Can Claude Code fix your subtle bugs? 🐞
This show is supported by you. Stick around till the outbreak to hear more about that. This is Capu Go for 11/07/2025. Keep up to date with the important happenings in the Go community in about fifteen minutes per week. I'm Shay Nehmad.
Shay Nehmad:And I'm Jonathan Hall. And I'm compensating for feeling a little sick. Yes. No worry. In three minutes, the energy is gonna come back to, you know, back to the meme.
Shay Nehmad:I am excited for this, new patch release because it's not strictly a security release this time. Woah. Yeah, let me tell you about it. So, it's actually bugs from the security release. No, and some other bugs, like this is not normally what we see in patch releases, but there's a lot of, I call it bugs, but it's not like, it's like edge cases that were eventually found, feels to me, in the compiler and the linker and in the net library.
Shay Nehmad:So I picked three that I liked.
Jonathan Hall:Would you say these are subtle bugs? Yeah. Yeah. Because one of them is in the crypto subtle package.
Shay Nehmad:The ones that are in the subtle, I just the ones that are in crypto, I just glaze over. I have no, no way to parse them even. But I wanted to sort of quiz you to see if you would have been able to even understand that these are bug.
Jonathan Hall:Try me.
Shay Nehmad:So, let me, this is gonna make for great audio, by the Let me read you this HTTP address and you let me know if you think it's correct.
Jonathan Hall:I'll tell you right now, it's not correct. Can tell you right now.
Shay Nehmad:Alright, alright. You're putting your bed right now even before I start reading it? I am, yes. Alright, let's check. Httpscolon/slash.
Shay Nehmad:That's that's fine, right? That's all.
Jonathan Hall:Yeah, that
Shay Nehmad:seemed good. Open square brackets.
Jonathan Hall:Okay.
Shay Nehmad:Colon colon.
Jonathan Hall:Okay.
Shay Nehmad:FFFF colon. Uh-huh. One nine two dot zero dot two dot one, close square brackets.
Jonathan Hall:Sounds like it's an IPv6 that a
Shay Nehmad:valid address or no?
Jonathan Hall:It sounds like an IPv6 address, but I don't know. My IPv6 But it ends with,
Shay Nehmad:with, IPv4 address. So it it starts with a thing that looks like, you know, the colon colon ffff.
Jonathan Hall:Uh-huh.
Shay Nehmad:After the last colon, it's an IPv4 address, one eighty two dot zero the one.
Jonathan Hall:I'll tell you, if if I were to counter that, I would assume it was a spammer or a a scammer and I would just skip it, whether it was legitimate, like, syntactically correct or not. That's about as far as I would get with thinking it through.
Shay Nehmad:So, the Go runtime agrees with you. Okay. Which is why in a recent fix to a vulnerability, which I even think we discussed on the show, like in passing, Uh-huh. That the parse function permits values that aren't IPv6 Uh-huh. In the host component in the square brackets.
Shay Nehmad:Someone added this this exact test case to the URL test parse function and said, like, false, this should return false, this shouldn't work. And then, Hartwork, which is Sebastien Pipping doing open source work in the Free Software Foundation, Europe from Berlin, was just like, hey, this is not actually true because you can put IPv4 addresses inside IPv6 addresses and that is legitimate. Look at RFC three thousand nine eighty six. You know me, the moment we open RFCs I'm happy, I'm a happy camper. So, yeah, this is actually a valid address and a recent security fix they made it like, oh, this shouldn't work.
Shay Nehmad:But it actually should work. Yeah, very, very surprising behavior for sure. I would be able to read these addresses, I hope I'll never have to implement this parser. Luckily I don't have to because Sebastian already implemented URI parser, which is a strict RFC compliant URI parser, written in like C. So, he knows what he's talking about, I hope at least.
Shay Nehmad:Cool. On the end, by the way, if you thought, like, this IPv6 syntax is pretty complicated, here's another, like, riddle for you.
