- 🛡️ Go 1.24.2 and Go 1.23.8 are released
- Accepted: structured output for test attributes
- Interview with Daniel Nephin in Episode 5
- Meetups
- 🇬🇧 Birmingham, UK, April 17
- 🇬🇧 Manchester Gophers new web site
- 🇺🇸 Go Meetup w/ Shy @ San Francisco, May 28
- 🫚 Go Blog: Traversal-resistant file APIs by Damien Neil
- 🇬🇧 Go Introduces Exciting New Localization Features (April Fools)
- Lightning Round
- Yoke — Infrastructure-as-Code (IaC) Package Deployer for Kubernetes
- wiretap v0.4.0 with static mocking
- Interview with quobix in Episode 55
- 🎮 Golang on the PlayStation 2 by Ricardo
- 0️⃣ go-zero Reaches 30k GitHub Stars!
Creators & Guests
What is Cup o' Go?
Stay up to date with the Go community in about 15 minutes per week
This show was supported by you, Artisaner. Stick around to live for the news to hear some more about that. This is Cup and Go for Friday, 04/04/2025. Keep up to date with the important happenings in the Go community in about fifteen minutes or sometimes more every week. I'm Jonathan Hall.
Shay Nehmad:And I'm Shay Nehmad.
Jonathan Hall:Hey, Shay. How are you settling in?
Shay Nehmad:I've upgraded half of my projects to Golang CI Lint v two. That's what you're asking about. Right? Not like me moving countries.
Jonathan Hall:Was the the only important thing I had in mind.
Shay Nehmad:There are two migrations in my life. Golang CI Lint configuration files and moving to The US. No, man. The US is crazy. I I wanted to apply for an apartment, so I have to pay a fee.
Shay Nehmad:What the hell?
Jonathan Hall:An application fee. Yeah. Yeah. Because they probably run a credit check that will always that will definitely return nothing since you don't have a credit history here.
Shay Nehmad:Yes. Don't. Well, I actually have one month of credit already. Okay. But it's just been like dealing with all these.
Shay Nehmad:Like, I'm the first person who ever came to The US. Like, everybody was born here and they just don't know how to deal with someone who migrates from the outside. Even though I'm in San Jose where like 80% of the people, you know, look not American, let's say it like this. Right. Right.
Shay Nehmad:So yeah, I had to run a lot of checks and I had to get by a lot of weird internet forms, which is why I'm very happy to discuss this first vulnerability because it might have helped me get through Social Security or the Mazda credit check Internet form or whatever. Go 124.2 and go 123.8 are released. It's a minor point release with one security fix in the net slash http package. Not telling you anything. What do you think it's gonna be?
Jonathan Hall:I I I don't know, but it's gotta be something with malformed requests that can do nasty things. I don't know.
Shay Nehmad:That is true.
Jonathan Hall:Because that's always what it is.
Shay Nehmad:As as long term listeners of the show know, Jonathan uses Linux. One of the things you have to get used to like, are many differences between Windows and Linux. Can you point out like a few of them, just the top of your head?
Jonathan Hall:Well, let's see. One of them works and one of them doesn't. I can't remember which one's which, but.
Shay Nehmad:Oh my God. Well, let's just look at Bill Gates' net worth and Linus and compare.
Jonathan Hall:Yeah. Works is the fuzzy term, right? Works for what purpose?
Shay Nehmad:No, but seriously, technical differences.
Jonathan Hall:Technical differences. There's quite a few, although they seem to be getting narrower these days. I don't know. I don't know what you're looking at looking for. One's open source, one isn't.
Jonathan Hall:That's maybe a big difference.
Shay Nehmad:Right. One open source wasn't. If you let's say if you work with a Windows developer on the same project development, what's
Jonathan Hall:one thing that always trips you up? They're always complaining about how my configuration doesn't work for them. And I'm like, go figure it out or use a real operating system. It's up to you, dude.
Shay Nehmad:That's nice. So, yeah, line ending because that was what I was aiming towards. Maybe you don't even remember you've been on Linux for so long, but CRLF versus LF. This is like so archaic. Whenever I remember this is a thing, I just like I can't stop laughing.
