Subscribe
Share
Share
Embed
- 🪵 github.com/golang/glog fix pre-announcement
- Conferences
- 🇧🇷 GopherCon LATAM @ Florianópolis, SC, Brazil, May 5-6
- 🇩🇪 GopherCon EU @ Berlin, Germany, June 16-19
- CFP through February 23
- 🇬🇧 GopherCon UK @ London, UK, August 13-15
- CFP starts March 1
- go-safeweb
- 🦀 GoReleaser 2.5 includes Zig & Rust support
- Coming soon: GoReleaser 2.6
- 🌩️ Lightning Round
- Testing discussion
- Blog: if got, want: A Simple Way to Write Better Go Tests by Michael Lynch
- Reddit discussion
Creators & Guests
What is Cup o' Go?
Stay up to date with the Go community in about 15 minutes per week
This is Cup of Go for January 10, 2025. Keep up to date with the important happenings in the Go community about 15 minutes per week. I'm Jonathan Hall.
Shay Nehmad:And I'm Shay Nehmad.
Jonathan Hall:Hi, Shay. I heard I should be conversational, and we should talk more on this show.
Shay Nehmad:That's good. That's a non awkward way to do that. How's the weather?
Jonathan Hall:It's kinda cold here.
Shay Nehmad:We have to talk about Go because, dear listener, I have a confession to make. I spent this week doing back end with TypeScript. Traitor. Yeah. Jonathan, save me.
Shay Nehmad:Let's talk about Go a little bit.
Jonathan Hall:Well, if if we're if we're making doing confessions, I guess, I'll tell you that I've been doing a lot of front end with JavaScript lately too.
Shay Nehmad:That sounds alright. That sounds like an okay choice.
Jonathan Hall:Yeah. Yeah. Well, it's not fun.
Shay Nehmad:No. It's not. Wait. TypeScript or JavaScript? Just JavaScript.
Shay Nehmad:No types. Oh. Damn.
Jonathan Hall:In this show, we're gonna be talking about a security update that's coming out soon, bunch of conferences that you could be speaking at, some releases, and a few other things. I don't know. 124. I think those are the highlights.
Shay Nehmad:Yeah. We have, also cool blog posts that we wanted to share a new project that's coming out. It's a bit of, a a little bit of everything. And then we're gonna bike shed, after the ad break about how to write tests. Because who doesn't like to argue about that?
Jonathan Hall:I'll just skip test. That's the easy way. Mhmm.
Shay Nehmad:No tests, no failed tests, no failures in CI.
Jonathan Hall:That's right.
Shay Nehmad:That's great.
Jonathan Hall:CI can't fail if you don't have any tests.
Shay Nehmad:Yeah. The the CrowdStrike way. Just ship it. I think that's the second episode in a row where I'm shitting on CrowdStrike, but it's just, I apologize CrowdStrike people. You're all you you're doing okay.
Shay Nehmad:Security fixes. So there is a plan to issue a security fix, on Monday, January 13, which covers a specific CVE. You know, there's a preannouncement, so you don't have to upgrade yet. Just remember to upgrade on January 13th.
Jonathan Hall:So how many of our listeners do you think this, security patch is likely to to affect?
Shay Nehmad:So that's actually an interesting question because the security patch impacts a specific path of code that may or may not be executed by your own code. And this sort of reachability analysis, if you go really deep into the weeds, it's kind of hard. Right? Because even if I import this package I don't necessarily call the function that has the vulnerability and even if I call it maybe I don't call it in the right context or with the right parameters in a way that might trigger the vulnerability. So how many people does this actually affect?
Shay Nehmad:Probably a very small number. However, this package is imported by 100,000 other packages.
Jonathan Hall:Wow.
Shay Nehmad:According to, pkg.go.dev.
Jonathan Hall:That's a lot more than I would have expected, actually.
Shay Nehmad:Yeah. It's it's only presenting the the top, 20 k, so I'm I'm not even seeing, like, whether Google themselves imported somewhere, but it definitely seems like it's part of Kubernetes because it's part of someone's fork of Kubernetes, and I can't really see them changing all the log to g log in their fork. That's probably not what they did. But, yeah, it's happening through, a lot of other tools. So protobuf, gateways, SQL exporters.
Shay Nehmad:So it seems like people are not really even importing it themselves. It's just part of very basic things like, kubelet, and just code they, like, vendored or copied, or forked. Right? It's part of Vtest by PlanetScale, like, it's in a lot of things. So it's probably affecting a lot of people, which is interesting because, like, I knew it, but I I if you told me, hey.
Shay Nehmad:What's g log? I can tell you off the top of my mind. It's not like something I use. I just saw it something, like, when I learned c plus plus. So make sure to upgrade on Monday, but it's probably in one of your dependencies.
