Cup o' Go | 🌊 Avoid HTTP/2 floods, 🤐 don't log your secrets, and 🗣️ upcoming conferences

Go 1.22.2 & 1.21.9 released
- Blog: HTTP/2 CONTINUATION Flood by Bartek Nowotarski
- Blog: HTTP/2 CONTINUATION Flood: Technical Details by Bartek Nowotarski
🗣️ Conferences & CFPs
- Official Go "Wiki" conferences list
- 🏴󠁵󠁳󠁵󠁴󠁿 Go West, October TBD @ Lehi, Utah
  - CFP
- 🌐 Conf42 Golang, April 24 @ Online
- 🇧🇷 GopherCon Brazil, May 9-10 @ Florianópolis, SC
Around the community
- 🤐 Blog: Prevent sensitive data from leaking by Willem Schots
- Reddit discussion: If you could redesign Go from scratch, what would you change?
Ad break:
- Software you can love conference: https://sycl.it/

Creators & Guests

Host

Jonathan Hall

Freelance Gopher, Continuous Delivery consultant, and host of the Boldly Go YouTube channel.

Host

Shay Nehmad

Engineering Enablement Architect @ Orca

Editor

Filippo Valvassori Bolgè

Sound Designer / Audio Editor based in Milan

What is Cup o' Go?

Stay up to date with the Go community in about 15 minutes per week

Jonathan Hall: 00:00

The show is supported by you, the listener. Stick around till after the news to hear more. This is Cup of Go for April 5, 2024. Keep up to date with the important happenings in the Go community in about 15 minutes per week. I'm Jonathan Hall.

Shay Nehmad: 00:24

And I'm Shay Nehmad .

Jonathan Hall: 00:25

Hi, Shay.

Shay Nehmad: 00:26

Hello. I've sent you a link. Have you read it? No, you haven't because it's a members only story.

Jonathan Hall: 00:31

Yes. Medium. I hate Medium.

Shay Nehmad: 00:33

We found a really cool link we wanted to share with you, but someone posted it on Medium. And since we saw it, made a a member only story, which I'm fine with. If that's a good way for you to make money, go ahead and do that. But Medium has been bad for creators and bad for consumers and messes up SEO.

Jonathan Hall: 00:51

And it means we won't talk about your story on the show except vaguely in, like, anonymous terms Yeah. Like this.

Shay Nehmad: 00:57

When, I did, Medium before in a company, I also just published it on my own, like, static site free blog. And then if someone wants to support, they can sign up to Medium, unsubscribe from their emails, and keep

Jonathan Hall: 01:10

reading your blog. And just so just by the way, to so nobody thinks we're picking on Medium per se. If you post a really great news story about Go behind any paywall, we're not gonna talk about it on the show.

Shay Nehmad: 01:19

Unless there's, you know, a free

Jonathan Hall: 01:21

Unless there's a free version as well that we can share with the audio.

Shay Nehmad: 01:23

Yeah. Alright. So luckily, the Go forum, you know, the Go Google group is still not behind the paywall. That's right. So what have you seen there?

Jonathan Hall: 01:33

So we had a new, security release this week. Go 1.22.2 and 121.9 were both released with a security release that I I really don't know anything about. Have you looked into it, Shay?

Shay Nehmad: 01:44

Yeah. So I actually read the blog post by Bartek Nowotardsky. I hope that's how, that name is pronounced. 2 blog posts. 1, it just gives an overview.

Shay Nehmad: 01:55

So the overview is there is a vulnerability in HTTP 2 called continuation flood. And then on that, you know, blog, by the way, talking about it, a static blog, super simple theme published for free. Bartek just gives the technical details, which I find super interesting. What do you know about HTTP 2?

Jonathan Hall: 02:15

Not a whole lot. It allows for, like, by default, a single TCP handshake with but with multiple requests over that open connection. Some prefetching is is capabilities are in there. I I don't know a lot about it.

Shay Nehmad: 02:27

I think a lot of people are in your position where they know it's, like, better ish than h t p one. But, you know, if I ask you what do you know about h t p one, you could probably whip up an implementation in, like, a few days that's passable.