Shay Nehmad:But CR is carriage return, which is if you have a typewriter, it's the and the LF is the line, like line feed, the new line, which is like the ding on the typewriter. Right? Right. Anyway, Windows is CRLF for a new line. Like the cursor goes one of the line down sorry, it goes to the beginning of the line and then goes one line down.
Shay Nehmad:That's how Windows represents a new line.
Jonathan Hall:Which I'll I'll say after all the way, but this recent bad math thing of Windows, conceptually, that makes more sense to me than just the CR ending.
Shay Nehmad:Then just the LF ending, mean?
Jonathan Hall:Or LF, yeah. Because they are two different things, right? Go to the beginning and go down. In my mind, Windows makes more sense, even though it's annoying since it's the outlier. If everybody did that, I wouldn't mind.
Shay Nehmad:The problem is it's not universal. Like if this was how humanity decided to represent a new line in a text file, nobody would have a problem. But in Unix and Linux and all that, a new line is just line feed without the carriage return. It's just one character, which caused unending suffering, on the world, and probably lowered the total GDP by who knows how how much. Now you have that theming in mind and you know the vulnerabilities in the HTTP package, right?
Shay Nehmad:Yeah. Try to come up with where new lines.
Jonathan Hall:So it's got to be something that misinterprets one of those treats new lines or line feeds as a continuation of a line, I'm guessing.
Shay Nehmad:So actually it's the other way around. In HTP, you shouldn't use just a bare LF as a new line. Right? Sometimes Go rejects it, but, sometimes it accepts
Jonathan Hall:So so Go so the HTTP spec agrees with Windows is what you're saying?
Shay Nehmad:I think so. Okay. The line terminator.
Jonathan Hall:That seems to make sense to me. I think I remember that.
Shay Nehmad:There's there's a reta for an RFC, so it actually messed up the HTTP RFC as well where people were, like, asking that the line terminator should be just LF and ignore any proceeding CR. But actually, HTP, wants to only use CRLF, and the difference is intentional, blah blah blah. So in one specific case where you get chunks of data like chunk data lines, Go rejects bare LFs, but accepts them in the chunk size. And then there's a super this is just a bug. It's not a security issue yet.
Shay Nehmad:But if your proxy accepts LF and your server accepts if your proxy is the Go server and therefore accepts this LF as a new request, and then your, server is a different implementation that, doesn't, you could smuggle requests. You could send a single HTTP request and then smuggle it as two, like smuggle like one in the trunk in between these LFL lines because a new line in HTTP, that what it means, which is a super cool vulnerability in my opinion, because it's very understandable. And the fix is also very simple, just reject BareLFs and chunk data lines. So I like it. You should obviously upgrade, like other than learning about this.
Jonathan Hall:But it only affects you if you're running a Go proxy HTTP server. Is that correct?
Shay Nehmad:You should upgrade anyways, right? Of It's a minor patch release.
Jonathan Hall:It's always fun
Shay Nehmad:to upgrade.
Jonathan Hall:It makes you look like you're on top of things, even if it doesn't affect you. At least that's why I upgrade all the time.
Shay Nehmad:I've been super happy with Dependabot lately. I've started using Dependabot for automatic upgrades in our repos, and it's been doing a pretty good job, like knowing when to open a PR, knowing when it's safe, etcetera.
Jonathan Hall:Dependabot broke our go. Mod file recently. Oh. Yeah. Mean, it didn't break it.
Jonathan Hall:It removed the line feed that go mod verify wanted to put back. So it broke our CI because our CI runs go mod verify to make sure that somebody didn't forget to run go mod
Shay Nehmad:New lines, new lines everywhere. Yeah. Yeah. New lines, new lines. I don't care.
Shay Nehmad:So, in one funny, comment, about this issue that I just have to put in, even though it's not super important, is that while explaining it, the author mistaken LF to CF as well. So even while describing the vulnerability, they they messed up CR and LF. That's how
Jonathan Hall:confusing it You just said this is easy to understand. At one level, that's true. I'm like, I have no idea exactly what the problem is. Like, is is it CL or R? Which one which one's missing or which one shouldn't be?
Shay Nehmad:So there isn't CL. Yeah. Right? There's CR and L. CL.
Jonathan Hall:CL is not a thing. I can tell
Shay Nehmad:you that for a fact.
Jonathan Hall:Caret C. Line reserve.
