🎤 A nil microphone won't keep us away from the 1.24 Interactive Tour or trying Hugo's new features

This show is supported by you, the listener. Stick around until after the news to hear more. This is Cup of Go for January 17, 2025. Keep up to date with the important happenings in the Go community in about 15 minutes per week. I'm Jonathan Hall.

And I'm Shay Nehmad.

Hey, Shay. You look a little under the weather.

Yes. You can probably hear in your earphones right now. I'm just a little bit sick. Every I get this every, winter. My sinuses are not are not my best, feature. My sinuses are the time formats in go of the human body. They just, like they can work technically, but it's just weird that they're designed this way, and they caused me a lot of pain. Anyways Sorry

to hear that.

Talking about things that are weird, your new mic is very, very small. It almost Yeah. Looks like your old mic.

It it it looks a lot like an old mic. So I ordered a new mic. I was so excited today. I picked it up. I went by Staples to to to pick it up where they delivered it and I got home. I opened the box and there was this nice tidy little box with a little styrofoam, you know, shaped with a little cut out for the microphone and on the side, some cables and the mic stand, but the cut out was empty. There was no microphone in it.

So I immediately Ordered a box, basically.

Yeah. I ordered a box with a cable. I immediately opened up my Amazon app and said return items missing. So they're shipping me a new one, and I'll ship this back. So hopefully by next week, I'll I'll not sound like I'm in a tin can.

You know what would probably happen? You probably marshaled, you know, the mic with the cable and the stand into the box, but mic was, lowercase because they came for Python, and they didn't realize it's private. So I got marshaled without the mic.

Well, whatever it is, my mic is now a no pointer, new reference. So

Yeah. We wanna cover a lot of cool stuff today. We have, some security releases to discuss, new stuff in 124, new proposals, proposals that are on hold, some blog posts, new releases, and grammar fixes in the language, apparently. Yeah. Yeah. And we have really exciting updates like meta updates about the show during the ad break, so make sure you stick around it. If you usually skip it, don't do it this time.

Good advice. So first up, we have, pre announcements. Although by the time you listen to this, it's no longer a pre announcement. Go 1.23.5 and 1.22.11 are being released during business hours today as we're recording. We're recording on Thursday. This show comes out on Friday. So by the time you hear this, they will be out. Make sure you update them. There are a couple of private CVEs that are affected. We don't know what it is yet. We'll tell you next week, but make sure you update.

And last week, we told you the same thing if it sounds like, you know, like a broken record about the previous, release. Right?

Yep.

It was about a bug in a security vulnerability in g log, which I learned about via this security. I I guess there's no such thing as bad press. So I I learned about g log through its security vulnerability. Last week, it it was private. Right? This week, they released the explain the, like, the explainer post in the in the go in the Google group. And I'll try to explain it pretty beef briefly. It's actually kinda simple. Logs, where did you write your logs, like, normally?

Devnull.

But if you, like, wanna read them.

I wanna read them. I I usually put them on a file under varlog somewhere.

Like, whatever, somewhere. Like, it doesn't matter. Right? Yeah. So usually, peep that's what people do. They put it in a somewhere and all since all software that's running on your machine does that, that somewhere which might be for example, /tmp usually has like wide ride access to everyone. Right? Mhmm. It stands to reason that everybody could ride to /tmp because that's, like, what it's there for. Right?

Yeah. Yeah.

And then your software, like, starts to run and it sees, oh, okay. There's a sim link. I'll follow it and I'll start writing where, like, where I the sim link is pointing.

So your SQLite database now has a bunch of logs at the end of it of the the the data.

Yeah. And if you can redirect it through some more clever means, I I guess you could maybe modify the stream, into something you own and then send only some of the bytes to the file that you wanna write and maybe just override the permissions bit. Right? Yep. And things like that.

I probably would check if the file exists and if it's assembling. And if so, then, I guess, report an error.

That they go even harder. They just crash if the log file already exists.

Okay.

Like, you're not allowed to run if the log file already exists. That's pretty good because it means if you're developing, you like, before you run, you need to delete the old log file, which is kind of frustrating instead of it just rotating. But as a library, that's a very good decision, I think. So that's the class of vulnerabilities. Insecure temporary file, that's a specific, vulnerability you can, like, in g log, you write log to, like, somewhere public by default.