Jonathan Hall: 02:43

I could probably whip up something that looked kind of like h t three one from memory.

Shay Nehmad: 02:47

Yeah. That it's just been around so long. It's so ubiquitous. We've been dealing with it so much. Oh, yeah.

Shay Nehmad: 02:52

Of course. So the first line is a text line, and then whatever. And then boom, h u p 2 is binary. It's not even text lines. It replay it sends frames from one side to another.

Shay Nehmad: 03:01

This vulnerability is a result of Bartek's work into looking into 2 specific types of frames. Some frames won't surprise you, data, right, or ping or headers. So these are pretty self explanatory. There are some that are named really funnily to me, like push promise and go away, which are as you could just imagine, you know, servers bickering.

Jonathan Hall: 03:24

Sounds like my 3 year old talking to me now.

Shay Nehmad: 03:26

Yeah. But the interesting one for this vulnerability is a combo of headers and continuation. So just to get Partik's a look on things, he's like, if you wanna learn more, you can just read the RFC. Which I respect. I respect.

Shay Nehmad: 03:40

Reading an RFC once a month or so is what's keeping my mind sharp. And it also improves my technical writing. So I highly recommend it.

Jonathan Hall: 03:47

I see you're choosing RFCs better than I am.

Shay Nehmad: 03:50

Yeah. But but I definitely haven't read the HTTP to RFC. I'm not that hardcore anymore. Maybe when I was 18, I would have, sat down and and read it. But not now.

Shay Nehmad: 03:59

Because now I have a beautiful podcast that just streaming the information directly into my ears, which is what's gonna happen right now. So what do you think happens in the headers frame?

Jonathan Hall: 04:08

I would imagine that, you send some headers, some key value pairs of sort of some sort.

Shay Nehmad: 04:14

Exactly. So you send the headers, they're stole they're packed using HPAK, and you just send them and you can send them with some flags. Every frame has a flag, like a bunch of flags you can send it. One of them is end headers, which means, alright, I'm done sending all the headers. I think you're by this is a audio medium.

Shay Nehmad: 04:32

So this doesn't carry very well. But John has this, like, suspicious thin eyes

Jonathan Hall: 04:38

where

Shay Nehmad: 04:38

he's like, oh, wait. I think I know where this is going. The other type of frame is a continuation frame. It's very similar to the headers frame, but they just have one flag which is end headers. So, you know, you know when I finish setting you all the headers.

Shay Nehmad: 04:51

And the case is, let's say I have a ton of headers to send. Right? They don't all fit in within one frame. Let's say they are under the MTU or whatever. If headers exceeded a single frame, I can split them up to a frame stream and the vulnerability is super interesting to me.

Shay Nehmad: 05:07

It's just a sort of a edge case that I wouldn't think about ever, but the moment you say it, it's super obvious. It's continuation flood. What happens if I start sending headers, send continuation frames, but never set the end headers flag? So this was a vulnerability. It caused, at least in Go, it can cause CPU exhaustion, out of memory crashes, and, you know, just crashes even of just a few frames into the flood.

Shay Nehmad: 05:34

And unlike, you know, huge ping DDoSes, like distributed denials of service attacks, you can do this from a single machine. Like, you don't need a lot of machines pumping out tons of packets into a server to crash it.

Jonathan Hall: 05:46

Because the server loads all the headers into memory before deciding whether or not to accept or reject the connection and and process it otherwise. Right? So you could just generate random headers and send it without consuming memory on your side to the server. Right? So you're still using network bandwidth, but you're not using local memory.

Jonathan Hall: 06:02

You're only using server memory. Is that is that the idea?

Shay Nehmad: 06:04

Yes. And also, there's nothing, this is the most boring case. Actually, in Go, and we won't go into the code here because it's a little complicated to understand why it happens, which is, by the way, always where vulnerabilities hide in these, like, oh, wait, what? It actually behaves like this? In Go, it causes CPU exhaustion and not a like a memory problem.