Shay Nehmad:Cool. So you have a new vulnerability discovered and fixed, go fix it. And if you're dealing anywhere with, new lines as a separator, you should probably think again. New line is not a good separator. What do you have?
Jonathan Hall:Yeah. Let's talk about something that, I don't think it's quite as, intricate in terms of like which of two things do you have to admit or not. But we have a proposal that's been accepted. I think it's a good one. Structured output for test attributes.
Jonathan Hall:So I don't know. Often do you run your Go test suite?
Shay Nehmad:I run my test suite like 20 times at the end of every feature because I'm at the end and then I run the test once, it helps me find all the problems. Then I repeatedly run the test until I fix all of them, especially if I did TDD. So like, I don't know, between five and twenty five times for every chunk of work. So maybe 100 a day. I don't know.
Jonathan Hall:And how do you feel about the output you get? And I know you use I can't remember the name of the tool, you use a tool that reformats your outputs. This might not
Shay Nehmad:be I used to use GoTestSum.
Jonathan Hall:That one.
Shay Nehmad:I like it. It does like little dots, but honestly, I just use I normally use a Versus Code, like the internal test explorer because that's pretty good. You can play and you can debug and like it it works for me. But at the first run first go around, I I use, you know, the Go Testsum. One thing that, I've always wanted to do better is to have better results in CI.
Shay Nehmad:Because I imagine like the CI could be super beautiful, show me what lines the problem, etcetera, etcetera. But I always end up just reading a huge blech of like log output.
Jonathan Hall:So anyway, this will help you with that. The basic thing is that it's outputting additional attribute data with, or optionally will output additional attribute data if you do go test JSON, which can then be interpreted by tools in CI, for example, to colorify and reformat your output to be friendlier. So this is a nice little screenshot on the issue. It shows the standard output that you just get from Go test and it's fine, but it's
Shay Nehmad:pretty ugly.
Jonathan Hall:Pretty ugly. At least by default it hides passing tests. So at least, you know, the output is failures.
Shay Nehmad:To me that's even worse because I don't know if I remembered to uncomment like a test that I may have commented out. Like I like seeing all the tests running.
Jonathan Hall:Yeah, that's fair. So anyway, the new output, it shows the passing tests in green and the failing ones in red and they're all collapsible. Of course, in like, I think this is GitHub actions you're showing a screenshot of. So it's not that your terminal is suddenly going to show collapsible text, but it's example of what can be done with this new metadata that will be output. So I think that's kind of cool.
Jonathan Hall:Think it'll make
Shay Nehmad:it little easier. Like, you could add some metadata to test. You know, if you analyze the failing test, you could look at the metadata and see, oh, it failed on that user ID or that request ID or, like, source code information and things like that. Right? I'm wondering who's like this is super cool, but I'm wondering who's like the consumer.
Shay Nehmad:And also, why are there so many comments on this issue?
Jonathan Hall:So, yeah, there there is a lot of discussion on the issue. It's kind of interesting in the sort of academic sense. I'm not going to bother our listeners with it, but if you really care, go read it. It's about a hundred comments and links to other issues. One of those I'll call out though, since you've mentioned Shai that you use GoTest some or have in the past, this will integrate very nicely with GoTestSum.
Jonathan Hall:So this is not a replacement for GoTestSum, but it will enhance GoTestSum by providing additional data to it. So it can take advantage of that and even improve its outputs further.
Shay Nehmad:Oh, I I can just, highly recommend, GoTestsum and it's a big shout out to Dani and Neffin, which I think was like our second interviewee on the show ever or something. Yeah. Okay.
Daniel Nephin:Yeah. So GoTestSome is a tool for running tests, and it doesn't try to replace all of what GoTest already does. GoTest already does a lot of great stuff. What it tries to be is a layer on top with a few extra features that some people might might want. So it uses in Go one ten.
Daniel Nephin:They added a dash JSON flag to the Go test, command.
Jonathan Hall:All right. Let's talk about a couple of meetups that are coming up. The first one, April seventeen in Birmingham. I'm gonna I'm likely gonna be in Birmingham, but not then. I'm I'll be there in June.
Jonathan Hall:If you have another meetup in June, let me know. I'd love to come hang out with you guys. But anyway, April 17 in Birmingham. Birmingham, UK, not Birmingham,
Shay Nehmad:Alabama, right?