Shay Nehmad:So maybe you wanna lock your version of glog to be higher which is annoying but, yeah, maybe you should do that. Definitely the find, like, grain control over logging in the find level and evaluating arguments and things like that. Something that does matter at scale, but if your library if your project is not at scale but imports a library or a tool or uses something that was built to deal with scale, suddenly you deal with all these, like, you know, you're just building an HTTP server that serves, like, 10 users a day, but you have to upgrade dependencies that have c plus plus optimizations. It's actually written in pure go. Right?
Shay Nehmad:But the original, concept was in c plus plus for huge scale. So, yeah, upgrade on Monday, put it on your calendar. A nice way to start the week. And a cool package, and the announcements gonna come obviously on on Monday. Right?
Shay Nehmad:So we're not gonna probably have the details of the fix until then, because it's a private issue, but actually there is, a change log. It's just like go internal review, like, when I click on it, it brings me to a login page, single sign on in Google. So I assume I can't go there. Like, I assume I can't see. It's all, like, internal go links.
Shay Nehmad:So I guess we'll have to wait until the you will you can just wait until the next show. Right?
Jonathan Hall:Yeah. We'll talk about it next week. We'll tell you what actually happened.
Shay Nehmad:I'm adding, a thing to our backlog, so we don't forget. What about some conferences?
Jonathan Hall:Yeah. Let's let's talk about conferences. We haven't been following this as closely as we used to, largely because the Wiki page for the conferences is no longer a Wiki page, and it's really hard to get it updated. So, we'd have to kinda scrape our conference info from other places, but we got a few for you. The next one, coming up is gonna be in Brazil for Annapolis.
Jonathan Hall:That's, May 5 6th, go for Con LATAM. It looks like they're doing, talks in English, Spanish, and Portuguese. So that covers a pretty big portion of the the developer community, that speaks one of those three languages. So there's no excuse not to go to Brazil. I'll see you there.
Jonathan Hall:Coming up next, we have GovCon Europe. This will be in Berlin again. This will be June 16 through 19, and the CFP is still open. So you have a chance to present, there as well. CFP closes CFP stands for
Shay Nehmad:call for papers, which is funny because these are not papers anymore.
Jonathan Hall:Yeah. They're not.
Shay Nehmad:I don't think they've ever been, but
Jonathan Hall:They did call for presentation. So, actually, it says call for speakers, but
Shay Nehmad:c f CFS's.
Jonathan Hall:That makes more sense. Anyway, c f CFS, or Go for Con Berlin, is open until February 23rd. So you still have a little over a month, 1 and a half, to propose a a talk in, Berlin.
Shay Nehmad:Yeah. If you're based in Europe though, don't wait until the last minute because if your talk gets like, usually what happens is all the talk reviews, happen towards the end of the call for papers. But sometimes they can if you know someone at the review board or you can just send them an email and be, like, hey, I sent my thing early. Can you review it and let me know if it's good or not? And maybe I'll send another one if it's not good.
Shay Nehmad:That just gives you an extra chance if your talk is not a good fit for that conference because, you know, maybe the talk is great, but someone is already registered for a similar talk or something like that. That could give you an extra chance. That worked for me once in one of our Go meetups.
Jonathan Hall:And the last one, far out in the future, this is all the all the way in August 13 to 15, GovCon UK will be back in London. The CFP slash CFS is not yet open. It opens on March 1st. So we'll talk about that again in a few months to remind you.
Shay Nehmad:Yeah. It is call for papers though. When you open the the CFP page, it says the title in bold, call for papers. Yes. And they just have a cool thing of, like, sort of directing you towards which talks they're, aiming towards.
Shay Nehmad:Yeah. They have keynotes, which are 30 minutes, talk sessions which are 60 minutes, and tutorials which are a 120 minutes.
Jonathan Hall:I think I'll do the keynote. That sounds easier.
Shay Nehmad:It's yeah. Only 4 keynote sessions will be selected and 24, talk sessions will be selected. And, the and finally, tutorials which are more classroom style. So, you know, whatever, is more your type, you could take. I've definitely seen people in conferences where it's only, like, 60 minute presentations.
Shay Nehmad:People try to do a tutorial in a presentation, and even if the tutorial is great, people are, like, they don't have their laptops ready. It's not really their mindset, Or the other way around. It's like a classroom and just someone's giving a presentation. So it's cool that they, you know, have this, separation already ahead of time. And it seems like a big conference from the picture here.
Shay Nehmad:It looks like a ton of people.
Jonathan Hall:I think that is one of the bigger ones. I haven't been to it, but just based on people I've spoken to who have been there.
Shay Nehmad:Yeah. I guess, there are there are a lot of gophers in the UK. That would make sense. Cool. Talking about Google and security, I have a Hacker News, thread which I found.
Shay Nehmad:I don't do you use a Hacker News, like, as a social media?
Jonathan Hall:Occasionally. I'm not a regular visitor, but I occasionally browse or
Shay Nehmad:So I I never, like, go visit the website, but I have a Telegram feed that, like, feeds me just the titles, and then I judge the book by its cover and choose which threads to go into. And this one was interesting, go safe web. I was, like, oh, what's this? It's a pretty cool project from, Google. Again, we're really hyping up, Google stuff, this episode.
