💩 Security releases you MUST parse, GopherJS, TypeScript 7, and Patricio Diaz CRAPs on your code

Shay Nehmad:

This show is supported by you, Will Abides, and specifically you. This is Cup o' Go for 07/10/2026. Keep up to date with the important happenings in the Go community in about twenty minutes per week. I'm Shay Nehmad.

Jonathan Hall:

And I am Jonathan Hall. Welcome to the

Shay Nehmad:

I new don't know why I waited for you to say like, I'm Shay Nehmad, but then I was like, wait. I could

Jonathan Hall:

do it. That would be weird. I could do it.

Shay Nehmad:

I don't know. I don't know. I don't think you can pull me off.

Jonathan Hall:

Probably. Not not very well.

Shay Nehmad:

You you know you know too much about Go. Oh. You don't have that. Unknowing energy. How are you doing, Jonathan?

Jonathan Hall:

I'm good. Yeah. I'm good.

Shay Nehmad:

Can I comment on something Sure? In in your life right now?

Jonathan Hall:

Okay.

Shay Nehmad:

Your printer's blinking. Yeah. I know that if I watch this episode, like, on YouTube with the video on, because we have video now, it would bother me. That's also a solution. Just

Jonathan Hall:

I just moved my mic arm down because I'm running it. Yeah. That's right.

Shay Nehmad:

Just remove the assert. Alright. So today we're gonna talk about a few we're actually gonna do Go News, unlike our meta episode last time. I'm gonna go over the new security release. There are two interesting security fixes there that I wanted to walk you through and sort of teach you what they did.

Shay Nehmad:

You wanted to mention a new release of

Jonathan Hall:

GopherJS? Yeah. Yeah. Yeah. It's one of my favorite pet projects, so I'll talk about that.

Shay Nehmad:

And you wanted to dig through two proposals.

Jonathan Hall:

Couple proposals. Yeah.

Shay Nehmad:

Yeah. That works. Nice. Nice. Mhmm.

Shay Nehmad:

And, talk about, GopherCon Israel that's coming up and the safety is open. But let's start with the security release.

Jonathan Hall:

Tell me all about it.

Shay Nehmad:

So go, 01/2005 and 01/2012, so minor point releases.

Jonathan Hall:

And 01/27 RC two.

Shay Nehmad:

And '27 RC two, that's true, have been released. And they include two security fixes. And I think I understood both of them. Oh. One more than the other, so I'm gonna talk about that more.

Jonathan Hall:

Okay.

Shay Nehmad:

Are you familiar with the function OS root?

Jonathan Hall:

Not intimately. I I I think I have a little bit of an idea what it's for, but

Shay Nehmad:

So I dug through our crates and you're the one who talked about this when it was introduced in very recently last year.

Jonathan Hall:

Oh yeah, okay, I do remember. I do remember that now,

Patricio Diaz:

yeah, yeah.

Shay Nehmad:

So what is it?

Jonathan Hall:

If I recall, it allows you to specify a root directory that So, it's a symbolic file system link that you can't escape from. So that you can say like, this is my work directory, you can only access files in that directory, can't escape from that. Am I on the right track?

Shay Nehmad:

You're absolutely right. And the blog post related to it when we talked about it on the show was the travel resistant file APIs, right? So the whole point is let's avoid the things like dot dot slash dot dot slash DotDotSlash. Right. Give me, you know, the password, which if you're like me, and you and you've done a lot of capture the flag challenges is a classic thing.

Shay Nehmad:

Right? You walk up to a web server, immediately you try like DotDotDotDot. If you know it's Windows, you try like, you know, any of the special funky Windows paths. And also, you can use symbolic links to access the wrong file, that are outside of what you're working on at the moment. And funnily enough, this security release is that, if you open a file in OS root, but you have a slash at the end, it follows this as a symlink, even if this is outside of the root.

Shay Nehmad:

Oh. So let's say you have a directory called someplace, and it has a symlink that you've planted there as an attacker, know, using a different attack path, like a fire writing, vulnerability some somehow. Mhmm. It's called Symlink Slash, and that's pointing towards someplace else that's, like, outside the OS root. The whole point of OS root was I'm not gonna let you do that, but just specifically because it ended in this, like, little slash here, it works.

