Supply chain attacks ⛓️‍💥 Ghetto Logs 👊🏾 🪵 and Rust/AI cold takes 🧊 with Thorsten Ball

Although, I think he kind of enjoys that too. Anyway, stick around the interview to hear his hot takes or not so hot takes about Go and, AI and Rust and other things like that.

So, yeah, you should upgrade, but let's discuss the content as well because it's, pretty nice. If you're on 01/22 or 01/23, just upgrade the miner, you should do it anyway. And if you're one of the few kind souls that's actually trying out the release candidate and you're, like, CI pipelines or whatever, make sure to, you know, upgrade your your CI pipelines to the third release candidate. The third release candidate is the last one. Right?

That means that one twenty four, like, should be released pretty soon.

So, you know, how we have to compile our software in order to ship it to someone? So, normally, what people find is that compiling on platform on multiple platforms can sometimes be kinda hard, but in Go, usually it's pretty easy, too complicated. Yeah. So I think it's very rare for me to see issues that are related to build and that are platform specific. I've I've certainly never experienced anything like that just, you know, sometimes I mistakenly build something for Linux and then ship it on Mac or something like that.

But in in this case, when you use, when you build on Apple, there's, usage of things like executable path, loader path, like any special values, for Sego, for like the LD flags for Sego, you can get just arbitrary code execution. So if you have, like, bad flags or someone gives you a package with bad flags, they can just run code on your machine. This is only for, Go one twenty four r c two. So this is not, like, impacted the previous versions. It's a new thing.

Funnily enough, the person who discovered this particular issue is a Juho Forzen from Mattermost, which we had on the show. Yeah. Here's a snippet of that interview.

If you know if you don't know what they are, it's basically there's like a cryptography mechanism or like any whatever mechanism that doesn't give you any direct signal back about whether you're successfully, like, hacking it or not, but you can use, different artifacts of, like, timing, how long it takes or temperature, how hot the device gets or whatever to understand if you're doing a good job. Good way to explain it, I think, is when you're trying to pick a lock, you don't actually see, like, the pins inside the the lock, right? You're trying to put your lockpick in and you don't get immediate until you finish all the pins, you don't get feedback whether you succeeded or not. Right? But you can listen to hear if, like, the thing got caught on the on this on the metal there.

Right? Mhmm. So it's sort of the lock is side channeling information whether you successfully picked it or not. So in this case, it's a timing side channel where you can, understand what is the private key based on how long it takes to generate different parts of it or something like that, but they don't believe it it's it actually allows you to recover the private key, but they solved it anyway. Alright.

But, yeah, it's a very, very niche piece of hardware for a very specific use case. I would be surprised if anybody's using this for anything serious anymore. I don't I don't I don't think this this hardware has been manufactured for ten or fifteen years or more.

But just today, at lunch, I watched, like, a fifteen minute video of how many Amigas did the Commodore company sell, like, overall in the world, and he's just, like, digging into old shareholder reports he bought off eBay just to try to I don't know. People have nostalgia for old hardware. Like, when I see an old CRT monitor, the big ones, you know, the Mhmm. Yellow plastic, the, like, yellow grayish plastic thing with a curved glass on it, I get I get, like, it's cool. Definitely happy that, people work on these hardwares.

Not sure it's super critical for Go one twenty four r c three, but sure, guys. At least it's it gave us a chance to talk about the side channel attacks, which are always Here we go.

And then if they if you run, I think it's called go fix is the command. It will it will just go through your your project and do those changes for you automatically.

You know, I mean, a really a really simple example, even simpler than what I did is one where just one function is replaced by another one. And we already have the comment deprecated use blah instead. If you put a go fix in front of that, it'll automatically just rename to use the new function now.

If it's a 50 line function, you wouldn't want to put go fix inline because then you're going to copy and paste those 50 lines all over someone's code base. Yeah. But for short things where something, you know, the order of function or order of function arguments changes or the function name changes, things like that, it's a really easy way to do that for you.