Jonathan Hall:Although the first line of the readme, it
Shay Nehmad:says. Right? Disclaimer. It's a language by Google. That's fair.
Jonathan Hall:The first line of the readme, however, says disclaimer. This is not an officially supported Google product. So, it's done by Google, but I guess you can't sue them if it breaks or or get support or whatever.
Shay Nehmad:So so let me ask you something. Google plus, was that an officially supported Google product?
Jonathan Hall:How about I believe it was. Podcast?
Shay Nehmad:How about all the rest of the killed by Google, you know, site? Do you know that thing? Google graveyard? Yeah. I fucking love that.
Shay Nehmad:Jamboard, Chromecast, Rob Cam, Keene, optimized podcast domains. Do you remember they shut down domains in 2023? That was insane.
Jonathan Hall:I'm actually surprised that Chromecast is on that list. I thought that was still going on, but I guess No.
Shay Nehmad:No. No. Just out of date. Died 5 month ago after 11 years. And YouTube stories and if you go Stadia Stadia was a heartbreaker for me.
Shay Nehmad:Man, I really thought cloud gaming was gonna be a thing. And if you go really way back, you find a lot of things.
Jonathan Hall:You remember when Google used to do search? Anyway, let's stay focused.
Shay Nehmad:Yeah. Let's stay focused. It's a non official Google product, so it's probably gonna live longer than the official ones. I guess that what what that means. But what is this project and why would you care?
Shay Nehmad:So, Jonathan, let's say, you're at work, and you're working on something that has sensitive data, and it's an HTTP server. Yeah. What do you need to do?
Jonathan Hall:Well, I wanna make sure there's some authentication, in middleware probably. I wanna make sure I'm using HTTPS.
Shay Nehmad:So so you're, like, scratching your brain right now trying to, like, dig up open the folder called security, clear out all the cobwebs. Right? Right. Because usually you have some of the smarter people like Filippo and whatever taking care of that stuff for you. Mhmm.
Shay Nehmad:Trying to remember that list. So go safe web is just a collection of libraries for writing secure by default HTTP servers. So you don't have to remember to protect yourself from all these things. So just all the security mechanisms are are applied by default. They're opt out, versus opt in.
Shay Nehmad:And if you have to do unsafe usage, it's like it's like very clear. It's very much an exception. And enforcing new security measures will be able as well through AST, like your your manipulation. So you could actually change the code after you release it, and existing users will just have either static analysis or on time monitoring to migrate in the future as well. Right?
Shay Nehmad:When new vulnerabilities and new attack patterns are detected. I think that's like the killer feature other than the fact that's a collection of good, current best practices or secure practices, I should say. They claim to be able to do sort of, like, future proofing towards future security requirements. I'm not a 100%, like, convinced by their example, but it's a good goal to aspire to. Right?
Shay Nehmad:Some security vulnerabilities they plan to address or mitigate is XSS, XSRF, CORS, TLS, iframing, authentication and access control, parsing bugs with, htp. If you remember, we had, someone on the show, I forgot his name, found a bug with, like, flooding HP a 100.
Jonathan Hall:Yeah.
Shay Nehmad:Right? So, like, sort of avoiding these things, uniform, error handling to make sure you don't accidentally leak data over error, messages, and enforcing a ton of h u p security headers that you just have to, include and do correctly with, like, an interceptor that forces you the content type options and the access protection and things like that. Just things you you if you remember to do or your framework does for you, that's great, but if you don't, you're less secure as a as a server. So a big list of really cool things. I like the approach.
Shay Nehmad:I like the idea. It's still early, so, like, I won't build production things on it. But definitely, like, looking at that list and making sure your company slash server applied everything here.
Jonathan Hall:When you say it's early, what do you mean?
Shay Nehmad:They just claim it's, this project is in early stage, and they are not accepting any contributions. So I think it's just like an internal
Jonathan Hall:Google interface. The Go mod references Go 1.16. There's at least commits 5 years old. So
Shay Nehmad:Yeah. I I don't the fact that it's old doesn't mean it's, like, it's not in early stage. I don't think it's, like, a top priority thing for Google. They just released it as a as an idea. Yeah.
Shay Nehmad:I think. And when it came out on, Hacker News, I'm not sure why someone posted it, like, what was new. Maybe they're working in, like, a different fork or something. There was a lot of interesting discussion here and the the main one was when you do all these things at the application level, that's kinda weird. Right?
Shay Nehmad:Because you almost never have your HTTP server just bare on the web. Right? Like, the first thing you would actually do in this scenario I asked you is probably set up the thing on the cloud somewhere. Right?
Jonathan Hall:Yeah. Set up a load balancer or something to to handle all of your stuff. Right?
Shay Nehmad:Yeah. And the SSL certificates, you get them from your cloud provider or whatever. So you I almost never had to do SSL in Go. Right? Because I had Nginx or ALB or whatever wrapping the thing for me.