Cyber. Well, that kinda does it for, things that have happened in the past, with regard to releases, but we do have an upcoming release that we're all anxiously awaiting, and that is the Go 1.24 release. And we now have the interactive release notes, which we were very excited about the last time, and I think we're right before that. Big shout out to Anton Giannoff for, putting this together for us, for the community. I I love this.

Can you go and run it? And let's see if it if, Anton set the seed correctly or if we're all getting the same number.

It's because I got So it should be, oh, it is the same. It is the same. Yeah.

Wait. I got l I v g q

s. Same. Yep. And a n g g g g. That's awesome.

I knew it. I knew it.

The only thing I don't like about this function is that the output is in base 32, which is fine for many, many cases, but sometimes you want a specific alphabet or something like that. If that's what you care about, you're gonna have to still implement your own.

Yeah. The, I I found out that the most useful one is the is base 62. At least that's what I found.

Mhmm.

Because it's like base 64, but without hyphens and underscores. Yeah. So if you have a prefix, you have you can, like, separate the prefix from the unique bits.

Yeah. And there's a lot of time Just

use it today.

It's a lot of time I wanna when I wanna custom alphabet error, or maybe I wanna wanna human readable string. So I don't want zeros and o's or or i's and l's. You know, I'm gonna leave some certain characters out that might be ambiguous. If you care about that sort of stuff, you'll still have to do your own.

Yeah. But then you can go back to exactly what you did before, so it's not like you're losing out

on the thing. And I

think we talked about this, API on the show. Like, there are proposals to pass in an alphabet into this, but I'm happy that they don't allow you to do it because it would be super easy for someone to pass in a a too short of an alphabet Yep. For it to be secure. And then you're it's it's sort of a foot gun. Right?

It's a good argument.

Yep. The other one I release notes are awesome. I really like playing around with this site. We should tell Anton to change the c, though.

We should just get him on the show, and we can tell him in person.

Oh, I can actually edit it. Well, you I'll I'll try to fix the code one second, and you tell us about another thing you you like.

Yeah. So the other the other, thing I wanna call out that's coming in 124 goes back to the logging discussion and devnull. Now we have a first class citizen called s log dot discard handler. So instead of having to, create a new text handler that writes to io dot discard or whatever, you can just use s log this log handler for your tests or if you're if you truly wanna throw your logs into devnull. And, it'll be a little bit more efficient, I suppose.

Saving typing is is good, especially now that it's so cheap with AI.

Yeah. I don't have to let Copilot, give me the wrong, autocomplete anymore. I can just type this log discard handler, and I'm done.

I'll shout out 2 things that I really like. One is JSON output for build, install, and test. As someone who spent the less, like, year and a half building development tooling, having Go test minus JSON, just printing out all the information you need to, let's say, pipe it into JUnit or into GitHub actions or whatever is very, very useful, and it's designed correctly, I think. Yeah. Actually, I I don't wanna shout out any other feature.

One feature that, maybe in a future version of these interactive release notes is, a proposal. Actually, there's 2 proposals here we're gonna talk about. They're closely related. The first one, that we're talking about is for a new package called container unordered.

And just like your mic container.

Just like my mic container. The idea here is a generic hash table with custom hash hash functions. So that it's basically a center library package that gives you the equivalent of a map, but where you can define your own hash functions on your keys. This is this already exists, in a couple of places in X tools. There's a there's a version of this that predates generics.

Which is something we we don't see very often

Exactly.

Going on hold. I I I'm used to well, I am used to immediate rejection. But usually, it's like a discussion, and then it goes through final comp final response period, likely decline and decline, or likely approve and approve. Right? I've never seen on hold before. What does that even mean?

So the official description of on hold is reading from the documentation here. If discussion of a of a proposal requires design revisions or additional information that will not be available for a couple weeks or more, the group may put it on hold. So that's essentially what's happened here. So if we look at the, minutes from the last proposal meeting, we see that the reasons on hold, which isn't made clear, at least in the last few comments on the issue itself, is for another proposal, which is to add a standardized hash function. What is a standardized hash function?

No. I think that's important.

Okay. I I mean, I think it's important too.

Sometimes an endless smire where you don't focus about the important stuff, but honestly, Go is pretty secure.