Jonathan Hall:Okay.
Shay Nehmad:That they resolved that they resolved in, in this, release. Do you know the any, keyword?
Jonathan Hall:Yeah. The All right. Like the empty interface, right? Yeah. Yeah, yeah.
Shay Nehmad:So, any, that accepts an empty function equals equals any ex empty function.
Jonathan Hall:Say it again.
Shay Nehmad:What what should it return? You're, comparing Comparing two empty. To interface values, basically.
Jonathan Hall:I don't have any idea what that should return. I don't think comparing interface values is necessarily supported or I I don't know what that does.
Shay Nehmad:So it should panic. The documentation says, oh, if you compare it to interface values with identical dynamic types, you should have a runtime panic. Okay. And we just forgot to implement it. So someone was like, hey, I found this.
Shay Nehmad:Like, the code is it's so funny, you see the issue, it's like, what do you see happen? The code is working without problem, what do you expect to see? It should panic. It's like a completely the opposite way, but this is something that, like, regressed in 1.25 because 1.24 it does panic. It was just a bug in the compiler and someone, someone bisect it to find the specific commit, which is by the way a trick I love using whenever I use git bisect.
Shay Nehmad:Feel super smart. It turned out to be an optimization. So they added an optimization, you know, in in some super internal, like, reflect dot, Go in the internal compiler. And Alan Donovan summarized it very nicely in the GitHub. He's like, no good optimization goes unpunished.
Jonathan Hall:I'm a little surprised that they didn't have a test covering that already. That seems like something like, I don't know, when I'm implementing the spec, I would be like, yeah, let's make sure that this really simple obvious case works, but okay.
Shay Nehmad:So I don't know what would, you know, cause someone to write such code. This is like nonsense You would never write it in production. It's just like an edge case you have to cover.
Jonathan Hall:Maybe Claude was writing it.
Shay Nehmad:Oh, that's that's a good segue. I don't think Claude should do software.
Jonathan Hall:Foreshadowing.
Shay Nehmad:So anyway, there's a new release with these super esoteric bug fixes, and I like our recommendation to, you should upgrade because it has security fixes. If these bug hit your code, man, what are you writing? Jesus. But still probably good to upgrade. And this was back ported, so it's on 1.24 as well.
Shay Nehmad:That's it about the new release.
Jonathan Hall:Nice. So I I guess we'll try to I'm gonna return this as a useful segue. Next, I wanna talk about standards of code. Code standards, I guess.
Shay Nehmad:Oh.
Jonathan Hall:Yeah. So long, long time ago, you know, in Galaxy Far Away, we had Filippo Valsorta on the show, and he talked about his open source work. He does a lot of crypto work for the Go centered library and some other work, and he he makes his money doing that, right? So he has recently released his standard of care that he and his his group
Shay Nehmad:of Manifesto.
Jonathan Hall:Open source folks adhere to. Yeah. He has a manifesto. It's called the Geomys. Is that how you pronounce this?
Jonathan Hall:G e o m y s, Geomys Standard of Care. And it just sort of outlines for all to see how they go about maintaining high quality code. And there's some things in here that might be a little bit surprising to some folks. One of the first things that jumps out at me was they don't use Dependabot, which I think a lot of people use. It's kind of the standard tool to make sure you're always running, you know, the latest and greatest software.
Jonathan Hall:You're a security guy, Shay. I bet you can think of reasons not to use Dependabot, but I'm curious if you know the same reasons he doesn't use it. What do you think?
Shay Nehmad:First of all, increased churn part, like Dependabot is shoving PRs at your face and it's, like, automated so you trust Dependabot is, for now, I'm I'm not, like, bashing GitHub. Right? This is true for Snyk. This is true for all the other application security companies. You get these PRs, at some point you just start approving them.