Funnily enough, like, when you look at their page, one of the things you find is socket versus sneaks, socket versus dependabot versus s m grep, indoor labs, blah blah blah. All these companies, what they do is they try to prevent vulnerabilities from entering your code through your dependencies. So you don't wanna import a library with security bugs. Now, libraries that you import or dependencies that you have can have we can have two types of security issues. Right?

Intentional or unintentional. The case we they they published a blog post about, I think it's super interesting, it's also very simple to understand, is a malicious package that's just based on, like, type squatting. Right? Typosquatting. Typo squatting, basically, you have a package in a name that looks like the thing you'd like to import, but it's not actually it.

In this one, I think the interesting thing they did is they the typo is not in the package name, it's in the organization on GitHub. So very very hard to see because if you look at code examples, like, at at your code, it's not like it's the package name is different from official documentation. So your code snippets look the same, but the, organization on GitHub. So just the import line is different. In this one, it's the BoltDB database.

Have you used the Bolt, DB? Do you know, like, what database it is?

So they changed the tag, but only on GitHub and they didn't notify Go mod and because go mod has no other way to know, go mod points to the old tag which is malicious. Again, it it gives the attackers access to run arbitrary commands on your machine. Not great, especially like when you're building DBs and things like that. Go module, you might ask the question, wait, why didn't the Go mods update when I changed the tag? Right?

But it makes a lot of sense that the Go the module is immutable because otherwise, like, you could build the same package and get two different things, like, you really wouldn't want people to be able to upload any version. That's where you have the lock files, etcetera. But, yeah, it's, there's a function that attempts to continuously go to a hidden domain and execute some shell commands without any validation, with weird ass names like underscore r and a pill init, like, just very clearly shitty names.

Very, like, if you go read the, blog post on saga.dev, it's linked to the show notes, you can look at, like, all the ICOs. I assume, if you use the product like the saga.dev it will report it for you, but since they published it publicly, I assume dependable and others will do the same. At least I hope they they will. It's a cool attack, like, I don't wanna praise it because it's a bad thing. I think it it abuses Go mod interestingly and I'm wondering how many more cases of this actually exist or maybe you can even target specific organizations, right, that you know that use a specific dependency.

So if you knew Uber is using a specific Go dependency like Zap, right, their log library, maybe you can create Zap with double p and hope that one of them installs it one day. And all you need is once if you wanna infiltrate the specific organization. So a really cool, blog post, and security work done by, Socket Security here. I really liked it. Well done, Kirill. Very cool stuff.

Don't give me options and choose one. Feel free to use emojis. So pretty good. And it uses Ollama, which I've been meaning to have you, like, played around with Ollama? No.

I've deferred it again and again. I was like, I have to find something to do with a local LLM, like, because I use LLMs quite a lot, but I I have them everywhere. Like, I have them on Versus Code and I have them on GitHub and I have them on, like, ChatGPT, which I pay for, etcetera etcetera. And I was, like, ah, I need to run local models. Like, what will happen when I'll, like, be on a long flight?

Right? I need I want the model on my machine. So this, project gave me the excuse to finally install Ollama and start playing with it. Manuel Martos, thank you very much for the project, which is very interesting. I really like his, his GitHub page.

It's, like, the most setup thing I've ever seen. It has, like, GitHub stats, GitHub trophies, languages I'm currently learning, contact information, pretty busy cool stuff. And, this project is just kind of funny. If you do use Logres, I don't know if anyone is. If you do, can you try it and show us the results, please?

That'll be speaking about our communities, so we have the Slack group, Slack channel. You can join the Slack channel on the go for Slack. It's a cup dash o dash go kebab case, or you just talk about the show and some random stuff. Or if you wanna extra support the show, you can join as a Patreon. It's $8 a month and it helps us support the show financially.

This is a hobby. We do it for fun and to learn, but it does cost a bit of money. We need to buy boxes of, microphones and then buy the actual microphone a week later. We need to pay for editing to, you know, bleep out all the whatever. I actually use the curse words this time, Filippo.