Shay Nehmad:And then internally in my network, it was all, HEP. And even when you have mTLS between services and you have to do it, you don't, like, do cross or, like, origin things between your internal services or internal tooling and things like that. But if you do zero trust approach, super high level, things, maybe you can take a look at this project. I think it's a really good, like, stepping stone, and I'm I'm wondering if someone would pick it up in the future. But, definitely, it it does seem abandoned.
Shay Nehmad:Right? It's a large project, and it's dead. Right? Yeah.
Jonathan Hall:I mean, the last update was 3 weeks ago, and it was just updating dependencies, I guess, for some security vulnerabilities.
Shay Nehmad:Actually, opening opening the issues, the top issue is state on the read me that this project is substantially unmaintained and it seems like, it's an ex Googler or no, currently security engineer at Google, from Ilano, at least according to their, GitHub, profile that says this project is large. I think it would need more work than what's currently been done to define it as a live project. I think it's safe to say it's dead. The reason being, the only application that adopted this framework internally was written by me and has since gone in maintenance mode.
Jonathan Hall:I love the open draft pull request called, I think we're getting somewhere with generics.
Shay Nehmad:So it's an interesting concept, but it's a good thing that, this person, Roberto Clappes, has stated that this isn't actually abandoned. So it's a it's an interesting concept. If you have a security aware thing at your company, maybe take a look, but I wouldn't build on top of it. I would just take the concepts. Because each individual concept is not that hard to implement other than the promise of, like, future proof this safe this framework will forever and ever protect us from every single security vulnerability.
Shay Nehmad:I don't think that's really possible even with static analysis and run time monitoring and blah blah blah. Evolving security requirements, they, you know, they always involve evolve just to be better than the attackers. Right? And then the attackers have to evolve. That's how it always has been.
Shay Nehmad:So I think it's a cool case study. Cool. So let's talk about a a project that actually has been released and actually is useful.
Jonathan Hall:One that's clearly not abandoned. So this is Go Releaser. We talked about it on the show before. They're always adding new features. Go Releaser 2.5 was released, just before Christmas.
Jonathan Hall:And the interesting thing about this is it's no longer named properly, I guess. They added experimental support for Rust and Zig. So now it's like the Rust Sig Releaser.
Shay Nehmad:Multi language support for Go Releaser. That's super cool.
Jonathan Hall:That's pretty cool. Yeah. The other, thing I wanna mention, upcoming, I saw that just last night, Go Releaser 2.6 nightly was released, and it has a bunch of cool features that even if you are, like, hardcore, I only ever do Go for whatever reason, you might appreciate this. It has capabilities or or will once it's released essentially in the next day or 2, to automatically, I guess, announce your releases on Blue Sky, on Discord, LinkedIn, Mastodon, Mattermost, and a whole bunch of other social media websites and and and Slack and things like that. So I think that's pretty cool.
Jonathan Hall:If you wanna set up integration so that every release is automatically gets spammed out to your network, why not?
Shay Nehmad:Honestly, almost every Go Releaser thing, I've done had integration with Slack just as part of GitHub actions. Right? Once it's released and pushed, something lets, Slack know. Right? So CS's or other people who depend on the thing that was released, they can go out to their customers and say, hey, blah blah blah.
Shay Nehmad:New release, check out. So the fact that it's built into Go Releaser. I I really love how it's slowly trying to, you know, every release is eating one more piece of the, like, continuous deployment puzzle. Mhmm. Until, like, eventually, you're just gonna literally just gonna have to go run GoReleaser.
Shay Nehmad:No parameters. It's gonna take care of your entire CD for you. We just need to wait for that guy to implement his own, like, a GitHub actions runner. Right?
Jonathan Hall:Yeah. Right.
Shay Nehmad:I mean, it would be good. Go release is great, man. Super tight, always works, works fast, simple configuration. I'm I'm all for Go Releaser. At my previous, company, we used Go Releaser Pro.
Shay Nehmad:That was really good.
Jonathan Hall:Yeah. Cool.
Shay Nehmad:That's enough, long form news. We know the current generation is all hyped up because of YouTube shorts and TikTok, and you don't have attention spans anymore. So let's move to that lighting ground to feed you some of that good good dopamine you like. Lightning ground. My thing for the lighting ground is a really really really really really good blog post about how you
Jonathan Hall:How good is it?
Shay Nehmad:Really really really really really really good. You know what? That's a pretty good, question. How about you read it and I read it and then we compare our results about how much we liked it. Wait a second.
Shay Nehmad:You're asking how will we compare these results? Maybe we can benchmark them and then compare them with bench stat. Well, if you read these blog post, you know how to do that. It's Bartek. I think we talked about Bartek's, blog post in the past.
Shay Nehmad:He's the author of or something he did. I I just remembered that name. He's the author of Efficient Go, which is an O'Reilly book about writing, Efficient Go, obviously. And it's a really simple log post asking how do you compare benchmarks. So the old way was you run a benchmark, then you optimize your code, then you run a benchmark again, and then you compare the 2 benchmarks using the bench stats tool.