Shay Nehmad:It just doesn't make sense to review every single release. And also, I like the approach of it increases the risk of supply chain. Like, if you have a module that you vetted, you went into the code, you went into GitHub, you double checked the hashes, whatever, and then some automated tools offers you to upgrade, you're like, this what if this new version has a vulnerability that hasn't been discovered yet? Like, what shouldn't I let it cook for a while and upgrade only when I need to? There is the flip side of that.
Shay Nehmad:Oh, they mentioned another thing, which I don't care about because I don't work in open source right now. But if I worked in open source, I would. It's very easy to impersonate Dependabot. You can just create a user and name it Dependabot or any other similar, like, application security tool, six months opening proper PRs looking like an automated tool. Uh-huh.
Shay Nehmad:Or even legitimately, like building these application security tools is not that hard, to be honest. Yeah. So just like building a tool that opens this PR for real for six months, gaining like reputation as a real tool and then starting to inject, like, bad dependency.
Jonathan Hall:Oh, wow.
Shay Nehmad:These are all legitimate concerns. I mostly care about the, the first two because I work in Closos right now. Mhmm. But it's not like they're not doing anything at all on the on the readme. It's not readme.
Shay Nehmad:Oh, it is a readme. On the standard of care project, they're saying like, oh, we run, go vuln check. We they check like a high signal to noise, notification to find actual vulnerable dependencies. Yep. And they also run their CI with the latest version.
Shay Nehmad:So if they need to upgrade, they it's it's easy. It's not a big deal.
Jonathan Hall:Well, and and more more than just if they need to upgrade, but, like, if if one of the consumers of the library is using the latest version, they're not they know they're not gonna be broken, right? So that's
Shay Nehmad:also I think that's actually a a more sophisticated and smarter approach to dependency management than most, people use. Most people, I assume, don't actually care about this stuff and just do whatever policy they have to adhere to. So if their company or whatever they work on don't have a dependency management policy, they just won't upgrade ever unless they want the new feature. I and like most of the areas where I'm developing, like enterprise, software y, you have like SOC two or whatever, you know, compliance framework that like forces you to upgrade. But then it's like more of a checkbox thing, you know what I mean?
Shay Nehmad:Like, it's, oh, yeah, I have to do a safety check every now and then, but I I won't actually think about it, because that's not my focus. It is important to know that the Geomiss project usually, the open source work they do is, like, scope is the crypto libraries and the Go standard library and cert related stuff and YubiKey related stuff, like, things that people truly rely on, from a security perspective. So, I think the standard should be higher. Like, it's great that they're raising the standard. I don't think everybody should have this focus on, oh, my supply chain should be the best.
Shay Nehmad:For most people it doesn't matter as much, but I'm really happy to see this part in the reading.
Jonathan Hall:I think this is a good document for anybody who has security concerns about their code to look at, not to implement as is, but to get ideas for things they might be overlooking with regard to security in in their their code. There's many other things here. I'm not gonna go into as much detail on all of them, but they talk about long lived credentials and how they try to avoid those, how they do security in in CI pipelines, how and when they grant third party access to, you know, like GitHub tokens and stuff like that that can modify the code, monitoring, logging, and and even even licensing. So, I think it would be rare that anybody would wanna copy this exactly, but I think it's a great resource if you work, whether it's an open source project or even for your internal code. There's probably something you could learn from this and you might want to pick and choose two or three things from this to implement on your own projects.
Shay Nehmad:And not to Like, I'm I'm in security. I learned about a new tool here from this, this document. I learned about ZisSmore. I haven't tried it yet but, I I added it to my, like, ever increasing to do list of things to check out. Yeah.
Shay Nehmad:I've heard Which it is a good, opportunity to talk about why we think Filippo is doing really bad work on crypto. So we would all this all this stuff was just like, oh, so much attention, so much work, so much like human attention into crafting incredible software. Then you add it to the trail to the backlog of things to talk about in the show. Oh, Filippo is vibe coding all of our all of our crypto code. Yes.