Shay Nehmad:

And the fix seems to be, relatively simple. I didn't actually dig into the CL itself, but it's just san make sure you sanitize the path as well, right, that is passed to os. Root. I would consider this relatively serious, like, you're using, you you know what I mean? If you're using OSroot, wanna you definitely wanna upgrade, because this was introduced to ad security, and I feel like some people may have said, oh, I'm passing it to OSroot, therefore, I don't need to implement my own, you know, path sanitization and whatever.

Shay Nehmad:

Like, I don't need to check for all this stuff because I'm using OS root. Turns out even OS root missed the case.

Patricio Diaz:

I do.

Shay Nehmad:

Okay. So you don't wanna do root escapes. Have you used this function yourself or do you just like rely on libraries that you used to use?

Jonathan Hall:

I don't think I have used it directly. I have considered using it a few times when GoSec tells me something unsafe is happening, but I've always come to the conclusion that the potentially unsafe thing wasn't actually unsafe in my particular case. So I don't think I've used it before.

Shay Nehmad:

I've used it once since it was introduced.

Jonathan Hall:

Mhmm.

Shay Nehmad:

I don't think there's an actual attack vector there because it's all, like, internal stuff, but I felt like it's gonna be Better

Jonathan Hall:

safe than sorry.

Shay Nehmad:

Right? Gonna be worth.

Jonathan Hall:

For sure.

Shay Nehmad:

This is the first security thing. The other one, also very important, of course, is Crypto TLS, encrypted client hello privacy leak. And sorta, as always with crypto related things, we are not crypto experts. Do not implement your own crypto. We have Filippo for that.

Shay Nehmad:

Right? Filippo, the editor, I have a challenge for you. Now I want you to, like, go back and do put a little snippet from our episode with Filippo.

Speaker 4:

Hi, everyone. So, I'm Filippo Valvassori Bolg. I've been, maintaining the Go Cryptography Standard Library since 2018. I've done that first, at Google, as the lead of the Go Security team, and these days, I'm doing it as a independent open source maintainer.

Shay Nehmad:

Alright. Jonathan, are you hungry?

Jonathan Hall:

I'm always hungry.

Shay Nehmad:

Are you hungry for a word salad? Okay. A little bit of alphabet soup? So this is TLS.

Jonathan Hall:

Mhmm.

Shay Nehmad:

Omit PSK in ECH, outer client hello. WTF? Oh, it's just about the SNI value, so don't worry about

Jonathan Hall:

it. Oh.

Shay Nehmad:

I mean, for actually, me reading this, I had to decode this one by one. But here's what I think here's what I

Jonathan Hall:

think It sounds to me like the CVE is encrypted so that it doesn't leak any information.

Shay Nehmad:

Here's what I think is happening. Okay? ECH is encrypted client hello. So I'll send like a client hello to a server that's using TLS, which is like SSL. It's like the the encrypted, you know, transport protocol, whatever.

Shay Nehmad:

There is a PSK, which is pre shared key, extension. Meaning, I can send the client hello and tell you that this is my key that I shared before, and that's like an extension. Mhmm. However, if I use this feature of PSK extension in an unencrypted context in the, like, outer client hello and the unencrypted client hello, let's say there are, like, three clients. Right?

Shay Nehmad:

You, me, and Bill Hader on the network trying to talk to the same server.

Jonathan Hall:

Oh yeah, Bill. I know, I couldn't I couldn't come up with the name.

Shay Nehmad:

We're all talking

Jonathan Hall:

By the way, Bill, you're listening, we'd love to have you on the show.

Shay Nehmad:

I don't know if Bill is a big Go user.

Jonathan Hall:

Probably not, but I would love to have him He on the

Shay Nehmad:

probably loves abbreviations because he's on SNL, right?

Jonathan Hall:

There you go. That's right.

Shay Nehmad:

Anyway, so three clients on the same network, right, talking to some secure server like Bank of America, right, over TLS. Someone listening on that network, let's say in the Starbucks where we're all sitting together, can see the unencrypted client hellos and then deanonymize which packets are from which person because of the PSK, because of the pre shared key, because that's different to all of us, and it's passed like unencrypted

Jonathan Hall:

Mhmm.