Shay Nehmad: 06:28

There's a callback that checks something and, you know, only breaks if the headers have ended. And then you, like, read frames and you're stuck in a loop, and you can just cause a server to crash remotely, by sending endless continuation frames. And again, this is not this doesn't require, like, you know, a botnet of, 50,000 machines, like, bombarding your this is not something Cloudflare will block. You know what I mean? I mean, I'm sure they will, but, this is a a vulnerability and this was fixed.

Shay Nehmad: 06:59

So I love I love I love the blog post. It's super well written. It's short. Thanks a lot for Batac for finding this vulnerability. Just a huge shout out.

Shay Nehmad: 07:08

By the way, I was surprised how ubiquitous do you think HTTP 2 is?

Jonathan Hall: 07:13

Well, I would have I I was gonna say something about that. If you're not explicitly disabling HTTP 2, you probably have it enabled without realizing it if you're running in an HTTP service. Now whether it's being used or not, is another question. Although, I think it's used far more than we realize because

Shay Nehmad: 07:28

For human traffic, it's 62%. Yeah. If you exclude bots, which I don't know if you should for this matter, but that's what the, data Cloudflare gives. 62.2% of, HTTP traffic, it's a is HTTP 2. And, you know, that's this basically means that Bartek founded a found and fixed a large part of the Internet, which is not something a lot of people do.

Shay Nehmad: 07:52

So shout out, man. I really really, love this blog post. We basically covered all of it other than actually reading the code, but I highly recommend you go read it for yourselves. And the releases just set a limit. They set a limit on the amount of access header frames that they will process before closing a connection.

Shay Nehmad: 08:10

The vulnerability is pretty simple. The fix is pretty simple. It was just devilishly hidden. And I think these are the hardest cases to because they require very abstract thought and just looking at a thing and being like, wait, that's how it works. What about this case?

Shay Nehmad: 08:26

I just really liked it. Usually, when we talk about security releases, it's like, okay, another parser error in XML, like always, whatever. But I found this one super interesting. So I want to share it in detail. But as always, when we talk about security releases, the important point other than learning about the vulnerability and perhaps preventing it in your own code is, of course, you should update.

Jonathan Hall: 08:46

You should update.

Shay Nehmad: 08:47

And if you're listening to this podcast, you probably have an HTTP server running in production written in Probably so. So, perhaps doubly fast. So, yeah, HGP had a vulnerability. In other news, dog bites man.

Jonathan Hall: 09:02

Well, we are halfway through our our program, and we've covered essentially one story, but a good one. Let's talk a little bit. Let's change gears a bit and talk about some conferences.

Shay Nehmad: 09:10

So there's a call for papers for Go West. Right? Yay. Isn't that a song? I think about it for a sec.

Jonathan Hall: 09:36

So Go West conference is happening in October TBD. The date isn't determined yet. I suppose I'm looking for a venue. But even so, it's happening in October in Lehi, Utah. So if you're in that part of the world or want to be, here's your chance to submit this, a paper.

Jonathan Hall: 09:50

It's not a paper. It's a presentation. Call for presentations. That's what the p stands for. Right?

Shay Nehmad: 09:54

I think it's still call for papers because you the submission is a paper. Okay. But in reality, obviously, it's a call for PDF because the submission is a PDF.

Jonathan Hall: 10:02

Exactly. Call for HTTP form data. Anyway, you can submit a proposal to speak at, Go West Conference in October. Link is in the show notes, or you could probably Google it. We also have a bunch of other conferences coming up.

Jonathan Hall: 10:17

We're not gonna mention them all because there's too many to mention in one episode, but the ones coming up very soon. We have 42 coming up. This is an online conference, April 25th. So that was that's one for all of our listeners you could attend, virtually.

Shay Nehmad: 10:31

Yeah. Just 20 days from now. I would, recommend just putting, you know, in your works calendar. Alright. Let's, you know, put it on, even in the background.

Shay Nehmad: 10:40

The one, talk I'm interested about from, Con 42 is effectively onboarding and integrating new devs. This is not something people usually talk about but, so I'm just, curious how did they, like, there's a whole, track for culture, which is interesting, I think. So that's in 20 days. Right? 20 days from now.

Shay Nehmad: 10:59

April 25th.