Shay Nehmad:I'm just I'm just click baiting. I'm just click baiting.
Jonathan Hall:You are very click baiting. I don't think vibe coding is the right description, but let's let's talk about this. So Filippo, he he wrote this himself, so he's telling us we're not we're not reading between the lines here.
Shay Nehmad:Yeah. We we didn't we didn't like spy on him and find and like by the way, Filippo, the new couch looks great from the tree outside where I'm sitting in with my binoculars. Looks great. Switch the pillows though. Anyway, what has he been doing with Claude?
Jonathan Hall:Yeah, so last week he wrote this blog post called Claude Code Can Debug Low Level Cryptography. And he goes into some work he was doing on a new implementation of MLDSA. I don't have any idea what that is, except that it's a post quantum signature algorithm. But he's working on that and there was a hairy bug and he had a difficult time with it. And so he started using Cloud Code version 2.0.28 with Opus 4.1, and no system prompts and gave it the following prompt.
Jonathan Hall:Typos included. I implemented MLDSA in the Go Center library and it all works except that verification always rejects the signatures. I know the signatures are right because they match the test vector. You can run the tests with bingo test blah blah blah. You can find the code in blah blah blah.
Jonathan Hall:Look for potential reasons the signatures don't verify. UltraThink, I spot checked, and w one is different. I don't know what that means, but it doesn't matter. To my surprise and this is him speaking again. To my surprise, I pinged it a few minutes later.
Jonathan Hall:It pinged me a few minutes later with a complete fix. Cloud Code found the problem and fixed it. I think that's pretty amazing because Cloud Code is mostly good at adding bugs to my code, it seems like.
Shay Nehmad:I mean, if this is not proof that I hear a lot of talk about, oh, it's gonna replace, it's gonna, whatever. But I think this is really strong proof that it can augment. Like, Filippo, according to the blog, you know, clearly a senior Go developer, we had him on the show, whatever. He was tired and then let let the AI take over and the AI was able to, like, within the context of him, like, giving all the context and having all the code, having all the tooling and all the understanding and exactly, like, showing you how to run the test and giving all the context, whatever, managed to basically generate, like, an hour's worth of work for him. When he was too tired to do it.
Shay Nehmad:Like, we wouldn't get this value. Super surprising. But then, obviously, he threw the fix away because the other the actual fix was was better. Yeah. But it it saved all the debugging.
Jonathan Hall:But it found the solution. It found the problem and, you know, it was still very valuable.
Shay Nehmad:Very, very cool. It is important to know that, you know, he discloses that he has a free key for Claude, Max, but they didn't, like, pay him to do a sponsored segment or anything. They just gave him the free, coupon. What do you think about this?
Jonathan Hall:So I've been using Claude a lot lately. It's still very much an experiment.
Shay Nehmad:Like Cloud Code?
Jonathan Hall:Yeah. Cloud Code. And I don't know. I I have very mixed results. Sometimes it's great.
Jonathan Hall:Sometimes it's terrible. I still don't know if it's a net positive a net productivity gain. Certainly, there are times when it definitely is, especially for like refactoring where it's sort of rote repetition.
Shay Nehmad:I have a guy on my team who's using Cloud Code and he's using it, you know, he's integrated it with the various MCPs, he has like custom commands, you'll sit at the office and you'll hear like Cloud Code needs your attention. Like his computer will yell at him. But I don't get it, I'm still with Cursor, I'm working with like multiple sub agents, but I need the IDE, I need to like navigate between files and look at the code, I can't just do English. I don't know.
Jonathan Hall:I don't know. I use Cloud Code Integrated with my IDE, so I don't I don't know what the difference is, but there probably is one.
Shay Nehmad:I I I still don't get it, but maybe I'll maybe it's just, it's true that different tools for different people. I use pretty much the same MCPs and the same capabilities. I do love the blog post though, I think it's really good. And also, you can look, the funny thing is you can look at Filipa coding all this stuff. He has a link to his Twitch.