Jonathan Hall:Birmingham, UK. They'll be talking about quantifying your reliance on open source software. That's Jimmy Tanner, friend of the show, will be speaking about that. Paul Dragunis will be talking about CI and CD, building composable pipelines with Dagger. And I'm sure everybody will be talking about all sorts of other fun things, whether having drinks or snacks or whatever other sort of refreshments they have there.
Jonathan Hall:So check that out if you're in the area. Second, also in The UK, not in Alabama, the Manchester Gophers have a new website, ManchesterGophers.com. So if you're in Manchester, go check out the website. They have some information there about the organizers. You can see photos of the handsome guys who run that.
Jonathan Hall:They have a hall of fame.
Shay Nehmad:And they have a three d gopher spinning around.
Jonathan Hall:The three d gopher, yes. Looks like it came from like a Nintendo sixty four era.
Shay Nehmad:Love those polygons. You work those polygons, bro.
Jonathan Hall:Yeah. So if you have a meetup coming up, let us know. Send us an email. Find us on Slack. Let us know about it.
Jonathan Hall:We'll be happy to mention it on the show for you as well.
Shay Nehmad:Okay. So I would like to mention a meetup so you could mention it on the show.
Jonathan Hall:Yeah. Should I tell him about the meetup you'd like to mention on the show?
Shay Nehmad:So it's still like, I'm not a % sure how it goes because I opened the event and I tried to reach out to the Go SF people. Anybody knows them, Travis Reeder or Frances Campoy. If you know them, please reach out to them. There is a Go meetup in San Francisco where at least two people are gonna go. That sounds exciting.
Shay Nehmad:Me and Andy. Andy from Fine. Yeah. Wednesday, May 28, which is like a month and a half from now. Everything is to be announced and I would appreciate any help I could get because I'm not from here and I'm somehow got roped up into arranging this.
Jonathan Hall:Now is this gonna be is this intended to be a full fledged meetup, like speakers and everything, this is just like casual go drinks?
Shay Nehmad:This is intended to be a full fledged meetup in which we are gonna have fifteen minutes of like schmoozing, 45 of a live podcast recording where we're gonna do the Cup A Go episode like that day with you online, and with who whomever is gonna join, then a brief break and then a talk that's to be determined. The talk is open. Like, worst case, we're gonna have Josh do something, like teach us about something cool or show off his project. But if you actually have a talk, especially if you haven't hosted this show before like Andy or Josh, that would be super cool. But yeah, it's me, Andy and Josh probably.
Shay Nehmad:And I assume as the event rolls up, more people will want to join. So it's organized by me personally, but I would love for like some go group here in the Bay Area or San Francisco or whatever. If you know these people, please connect us. And also if you have an office in San Francisco, that would be cool. Otherwise, I'm going to have to like grab a WeWork room and that's going to cost me credits.
Shay Nehmad:And I don't want to spend the credits because I need them to review people, to like interview people. But yeah, yeah, it's Wednesday, May 28 in San Francisco, location to be determined, 5PM until 7PM Pacific time.
Jonathan Hall:Alright. So let's go back.
Shay Nehmad:No. No.
Jonathan Hall:I think we should go back. No. No. I really think we should go back.
Shay Nehmad:No. Because I have travel resistant file APIs. All right. This is something in Go 124 that we've been meaning to talk about and just didn't get the time. But it's another security feature that's baked into Go, which I love.
Shay Nehmad:My wife's been learning for the certified bug bounty hunter certification over at Hack the Box. So, you know, every evening conversation is like, oh, I did this attack. I did a file inclusion attack. I did a blah blah attack. One of them is, path traversal attacks.
Shay Nehmad:Just in case our listeners don't know or haven't heard of it before, what are path reversal attacks, Jonathan? There's a couple of
Jonathan Hall:different varieties, I guess. I'm not an expert on this, but they can involve symlinks, I suppose. But they basically involve shenanigans with interpreted portions of a file path, like dot dot, for example,
Shay Nehmad:or dot. So dot dot, like go back, which is
Jonathan Hall:why they Yeah, right.
Shay Nehmad:If you didn't get the joke, now you're probably laughing, right? After I explained.
Jonathan Hall:Yeah, because it's always funnier after it's explained.