Jonathan Hall: 11:00

One other one that I wanna mention today, well, I think we'll save the rest for another week. GopherCon Brazil is coming up May 9 10. It looks like this is a at least a dual language conference because they have a website in both Portuguese and one in English. But if you're gonna be in Florianopolis, I hope that's how you say it, in Brazil, Check that out. GopherCon Brazil, May 9 10.

Shay Nehmad: 11:24

Yeah. And if you like to plan out your year, slightly more than advanced, we'll keep mentioning these conferences as they come up. But there are a lot more. Right? Taiwan, Japan, Berlin, Russia, London, Italy, all throughout the year.

Shay Nehmad: 11:38

So we'll put the link to the Go wiki, which is where we have this information, and you should have it as well.

Jonathan Hall: 11:43

No proposals to talk about this week. We'll have some for next week. We are gonna mention a couple bits from the community. 1 is a blog post of continuing the theme of security. Chai, how would you prevent a password from being logged to your server logs?

Shay Nehmad: 11:59

So, you know, I just type out all my logs.

Jonathan Hall: 12:02

Mhmm.

Shay Nehmad: 12:02

You know, I I just type up them out manually into Datadog or Kibana as they come in from request. So I I just wouldn't write it.

Jonathan Hall: 12:11

Yeah. So you see that oh, there's a password. I'm gonna skip over this part.

Shay Nehmad: 12:14

Don't you hear the typewriter in the background?

Jonathan Hall: 12:19

Computer says no. Totally.

Shay Nehmad: 12:22

It happened to me in the past. So egg on my face. I Oh, yeah. Implemented the logging thing in my previous place, and it logged every single field and I felt very smart about it. And then someone found their password in the logs and we had to do a whole thing.

Shay Nehmad: 12:37

Even though I I was aware of this problem, I just didn't think about it at that context.

Jonathan Hall: 12:42

Mhmm.

Shay Nehmad: 12:42

How would you prevent it? Or how have you prevented it in the past? I guess, is a better question.

Jonathan Hall: 12:47

Yeah. There's a few different ways I've done it. I mean, the first thing most people do is they have their logging provider Datadog or Sentry or whatever just, like, filter out sensitive looking key names, which is, I suppose, better than nothing, but I don't trust that to to do a good job. So I try to be a little more proactive. And, some approaches I've taken are to encrypt everything that's not in a an acceptable list.

Shay Nehmad: 13:07

Oh, that's cool.

Jonathan Hall: 13:08

Like, I don't usually wanna log a password even encrypted, but there are data I do want it to log, but I don't want it to be clear text, you know, maybe, the response to an HTTP request or something like that that might contain a credit card number or or whatever. Yeah. But I I can't know that I'll prior it. So I'll encrypt that sometimes. But there's some other approaches.

Jonathan Hall: 13:23

What what does this blog post tell us to do?

Shay Nehmad: 13:25

So, first of all, I wanna shout out the blog itself. It's william.dev. We already mentioned William's blogs once in the past. It's like beautifully designed and has a really nice, like, panache to it, I think. I think we talked about it when we talked about, URL parameters or something.

Shay Nehmad: 13:42

I don't remember. But like, last week when we talked about Go examples being, executable in the browser, it has the Go thing in the blog post. So it's not just code, you can edit it, you can play around with it, and you can run it inside the blog post, which is very nice because you can see the example happening in real time where you print things you didn't mean to print like a sensitive stream. And then once, you know, we apply William's suggested fix and then you run it, you see it being like, oh, redacted, which is very good. So the suggestion itself is also very very simple.

Shay Nehmad: 14:16

Something I would I would happily introduce into every, you know, internal company style guide. And it basically boils down to whenever you have a a data struct that you might log, implement the format function, which sort of implicitly means you reimplement the formatter interface and do the same for the logvaluer interface, which means you just have to implement the log value function. This is for, structured logging. And if you if implement both of them and martial text, which means you'll be implementing at the Text Marshaler interface, you're covered from all angles. Because basically, there wouldn't unless someone is, you know, going on purpose and doing reflection of every single field and printing it, you know, sort of by hand, you covered all the normal standard library, I guess, serializers.