Sorry. So you actually have to bleep them out instead of me just saying bleep these words out, etcetera, etcetera. So if you wanna support the show, come join as a Patreon member, or if you don't feel comfortable giving, money, that's also fair. Maybe rate the show on your podcasting app of choice, Spotify or Apple Podcasts or whatever, or share the show with a coworker or a friend or a co student so, more people hear it because that's always fun. Anything I'm forgetting?

If you have a merge conflict, how about you go to merdenicht.ai,merde.ai, and have the AI fix it for you. Not gonna say anything else if you wanna go and check it out, check it out if you struggle with merge conflicts. Thanks, Josh, for being a friend of the show and developing all these awesome, services. That does it for the ad break. Let's jump to the interview.

Don't forget to come to our live episode next week. So, Jonathan, we've been doing this show for, like, two years now, and I think it's time we we find, like, a better name.

I've been writing Go since one point zero came out in 02/2011 or '12, something like that. I I don't know. And then I joined source well, in 02/2016, I published a book called writing and interpreting Go, which some of you might know followed up in 02/2018 with writing a compiler in Go. I joined Sourcegraph in 02/2019 and worked there for the next five years, also working mainly in Go. And then this is where it gets spicy here.

Last year, I left Sourcegraph or say, you know, one year and a few months ago, I left Sourcegraph and worked at you started working at Zed, and I started writing Rust full time every day. Yes. After, you know, three years and multiple attempts of using Rust in my spare time, NextivaGo, I did it professionally now for a year. But now I'm going back to Sourcegraph after this year, to see if Rust. So right now, in fact, I am unemployed this week.

I'm starting the new job next week, so I can basically say anything I want right now because it's just my opinions and not those of my employer. Yeah. So that's my intro.

Yeah. Obviously, like AI generated slop that that nobody wrote and nobody's gonna read and it's just gonna, like, generate numbers. And then I stumbled on joy and curiosity and it really it really caught me. The the way I see it, maybe you explained it a bit differently, but it's sort of a list of, links that you found interesting that almost necessarily aren't the main context, the main focus, the main job. They're almost necessarily these like cool random things that you would like send in in the random underscore tech channel in your Slack or like in your Telegram group, with your with your co students or wherever you are where you have a cool link.

It's not directly what you're doing right now, but it's just so cool that someone built it about, like, tech. Someone built something really cool or someone wrote something really cool. You have to put it somewhere. And you sort of aggregate all these cool links you find, and just put it in a weekly newsletter. And instead of calling it the tech roundup or blah blah blah, you call it joy and curiosity.

So before we dive into the, like, specific links and how do you collect them and what do you like about it and what's coming this week, Why joy and curiosity? Why that name?

And then over time, it slowly transformed into, you know, now it has, like, thousands of subscribers. And then I added this special edition that comes out every week of the same newsletter called Join Curiosity. What was your sorry. What was your you had some good way to phrase it. What was the question you just had? The way the way the white process is.

And I've become super conscious of this, and I really try my hardest not to do it. Sometimes I slip and then I delete a post after ten minutes, which sounds incredibly weird to somebody who's not, you know, addicted to social media. But what I wanted to do was, you know, spread positive things and spread curiosity in the thing that we all do every day, like programming computers. And the reason why I started to do it was that while writing register spill, I realized that, you know, it's hard to come up with a topic every week. That's certainly one thing.

And then one trick that I found for me was that, you know, people have been saying this to me for a few years. They they're like, oh, you you're like, your passion is inspiring, or you get other people excited about this stuff. And I can't help it. Like, I just get excited about computers and programming, all of this. So then when I started to think about what should I write about in my mind, I went, look.

Like, if I went out for beers with the buddy, like, what would I talk to them about if they were also programmer? And then I just started to write about this. Like, this was my mental hook. And then I realized that I also want to share this other thing. Like like exactly like you said.

Like, I would send friends these links in, you know, iMessage and whatnot or WhatsApp. I said, look at this. Or I would tweet it out. Right? And people appreciate this or thought it was interesting, so I started to put it in a newsletter.