Shay Nehmad:You can just watch, like, eight hour record four hour recordings of him coding it live on Twitch, which I think is super cool as well. Yeah. Part of the transparency, I guess.
Jonathan Hall:Yeah. So let's let's do a quick break, and then we'll be back with another new segment, I guess.
Shay Nehmad:Alright. Let's go.
Jonathan Hall:This week, we have a few new Patreons to mention. I don't know if we've mentioned some of these before, but it's okay if we have. It's fine. Shiva Best. Thank you.
Jonathan Hall:David Woodward Woodard. Sorry. There's only one one w in Woodard. Ria Dennis? Ken Smith, Adam Arash.
Jonathan Hall:I think that's an alias, not a real name, but based on the way it's spelled. And Jennifer Johnson, thank you all for supporting the show.
Shay Nehmad:We really, really appreciate it. There's two subscription tiers in Patreon you can use, the Cup O Gopher and Cup O Gopher Mini. This is the best way to support the show, you know, this is a fun hobby, but it's also a little bit expensive, and this just helps us, recoup some of our costs. And by the way, don't wanna be, like, too pedantic, but there are two d's in Woodard. One is w and one
Jonathan Hall:Not two w's. Did I say d's?
Shay Nehmad:Yes.
Jonathan Hall:I thought I I had said Wood word, but Wood Nerd, and I meant to
Shay Nehmad:say there's not not two w's.
Jonathan Hall:Thank you
Shay Nehmad:so much.
Jonathan Hall:It's four d's if you count the first name.
Shay Nehmad:That's true. Anyway, that's the best way to support the show. But if you want to support the show in other ways, find past episodes, buy new swag, find all the links, transcripts, whatever, you can go to cupogo.dev, that is cupogo.dev, or join our Slack channel at cupogo in the go for Slack. That's like kabobcase with hyphens. And you can also email us at news at cupogo.
Shay Nehmad:Dev. How else can listeners who are listening right now help the show out?
Jonathan Hall:You could leave a review. You could share the show with your friends, your colleagues, your coworkers, your student other students you are studying with, a rating on iTunes? I'm not in the Apple ecosystem, know that's not the name anymore.
Shay Nehmad:Apple Podcasts, it's Apple Podcasts. There you go. Okay. Or Spotify.
Jonathan Hall:Or Spotify or all of those places. Yeah, spread the word, basically, is kind of what it comes down to.
Shay Nehmad:By the way, we always say co students because in my mind students are listening and they could tell the show like to their fellow students
Jonathan Hall:at class. But
Shay Nehmad:it could be your students if we have a professor, like a Kopsai professor listening
Jonathan Hall:to
Shay Nehmad:the show. Yeah. You you can make it required listening and put it in the test at the end of the semester. We'd be super happy if that's the case.
Jonathan Hall:Interesting.
Shay Nehmad:And just mentioning in case you left, missed it in the last few shows, I mentioned the swag. We have a lot of new swag. I'm just still wearing my Cup Go hoodie, which I really like, but if you visit the store link, store.cupogo.dev, you'll find the new sticker, which is the Range Over Brewster recursive Cup of Go sticker. The new cap, the new baseball cap, it's embroidered, so it's like, looks really high quality, and it is really high quality. I I I've worn it on a few hikes already.
Shay Nehmad:It does protect you from the sun, as advertised. And some GO socks you can wear on your on your legs or your feet, which I haven't tried yet. I don't know if they're good, because I have enough socks, so I didn't I didn't order another pair. But if any brave listeners wants to order them and let us know if they work well.
Jonathan Hall:And send us a picture of you sporting the socks, that would be great.
Shay Nehmad:Yeah, for sure. Yeah, so that's everything. And we just wanna say thanks for listening. The show's been going great lately, a lot of listenership. I visited the Transistor stats again.