Shay Nehmad: 15:05

You mentioned, you you got format, you got log value, you got martial text, and most packages that deal with textual data should, in theory, look for these types and use these types to to turn your, types into text. And then when they try to log stuff in your implementation, you just hide the, you know, the secret things. Also, William recommends something that I think is very useful. When you mentioned encrypting, my first thought was, yeah, but how would I separate the encrypted data from, like, actual useful data in Datadog or whatever, CoreLogix? He instead says replace it with a secret marker because you don't wanna log these fields to start with.

Shay Nehmad: 15:42

Right? So if you put something like, you know, secret detected, the question mark, some weird parenthesis, something that's super searchable and will never be a reasonable valid value in your software. You can just set up an alert that will trigger every time you find any like this text anywhere in any of your logs, whatever. So you're covered from writing these values, but you'll also proactively detect places where you're inadvertently logging things you shouldn't have. So I really like this.

Shay Nehmad: 16:08

It's useful. You can introduce it into most stacks pretty comfortably and provide a lot of value. The only problem is you have to actually go through every struct in your in your application and implement it.

Jonathan Hall: 16:20

I'll call out one other problem and that would be if you need to use a JSON marshaler, for example, in other use cases. Like, maybe you have a struct that you actually send to the end user or logged or to a database that you need that that sensitive data persisted, then you have to have 22 versions of the struct. You have to be careful which one you send to the log and which one you use elsewhere. So that there could be some complications in in that level of things. But still, I agree.

Jonathan Hall: 16:45

Overall, it's a good approach.

Shay Nehmad: 16:46

So the only thing I'll say is if you need to send the password or whatever sensitive data exposed for these, like, three cases, for the first time you get it from the user and for the, like, the path it travels to your application all the way to the database or the third party, whatever. It's a good thing that this code will look will be the exception and will look exceptional. You know what I mean? Mhmm. I think it's okay to say in this case, I'll cast it to the sensitive data exposed data struct whatever whatever.

Shay Nehmad: 17:16

Right? It looks like it's harder to work with but it's simpler to prevent these errors. So it's not it's a very good blog post. You can just click through the code examples and, maybe, you know, if your company has various compliance frameworks, it needs to adhere to like PCI DSS or HIPAA or whatever, just dealing with sensitive data in the back end, I think this could be a super useful tool to add to your toolbox much like William's other blog post. Keep them coming, man.

Shay Nehmad: 17:43

We love them. And we had one. If we we we like just spread so much positivity, how about you you take it down a notch and take us to the Reddit swamp?

Jonathan Hall: 17:53

So yeah. I saw this post, I think I saw it yesterday on Reddit. It was also mentioned on our our Slack channel.

Shay Nehmad: 18:01

Yeah. Thanks, Peter.

Jonathan Hall: 18:02

But, I mean, this is worth mentioning because it's just it's just a a a play out of the last year's cup of go playbook. The question is, if you could redesign Go from scratch, what would you change? And it's just it's it's basically a repeat of our stumper questions from last year's interviews. Yeah.

Shay Nehmad: 18:16

We should probably do a supercut at some point of all the answers from all the guests and see how much should they line up with this blog post.

Jonathan Hall: 18:24

The questions we asked our our guests were if you could take something out of Go, if you could ask them to Go, what would it be? And there's some good answers in this. The top voted one at the moment is there's too many ways to create a variable and that they show 5. They aren't all identical functionally, but they're they're subtly different in some cases. But, yeah, there's still 5 ways to create a variable and knowing the difference between them and which ones are identical, which ones aren't is a little bit tricky.

Shay Nehmad: 18:48

And I just wanna shout out the 2nd top voted one, which is not having to use a magic date for time formatting in the standard library.

Jonathan Hall: 18:56

Somebody should create a proposal about that.

Shay Nehmad: 18:58

Yeah. So I actually wrote that, while I agree the Go team won't, relitigate. If you're wondering why we're laughing, you need to listen to the previous episodes, and also welcome new listener. But we've been talking about this time formatting thing every episode even though I haven't done a custom time formatting, function once since we've started talking about it. So I guess we should stop.