And then it started with me just putting it at the bottom of another, you know, mini essay, whatever you wanna call it. And then I made it the main thing every week. And, yeah, joy and curiosity, I think it's this. It's a good combination to have, you know, enjoying what you're doing, being curious about it. And I think that's kinda what I want to foster.

And that's also, you know, why I find this stuff interesting because it does give me joy. And I do find like I also realized that the reason why I'm still doing this, and I I don't know how long you guys have been programming, but I noticed that when you start out programming, in the beginning, you kinda assume everybody's the same roughly or has the same motivations when you have no four other junior developers. You all wanna become a senior engineer and whatnot. And then after a few years, in my case, I saw people that have been programmed as long as I have kinda drop out or get bored by program because they, you know, after doing it for eight years, you just become bored of it. Like, I myself have, you know, now that I've been doing it for nearly, you know, twenty years, driving a car has become boring for me.

You know? And if you're 20 years old and you've been driving a car for two years, you're super excited about this. And I realized that this is what other people go through with program. They kinda lose interest, and so that's fine. Like, that's completely okay.

You know? But for me, I realize it just doesn't stop. I still find it interesting. I still find it, you know, it brings me joy, so I kinda wanna foster this and and share with others. And it seems to resonate, like, it seems to resonate with a specific group of people.

But this one, I'm like, oh my god, so many cool links. I've never heard that OpenOffice can't print on Tuesdays. What what the fuck? Like, how does that work?

Like, I would rather do this other stuff. And, I mean, you know this, I guess, but I'm often also surprised by how people respond to what I put in because it's so sometimes I just link to a tweet or sometimes just to one sentence of a tweet or a comment on Hacker News or wherever it is. Basically, just things that sparked other thoughts or that created some sense of curiosity or joy. And not to, you know, not to go too meta, but over time, I realized that in the beginning, the thought was, oh, isn't it easy to find these links? Like, people have probably seen this to go by on hacking.

So they've probably seen this go by on Twitter or wherever. But then I realized that everybody's really unique in the way they absorb information, and that's what makes them unique in some sense. Like, all of that stuff comes in and only some of that stuff resonates. And if you kinda take that stuff that resonates with you, you will end up with a unique combination even if all the inputs are equal. You know? And so so I don't know. I've been leaning on this.

Just stuff that might be interesting. And sometimes I add a thought next to it or some other thing. And right now, I have one, two, three I don't know, 15 or something, and I'll probably throw five of those away. So over the week, I just drop stuff in. And out of those 30, you just said, I think, you know, five of those might just be links to tweets or something or stuff that somebody else sent me.

Maybe I think in that issue, maybe even added a comment like, hey. I haven't read this fully yet, but blah blah blah. And I think the rest is just stuff that I, like, just came across, you know, like a video I saw or some tweet file by the link to some other thing. And then there's two things happening, which is this newsletter, like, made me then more conscious about, you know, like, oh, I should really read this. So instead of just saying, oh, this looks interesting and skimming of it, I'm like, okay.

Before I link to this, I have to read it. So I then make some effort to put some time aside. I also, you know, now have the Readwise reader in which I add stuff and then try to read it. So number of links also has grown, but it's not I wouldn't say it's something that I put a lot of extra effort in. It's mostly all of the reading I do anyway.

And then just, I don't know, like, then just collect it and maybe there's one or two or three things. Like, there's been Thursdays where I'm like, I don't have anything. I gotta write this on Saturday or something and, you know, I've got four links or something. So then I would dig into my email inbox, like links that I sent myself, or I would look into reader or some other stuff. I also have, you know, backlog, like if something becomes too long, I put it on a backlist, okay, and link it to some other time.

And then I mean, you also see me sometimes not cheat, but I I can do whatever I want in that format. It doesn't have to be up to date. So sometimes I can just pull out old links and say, I watched that video again that I've been watching for ten years. You know? Like, Rich Higgy, it's simple made easy.

Right? And it's this. I've seen that talk five times, but then it comes up in a conversation with some other program, and I'm like, I should link to this again. Right? Because not everybody has seen it.