Shay Nehmad:It made me feel really good. I don't know if you visited that page recently.
Jonathan Hall:Not lately.
Shay Nehmad:I visited our, like, stats. Yeah. I haven't done so in a while. Our all time downloads have passed a 150,000 downloaded episodes.
Jonathan Hall:Holy cow.
Shay Nehmad:That's a lot. I don't know if it actually means anything because, you know, downloads podcast statistics are are always kind of funky. But, yeah, it looks like people enjoy listening to the show, basically.
Jonathan Hall:I I think what's might be more impressive is that the average, downloads per episode is now over 1,000.
Shay Nehmad:That's really cool. That's really, really cool.
Jonathan Hall:A little bit intimidating that
Shay Nehmad:people are listening Thousand people. Well, I'll I'll get excited when it passes like a round number, like a 24. Oh,
Jonathan Hall:okay. Got
Shay Nehmad:it. And thanks everybody for listening and telling other people about the show. And, you know, I always like looking at the countries as well, at the, like where we have 0.14, listenership in Chile or in Armenia or in Cyprus, 0.1.
Jonathan Hall:I I wanna do a quick shout out to Moriah, who, of course, is one of the co organizers of the Go West conference. She and I were chatting after the conference when I was there a couple weeks ago, and she just did a a she said thank you to me personally for doing Cup of Go and that it was expressed that it was, in her opinion, one of the highlights of the Go community. So thanks, Moriah, for the encouragement. And as far as I know, Shy and I will keep doing it for a while. I don't think either of us have plans to quit.
Shay Nehmad:Alright. So in in great news, great timing, we're moving on to the news. I'm quitting the show. No, I'm just kidding.
Jonathan Hall:It's about time. I've been looking for a new co host
Shay Nehmad:for a while. I can't with all this security talk anymore. I It is important to know that Utah is, like, I think in the top 50% of states listening in The US. Alaska is near the bottom. South Dakota.
Shay Nehmad:South Dakota, you have some we need to find gophers in South Dakota. We have 0.02 listenership there. But hey, number one is my current home state, California. Woo hoo.
Jonathan Hall:We're the number one person.
Shay Nehmad:Once again, California is the state in the in America. All the all the American listeners are like, New York New York is at, number three. Maybe we should get the new the new mayor to, like, sponsor a cup ago. We just missed it. Like, we should have done we should start doing political some campaign donations.
Shay Nehmad:Alright. That's it for the ad break.
Jonathan Hall:We have
Shay Nehmad:one more thing to talk about, so stick around.
Jonathan Hall:So let's talk about GoPodcast and GoPodman or or whatever this is.
Shay Nehmad:Yes. You don't listen to other tech podcasts. Right? Not so We we talked about this a few times.
Jonathan Hall:Yeah. Yeah. I sadly, I I wouldn't even listen to my own podcast. It's not my it's not my genre.
Shay Nehmad:I I think sometimes I ask you if you listen to episodes where you're, like, sick or whatever or you're traveling and I have someone else cohost instead
Jonathan Hall:of I usually don't. I I spotless. Very spotless. Yeah.
Shay Nehmad:I do. I I I like listening to other podcasts in general. Now that I moved to The US, I listen to a lot of, like, Israeli podcasts, actually a lot more than I used to, just to, like, sort of stay in touch. But recently I, found out about Go Podcast, which is Go, space podcast, open paren, clone close paren. So, like, starting a Go routine.
Jonathan Hall:So you can listen to it in the background, basically.
Shay Nehmad:Yeah. You you can listen to it as a By the way, shout out I don't know, like, what's the etiquette of in a podcast shouting out another podcast. I like it. I recommend you listen to it. And, you know, it's another place to
Jonathan Hall:be I think we're supposed to be mortal enemies. Like, listen to our podcast instead.