Shay Nehmad: 19:19

There were some other interesting things here. I think some of them are more, like, I've been using language x and I like this feature, so I wanna add it. Yeah. Which to me isn't isn't strong enough.

Jonathan Hall: 19:31

Like,

Shay Nehmad: 19:31

don't use, 0 values. Use option types instead. I'm like, a lot of the utilitarian nature of Go, which is I just wanna be useful and simple and to the point, is based on 0 values. Right? And if you just take 0 values of the language, you have to change so many things.

Shay Nehmad: 19:49

Many things, by the way, are I want to a linter for x, and then someone replied, linter already exists. Look at Nillaway or look at AirCheck. Yeah. And then people are like, yeah, but I want it built in. For that, it's worth, remembering x in std loop.

Shay Nehmad: 20:04

If it exists in a third party and it it works well, there's no reason to introduce it to the std loop, at least in go. Although some of them do make a lot of sense. Like air check being by default, like, part of GoVet, for example, at least for me would make a lot of sense. Anything specific that you think is good enough to warrant a proposal and, like, actually starting to work on it?

Jonathan Hall: 20:25

I don't know. So I I responded, and the things I had mentioned were things that will not be they would all be backward breaking changes so they wouldn't be implemented.

Shay Nehmad: 20:33

Are you sure? Because I think, there is a proposal to create pointer to a simple type.

Jonathan Hall: 20:37

Oh, so so yeah. So that one, in fact, Rob Pike has even weighed in in favor of that.

Shay Nehmad: 20:42

And also Seeb's?

Jonathan Hall: 20:43

Yeah. Many people have. I I don't know why it's not done. But so for for clarity, what I proposed adding was the ability to encode, create a pointer to a concrete type. So the example I gave is at quote, foo, end quote.

Jonathan Hall: 20:57

And that's not legal right now because quote, foo, quote is not addressable. My proposal is that it would just create a variable of type string that has that value and then evaluate to a pointer to that string.

Shay Nehmad: 21:09

The problem with this sort of, proposals is that it's obvious, I think, really, it's obvious that it should be part of the language. But since it wasn't and since since it still isn't, people can be like, it doesn't warrant a language change. Because it really it it's okay for you to write a one liner function that does just that. Right? It's not like a complex fill with edge cases function.

Shay Nehmad: 21:30

It's super simple to write one.

Jonathan Hall: 21:32

Now that we have generics, it is super simple. It is a like a a 3 line function.

Shay Nehmad: 21:36

And it's really uncomfortable. You would you wouldn't import it from some place else. Right? You wouldn't write a package called pointer creator and then from pointer creator import. You wouldn't do that because it's just a one liner, but you would write this.

Jonathan Hall: 21:50

I have done it within a package. I wouldn't import a third party package for that. But, like, within a project, I would create a package. Usually called PTR, and it has a single function called 2. Mhmm.

Jonathan Hall: 21:58

Sometimes I have a reverse that it it does the opposite, you know, a dereferences a pointer or returns a zero value.

Shay Nehmad: 22:03

I think as as you go along, you collect more and more of these helper functions that you like. They're awkward to put in the language, because they're too small to warrant the language change and updating the documentation and adding a new way to do things, which is the going back to this, Reddit thread, is the first, suggestion. Right? There are 5 ways to create a new variable. Theoretically, this is the 6th one.

Shay Nehmad: 22:25

It's a pointer too, so it's not a 100% the same. But Yeah. It still could be confusing for someone who's just learning Go and, I don't know, Copilot will just assume that, you want the pointer now, and they'll just tab away and continue working and not understand what they did.

Jonathan Hall: 22:39

Yeah. I I think the the strongest argument in favor of a either a a built in or a standard library change for that is just so there's fewer ways to spell pointer dot 2 because each project you work on is gonna have their own way to do that and, that's just unnecessary, but we'll see.