And if you internalize this, that David Ogilvy, you know, marketing guy, he said, you're not advertising to a standing army, but a moving parade, meaning you're not always sending stuff out to the same people. Like, every week, different people might tune in, and not everybody has seen the same stuff that you've seen. It's totally fine to share link that, you know, some people have seen maybe, you know, like, five years ago. Like, they won't get pissed off by this. They won't say this guy have seen this before.

Like, why does he link to this? You know? Yeah. But others might not have seen it. So there's nothing bad about being loose with what you put in.

So there's a bunch of stuff that I kinda bookmarked and read. And then the other thing that I was staring at where I wrote three lines of comments already in my notes was was somebody was comparing Wayland versus x 11 input latency on Linux. And I worked on the zed Linux version last summer on the x 11 version, and it wasn't a good time. And I read this, and I just thought the the whole I don't wanna, you know, offend anybody who's a big Linux fan here. But if you read this, the whole Wayland versus x 11 thing, and then you compare it to, say, macOS application development, it's night and day.

Like, it's it's just there's no wonder that, you know, high quality applications on Linux are rare, you know, or say cohesive, high quality applications on Linux are rare. So, yeah, that's kinda it's this. And then I don't know. There's, Jimmy Miller wrote a great blog post that's in there this morning. Also this week, I'm unemployed.

I have too much time this week. Yeah. This week also, there was some interesting thing with somebody, some guy who makes, like, all of these different fonts, and he had, like, a new monospace font that he said as a system font in macOS, which I thought was interesting.

Nobody will have any jobs anymore. So that's the one extreme. And then and then and then there's other hot take. This response to that is, no, that's all baloney. Every time we've had an advance in technology, it's, you know, cars didn't didn't, didn't reduce the number of people who who went around it, increased it.

Right? You make the road bigger and more people drive on it. The Internet meant more people want or when we went to AWS, server sales skyrocketed because now, people are selling more servers, etcetera, etcetera. So, you know, the the flip argument there is AI is may make us more effective on a per task basis, but we're gonna take on so many more tasks and do so many more things that there's gonna be a huge shortage of development talent out there. Two strong views opposite end of the spectrum.

Where do you fall, or do you fall off of that spectrum somewhere?

Completely unimpressive, totally wrong. And then you had all of this hype going on, and I just didn't see it. I didn't see how it would even change things. It felt like you had an unreliable Google or Stack Overflow or something like this. And I didn't understand it.

I didn't know looking back, I also didn't know how to use it, or I didn't understand it enough to know what to use it for. And I think in the last two years, this has changed for me by one thing, and that is the models have become better. Like, that's just that's just what it is. I think even a year ago, it was completely different. But now since the summer cloud three point five, anthropic, that's a completely different thing than two years ago, chat g p t.

And that so that's one thing. And the other thing is that I what really changed things for me was in the last two months, I worked on the AI team at Zed on inline completion, meaning, you know, what cursor has copilot inline completion, and we built this for Zed. And to do this, we work with LLMs, and we fine tuned LLMs. And I you know, when you do this, you collect data, which is a lot of plain text. You have to label data.

You have to generate data. You have to analyze data. I realized that LLMs are really good for that. Like, they're really, really good at taking, say, a hundred files, and you give them the option of which of these five labels would you give this file. And if you run this a bunch of times or even just once, you get pretty good results, and you can see how this is a lifesaver.

And for me, I don't know how to put it into words yet, but for me, I started to realize that there's this mechanical nature of it all where, oh, these things are really good at taking fuzzy stuff and turning it into non fuzzy stuff, which is a big thing that we've been missing in computers. Like, you know, I mean, you can now take a screenshot of this screen and and send it to Claude and say, where should I click, you know, to to end this call or something? And it can pretty much tell you where to click. And that's huge, I think. And working with text, working with data, fine tuning stuff, playing around with inline completion, and seeing how good it can be and how much of the mechanical stuff that you do in day to day programming it can take away from you or it can help you with made me realize that, oh, like, this is I made a category error.