Shay Nehmad:

On that, for each connection. So it it slight degradation, of privacy, and then that attacker can replay that, key to the server and, you know, know who's who, basically. So a slight de anonymization. It's not like they broke TLS or anything like that, but it's just slightly worse privacy. Together with other privacy leaks or problems or other access networks or, you know, something running on your machine or whatever, this could actually be utilized for a full, you know, like, unwrapping.

Shay Nehmad:

But, in this case, it's just a slight degradation in privacy as far as I understood And we mentioned the SNI, that's a server name indicator. I don't know what it has to really do with this attack because I couldn't understand the code, but it's also a thing I learned.

Jonathan Hall:

Well, Okey dokey.

Shay Nehmad:

So a security release, and what's our recommendation? I

Jonathan Hall:

will be sure to upgrade before I hang out at Starbucks with Bill Hader in the future.

Shay Nehmad:

Yes. Yeah. These minor releases usually don't contain any breaking changes, so you should just always upgrade. You shouldn't wait for us to tell you what the upgrade is. But in this case, it even seems like it's worth it.

Shay Nehmad:

Cool. So, yeah, new security release. So that's one security release. How about the GopherJS release we talked about?

Jonathan Hall:

Yeah, we talked about GopherJS. So if you're new to the show, you may not have heard about this. If you are a long term listener, we've talked about it before, because I'm one of the co maintainers of the GopherJS tool, which is a transpiler that converts Go into JavaScript to run-in your browser. And Go for JS 1.21 was just released, mostly thanks to Grant Nelson, who we had on the show probably two years ago.

Shay Nehmad:

So I'm Grant Nelson in Montana. I've lived here almost my whole life. Went to MSU and took a long break for a while and now I'm back working on my PhD. Okay. I prefer to be a teacher, but ran out of money, so I had to go get a real job.

Jonathan Hall:

Grant has been busy updating. The big milestone was, I don't know, maybe a year ago when we released 1.18 with generics. Now we're catching up. We're at 1.21 now. 1.22 is underway.

Jonathan Hall:

So that's exciting if you like to run Go in the browser.

Shay Nehmad:

And funnily enough, I don't think it's going to be the only transpiler that takes some language and turns it into JavaScript in your browser that we're going to talk about today.

Jonathan Hall:

Probably not.

Shay Nehmad:

What are the challenges in maintaining GopherJS? Do you have like a lot of users that come up with edge cases or is it just keeping up with the language?

Jonathan Hall:

It's mostly keeping up with the language. That's the big thing. And we were of course behind for several years because generics were a really big heavy lift with not a lot of people with the time or knowledge to work on it. Now that we're over that hump, it's mostly a matter of just backfording standard library changes. And of course the language changes occasionally and the implementation of language changes in ways that are not always compatible with JavaScript runtime.

Jonathan Hall:

So that's usually the biggest challenge. Some map optimization that makes Go a lot faster when it's compiled doesn't translate plainly to JavaScript. So we have to reinvent an implementation or something like that.

Shay Nehmad:

You're saying JavaScript hates Swiss maps? Yeah. Is what you're saying. Have a very short plug. We always have to thank our first guest ever, Miki tebeka, and also sort of the person who got me into, like, the Go community first, just by organizing all the Gopher stuff in Israel.

Shay Nehmad:

And what I'm talking about is GopherCon Israel. There are two things worth mentioning. There's a call for speakers open. As usual, we highly recommend that if you are in Israel at the time, which is gonna be October 18, one day before my birthday. It's gonna be a big event, full day of Go Talks in Tel Aviv.

Shay Nehmad:

If you're thinking about doing a talk, I would love to help you out. I've done a talk at FufourCon. Was really, really fun. It's on YouTube. And the CFP is open, and it closes July 31.

Shay Nehmad:

So you don't have a ton of time. Don't, like, put this off for forever. You gotta get it done, like, next week probably. And also very important, it's not only call for speakers, also a call for sponsors. So you can become a sponsor.

Shay Nehmad:

I've been at these GopherCon, so I don't know. You've been to GopherCon US ever or not yet?

Jonathan Hall:

My first one will be, next month.

Shay Nehmad:

Oh, in Seattle, right? But have you been to a GopherCon in Europe?

Jonathan Hall:

I've been to Go conferences, but not GopherCon branded ones.

Shay Nehmad:

So what I mean is a conference and not a meetup. Yes. Like something big, full day.