Shay Nehmad:Yeah. I don't know. It's pretty good though. It's pretty good. So you should probably listen to it.
Shay Nehmad:It's a Dominique St Pierre, just doing like episodes about Go. There's also a channel in the Go for Slack, the way, Go Go podcast, I wonder if any of our listeners accidentally went there or the other way around. But yeah, it's a pretty good show. It's either, like, shorter episodes where Dominique shares something or slightly longer episodes with an interview. And in episode 64, he talked about Podman, the ruthless alternative to Docker.
Shay Nehmad:And Dominique, he said you wanted some audio snippets you could put in the show for, like, a bit of a more dynamic approach. Feel free to take all the audio you're you're hearing right now and put it in the show. We love Go Pod I love Go Podcast. I think it's a really good podcast.
Jonathan Hall:If you wanna upload this whole episode to your channel, that's fine.
Shay Nehmad:I don't know about that. That's exactly what Filippo was worrying about with supply chain attacks. People will just load this latest and greatest podcast episode, they'll get a totally different episode. That's a good idea. Fishing via podcasting.
Jonathan Hall:There we go.
Shay Nehmad:Podfishing, the the latest craze. So I wanted to ask you about Docker.
Jonathan Hall:Do you use while ago, Typosquad go the the Go podcast channel on the Go for Plug.
Shay Nehmad:Do you use Docker?
Jonathan Hall:I use Docker quite a bit. Yes.
Shay Nehmad:Have you ever considered any Docker alternatives?
Jonathan Hall:Yes. I used one many years ago. I don't remember what it was called, but it was just for building Docker images. It wasn't for the runtime. It was just for building Docker images.
Jonathan Hall:And that was because it was faster, but it had a lot of limitations that made it not useful in most scenarios. And I don't know what the state is today, but
Shay Nehmad:So the episode in question, episode 64 of Go Podcast talks about Podman, which is a ruthless alternative to Docker, which led me down a little rabbit hole. In my company we use Docker right now. The way we use Docker is we run Postgres locally. So, I think a super bog standard way, you know, you run Postgres locally for your local application, right? What could you want?
Shay Nehmad:You could want better startup time, because when you're starting up your Mac and then booting up Docker Desktop, it takes like fifteen seconds to load. And I have the latest and greatest M4 Pro blah blah blah, it's not a resource issue. You could want less of a resource footprint, so you can run a lot of these at the same time, right, without a lot of overhead. And you'd basically want this to work with all the Docker commands you're already used to, because everything already works like that and everybody is experienced with that. Dominic mentions Podman, I've never tried it, but it led me down this rabbit hole of finding OrbStack, which I remembered someone told me about.
Shay Nehmad:I was like, oh, I should really try it. And then I was like, what I usually when you find when you are, like, considering a new technology or a new tool, what's the first thing you're searching for?
Jonathan Hall:I like, literally, what do I search for in the search bar?
Shay Nehmad:Yeah. Like, what what do you what do you wanna find before you
Jonathan Hall:I try usually type the name of the technology versus and see what autocomplete pops up to give me a list of of alternatives.
Shay Nehmad:So that's crazy because that's exactly what I did. And I found Orbstack, Podman, Docker and Colima.
Jonathan Hall:Okay.
Shay Nehmad:And then the second thing I do is I type the name of the technology I wanna check right now, space Reddit. Then I start looking for it in Reddit. But I don't think that works anymore, man. I think, like, companies have wised up to that. They, like, pay people to do it and they have a lot of AI writing, like, good reviews there.
Shay Nehmad:So, I don't know, I need a trusted source. So, I looked at, like, Orbstack, apparently it's paid, so I don't think I have enough pain with Docker Desktop to to justify paying, like, $8 a month for Orbstack or whatever.
Jonathan Hall:So, what's the what's the pain that you had considered Podman in the first place?