Yeah. So this is like the good version of bike shedding where they're actually working out security, implications of things.

Where they're bike shedding, but what they're actually building is a bike shed.

Right. Right. A secure bike shed at that. So anyway, this this bike shed that is a standardized hash function is still in the works. And obviously, as we've described the previous, proposal, it depends on a standardized hash function. So it makes sense that it's on a hold while they try to figure out how to do a secure standardized hash function.

Cool. So now, just need a way to implement, you know, depends on, like, you have in Jira. This issue blocks that issue in GitHub issues.

Are you suggesting that the Go projects have switched to Jira?

I suggest that if we have listeners that work at Atlassian, stop listening for the next 10 seconds. And I honestly wish for that outage that was last year where people couldn't access their Jira and Confluence instances because they they implemented like deleting deprecated plugins wrong and deleted entire tenants and then recreated them by hand, to happen to every single, Jira instance in existence. So everybody moves away from these tools. I do not like them. At least in the people, you can put your, headphones back on now.

Yeah. That was a lot more than 10 seconds, but, well

I agree. That's how long Jira takes to load. So you know what?

Unless you wanna sponsor us. No. I don't I don't I don't think they wanna

I I don't think I'll take you know what's funny? Just, like, moving the curtain aside a bit. When we started this show, like, 2 years ago at this point, we had a Google doc where we Yeah. Started to hash out, like, what's gonna be the name and how it's gonna work and whatever. And then on the first episode, like, while we were prepping for the first episode, I opened this, like, board where we can manage, like, the backlog of news and backlog of interviewees and the things we wanna talk about.

But you know what?

Trello has

gotten worse since we've been using it the last 2 years too.

Yeah. But that's because we're never clearing the backlog, and we have people in the interview who use Well,

that'd be part of it. You're like to use. The cards are harder to use than they were 2 years ago. Anyway, that's that's not about go. Let's let's talk about this blog post from my hall.

Actually, the it's a nice segue. Right? Because, what would you consider to be well designed? Oh. Like the definition?

Yeah. So I I know where you're going because I've read the post, but I'm trying to, like, imagine my life 48 hours ago before I read the post and how I would answer them.

You're saying this post is totally life changing.

It's a watershed It changed my life. You know, I I don't know if I have a good, a good answer for that. Like, I I guess I would say something like it's easy to use and, it serves its purpose, but I'm not I I don't think that's what the author is getting at here because

I think, some

of those things could happen without design at all.

I think, you have the act of designing, and you have the the final design. Right? Mhmm. And some things haven't been designed at all, and they're designed really well. Right? Some things have been discovered, and they have beautiful design. Sure. Well, I don't know if discovered, but they were, like, made without the design step, and they are really well designed. It's sort of a funky word. There's a book called The Design of Everyday Things that talks about the this word a lot.

Okay.

There are really easy to use, apps on my phone that are very poorly designed. But if something is simple to use, like, there's one way to use it, and it's not confusing. Anyway, the blog post is asking the question, is Go well designed?

Mhmm.

And I think it's written really well, and I don't wanna, like, I want you to go read it. So I'm not gonna really spoil the ending. I'm just gonna give you sort of the intro. This author, Matt Hall hey, Hall. Do you know the guy? Or is that, like, a common name?

It is a fairly common name. But hey, Matt, if you're listening and we know and we're related, give me a shout out.

That's gonna be like your, Mary Kate and Ashley moment where you discover you have matching, SSH ID keys. Anyway, the Matt talks about, like, what is design anyway, and to him, it's whether a thing fulfills its original goal. Right? And, generally, in that sense, he says that, yes, Go does fulfill its goal and therefore, it is well designed and that there's a difference, and I think that's the most important point here. There's a difference between I don't like it and it is badly designed.

Well, I think you could also make an argument that you don't even need to agree with the goals or think they're good. I mean, maybe a Yeah. Some sort of hacking tool or or a thieving tool is well designed because it allows it either carjack more easily or whatever the case is. You could you could argue that it is well designed even though it was designed for a purpose that shouldn't exist, for example.

Specifically, Go is a is a really good language for malware. Right? So you don't even have to go to a different product. You remember that Chinese APT that was, like, distributed no c and c that we covered on the show? I think it was a year ago.