Shay Nehmad:Yeah. So basically the whole gist of it is you shouldn't give untrusted sources access to file paths you didn't mean to, right? If you open a directory, 90% of the time you just want your program to operate under that directory and nowhere else. You don't want to allow, the software to access, other directories on your machine, especially if it's a web server. Right?
Shay Nehmad:You can try to sanitize paths and that is considered like the best practice, I guess. Right? Just look if you have a dot dot in the path and if so, reject it, whatever. I think back in Go one twenty, there is like file path that is local, which could help you understand if it's like doesn't escape or if it's not an absolute path or empty or is not a reserved name, by the way, talking on Windows, like if you use com one, it's like a reserved FAT for devices and things like that.
Jonathan Hall:Devices that nobody uses anymore.
Shay Nehmad:Well, I'm sure attackers do, right? Of course. If you look at recent shell codes, I'm sure they have like COM1 and all these LPT2. Beautiful things. However, that's not really enough.
Shay Nehmad:Like, there are many, many things you can do with like Simlinks, like you said, a ton of other stuff. In Go one twenty four, there's a new API in the OS package that allows you to safely open a file in a totally travel resistant fashion. So instead of worrying about all these edge cases, you just need to use open root OS open root, and it just basically solves everything for you. You get a file system that is in traversable, like you can't escape outside of it, but the path you give it is directory within your machine.
Jonathan Hall:Does it accomplish that? Does it just do all these things behind the scenes or does it have some OS level magic that makes that unnecessary?
Shay Nehmad:So it depends on the platform. So it definitely has to be OS specific. So for example, if your Go OS is Windows, file names may not reference null and com one and other reserved device names. And in JavaScript, it's still vulnerable to time of check, time of view stuff in Symlink validation. And it basically says even in, with OS dot root, I'm not promising anything.
Shay Nehmad:And with plan nine, which I don't even know what operation like operating system that is, it doesn't track directories. So it's, like, OS specific. It basically protects against these ones specifically. Like, every OS has its specific, like, weirdness, which is just a reality.
Jonathan Hall:Right.
Shay Nehmad:And in most platforms, it like opens a file descriptor referencing the directory. And if the directory is moved, it keeps that handle. So even if you try to move the directory, you can't escape from it like outside, which is pretty smart. And it simply doesn't prohibit it. It like doesn't allow you to follow symbolic links outside the root.
Shay Nehmad:So you can do symlinks inside that file system, but not outside.
Jonathan Hall:So you can still use symlinks and you can still use like dot dot slash within that that that root.
Shay Nehmad:Yeah. Which is super nice and useful for you as a developer and just sort of does it for you. I assume if you open the code, find like a rat's nest of, stuff. And actually, Go code is pretty easy to read, so I might just do that. But I haven't.
Shay Nehmad:I haven't read the code because I sorta I assume it's gonna be fine. It has a similar ish set of operations to file system, OS file system. I don't think it's a % compatible, but it's compatible enough. You have create, open, open file, remove, stat, like all the things you would need. And if you have an untrusted file name, you can use OS dot open in root.
Shay Nehmad:So you don't have to open root and then do open inside it. You can just like usually what you want to do is read a file that someone sent you over the web, the path to, right? Like a profile picture, if an example of a super simplistic web server. So you can just use OS dot open en route, and that means that the untrusted file name, like, won't be able to traverse, with tons of caveats. So if you're actually using WebAssembly or JS or plan nine or, like, whatever, you're gonna have to read through these caveats because not everything is a % on lockdown, but it should be fine.
Jonathan Hall:Cool. I like it. I'm gonna use it.
Shay Nehmad:Yeah. More security built into the the system, that's great.
Jonathan Hall:We have one more news item here before we jump to our break and then we have some lightning round items. So don't skip, don't turn off the podcast after the break or before the break. The last one here, this was a set of new changes to the Go language, the standard library, a bunch of different things. They were all announced just a few days ago. And these will be really beneficial to those who are attending those meetups we just talked about over in The UK.
Jonathan Hall:Go has and also a little bit unusual. They announced these changes on Reddit rather than on the official blog post. But the changes are some new localization for our British friends over there across the pond. The concern is that some commands like go build might feel unnatural. They aren't the way people speak.
Jonathan Hall:So they've added go and build, a new and subcommand. They've added some spelling variations. I know it's really painful for our British friends to type c o l o r, so now they could do c o l o u r if they're using any things like that that are built into the center library. Colloo. Colloo.