Shay Nehmad:I just want it to run faster. It's just, like, kinda slow, and takes up a lot of power and resources
Jonathan Hall:Is that, for my like, run is running as slow? Is that because you're on an M4 and there's that translation layer or something, or
Shay Nehmad:It's building Dockers, I wanna build my own because because we're running our containers in Azure Container App, so we have to containerize them. Yep. And it's going a bit slow. I think it's related to the m one thing, to, like, the, Apple Silicon thing, but not only. Yeah.
Shay Nehmad:Uh-huh. But also just, like, startup time. I wanna start for Postgres. I want it to start just Yeah. Like, in in zero milliseconds.
Shay Nehmad:And if I installed the C binary of Postgres on my machine and I would start it, it had it would have zero, like, downtime before being ready to accept connections. But time, I went with Docker, you have to pull it and okay. So I have the image already pulled. And then I started and then it's like, Docker Compose is starting. And oh, you forgot to turn on Docker desktop.
Shay Nehmad:I opened Docker desktop, oh, you need to update. It's like, takes three minutes to update. Boom. I'm my I'm already on something else. I, like, lost my focus.
Shay Nehmad:And the other thing is that I use test containers.
Jonathan Hall:I do too.
Shay Nehmad:So, the startup time of the container actually impacts my end to end test run time. But in that case, I talked to you about this in the past, I want I just don't wanna use a container at all. I wanted to use, like, an in memory Postgres implementation. Sure. But I haven't gotten around to that yet, and I never will.
Jonathan Hall:I will often use persistent containers that stick around for ten minutes or even a day, and then I can get rid of that startup time at the expense of it's running in the background all the time. And maybe that matters if you don't have a lot of memory or something.
Shay Nehmad:I just want, like, 15 of them, but because I run the tests, as many cores as I have minus one. So for me, it's like 15, but but that's a good idea as well. But it's just so fussy with, with Docker. I wanted to see if there's something better. It's a tool I use all the time.
Shay Nehmad:It's not a big pain, but this episode from Go Podcast brought it to my intention. You're just using, like, rock and playing Docker, right?
Jonathan Hall:I use playing Docker. I have I've I hear people complain about Docker desktop. I've literally never used Docker desktop and can't imagine why I would ever want to, like, I don't know what problem it solves, so
Shay Nehmad:It's a good chance to mention you're on Linux, right?
Jonathan Hall:Does that make a difference So,
Shay Nehmad:solves problems of, people not using Linux. No other way to run the Docker container on the Mac. You have to install the desktop version.
Jonathan Hall:Well, that's ridiculous.
Shay Nehmad:But that's, again, also another pain, like, every developer that comes to the to the company has to install this, like, GUI desktop application, and when you open it, it, like, suggests you log in to the Docker container registry, we're using, like, your users, so you start paying.
Jonathan Hall:Can't you just run a VM or something and run your Docker stuff in a Linux VM?
Shay Nehmad:I mean, you want it to run as close to your software as possible, I feel. Like, don't want it behind another VM and another blah blah, just to avoid the pain of installing this app. But I'm looking into Colima, I might even try it today, which is container run runtimes for macOS, which is open source. So, I think I might try this, version next. And all this experimentation is thanks to this podcast.
Shay Nehmad:So, maybe you should start listening to tech podcasts, man.
Jonathan Hall:But maybe I should, but it sounds like you're solving a bunch of problems I don't have because I use Linux.
Shay Nehmad:Skill issue. You heard it here first.
Jonathan Hall:It's a
Shay Nehmad:skill issue. If you're listening Hey, listeners, if you're listening to tech podcasts, you're just not skilled enough. That's what Jonathan Hall is saying.
Jonathan Hall:That's right, that's right.
Shay Nehmad:Alright. I think that does it for the show. Maybe we'll do a lightning round next time.
Jonathan Hall:Let's do it next time.
Shay Nehmad:Thanks a lot for listening, everybody. Program exited. Program exited. Goodbye.
Creators and Guests