I I the LLMs are not this, you know, this oracle that helps me do all of the stuff that, you know, some people say it is or it might be one day. But for me, it's just more this, oh, they're really good at working with text. And guess what? I work with text all day because I'm a programmer and, you know, code is text. And give you, like, one example here.

You know, I I was a Vim user for many, many years, two decades, basically. And in the Vim community, people are obsessed with being really efficient with, like, navigating through text and whatnot. And there's, like, you know, how you jump, and I think it's called easy I don't know. Quick scoping and easy find and all of these things to jump to specific characters.

And I see them now as really useful things to work with text, meaning they can be pretty good when writing code. And they can also be really good at generating small amounts of code. And they also allow you to turn a lot of fuzzy stuff into non fuzzy stuff. And they can be super helpful, you know? And one last thing on this, and this is not, you know, the appeal to authority, But people were super skeptic of AI.

And I, like I said, I was too. But then you would see all of these programming legends suddenly switch over and kinda get interested in this stuff and see it or use it, you know, like Antares from Reddit. You know, John Carmack famously, right? And Mitchell Hashimoto Hashicorp, he doesn't use a language server, but he uses Copilot. Right?

And that guy is one of the best programmers I ever seen in action, and he trusts Copilot to write Zeek for him. And that changed it for me where I start to think, okay. If these guys use it, I should take a closer look. Like, then it's not just all bullshit. Something has to be there.

We started with punch cards. Nobody uses punch cards anymore. Right? Why should programming stay the way it's been for the last, say, ten years? And where people write just text in a text editor?

Everything. Right? Why wouldn't we go into this hybrid mode where some code is written by AI and people review it and other code is written only by humans and stuff is merged. Like, I I think stuff like this will happen where we change the way we write code because now we have these machines that are surprisingly good at writing lots of, you know, small amounts of code. And Mhmm.

I think it was, reusing or something like that and not reassigning it. And I found a way to copy, like, the name of the function that I'm, doing and then capitalizing the first word and then putting it the end of the error and then adding a colon if it doesn't exist already in the file. And then I had it in a macro. I felt super smart, and then I did it a couple of times. It obviously took me longer than it would to, like, you know, command I on the file in Versus Code and tell, Copilot, hey, can you please rename all the error, variables to, you know, the corresponding names to avoid this lint error?

And, you know, if you click on, like, IntelliSense right now, the first options are not the auto complete and and the previous IntelliSenses are explained with Copilot and fixed with Copilot. So it wouldn't even have to type anything. Like, it would just offer me fix with Copilot. A lot of you you speak about this with a lot of passion where the others things you mentioned enjoying curiosity are often very low level programming things, right, that feel to me that are gonna disappear. We're not gonna do cool vMacros anymore because Mhmm.

Like there's no point. So how can you be so excited and curious, and joyful about these, like, very human program y, things that feel to me like they're drawn from, like, ages past and not looking forward, and also be very excited about this, like, Pacific Rim mind melding you and Claude going to attack the Godzilla together.

But then what changed for me was that I started to find or I began to find the same fascination with LLMs as I had for somebody who writes VIN Macros. Right? Like, you have to have some kind of, I don't know, romantic idea of what you're doing to become fascinated by VIN Macros. Right? Because if I go out on the street and I tell somebody, hey.

I just use, like, two t's keystrokes to do what others, you know, would use 40 keystrokes for. They don't give a damn. Right? But you do because you care about something here. Right?

And it's not this, oh, a person is sitting on front of a screen and typing letters on the keyboard. You have some idea of, you know, what you find fascinating about this. And once I started looking to LLMs and I realized that it's this, you know, all written text on the Internet compressed into numbers, into vector space, where you can have, like, you know, one vector meaning the king, and then if you subtract the vector of, I don't know, male and you get out the vector of queen or something like this. Like, it's just marvelous that this stuff works at all. You know, it's just fascinating.