Shay Nehmad:And this is already valuable. Like, if you didn't know how to compare 2 benchmarks, this is the way to do it. The benchmark tool gives you a lot of, like, visibility and options about, like, how things have been improved between 2 different runs, right, of of the same benchmark and you can see like seconds per operation and the differences between the old and the new and how much the performance has increased or decreased for like, specific sub cases of your benchmark. However, that does entail running it twice and saving it to do different files. You know, you have to repeat all these steps basically.
Shay Nehmad:And in the new case that, Bartik presents here, you know, there's a new flow where you can compare efficiency across specific cases, in a more complicated benchmark with like based on the row of 1 file. So you don't have to run it, like, twice with 2 different flags or something. You just run your test once. You have to add some boilerplate to your test, but if you have something that's very benchmark ish specific, that could be really useful. I don't know.
Shay Nehmad:What's the last benchmark you wrote?
Jonathan Hall:Oh, wow. It's been a while.
Shay Nehmad:Did it have, like did you just write it to make sure that you're not going over some threshold, or did you actually try to optimize the thing?
Jonathan Hall:Usually usually, I do benchmarks when I'm comparing 2 different implementations or something to decide which one failed.
Shay Nehmad:So that would be perfect for that. You just need to add to your row, to your, like, your benchmark test, a row that says, oh, case 1, case 2, Bartik has an example here. It's all verbose. Like, it looks so ugly. I won't lie.
Shay Nehmad:It's like for case in case and then 4, like, you know, method 1, method 2, run the benchmark. And then you just run bench stat on it with minus row instead of minus new and old and you get the table comparison after one test which is really really useful. Yep. Yep. Yep.
Shay Nehmad:I love these benchmark tables, like, he's comparing protobuf, Prometheus write requests. I love that people nerd out on these details so I don't have to and Prometheus just ends up being fast. So a cool blog post, go read it if you're doing benchmarks. What do you have?
Jonathan Hall:I don't remember.
Jonathan Hall:Okay. I do remember. So I I have 2 quick picks for the lightning round. They're basically just resources that you could use to get more Go news or happenings in the Go community, if you will. First one's called Golang Nugget.
Jonathan Hall:It's a little blog that does, I think, weekly ish nuggets of Go goodness with little AI generated gophers. So who doesn't love that? Check out go like nugget.com. And the other one we've talked about on the show before is going weekly. I'm subscribed with this newsletter that I think it's put up by Arden Labs.
Jonathan Hall:They send you a weekly snippet of good news. Sometimes it makes in this podcast, so it's time for us to mention them again.
Shay Nehmad:So what's the difference between Golang Weekly and Golang Applied Weekly? Is Golang Weekly, like, unapplied?
Jonathan Hall:Yeah. Yeah. This is purely, sort of hypothetical abstract. If you want to apply your Go knowledge, then, going apply weekly is also great.
Shay Nehmad:I love that, there's enough Go news for, like, a podcast and, like, 5, newsletters, everybody with their style and take. It's actually a good thing, but we hope, you know, this show gives you, like, a specific take. And, obviously, worth mentioning, go like Applied Weekly as well, which, is maintained by our friend, Kristoff, which was on the show a long time ago. I wonder if if we pull out that episode, how old, Filippo's gonna make it sound in the edit.
Jonathan Hall:So, Si, I just got a copy of the applied Go weekly newsletter, and it has a really good article. Have you seen this this newsletter?
Jonathan Hall:Of course. I follow it. I really like the recently, I it's going to AI and stuff. Wondering who's writing it.
Jonathan Hall:Oh, wait. Yeah. I don't know. We we should find out because I mean, he just shared one of my videos and so, you know, he's not a super guy.
Jonathan Hall:That's a good day. So Yes.
Jonathan Hall:Oh, hi, Kristoff. Welcome to the show. Thanks for having me.
Shay Nehmad:And that does it for the lightning round. Let's do a quick ad break before we jump into a bike shedding discussion about Goethas.
Jonathan Hall:I can't wait.
Shay Nehmad:Welcome to our ad break. This podcast is sponsored by Blockbuster.
Jonathan Hall:I don't know how to say that.
Shay Nehmad:I thought it was sponsored by, things that were, you know, really cool in the nineties.
Jonathan Hall:Okay.
Shay Nehmad:Oh, no. Those are our listeners. Never mind. Never mind. This show is sponsored by our listeners.
Shay Nehmad:Actually, I'm wondering what's the average age of, the list like, the listener to the podcast. I might be totally off, and most people who listen are, like, 18 or something.
Jonathan Hall:Good question. I don't know. I would imagine I would imagine older than 18, but probably younger than me. I'm 45.
Shay Nehmad:Don't let me phrase this in a wrong way, but it's easier to like, I think the average is to be younger than you.
Jonathan Hall:Yeah. I think so. I think I would expect the average to be I would I would expect late twenties as an average probably. But I don't know.
Shay Nehmad:Actually, I like I love the fact that podcasts don't have great analytics because I would start obsessing over them. But just getting a slice of, all the people who listen to the show would be cool.