Shay Nehmad: 22:54

Yeah. So there's an open proposal, you can go take a look at it. But actually, out of the most, know, compared to most stuff I find on Reddit, this was an interesting, thread. And it really did remind me of the questions we asked at the end of the episode. One thing that's, by the way, very much missing compared to early, you know, early last year when we started this podcast and we asked people what to remove is generics.

Shay Nehmad: 23:16

Nobody's talking about it. It's like, okay, it's fine.

Jonathan Hall: 23:19

I did see an a very early comment was remove generics, but it got down voted pretty quickly.

Shay Nehmad: 23:24

Yeah. I think people are happy with it.

Jonathan Hall: 23:25

And even I like, I would've upvoted that a year ago, but no no. I've I've decided I like generics.

Shay Nehmad: 23:31

And there's one thing, it's the most downvoted, comment on this thread, but I actually agree with it. I should probably not say this out loud, but bring back semicolons. Yeah. All listeners just threw their phones away. Yeah.

Shay Nehmad: 23:47

Yeah. I I think it's something

Jonathan Hall: 23:48

in this program. We were we've gone off the rails. Yeah.

Shay Nehmad: 23:53

Get out of you. Get out of my office. No daughter of mine will write code with semicolons. Some of my some of my best friends write with semicolons. I just wouldn't want my daughter.

Shay Nehmad: 24:06

Alright. Thanks a lot for listening, everyone. Stick around for the ad break to hear some more, fun stuff that happened.

Jonathan Hall: 24:12

And some of the stuff I forgot last week when I did the ad break by myself. Yeah. That's I don't even know what it was yet. I'll find out. Alright.

Shay Nehmad: 24:25

Has this ever happened to you? You've been trying to use Go, but you don't know what to do. Cut to a, you know, like a fifties kitchen and, like, the sort of person trying to clean their laptop with, dish soap. Yeah. Yeah.

Shay Nehmad: 24:41

The laptop just falling all over and, like, what do I do? Well, here's the solution for you. Welcome to Cupago. You can reach us at cupago.dev, that is cupogo.dev, And you can talk to us at our Slack channel over at the Go for Slack. Our channel is named hashtag cup dashodashgo.

Shay Nehmad: 24:58

That's kebab case with hyphens. Cup dashodashgo. How was that?

Jonathan Hall: 25:02

How was that for That was that that was classy.

Shay Nehmad: 25:05

Yeah. Like, 4 AM, you wake up, you turn on the television on, like, the sales channel. I don't know what it's called in the in the US. Some people

Jonathan Hall: 25:13

trying to sell you The shop at home network, I think.

Shay Nehmad: 25:15

Yeah. Exactly. But wait, there's more. Yeah. But wait, there is more.

Shay Nehmad: 25:22

We wanted to shout out Software You Can Love, which is a conference that's gonna happen in Milan, Italy. We didn't mention it during the episode because it's not strictly a Go thing. It's mostly focused on Zig, which I don't know if you've, had ever played with. But, you know, we're super excited mostly because it's from one of our listeners, and we really wanted to shout them out. They're excited about it.

Shay Nehmad: 25:46

So thanks Claudio Beatrice, for your support. And, yeah, it it will all culminate in this Zig conference. They have some blog post, over both on dev community and Zig news, about, you know, Zig and Go and how these 2, combine. I haven't played around with Zig yet.

Jonathan Hall: 26:05

I've done a bit of reading about it, but that's it. Yeah.

Shay Nehmad: 26:08

So if, you know, if you're looking for that kick into Zig, and you're around, Milan in late May, so feel free to join the software you can love meetup. We'll put the link in the show notes. This is not sponsored by the way. It's just something one of our listeners is doing, and we just wanna support them doing it. They're not they're not, like, paying us or or anything.

Shay Nehmad: 26:29

But, Claudio, keep up the good work. The conference looks really good. It will also be live streamed on Twitch, which I don't know how I feel about because I don't know if I'll watch a conference live. If I'm not going, I I'll just watch it later. But it's a really cool thing to do.

Shay Nehmad: 26:44

And you if you go there, you get a programmable badge, which is nice. You can write Zig thing on your badge that you got.

Jonathan Hall: 26:51

Fancy.