And then when you think that you took like, they took all of the public code of whatever it was and condensed it into numbers, and now I can take my code, turn it into numbers, and shove it in there, and out come a bunch of other numbers that are a completion of the code that I just wrote. That is fascinating. That's as fascinating to me as the guy who spent ten years, you know, hand aligning his Emacs configuration to whatever it is to, you know, be aligned to the Fibonacci numbers on every tenth line or whatever. You know? Like so I get fascination from this.

And the other thing is that a bigger, you know, equally important thing is that I don't like doing things that I think are a waste of time. And I think with the advent of LLMs, a lot of programming for me felt like a thing of the past or waste of time. Like, hey. I'm oh, I I wanna write a script where, you know, I have five CSV files in this directory, and I wanna load them all and concatenate them and output them as, like, an XML file in some other thing. And I can do this.

Like, I can write you that script in probably three, four, five different languages. Right? But I will have to look into documentation. I will have to figure out how this library works, whether this has know, CSV in the standard lib, blah blah blah blah blah. And doing this and writing this by hand for the sake of writing it by hand just feels like a waste of time to me.

Like, I can hit a button, and Claude can generate me that same script, then I can move on and do other interesting stuff. So, yeah.

I'm curious if you would compare and contrast those, maybe in a balanced way or or or or hot takes if that's your thing. Whatever. What what are your thoughts about those two those two languages? Some said it is a hot topic out there.

And I think that resonates with me a lot. And that's also what I've been missing a lot in Rust. For example, you know, Go famously has made trade offs to not put stuff in the language that I could have put into language to keep, say, compile times down. And then people say, oh, Go should have have should have this and should have that. But I love that they have this explicit trade off.

Like, all engineering is the managing of trade offs, I think. And they made some good trade offs, and they really care about the ergonomics. They've I think the first language had really shove this into the focus, the ergonomics of a programming language. Like, oh, you have a build and test tool. That's amazing. You can you can compile and run and test your code with a single tool. You have a format, a build in tool. The the format has no configuration. Right?

And I really appreciate this. And with Rust, I found that, you know, the community, I think they they like different things that I like. It's it's a nice language. It's often also fun to write it. Sometimes it's not. They have some amazing features in it. I do love the enums. I do love the match statements. I do love, like, I don't know, like, how much you can do with the print line command because I'm a print line debugger. You know, there's a lot of stuff that I love.

They have include string, which is like how you you know, to go embed stuff, but kinda nicer. I also have to admit, I do like macros sometimes, like writing my own. It's cool. Join curiosity. There you go. Macros. But for example, whereas Go would say, you know, a little copying is better than, you know, adding a dependency. You know? Oh, I just need this function from this, you know, library. I'll just take this function, put it in my code.

I would say that in the Rust community, they would add another crate or something. They would add another dependency. Mhmm. And that just is to me, you create a new like, I asked this for scientific purposes a while back. On Blue Sky, I asked, like, if you had to create a small web server with Rust, like, which library would you pick?

And they would say, oh, Axum, you know, like, which is a web web framework with Tokyo. If you do this, I don't I don't have the number, but I would bet 50 dependencies will be pulled in. Right? And your target folder that contains, like, the comp the object files and compile dependencies, it'll be huge, like, hundreds of megabytes. And that to me is just, like, guys, like,

Like, what time zone? You know, what time zone in relation to what other times how do you even wanna print it? Because that's not, you know, like, if you don't specify this, you just might get this out, and it's undefined. So blah blah blah blah. And this, you know, sense of, I don't know, perfection is achievable.

Everything has to be a % perfect. That doesn't resonate with me. And the other thing, I think over the years as a programmer, I've kinda become wary of abstractions. And I think in Go, there's not a lot of abstractions. I kinda have to admit that I've never really tried Go with generics. I might be missing out, but I don't think I am.

And this is actually a trade, and this implements this trade, and this does this. And I think there's a lot of this and often for good reason. But, you know, everything I'm saying is just to say that there's no specific thing where I was, oh, this is super bad about this, and this is super bad about this. And I also don't agree with a lot of these blog posts that compare languages on, like, a feature by feature basis and whether this type system does this, whether this type system is this. For me, it's, you know, what the kids would call vibe space.