Jonathan Hall:

I went to .go back before COVID several times before the candidate.

Shay Nehmad:

So you know how they have sponsor companies that sponsor the event usually to help them? How how does the how does that come through? So sometimes it comes through as like, thank you to our sponsors, a little banner or whatever. In GopherCon Israel, when you get the gold sponsorship, people will, like, walk up to your booth, they will talk to you if you're hiring or if you're selling dev tooling. It's a really, really good marketing spend.

Shay Nehmad:

So I highly recommend it, even though it's expensive, like, it's not cheap. If you're a serious company, you should really consider it. And also you get eight conference tickets. If you're a listener who's working at a big ish, go ish company in Israel, hey, instead of paying for eight tickets yourself for you and your team, just get your company to sponsor Miki and the and the crew.

Jonathan Hall:

Sounds cool.

Shay Nehmad:

So, yeah, GopherConnie's role is coming together. I wish I could be there. I'm not gonna be there at the time, but, I'll watch it on YouTube after.

Jonathan Hall:

Cool.

Shay Nehmad:

So a few action items. If you have money, give them. If you have a talk, give them. Or if you wanna go, just buy the tickets. All right, let's stick to some proposals.

Shay Nehmad:

I must get through this proposal.

Jonathan Hall:

Yeah, we must do it. We want to talk about a couple of proposals here. The first one was accepted. It is neturls must arse. And this is kind of related to an old news item.

Jonathan Hall:

We talked about must do, a package must. Do function being rejected. So, is a follow-up from that. Like, if we're not going to do the general version that you can use everywhere for reasons we talked about, Let's at least add some must parse functions where it's most impactful. And I'm happy to see this one.

Jonathan Hall:

It's not a big deal, but it's kind of a nice quality of life thing. Sometimes you just have a URL string that you know is never going to fail or you don't care if it fails because it's in a test or something. So must parse is the solution. It does a parse and it panics if it fails. And if you know that it shouldn't ever fail because it's a constant that's embedded in your code or it's a test, this will save you a couple lines of code.

Shay Nehmad:

Woo hoo. So question, question. If I load a URL from First of all, shout out to Simon. I just realized who opened this this proposal. Simon is hi, Simon.

Shay Nehmad:

He's in the Go San Francisco thing, and he's really, really nice. So the if I load a URL from configuration, like a dot end or a config file or a, you know, someone passes a a URL flag, I don't wanna use this. Right? I still wanna handle the error. To present it nicely to the user and whatever.

Jonathan Hall:

Right. And to not cause your program to crash.

Shay Nehmad:

No, I'm going to exit one anyway. I Yeah,

Jonathan Hall:

in that case, you still probably want yeah, like you said, present a useful pretty error rather than a stack trace.

Shay Nehmad:

Yeah, because otherwise it's either going to be a stack trace, which looks weird, or I'm to have to wrap everything with a recover, which also looks kind of bad.

Jonathan Hall:

Right. So you're either turning your errors into exceptions or you're pretending Go is Python.

Shay Nehmad:

So what cases do I want to use it for? If it's a const in the code and I know that it's always going to parse basically?

Jonathan Hall:

That would be a case and also in tests where if it's wrong, then panicking is fine because it means my test is buggy or something like that. But I would say tests would be the place I'll use it the most. And the secondary place would be if I have, maybe I have an API where I can use a config value to change the base URL, but by default it's localhost or example.com or whatever. And I know that the default always parses, maybe I just parse that at startup and with must parse.

Shay Nehmad:

So I understand, okay, must parse URL or URL. Mustparse. But how often does this actually happen in the wild?

Jonathan Hall:

It's funny that you would ask that because it's actually part of the issue here that we link to source graphs, search and public repositories that do this with a regular expression. So it might not be a 100%, there might be some idioms that don't match this, but how often does it happen?

Shay Nehmad:

Pretty often, Where's you

Jonathan Hall:

the number here?

Shay Nehmad:

Like 500 plus.

Jonathan Hall:

500 plus times in Go, yeah.

Shay Nehmad:

So I remember, you know, when I submitted my YAML request, it was like, a thing being popular in the language is not necessarily a reason for it to be added, but something as simple as this, being rewritten 600 times, probably makes it worth it. So I don't know.