Jonathan Hall:Speaking of analytics, I I can hop over to YouTube and see who watches us on YouTube at least.
Shay Nehmad:Oh, that would be cool. Why don't you do that while I tell, the nice listeners about how we are actually sponsored? Because we're not sponsored by Blockbuster. We're not sponsored by anyone. This show is self supported with the beautiful Patreon members.
Shay Nehmad:If you want to join and kick a few bucks a month our way, that would be cool. We're not making any money off the show. Trust us. We're we do have to pay for, like, hosting fees and editing fees just to make this show, sound nice and be transmitted all over the world. So that helps cover that.
Shay Nehmad:While mentioning Patreon, thanks to our new member, Jose d s, for joining Patreon. Thank you. Thank you. Thank you. Obviously, all the old patrons as well.
Shay Nehmad:You're just so cool. You know, you're you're already part of the, thing. I don't have to mention your name. For that link and many others, go to cupago.dev where you can find links to our Slack channel. It's on the go for Slack, so if you're already there, you can just look up cupago.
Shay Nehmad:And if you're not into all that, you can email us at news@capago.dev. That is news@capago.dev. I always say you can email us. That address actually just goes to Jonathan.
Jonathan Hall:Yeah. But, yeah. That goes to me.
Shay Nehmad:But he lets me know when things, go through. Yeah. You can also find links in the site to past episodes with all the transcripts, all our social media links, less than go release our offers, but they are there. I don't think we have Blue Sky, Mastodon, and all that.
Jonathan Hall:We have we have Mastodon. Do we? We have.
Shay Nehmad:I'm not on Mastodon, so I wouldn't have.
Jonathan Hall:We have LinkedIn. We had Twitter, but I closed my Twitter account, and that likely closed our CupidGo account too. I'm not sure.
Shay Nehmad:I think it's still it's still kicking.
Jonathan Hall:It must still
Shay Nehmad:We need to ask Elon, I guess. Yeah. And, you know, we need to make sure that our episode have right wing enough titles so the algorithm picks them up. That would be a fun experiment. Maybe we can release an episode just named Jordan Jordan Peterson, Alex Jones.
Shay Nehmad:What are their contributions to the Go language? Also, what happens when you put the January 6th, date into the Go lang date format? That's probably gonna get picked up. Or alien it or a left wing listeners. Anyway
Jonathan Hall:Some of our listeners have just sworn us off now. I don't know which direction they're leaning politically, but they're no longer listening. For sure. Alright.
Shay Nehmad:Also, if you wanna support us and you don't wanna support us financially, that's totally fine. You can leave a review, or share this show. Setting like, spreading the word about the show is the only way it gets around. We don't pay for advertising. So leaving a review on the whatever app you're using to listen to this whether it's Spotify or Apple Podcasts or whatever or just sharing the show in your jobs like Slack channel being, like, hey.
Shay Nehmad:I heard on this show, linked to this show, that we have to do a super crazy update on Monday. Do we use g log anywhere? Does anybody know? You could sound super smart and also send some other super smart people our way. That'd be really cool.
Shay Nehmad:So Lieutenant Data, how's the YouTube, research going?
Jonathan Hall:Yeah. So not great. What I learned about our listeners on YouTube is that 54.9% of them are subscribed to our channel.
Shay Nehmad:That sounds good.
Jonathan Hall:When I go to the age and gender, tab, it says not enough demographic data to show this, report. So no idea.
Shay Nehmad:Alright. Isn't 50% really good?
Jonathan Hall:I guess so. We we we seem to have a 164 subscribers.
Shay Nehmad:Oh, that's cool. That's cool. Well, if you use YouTube
Jonathan Hall:Oh, no. I'm wrong. We have 366 subscribers.
Shay Nehmad:That's still cool. Well, I guess if you use YouTube Music for your podcast. Right? Then you would find podcasts there.
Jonathan Hall:Anyway, thanks for listening on YouTube, if if that's you.
Shay Nehmad:Yeah. Thanks for listening, in general, everybody. That's all the normal things we have to say. Go click on all the links we told you to and leave a rating and do all the things. Thank you.
Shay Nehmad:So, Jonathan, do you write Go tests? Yes. I do. Usually, when you write your tests, at some point, you wanna assert that the thing you got from the function is the thing you want. Right?
Jonathan Hall:Mhmm.
Shay Nehmad:How do you write that?
Jonathan Hall:Depends on what I'm testing. I know where you're going with this because I I looked at the the post. Mhmm. I guess I can just TLDR. I already do the thing he suggests.
Shay Nehmad:So Michael Lynch has a blog post that sort of kicked off a really, really Reddit ish thread of people, like, bike shedding about how to write tests. The TLDR of what he's saying is, don't use any third party library for assertions like testify or is or any of these, libraries. Rather, write if like go has this thing where you have an if then an expression then a semicolon and then the condition. Right? The binary condition.