Shay Nehmad:Wait. But how do you if I wanna use color because I I actually wanna use color with a u because my English teacher in Israel was British. But let's say you you wanna use the, US version. How can we both use the same one?
Jonathan Hall:You'll have to use an alias, I suppose.
Shay Nehmad:So the new directive is slash slash go colon lang and then the language there.
Jonathan Hall:Yeah. So you can actually localize your documentation. That's the point here, right? So you do you go colon lang en for the sort of normalized English. That's probably not the fair way to say that since the British came first with English, but so then you could say something like Acme Corp is a company, blah, blah, blah.
Jonathan Hall:And then if you want to do the British version, could do Bill Cullen Lang, EMGB Acme Corp are a company, which sounds completely weird to my ears, but I understand that some people prefer that. So when was this announced? Yeah, it came out on April 1.
Shay Nehmad:No kidding.
Jonathan Hall:No kidding.
Shay Nehmad:Yeah. It was the one of the only April fools pranks that I really liked. Yeah. Good one. Good one.
Shay Nehmad:You almost got me. This person called Carnivoral. You almost got me. I read it and I was like, wait, what?
Jonathan Hall:If our show had come out on April 1, we probably would have done something a lot more elaborate ourselves, but it didn't, so consider yourselves lucky.
Shay Nehmad:Yeah. I love the quality of life improvement, import maths.
Jonathan Hall:Yes. That's that's the best one.
Shay Nehmad:The top comment is great as well. Right? I was typing out a long post that I really, really disagree with this. This is from Satan Sprinter. Then I realized it was April.
Shay Nehmad:Side note, if this gets real, I stop using Go.
Jonathan Hall:Alright. Stick around. We have a few more items, in our lightning round after a quick break.
Shay Nehmad:Welcome to Adbreak. First of all, we wanna say thanks to our Patreon supporters. This show is a fun hobby that Jonathan and I do to learn about Go and, like, stay on top of things. Otherwise, how would we know about, collure? Do you know that SNL sketch where she says collure, collure?
Shay Nehmad:I'll dig it up for you. It's really funny. Anyway, but it's expensive. It takes up our time and we pay for hosting fees, editing fees, apparently apartment submission application fees, although that doesn't come from the Cupogo fund. But fees, fees everywhere.
Shay Nehmad:And the best way to support the show and keep it alive is to go to Patreon and support us. You can chip in for $8 a month and we would really, really appreciate it. It's just a super direct support. We wanna say hi to our new paid member, Jess Brisson. I hope I'm saying that correctly.
Jonathan Hall:Thanks Jess.
Shay Nehmad:Thanks Jess. We really, really appreciate it. Our little community here is is growing. I really, really like it. I like seeing, like, how people support and, retain, their support as well.
Shay Nehmad:This is super, super appreciated with 38 people in the Patreon, not all of them paying, but still showing their support. It really helps like make a dent into these fees, which is nice. We're still not, in the black though, so if you feel like chipping in, we would really appreciate it. To find the link to the Patreon and also our swag store and also our Slack channel on the Go For Slack, you can go to kapago.dev. That is kapago.dev.
Shay Nehmad:You can also email us, at news@kapogo.dev if all these fancy schmancy new communication methods are not your thing. So thanks again Jess and all the rest of the members. As you probably noticed, we're on a new schedule. How do you like it, Jonathan? It's like recording towards the end of the week.
Jonathan Hall:Yeah, it's nice. My Thursdays had started to get full, so it was nice to move something to Friday. Although I still haven't remembered, I made plans today, not interesting plans, plans to get my car fixed. And then I remembered that we had this, so I rescheduled that till Monday. Not a big deal.
Jonathan Hall:It's just not second nature for me yet.
Shay Nehmad:So our recording used to be really fun when we were both in European time zones. Then there was a period where you moved to The US, I stayed in Israel. That was rough because I was like recording in the middle of the night and for you it was early morning and we were both like a very different energy. Now we're both back on the same time zone, but we moved the recording to Fridays because I have the microphone in San Jose, but on Thursdays I'm driving up to San Ramon to a different office. So our episodes are gonna be Friday, they're gonna come out like Friday or Saturday, depending on like our editor schedule.
Jonathan Hall:Yeah. He's still in Italy, so
Shay Nehmad:It's all wonky.