That's been a while. You would

never write that in, like, not in Go. Anyway, funnily enough, this blog post, which is overall the the saying is Go is a well designed language, mostly talks about, drawbacks. The file system API, no operators or functions overloading, the error handling, the f f I, and sort of looks at each of these quote unquote weaknesses and just says, yes, of course, Go has poor f f I because it wanted its own compiler linker debugger to have a really good tool chain. There is or the file system is something I hear all the time from Windows developers. In Google, all the servers are Linux.

Yep. I like it.

Always like I do when you find really good blog post, go, read the other things in, Matt's, you know, about page and projects and everything. And he has a few good posts on his blog, technology predictions for 2025, and all these sorts of, cool things, book reviews, talking about Rust and Zig as well, really, really cool. And funnily enough, he works at Couchbase. So another relation between you 2.

I think we should take the last two items to lightning round. What do you think? I wonder if Matt's website is hosted with Hugo.

Oh, that's interesting. Actually, it it works really, really fast, and, we even have his GitHub, so we could take a look. But wait. Hugo releases? Oh, my god. A new release. Yeah. Sounded believable. Am I right?

Yeah. Yeah. Nobody knows that that was planned.

So Hugo is this static site, generator, which I absolutely adore and I've been using for years at this point, since 2019, hasn't, like, crashed on me once. Amazing. And this new release actually adds, like, a few cool features. They're pretty simple to explain, so I'll just try to explain them. Obviously, it includes a lot of improvements and bug fixes and and whatever.

or something like that? Yeah. Not frequently, but yes. Yes.

So there are you you pass, like, a black and white shape, let's say a circle. Right? And it masks the original image in the sense that everything that's black is gonna get, cropped out and everything that's white is gonna show. Maybe it's the other way around. I never remember.

I love that one. Like, put in

a link and pass it through the QR filter, and you get a QR image that works.

That is the one I would use, fairly frequently, actually.

Honestly, I have to say, QRs are the one, like, piece of technology that I just I'm so surprised it caught on, but in hindsight, it's so obvious. Like, can you imagine living without QR codes now? Wow. So many things. Right? I don't know how it is in the states, but, like, public transportation. You in Israel, you pay by QR code. Scan this card. Like, I probably I'm probably filtering out it out in my head, but I I probably see, like, 15 QR codes every day.

Mhmm.

Probably more than URLs at this point.

Whenever I give a presentation, I always put a QR code at the the same one at the beginning and end of the presentation for a link to the slideshow I'm doing. So if you're at a meet up or a conference, someone can just snap them in a picture of that or scan the QR code in real time and then they have the link to to that and any of the resources I want to share. So that's why I would use it because I usually put my my slides on my on my blog.

So you you now you can just do images dot q r linked to the current page you're on. I think if you do it, correctly with the templates, you could even, like, it would render the q r differently if you're running in local host, like in the Hugo server, or if you deploy it to wherever you host your, static HTML. Mhmm. But just 3 cool filters. And if you're writing, like, more complicated templates have you written any custom templates for Hugo?

I don't know. I mean, boldly go. Tech is all done on Hugo. A lot of custom templating there.

Cool. I I have one that I really like. It's mostly CSS, to be honest, but it's it it does have a bit of, like, magic to it. I wrote, like, flashcard thing where it generates, you have a title and then the the content. Right? Which is basically, like, when you study for a test and you have a small card.

Sure.

Or on the front, there's the question. On the back, there's, like, the answer. I used it to memorize, like, formulas for math tests and things like that.

Okay.

So now when I summarize books and post it on the like, technical books and post it on my site, I have this custom template. And, you know, every now and then there was an error and I had to debug it, blah blah blah. This release adds try, which is a general mechanism for handling errors within templates. If you have an error, you can try and it returns like a try value So you could print like an error or maybe you can, like, write a warning but not crash, all these sorts of things. Really, really, really useful for template developers.

this is different than the typical try catch that a lot of people are used to. Right? You don't have try and then a block, and then in text, it's try and then an expression of whatever function that might be, and then returns a a value that basically has 2 keys, an error or a value. So that's how you you handle the error case. So it's it's not like a new language construct or whatever that would require modifying the, the templating language itself.