Jonathan Hall:

That's only the public repos. Yeah. That's only the public repos.

Shay Nehmad:

You upvote it on the show as like an official Cup o' Go upvote? That should count for at least 500 upvotes.

Jonathan Hall:

It should, except it's already been accepted, so I don't know that the voting matters anymore.

Shay Nehmad:

I just wanna hype Simon. Go Simon.

Jonathan Hall:

Alright. Go, Simon.

Shay Nehmad:

Cool thing. And also, learned about this Sourcegraph search thing. I heard about this company name, but I've never actually seen their interface. Actually, pretty cool. So we don't have time to go through the all of the proposals.

Shay Nehmad:

We, however, are gonna keep our lightning round following popular demand and feedback. We are changing the format a little bit. So let's jump to the lightning round, talk about its format, and then do the new lightning round.

Jonathan Hall:

Alright.

Patricio Diaz:

Lightning round.

Jonathan Hall:

So we've decided to keep it Lightning Round as Shay mentioned, because some people find it valuable, but we're going to keep it short and to the point and punchy, lightning ish. I think we'll just stick to like one item per person at most per episode. So we're not going to do a laundry list, 16 lightning strikes is not what we're aiming for.

Shay Nehmad:

So Yeah, we're going to do the most prioritized link that we found and we're going to do it, we're going to try to find things that are either esoteric and don't really have a place in the show, but we wanted to mention, or things that we think are valuable, but there's just not a lot to dig into. Just like if you need this specific thing, this is for you.

Jonathan Hall:

All right, so my lightning round item is a blog post from David, I don't know David's last name, because it just says David's Obsessions. What's your name, David? David Neuswanger.

Shay Nehmad:

Neuswanger, that's pretty good, Yeah, come

Jonathan Hall:

a cool name. So David writes blog post using Go for mobile apps. And he's just kind of walking through some of his experience using Go mobile. And sadly, for somebody who might be listening, why he chose not to use Fine.

Shay Nehmad:

Oh, no. Yeah. I'm not sure we're allowed to do that. We're gonna have to talk to our, parties committee. What is Go Mobile?

Shay Nehmad:

Is that like a library for mobile app development in Go?

Jonathan Hall:

Basically, yeah. It lets you run Go on a mobile device. As far as I understand, it is cross platform, so it works on iOS and Android. And it might even work on some older esoteric platforms like Windows Mobile. I don't remember if that used to be supported and probably isn't supported anymore.

Jonathan Hall:

And it's interesting that he didn't use it explicitly because he's using Flutter, I'm which mobile not developer. I don't really know what Flutter is or does. I think it's the UI layer. So, he's actually using Flutter with Go Mobile. So, Go Mobile isn't doing the UI rendering in this case, it's handling the back end within the mobile app.

Jonathan Hall:

So, data handling is done in Go and then there's this translation layer between Flutter and Go. So it's not backend in the sense of like on the server, it's the backend running on the mobile device itself is written in Go. If that's your thing, this will be a good blog post to check out. So link in the show notes.

Shay Nehmad:

One thing I've never done, a mobile app. I'm gonna have to do that at some point. My lightning round item is that TypeScript seven point zero has been announced. We talked about this in the past. If you use TypeScript today, you can upgrade to TypeScript seven.

Shay Nehmad:

And why are we talking about TypeScript in a Go show? It's because the transpiler, second, some code to JavaScript that runs in the in the browser transpiler we're talking about today, is written in Go, which is a really cool, project, and they and they, you know, they talked about the technicals of it in-depth in other, in other blog posts. This was, like, in preview up until now, and now it's, like, announced. Now it's released. I it's seven point zero doesn't have a programmable API.

Shay Nehmad:

So if you want to build the tooling around it, wait until seven one. It's gonna be just a few months. But if you just wanna use it, to compile your TypeScript, you really should. I tried it locally for our project in at work, which is a NestJS TypeScript backend, and it's 18 times faster. Wow.

Shay Nehmad:

The and the LSP works great. It just really works great. Like, kudos to the Microsoft team on this one. They did it really, really well. My recommendation is should run it for a week on CI or whatever, and then just move all your developers to TypeScript seven.

