instead. And he literally puts the entire Go, not Go, the entire GitHub action thing you need. So you can just copy paste it from his blog post, which is super nice.
Shay Nehmad:Just a very good blog post. Also, he recommends testing against latest instead of updating, which is another great piece of advice, which means every night, test everything against the latest dependencies, but don't upgrade them. Just make sure that they all work. And then, you know
Jonathan Hall:No. By latest, you mean the latest GoVonCheck or or something else?
Shay Nehmad:Just the latest version of all your libraries.
Jonathan Hall:Oh, I see. Got it.
Shay Nehmad:Just always test against the latest version of all your libraries, but release them when you want to.
Jonathan Hall:So it sort of does like a go a go, get dot slash dot dot dot to update everything, make sure test still pass.
Shay Nehmad:Exactly. Go get minus u minus t dot slash dot dot dot, and then go test everything. Get the benefit of testing the updating updated dependencies, but without by running CI against them, but without actually updating them. You get alerted quickly of any potential issues, but you don't have to pay attention to, like, uninteresting updates, Defer the, like, big update to whenever fits you. And finally, it's a lot safer.
Shay Nehmad:If there is a supply chain attack, the way he calls it, which I liked it, is it has a short half life. I would maybe say it has a short shelf life. But generally, you know, once there's a supply chain attack, if it's in a widespread dependency that you also use, someone will wise up to it at some point, then they'll revert that old version. Like, if you always update to the latest versions of everything, you are certain to, at some point, include the supply chain to take a new code. But if you just, like, wait and upgrade all of them at once and, you know, you just grab the, like, one week before, but you know that worked because one week before your CI passed, you're still on relatively latest versions of everything.
Shay Nehmad:Maybe not the latest latest, but also you're a lot safer from supply chain attack. And he even suggested using stuff like, which I wasn't aware of, sandbox step. So, you know, you can even even if the you're worried about the the latest dependencies doing weird stuff in your CI, you can use Sandbox Step to make sure they don't have a lot of permissions. Super useful. I love this blog post.
Shay Nehmad:Great job, Filippo. And honestly, I wish I used Go so I can, take this advice, but I'm gonna take the second part because the second part is relevant to any stack of testing again instead of updating. I'll I'll do that, like, very soon, maybe even today. It's Friday, so I don't know if I wanna mess up with CI. Maybe next week.
Jonathan Hall:Alright. One last quick mention before we move on to our break and a quick lightning round. We talked a few weeks ago about generic methods. That proposal has been accepted. So look for those coming in Bill one twenty seven.
Shay Nehmad:Yeah. We talked about it in the live episode. That was a lot of fun. Yeah.
Jonathan Hall:Yeah. Yeah. So, yes, we do have generic functions, but we have not had generic methods yet. Now let's let let me clarify. At at the moment, you can have a generic meth you can have a a method on a generic type.
Jonathan Hall:That's possible today. You cannot have a generic method. That is to say, cannot have a type parameter in the method definition. And the reason for that historically has been that the view of the Go team was that the reason to have methods is to satisfy interfaces. That's an important thing to to remember here.
Jonathan Hall:Right?
Shay Nehmad:Yeah. So you explained it then. I have to admit I still don't fully understand it now, but if people think it's a idea, that sounds good to me.
Jonathan Hall:Alright. Let's do a quick break, and then I think we have a couple lightning round items before we wrap up the show.
Shay Nehmad:As mentioned, that the not exactly the top of the show. This show is supported by you. If you wanna help us, kapago.dev. You can find all the links there. Best way to support the show is to sign up to our Patreon, and you can also share it with your coworkers, co friends, co friends.
Shay Nehmad:That's a new one. Coworkers Co friends. Co students, whatever. Yeah. We don't wanna linger too much on the ad break because people have been complaining it's getting too long.
Shay Nehmad:But we just wanna say thanks a lot for listening and talking with us on our Slack channel. I've been learning a lot from people posting there. You see the usual characters, but I also meet some new people and, you know, I love it. For example, Jeremy Foran, I think that's the first time I saw you in the channel. Maybe you talked there before.
Shay Nehmad:Great link on by the way, Filippo saying GitHub is a is GitHub Dependabot is a noise machine, made it to, like, the the clickbaity title. Did you see the clickbaity title? I loved it. Golib Maintainer, colon, GitHub's Dependabot is a Noise Machine.
Jonathan Hall:Golib Maintainer. That that's an interesting title. Sounds more impressive than I think it is.
Shay Nehmad:I mean, they they couldn't say Filippo because they would confuse them with our editor.
Jonathan Hall:That's right.
Shay Nehmad:Both same prominent figures in the Go ecosystem. Right? You can't have too many. Alright. Anyway, we just want to say thanks all for listening.
Jonathan Hall:I think one important thing to talk about, you're gonna be taking some time off, and we wanna a shout out for anybody who wants to cohost the show with me. Do you wanna tell us those dates or or is that
Shay Nehmad:Oh, yes. Yes. Yes. Thank you for reminding me. March, which is sorry.