Jonathan Hall:We're not asking him to adjust his schedule to accommodate ours.
Shay Nehmad:Yeah. Our news aren't that urgent, but let us know. We could like move it around the week. So if you're liking this like episode in the weekend, that's great. If not, let us know.
Shay Nehmad:It's a new schedule and we sort of wanna hear your opinions about it. Finally, we mentioned it at the show, but there's a chance to meet us. You can meet me in the San Francisco meetup we're arranging. I'll put the link in the show notes. Actually, that would be smart.
Shay Nehmad:Right? So I'll I'll put it right here. So if you wanna meet us, there are two places where you can do that, like in real life. You can meet me in San Francisco in the Go meetup that, I'm arranging, organizing apparently. Towards the back end of the year, back end, you could meet, Jonathan at KubeCon because it's the back end of the you know?
Shay Nehmad:Like somewhere in October, November, there's gonna be KubeCon, and Jonathan's gonna be there as well. That does it for the ad break. One last thing we could ask you is to leave a review advertise and the show's been growing only on word-of-mouth. I haven't opened the analytics in a while, but my CEO actually asked me, hey, what is the listenership for your show? So I actually pulled up the analytics and we're like at 654 subscribers.
Shay Nehmad:We had a big jump recently, with almost a thousand people downloading every episode, which is insane. We appreciate it very much. Like a thousand people listening to my voice right now. Oh my god. Thank you so much.
Jonathan Hall:Is it like, are you nervous in front of people,
Shay Nehmad:in front
Jonathan Hall:of crowds?
Shay Nehmad:No, I'm fine. Like, I I have you to blame. Anything that's wrong, it could be like, well, Jonathan's the actual podcaster. This is just like my first podcast. I have a fall guy.
Shay Nehmad:You know what I mean? Got it. Right. So that's good. So if you want to see these numbers growing like us, please leave a review on Spotify or Apple Podcasts or like wherever you listen to the podcast, and share the show with a friend or a coworker.
Shay Nehmad:Damn, Overcast just overtook Spotify, so I should change that tagline on our staff. But, yeah, just share the show. We would really, really appreciate it. Well, to the lightning round.
Jonathan Hall:Lightning round. Round. Yeah. So I guess I'll be at KubeCon. I don't know.
Jonathan Hall:I haven't bought my ticket yet. Whether I'm there or not, or just hanging out for the after party or side party, whatever. I have an item that's relevant to people who might wanna go to
Shay Nehmad:the Sidecar. Sidecar party. Yeah.
Jonathan Hall:There we go. So friend of the show, listener of the show, David MDM shouted out a project that he's been working on called Yoke. The documentation for Yoke says that it is infrastructure as code for Kubernetes. It's a deployer, IAC package deployer for Kubernetes. So if you're one of the kinds of people who wants to go to KubeCon, this might be for you.
Jonathan Hall:I haven't been using Kubernetes for a while. Are you using Kubernetes, Shai?
Shay Nehmad:Happily, no. I've used it in the last two companies. One unjustifyingly, like totally over engineered from the start and in a real company that actually needed it. And the one that's over engineered, we didn't need Kubernetes anyway. We just sort of got roped into it.
Shay Nehmad:But in the other one in Orca, like this looks like a pretty good project. It makes a lot of sense. It's like Helm for, like, packages in Kubernetes described as code, things like control flow, test frameworks, typing, blah blah blah, all these things. I would try it. But just remember, it's still not, version one.
Shay Nehmad:So it's like it could have breaking changes very early. If this seems like the sort of things you you wanna jump on, it's a good chance to jump on on it if you're working on something similar or if you had like this particular problem. But I wouldn't go with it like for your, you know, production pipeline at the moment.
Jonathan Hall:And to be clear, works with Helm, this isn't like a replacement or
Shay Nehmad:or Yeah, yeah, of course. It's Helm inspired, I mean.
Jonathan Hall:Yeah, yeah. Cool. Yeah, I'm not using Kubernetes either. Whenever I am again, I'll I'll have to give this a look as well.
Shay Nehmad:Hoping for you that you won't have to. It's a bit too complicated for-
Jonathan Hall:I enjoy Kubernetes, but it has it has to fit the problem and it doesn't always.