Shay Nehmad: 26:52

Yeah. It looks, well planned. We want to say thanks to all our Patreons for supporting this show. This is a hobby. Jonathan and I are doing this for fun and for the community in some way, but it is an expensive hobby.

Shay Nehmad: 27:05

We pay for editing fees, hosting fees, I guess Internet and stuff like that. But we just it's it's not free, and we really appreciate your support. It's $8 a month And if you don't do it, it's also totally fine because we're not medium and we'll give you the confidence because we like doing this. Finally, we introduced transcripts to our episodes. If you're a long time listener or maybe a member of our Slack channel, you've seen this conversation pop up now and then where people try to transcribe the episodes.

Shay Nehmad: 27:33

Actually, our podcast, hosting software just made this super easy. So we were like, alright, let's jump on it and and try to transcribe the episodes. They do it using AI so there's some errors there. For example, they just can't figure out Shai Nihamad. It's just impossible for them.

Shay Nehmad: 27:50

Jonathan Hall for some reason just goes down smooth.

Jonathan Hall: 27:52

Oh. Yeah. Totally.

Shay Nehmad: 27:53

Not saying it's racist but also not saying it's not racist. It's just the training data. Anyways, if we don't know, if this is useful for you because we obviously know what the episode what we said in the episode, we we said it.

Jonathan Hall: 28:06

Maybe you know what you said in the episode.

Shay Nehmad: 28:07

But if, this is useful for you or you want us to keep doing it, just tell us in the channel.

Jonathan Hall: 28:12

Or you want a higher quality transcription.

Shay Nehmad: 28:15

Yeah. That's also.

Jonathan Hall: 28:16

Is is the AI is bad for you for some reason?

Shay Nehmad: 28:18

Yeah. We're we're fixing the obvious, like, we're rolling through it, but we're not, doing a deep, like, every it's not a manual work. Not yet, at least. If you say it's useful, then we might, think about it. So the episodes have transcripts now.

Shay Nehmad: 28:31

Check them out in your podcasting app or over on our, site cupago.dev where you can just click on every episode and see them. I think that's it. That rounds it out. Share this episode with a coworker or a friend. Leave a review on Apple Podcasts or Spotify or wherever you listen to podcasts.

Shay Nehmad: 28:48

We don't pay to advertise, by the way. We're talking about the cost of the show. We don't pay to advertise. Not a single sign. All of this amazing growth and all the people who are listening and supporting and buying all the swag and whatever.

Shay Nehmad: 29:00

It's all like word-of-mouth, just people, you know, sharing the show and being, excited about it. And we really, really appreciate it. If you tweet about a show, if you share it with a friend or a coworker, that's basically our only, way right now to expand our audience and just share all this, Go News goodness with everyone.

Jonathan Hall: 29:17

Speaking of of swag, you did forget something. So now we're even. We had somebody buy our first wireless charger this last week, and they posted an image of it on our Slack channel. I'm a little disappointed though. It came with a wire.

Jonathan Hall: 29:29

I thought it was supposed to be wireless, but this is Claudio Beatriz also who, just, told us about the the upcoming conference you just mentioned. So Yep. Yep. Yep. A double shout out to Claudio.

Jonathan Hall: 29:41

Thanks for buying a wireless charger. Let us know how it works for you, once you have a chance to

Shay Nehmad: 29:46

to It does. Give it a shot. I mean, it's cute a f. I'll I'll say that. If you just use it as a coaster, not even as a charger, that would be good.

Jonathan Hall: 29:55

We should we should totally make, Brewster Coasters. We should check and see if that's even possible. That would be great.

Shay Nehmad: 30:00

Brewster Coasters. Alright. Adding to the to do. And before I get even more tasks, and the AI transcription has to transcribe even more of this nonsense, we'll wish you a happy, and calm weekend. We'll see you next well, we won't see you.

Shay Nehmad: 30:15

This is an audio program, but we'll catch you next week. This, week we don't have an interview for you, but next week we actually have 2. And 2 of them are very interesting. A 100% hit rate. So I'm excited to talk to these interesting people.

Shay Nehmad: 30:28

You'll know who they are next week. Great. Bye bye. Till then.