Yeah. It is a nonstandard extension to the text templates, so you won't have that in text template. But, honestly, I don't know if it's possible. Maybe it's breaking. But if it's not breaking, putting it in text template would be really useful because you can try to do a thing and if it airs instead of, like, crashing the build, you can just warn if you don't really care about it if it's just whatever. I think it's really useful, but obviously a power user thing.

I'm gonna have to try it out.

Yeah. Yeah. Yeah. I actually think it's, like, getting updated automatically for me because I installed it using brew.

Okay.

So, like, whenever I brew upgrade, it just upgrades to a new version. Once it I had to update some of my templates due to, like, deprecation warnings, but it just works. Solid piece of software, honestly. For a zero dot, it is very solid.

So that wraps us up. For the most part, we do have some important programming announcements and then a short lightning round after the the break. So stick around. This show is supported by you, our listener. As we mentioned at the top of the show, if you'd like to support us, there are many ways you can do that.

Yep.

Yep. So that's a lot more affordable for for most of us. You can support us that way. It helps cover the cost of hosting and editing and and buying microphones that don't exist and all those sorts of fun things.

Yeah. The money goes to the good people at Boxes Inc, who sends boxes of microphones.

You can also support us in non financial ways. We love to chat with our listeners. We're on the go for Slack in the Cupago channel. That's Cupago Kebab case. You can also email us news at cupago.

Thank you.

And one other way that you can participate and support the show is coming up soon. On February 13th at 1800 hours UTC. We are going to be recording the 100th episode. The Go 1.24 release party, a live episode. What else can I say about it? It's gonna be a fun and exciting, Join us. Have your voice on the show. What else? How else can we hype people up about this, Shai?

So we don't really know how the party is gonna go. I assume it's gonna be like an online conference. Right? Yeah. We're gonna have probably just a part where we do the show, and y'all listen and, like, chat with us and we read, your comments from chat live, sort of like a Twitch stream.

Are you sure Peter's not a bot? He might just be on our assist feed.

Well, he's a very friendly one at that. So I'm, I'm okay with it. So, yeah. The just pulling two names off the top of my head because I think Yeah. They're the most recent, commenters and the most recent, participants in our channel.

When we hit 256, I'll be excited. 0 accuracy. Yeah.

I just read that on, Denmark trains, like Danish trains, you're not allowed to have exactly 256, light bulbs, because it confuses the rail software

Oh, wow. Or something like that.

We could hit a 128 before that. Like Yeah. That's a nice round number. But, yeah, I think it's like an achievement. Basically, you and I have invested an hour or maybe 2 hours of our week every week to learning Go and sharing it with the community.

Yeah. I was in I was stuck in New York that day.

Yeah. So, yeah, it's gonna be a lot of fun and I'm really happy to celebrate this, like, milestone. We we're crossing our fingers that 124 is gonna release during the episode. That's gonna be like That'll

be fine.

Perfect. But our actual bet is, Valentine's day. Right?

So I I keep waiting for Valentine's day release.

Yeah. So, we don't know it. Obviously, we don't have inside information about when, 1.24 actually coming out. But we can celebrate the release, you know, it's in the same week. It's gonna be fine.

Alright. I think that wraps us up here. Let's get back to we have a few items for a lightning round, and then we'll wrap up the show.

Sounds good. Lightning round.

Alright. First up in the lightning round, a grammar nitpick. So some of you may know that I do a daily, usually 5 days a week, post about go. I'm almost done, with the, going through the go spec one essentially paragraph at a time. It's taken me about 2 years, just about as long as we've been doing the show.

Hey, John.

Yes, sir?

Knock knock.

Who's there? To. To who?

No. It's to whom. Alright. My lightning round pick is kinda different from the things we usually do. Every now and then, I try to go to some social media site and just search for go and filter by the last week.

I thought aliasing was a new feature in 1.24. Now we want an anti alias?

That's a good one. Yin and Yang. Aliasing and anti aliasing. So, yeah. Pixel is a new community, maintained fork of the original Pixel. Link in the show notes if you wanna join that project. I wish I could. That wraps it up for today.

Yeah. I think that wraps it up. It's been a good show. It's been a long show. We'll see you next time.

And hopefully in the live episode.

Yes. Program exited.