Shay Nehmad:And which is coming up soon is Passover. And for the my plan is to fly back to visit my family in Israel and to not work too much and to not record podcasts. So it's gonna be like two weeks, March, April, where Jonathan is gonna need the different cohost. What are your requirements? My requirements are that you must use Go in production.
Shay Nehmad:Oh, wait.
Jonathan Hall:That would disqualify you, Shai.
Shay Nehmad:Hey. Hey. I'm using Go in production.
Jonathan Hall:Oh, okay. Okay.
Shay Nehmad:Go dry up. I use Go in production.
Jonathan Hall:Requirements are are few. You need to be able to speak English.
Shay Nehmad:Hate Python.
Jonathan Hall:Hate Python. You have to be able to meet with me on on a recording platform. Yeah. It's pretty simple.
Shay Nehmad:If you've never done a podcast nice microphone.
Jonathan Hall:Nice microphone helps, but it's not a deal breaker, but it's nice. Yeah. Requirements are easy. Basically, you wanna do it, let's do it. Reach out to me on Slack or email.
Jonathan Hall:You can find my email on the kapago.dev website.
Shay Nehmad:Yes. It is news@cupago.dev. News@cupago.dev.
Jonathan Hall:What was that address again? One more
Shay Nehmad:time? I know. I always say it twice. It's just how I always hear professional podcaster podcasters, like the Macaroll boys, whenever they have, like, an email or a code. You know?
Shay Nehmad:Use code da da da to get a a a discount. Once again, that's code da da da.
Jonathan Hall:Call the number on your screen now. All right. I think that's enough. Let's do a lightning round.
Shay Nehmad:Yep. Lightning round.
Jonathan Hall:First up, DataStar. The website is kind of cool. Has this like moving yeah. Starfield Star Wars style font. And anyway, Datastar is a lightweight framework for building everything from simple sites to real time collaborative web apps.
Jonathan Hall:It's not written in Go, but it's written by a Go developer. It's a front end framework. But if you look at the data or the the data. If you look at the Datastar repo, there is Go in the repo, even though the framework itself isn't written in Go because it's a JavaScript framework. But it's designed for people who need a lightweight framework, and maybe you're a back end heavy sort of developer, don't really want to learn all the bells and whistles that, you know, maybe a front end developer would do.
Jonathan Hall:Check it out, Datastar. Link in the show notes.
Shay Nehmad:I have to admit the site is very nice. You know, it this is not an SPA framework. So if you're looking to replace React Mhmm. Maybe not. Maybe not the one.
Shay Nehmad:Not the one. But if you're looking to implement something cool with reactivity, state in the right place, back end driven front end situation, it would be cool. My thing for the Lightning Round is also a neat project, Postgres parser. I'm a Postgres, Andy. You know that about me.
Shay Nehmad:I love Postgres. And apparently, there's a new Antler. Do you know what the Antler is? A n t l r? No.
Shay Nehmad:It's another tool for language recognition. So it's you can, like, write Antler parsers to parse, programming languages or file formats in various languages. I've seen it, a few times already. Also in cybersecurity, sometimes you try to parse, you know, like specific files that are malicious using Antler parsers. I've seen it around.
Shay Nehmad:It's an Antler based query parser for Go. So you can, like, extract tables, columns, joins, cities, whatever in Go if you just have a SQL string, which I find very useful because you can take SQL strings and write linters and whatever using it. You can do parse SQL and you get the command, you get the tables, the columns, the where, the join conditions, the group by, the column usage, all as like objects in Go. How cool is that? I'm like and it also works with JSONB, which is very important because I've been using JSONB a lot recently.
Shay Nehmad:It knows how to parse that. I don't know how it does that. That's crazy. But it does it. I guess if FalseCryst can parse it, it is technically parsable.
Shay Nehmad:It's possible. Yeah. Although at this point, I wouldn't be surprised if there's just a little gremlin sitting inside every Postgres server trying to understand my queries. But anyway, a very cool project. I like it a lot.
Shay Nehmad:I'm not sure when I'll use it, but I'm very happy that it's there. It's not Postgres internal server parser. It's written in Go. That's the important It's like pure Go. However, because it's not the internal server parser, there might be edge cases.
Shay Nehmad:Right? Postgres has versions and things change in versions. There might be problems. It's not exactly
Jonathan Hall:Do they change in the current version or the n minus one version or
Shay Nehmad:Oh, nice. Never mind. So Postgres Parser by ValqDB. Very cool. Awesome.
Shay Nehmad:I think that wraps up the show. I
Jonathan Hall:think it does. Thanks for listening. See you next time.
Shay Nehmad:Then don't forget if you wanna host, talk to Jonathan or just put it on the Slack channel. Program exited. Program exited. Program exited. Goodbye.