Shay Nehmad:Right. This creates a scope so whatever you define in the expression is only for that if and then you can reuse the variable name and maybe more importantly, you can't use that variable outside of the scope of the if. Right? So what he's saying is do if got, want and then pass, the 2 things you wanna assert, right, semicolon, and then got is not want. Right?
Shay Nehmad:And then you always use the words got and want all over in your test. You can copy paste this pattern any anywhere, and you just put the actual unexpected value and maybe change the the t dot failed f message inside. And he says it's easy to copy paste and makes the assertions look really different from actual code because this is a pretty weird like, I've never seen if got, comma, want. Maybe I I saw it like once or twice but definitely not not as a pattern And, yeah, just gives a lot of examples in the blog post. The blog post itself, very good, but I don't super love this, how it looks.
Shay Nehmad:So I I would love to debate this with you.
Jonathan Hall:So the one nitpick I have is I always like my want before my god, and there's two reasons for that. One is I think it's more readable. Using this pattern, if your if your expression for your god is of inconsistent length, then you have to sort of scan different parts of the line to find what your want actually is. So I like to have the want first for that reason. I think it's visually easier to put that first.
Shay Nehmad:I actually before you move on, I actually do that as well, but for a totally different reason. Okay. It's because in when I learned c plus plus like in 2012, I read the twin effective c plus plus and it says always in ifs put the constant on the left because you can accidentally do if a equals b, 0, not a equals equals 0. Yeah. So that's sort of got ingrained into my, like, muscle memory, and I do it in every language, even in Go where, like, it it can't happen.
Shay Nehmad:Right?
Jonathan Hall:I also do that just because it feels right, and I never knew why it felt right. But that's it probably goes back to learning it for those reasons without realizing that those are the reasons.
Shay Nehmad:Yeah. That's like, just the cultural DNA of, people who started in, old language. Anyway, so that's the first reason. Yeah.
Jonathan Hall:The second reason I prefer want first is when I'm using a tool like cmp.diff. I think the diff is easier to read if the expected value is first and the actual value is second because then I know that pluses are extra or different and minuses are things that are missing. Flipping that around to some people, I guess, maybe like it the other way, but I feel like it's just less intuitive to read a diff where minus means that should not be there. Yeah. So that's the other reason.
Shay Nehmad:So the reason I don't like this, and this might be slightly controversial, is I know Go is a simple language and you shouldn't use something that isn't standard library for things, but, honestly, testify is great.
Jonathan Hall:I think testify is so bad.
Shay Nehmad:Or or any testify ish, library that just gives you assert equal, nil, is error, expect error, like, all these, you know, require and all these sort of testing niceties that are just a very, very simple API that looks really, really good. Is equal, is true, is nowhere, is fail. Yeah.
Jonathan Hall:I I disagree with most of that.
Shay Nehmad:Like, you don't think it looks good? Or I don't
Jonathan Hall:think it looks good. I think it's hard to read. And and there's 2 parts of that. First, the testify API is inconsistent, and that's what I hate most about testify. Like, in some cases, the want comes first.
Jonathan Hall:Like, it's it's usually always want is first, but sometimes it's want the second or some I don't remember. It's been a long time since I looked at this. So there's a few inconsistencies, and I and I think the current maintainers has acknowledged that but won't change it because they don't wanna bother with v 2. And, you know, I respect that. But more important, if it's a simple one, it's like if assert.
Jonathan Hall:Equals, that's simple enough. It's easy to understand. But it's also really easy just to write if god equals want. You know, it it doesn't really buy any readability. And then when you get when you get to the bigger, longer ones, you know, assert contains like or something like that, then I don't even know what it's doing.
Jonathan Hall:And I have to actually go either read the documentation or read the code to understand what it's doing in the 1st place when I get some weird error. I'd rather just look at Go code. I don't want to have to go have to I want that assertion directly in my code, so I know what's happening. I don't want to have to go read out the code somewhere else. So I've I've never found a case where I want to search the library and go, I often remove it when I'm working on a project where I have that that sort of power.
Shay Nehmad:There's a comment here on Reddit that I I really liked where someone said I like, basically, my opinion. Right? I don't like this style as after hundreds of assertions, this starts to get very verbose and repetitive. Is and go CMP mostly does fine for me. An assertion shouldn't take more than one line in my opinion.
Shay Nehmad:That's crowdy river on, on, Reddit. That's an okay ish opinion. Right? That's basically what I'm saying. The response here is just so Reddit.
Shay Nehmad:It's incredible. Classic double thing. This is my Redditor voice. Right? In my imagination, I'm like taking off my fedora.
Shay Nehmad:Right? Classic double thing. Gophers in regular code. The verbose it is worth it because blah blah blah. Gophers in test code, we need DSLs that reinvent the language poorly like testify.
Shay Nehmad:Now I'd I'm not trying to paint you into the Reddit or, it's just the the way you phrased it. A person needs to go touch grass for a second.
Jonathan Hall:My response to to that would actually be more nuanced. That is if the tests are too repetitive or difficult to read, then they need to be refactored just as normal code that's too repetitive or too difficult to read needs to be refactored. So tests or code treat them as such, and then I don't think you need the assertion libraries anymore either.