Shay Nehmad:

It also super helpful for agents because they get way faster feedback. So if you have background agents running and whatever, really good for that as well. So yeah, TypeScript seven has been announced. That's my lightning item. That's my lightning round item.

Jonathan Hall:

On a personal note, the timing couldn't be better. I'm interviewing for a job where I would likely be doing TypeScript for the first time professionally. So maybe I won't have to go to release low compiles if I end You're taking this

Shay Nehmad:

going to do TypeScript professionally or going to be I

Jonathan Hall:

might be, I don't know. It's still a cylinder.

Shay Nehmad:

Nobody's doing TypeScript professionally. It's a typing language built on top of a vulnerability delivery mechanism called as JavaScript. Alright. Cool. Well, we're gonna, not do an ad break.

Shay Nehmad:

We're just gonna say thank you for listening, and if you want to support us, the best way to do it is via Patreon. Thanks a lot to all our Patreon supporters. And you can find the link to that and all the rest of our things at cupo'go.dev.

Jonathan Hall:

Yeah, and you can chat with us during have the

Shay Nehmad:

interview coming up, so we're going to cut to that in just a second.

Jonathan Hall:

And you can chat with us during the week on the Cup o' Go's Slack channel where we do have a fair amount of conversation happening lately. We will try to get through some of that. We got a lot of feedback to our last week show. We haven't digested it all yet. We're still figuring it out, but we will get to that and we will read everything that you say.

Shay Nehmad:

Yeah. We really, really appreciate all the feedback. I think the main thing I wanna say about the feedback, because I I have read everything, we just haven't had a chance to like dissect it and deep dive First into the of that different people get different things from this show. Like, about the Lightning Round, some people said we're like, ah, get it out. And some people are like, no, that's the best part.

Shay Nehmad:

About the ad break, some people are like, yeah, please get it out. And explicitly, some people have written AI software to skip our ad break. People who were on the show and may or may have not invited me to their home last week. You know who you are. It's Josh.

Shay Nehmad:

We hung out for burgers. It was really nice. He gave me his banjo. It was awesome.

Jonathan Hall:

Okay.

Shay Nehmad:

Anyway, so we've gotten a lot of feedback. The main thing I think we understood is that this is an iteration of the existing show and not a new show we're trying to do. Like, we're still gonna keep the core things the same, the news, the security releases, whatever. And also very importantly, we're gonna try to keep this as much as we can, a 100% an audio show so people can y'all could listen to it on the in the gym while doing dishes or whatever.

Jonathan Hall:

The video is supplement, not the show.

Shay Nehmad:

Yeah. For sure. It's just, helpful for for us. And we're gonna do a little bit of more social media. Don't know if that's a downside or an upside to you, but hopefully it'll get new people listening.

Jonathan Hall:

That's right.

Shay Nehmad:

Alright. We have an interview coming up with Patricio Diaz, so we will hear you there. So, Jonathan, I saw your code last week.

Jonathan Hall:

Oh, I'm sorry.

Shay Nehmad:

I think it's total crap. Yeah. I agree. It's total crap. Its CRAP score is really low.

Shay Nehmad:

Yeah. Wait. But that's a good thing. Don't worry. Wait.

Shay Nehmad:

Have someone to explain. Oh, okay. That's that's a good thing. No. No.

Shay Nehmad:

Don't get insulted. Wait. I have someone to explain for you. Patricio, hi.

Patricio Diaz:

Hi. Hi. Thank you for having me invited. Yeah. Yeah.

Patricio Diaz:

And what in fact, the euro should be like your CRAP score is very high. It is the higher the worst. But

Shay Nehmad:

anyways Yeah.

Jonathan Hall:

That's what

Shay Nehmad:

said. It's really low.

Jonathan Hall:

So it's like it's like golf.

Patricio Diaz:

Yeah. Yeah. Yeah. That that that's correct. So, the cup score

Shay Nehmad:

Who are you, Patricio? Please introduce yourself to our beautiful audience. Sorry.

Patricio Diaz:

I'm Patricio Diaz. I'm from Paraguay. I'm a software developer and freelancer right now. I'm looking for a new position. In fact, the Gokraft is part of my portfolio I'm building to catch up the the attention of recruiters and all of that.

Patricio Diaz:

Been working in Golang for eight, nine years something mostly, but I have background for several other languages, from where I came from.