Shay Nehmad:I know, I'm not Google at the moment. One thing I wanted to shout out is Princess Beef Heavy Industries has come out with a banger in February and somehow I missed it. There's static mocking in WiredTap. If all the words I said right now didn't make sense, go back and listen to our interview with Dave, Shanley about, Princess Beef Heavy Industries, but there's a tool called WiredTap. It's an API tool that allows you to validate API requests, and responses that make sure that's compliant with the schema and like a development server so you can test APIs and some diagnostic to debug API requests and responses.
Shay Nehmad:And it's beeping awesome. It's really, really, really good. I love this tool and it now has static mocking. So basically it does what Wiremock does. So if you use Wiremock to like, you know, put in responses, like test responses for your local development servers, now you can just do it with Wiretap.
Shay Nehmad:You get all the benefits of Wiretap and get rid of Wiremock, just super great. There actually have been four minor releases since then with a lot of fixes and and things like that. So this is pretty stable at this point. I I just we just, like, missed it on the on the backlog. But really, really cool release.
Shay Nehmad:They keep them coming. You good, PlayStation? I had every generation until five.
Jonathan Hall:So you've had one through four?
Shay Nehmad:Yes. And one is the best. But two was pretty good as well.
Jonathan Hall:Two was my first one and I've had a three and I had a four. I don't have any of them anymore. I got a Steam Deck and gave away my PlayStation four before I left Europe. Nice. But you can now run Go on the PlayStation two.
Shay Nehmad:Timely.
Jonathan Hall:Yes. This is actually quite an interesting blog post that's simply called Go Lang on the PlayStation two by Ricardo. Don't know the last name. But he goes through the challenge of getting Go to run on PS2, which is, it's not just like, oh, this is a weird piece of hardware. It's like, Go doesn't quite support the CPU architecture.
Jonathan Hall:And there's just a lot of weird nuance to getting this to work. Stuff I obviously shouldn't say obviously, but stuff I personally would never bother to do because I don't need Go to run on my PlayStation two that I don't have anymore. But it's really interesting read. If you like sort of legacy code hacking stuff, you'll enjoy this a lot. So we'll have a link
Shay Nehmad:to the Legacy? It's only twenty five years old. That is super cool. I love this, like, low level nonsense stuff and dealing with, like, old hardware. Generally, the PS two aesthetic is pretty good, right?
Jonathan Hall:This is
Shay Nehmad:not useful for anything though, right? It's just for fun.
Jonathan Hall:I think so. I mean, in principle, I suppose you could run a web server or a web proxy with Go 1.242 at least safely on your PlayStation two. But, I think it's it's for obvious. I love the Go build directive, by the way.
Shay Nehmad:Slash slash go colon build p
Jonathan Hall:s two. You just need to have Go and build added for this one as well.
Shay Nehmad:One final item for the lightning round. Go Zero reaches 30,000 GitHub stars. I never heard of it. Have you heard of Go Zero? No.
Shay Nehmad:So it just shows to show you that there are cultural and, like, country differences even in the software world. It's a super, ubiquitous microservices framework with a CLI tool that actually looks pretty good and is very productive, includes API gateway with a ton of features and services with a ton of features like authorization, inter services, cache control, stats, monitoring, time out control, circuit breakers, tracing, blah blah blah. It's just Chinese. That's why I haven't heard of it. But it it's used by a ton of logos here that are all Chinese companies.
Shay Nehmad:I have no idea if these are like huge companies that employ thousands of developers or like, have no idea. It seems like Lenovo China is there and Indochat, which I've heard the name of and 30three.cn, which I heard the name of. But like, I don't I don't know a lot about the Chinese market, but it has 30,000 stars, which is pretty cool. You know, has support for caches and dbs and blah blah blah. Seems very productive.
Shay Nehmad:Like, if I had to implement a v two of a microservice architecture at like a big ish company, I would definitely give this a look. It seems pretty cool. And it reached a it reached a pretty high milestone of like stars and forks. It seems very popular as well. Go dash zero.
Shay Nehmad:If that sounds relevant to you, go check it out.
Jonathan Hall:Awesome. I think that's the show. That wraps it up. Program exited.
Shay Nehmad:Program exited. We will see how we do the episode next week since it's a Passover, but we will definitely fit it somewhere on the schedule. Program exited everybody. Program exited. Goodbye.