It's like, do I do I think if I use this language, do I feel like I'm running in the same direction that the community or the author of that language was running towards? Or am I going with the flow of that community or that language? And with Rust, I often had this feeling that, ugh, no. You know? Like, no. No. No. Like, I I would trade a lot of the type system and the bar checker to get better compile times. And the Rust community, I don't think, would sign that contract. You know?

Yeah. That's fine. And and the Rust the Go community is different. And JavaScript community is completely different, you know, again, and and Python and Ruby. And yeah. I don't know. It's not a technical answer, but that's kinda my my take on things that I like simplicity. I like ergonomics. I like trade offs.

You know? Not when I'm shipping something that's to be used in production. And I think I I I watch a interview with, you know, person who's using Rust, and they also switch from Go to Rust. And I don't know how experienced they are, but they said, oh, they like Rust because it's fun, because in Rust, it's like all of these little puzzles that you have to solve. And I think Rust in that sense, it's like catnip for programmers.

It's this you get the feeling of accomplishing something by writing code in that language, and you get that that sense of, oh, hey. I solved another puzzle by making this match statement. Like, do exactly this in that amount of code. But I would say that's cool, but have you actually shipped something of value to your users or to your customers? And, you know, yes, on a Sunday morning, give me all of the code golf you have.

I love it. I yesterday, I saw, like, a a Game Boy emulator in JavaScript that looked written by an alien life form. I'm gonna link to it too in my newsletter. Is this code that I wanna debug in production? 100%. No. Yeah. You know? And I think sometimes if you say, oh, I I'm tired of Go simplicity, that doesn't mean it's a bad language to build products in. Right? Mhmm. It just means that you got tired of something. But that's a different thing, man. Like, that's a different thing than

Like, they built this high performance text editor that interfaces with macOS, you know, system level frameworks like AppKit and, like, the the, GDC, the global what was it called? The global dispatch queue and whatnot. Grand Central Dispatch, GCD. Sorry. And you can't do this in Rust. Sorry, in Go. You you have to use Rust or some other language should drop down to the same. And for that, it is perfect. Right? But that doesn't mean it's perfect for all of the use cases all of the time. Right?

And and, like, you've already talked about how you identify with sort of the Go ethos. So I'm guessing you thought about this before. Who who who has influenced you? You already mentioned some names, but just just

Like, he would be he would we made a joke. Like, we were at j s conf in Florida in 02/2013, and he would be sitting at tables with different people. And and we would say, where's fields again? And and we would make jokes like he's trying to convert people to go again. And we would walk over and he would be sitting and talking to them about go, and he got me really interested in it.

So then I started to look into it. And then I think, I don't know, like Dave Cheney was a influential guy. Like his blog posts and his, you know, writing on Go really made me see, like, the beauty and the simplicity of it. Then, obviously, you know, Ross Cox's writing or Rob Pike, like, his talk and, like, all of those early, you know, Go programmers that had this back then, I was coming from Ruby and JavaScript, and I felt like I was now in this other world where there was this sense of systems programming, which, you know, now looking back is kinda didn't turn out to be, say, Go's forte. And Mhmm.

But there was this sense of, oh, you know, like, this is this is proper engineering. Like, the people writing the Go Garbage Collector, they know what they're doing. They they they really hardcore on this and the simplicity and the trade offs and the thinking not just about a friend of mine put it as he said, the big problem that Ruby made was that Matz thought that, you know, you know, Matz, the inventor of Ruby, he said, developer happiness. That's what's important. You know, like the the language should serve developer happiness.

And my friend said he made the mistake of thinking that developer happiness is only about syntax. He forgot the tooling. Mhmm. And I think I don't know how true it is, but I think it's kinda an interesting angle to look at things from because ten, fifteen years ago, yes, the language itself, like, the syntax, you would write stuff in. That was so important. Like, people would discuss operators and whatnot and blah blah blah. Because they had

Cool. Where can people find all this joy and curiosity and high performance editors and all these beautiful links and yourself and the books, if you haven't read