Shay Nehmad:Yeah. The only thing I think you would use is cmp equal for structured data. Right? Because you don't want Yeah.
Jonathan Hall:I use cmp diff for for structured data usually. Yeah. And I also don't understand this assertion shouldn't take more than one line. I I guess that just they don't like the three lines of if x equals y, then t dot fatal, that they feel like there's too many lines.
Shay Nehmad:Yeah. That it's I think it's a reasonable thing to say, I'm gonna write a a 100 tests, and each test is gonna have 10 assertions, in the next, like, year, making it shorter and easier to read, in my opinion, or in this personal opinion is interesting. I like that. I like the justifications that people come up with in this, thread. Like, Google uses this, like, sort of, you know, going to Google code as authority, maybe.
Shay Nehmad:But I I I'll just say to sort of round on my opinion is that, yes, testify is annoying because of the fact that's the things are not aligned. Right? Sometimes it's got one, sometimes it's one got. That's really annoying. There are others.
Shay Nehmad:I think there's is, which is nice. But, generally, you know, the style guide is let's not do assertion libraries, because it just causes less useful, you know, failure messages, etcetera, etcetera. And, generally, the the Google style guide says that they do not use they do not provide useful failure messages in the context because you have, like, the the stack of assert.nil or whatever in the in the call stack or in the result. So they're basically saying write your tests, write your assertions yourself. Don't don't bring in assertion library.
Shay Nehmad:You're sort of sharing your opinion, I guess.
Jonathan Hall:So you you made a point about, readability, which reminds me of a conversation I had on LinkedIn, of all places, recently, about code readability. And you you said that you like the the shorter assertions for for greater readability. Of course, readability is a very subjective concept. If you're fluent with testify, then many of those assertions will be readable to you. If you're fluent with is or with, JUnit or whatever, you know, then you'll you're gonna find those certain idioms to be readable.
Jonathan Hall:I think that the most readable for most people, which is which is what the conversation was about on LinkedIn, is that, you know, the the reason I prefer Go isn't, the reason we were talking specifically about the verbosity of error handling in Go on this thread. I said, you know, I I like the verbosity of error handling in Go because it's more readable for more people. You know, it's it's pretty clear exactly what's going on to anybody who who has the the basic understanding of any programming language. That's not to say that it's the most readable for everybody. You know, once you're fluent in Go, then something else like Rust's question mark, syntax might be more readable for you, but that's not more readable for everybody.
Jonathan Hall:And so I think it's a similar argument here. Certainly, assert.equal or whatever might be more readable for certain people, but it's going to be, if you're trying to appeal to the masses, so to speak, or to everybody, the standard library is gonna be the most readable, I believe, in the vast majority of cases. And that and that's not to say that you should appeal try to appeal to everybody. You know, if your team is is completely content with us you'll testify or whatever, and you all find it readable and you're happy to onboard new developers to to that standard, of course, you know, that's your choice. So I'm not trying to make a judgment call.
Jonathan Hall:I'm just trying to trying to explain my view on that.
Shay Nehmad:Yeah. The the author actually responded here and said he understands both perspective perspectives, and it's a close call. So I think that's, like, the best way to summarize this discussion. Doesn't super matter. Like, at the end of the day, there are things in, like, about test cleanliness that are way, way, way more important.
Shay Nehmad:Like, how do you set up your data, and do you have shared variables, and, like, these sorts of things. Is your test flaky is a 100 times more important than this, like, new pattern. I think the title is a bit clickbaity which is why people got, angry about it. A simple way to write better Go tests and then people are like, wait, better than my tests? But, yeah, I think, like, Michael's opinion here is wholly valid.
Shay Nehmad:Although, I might be lazy and reach to testify again, next time I have to do a thing.
Jonathan Hall:Alright. Cool. Cool. Cool.
Shay Nehmad:So And write tests.
Jonathan Hall:I think that's the conclusion. Right? Write your tests.
Shay Nehmad:Definitely write them. Don't don't have AI write them. That would be crazy.
Jonathan Hall:Speaking of AI, I found great success having Copilot rewrite my tests, from, one framework to another. We had a bunch of tests written in Convey, which I think is terrible. It's much it's much more than a search library. It tries to, like, take over everything about your test. It does BDD or something.
Jonathan Hall:Right? It's it's I think it's not even that. Like, maybe they tries to, but I don't know. It's weird. But I I used it.
Jonathan Hall:I I had been, like, slowly hammering away at converting convey test to standard standard test. One is and I can see if Copilot can help you with this. I I knocked out probably 200, 200 tests, in in an afternoon. So so switched over. It was felt so much better.
Shay Nehmad:Cool. Well, I guess I know what you're answering about using AI in the next survey. Lowering the usage of third party libraries and subscribing to the standard library. There we go. I'm sure they'll like that answer there in the Go team.
Jonathan Hall:I think that's a show.
Shay Nehmad:Thank you for listening, everybody. Program exited. Bye bye.