Shay Nehmad:

Since you mentioned it, where was the language you moved to go from?

Patricio Diaz:

It was a kind of code generator. It's named GeneXus. It is kind of language manager, which you describe what you want to do and it just just build the code for any language that you prefer. It is highly used in South America in in financial institutions and and

Jonathan Hall:

I've never heard of it.

Patricio Diaz:

Yeah. Yeah. It's kind of endemic from South America. It's not too too much unknown outside. Before that, I came from Delphi.

Patricio Diaz:

And before that, I came from Clipper.

Shay Nehmad:

Delphi? We had a person on the show recently who programmed Delphi, right? One of our recent I remember who that was.

Patricio Diaz:

Yeah, it a couple of episodes back. I heard that.

Shay Nehmad:

Maybe you know because you said you're a listener. We're always happy to have a listener on the show, but actually the reason we invited you on is because you have a few, cool, tools. The ones that, like sort of open source projects that you've been working on focused on code quality. And I'll just say before you introduce them, that automated tools that look at code quality have become more and more important in my life recently. In my fight against SLOP, like standing at the gates against SLOP, I'll like say, this is bad.

Shay Nehmad:

And then people were like, Claude did it. And I was like, no, you you submitted the PR and he's like, your linter didn't catch it for me, so I guess it's fine. I have opinions about that, but like if there are good automated guardrails that actually work, that we could introduce, I'm always interested to hear about them. And we we, you know, at the beginning of this interview, we introduced the CRAP score, which is such a great brand. What is what does it do though?

Shay Nehmad:

So can you tell us what is the CRAP Go CRAP project? What does it what does it do? How does

Jonathan Hall:

it work?

Patricio Diaz:

Who would use it? The CRAP scoring is about change risk anti pattern. And basically, it's what is the risk if someone if someone come and change the code? And we will look back over that. Way back I when I was a technical leader for some teams, we use it, cyclomatic complexity and code coverage for kind of know what are the risks that we have and try to figure out what will be good starting for reducing risk and improving the quality from from what we deliver.

Patricio Diaz:

But not much though I cross cross with this CRAP concept. I saw that first for for Rust, somebody that was using Rust built a tooling for for for calculating the CRAP score of Rust projects. And I started to read a bit about it, and I found that the CRAP scoring uses two of the metrics that I was already familiar with, which is psychromatic complexity and and what coverage. And they separately gives you insights, but they are not so useful as the CRAP scoring. Like cyclomatic cyclomatic complexity tells you how how complex is your your function.

Patricio Diaz:

Basically tells you how many path your your function has to go through. And what that means that if you are going to cover all of that with unit testing, you need to cover each of those paths and some of those paths probably had two or three or more conditions you need to check, your real value and the transition values, the boundaries of the value that you are checking.

Shay Nehmad:

Yeah. So so just to reiterate that for cyclomatic complexity, it's like if I have you know, I'm starting from some node in the code. This is I pulled up a Wikipedia image. It shows like a graph, starts with the red circle, and then it goes through many different paths. All the possible paths through this code from the start to the end, these are this is like the cyclomatic complexity of the code.

Shay Nehmad:

Right? If I can go just one way, if it's just a simple function with no if and no else, the score is one. And then if I introduce one if in the middle, the score is two. But then if I introduce two ifs that depend on one another, the score becomes four. Right?

Shay Nehmad:

So functions can become really complex by that definition.

Patricio Diaz:

Yeah. So that only gives you how complex it is, but it doesn't give you much information. But if you, in the other hand, you see what is the court coverage of that specific function. You have all all of it covered by unit test. You may you may think, well, it is a complex function, but I'm covering all the parts.

Patricio Diaz:

And and and and probably is not a big problem if there's an issue there or or probably as I tested it all, probably won't I won't expect a bug in it. But you have these two separate metrics. But when you combine with the CRAP, what CRAP tells you is how risky is in reality that function based on what is the complexity of the function and how covered it is. And and I won't go down to the formula, but basically, it grows exponentially if your function is complex and you didn't cover.

Shay Nehmad:

So so again, the higher the score, the worse the situation is?

Patricio Diaz:

The higher the That's that's correct. So, the less the less CRAP score you probably could have is the cyclomatic complexity like that. You can go down on that. You can go down just by refactoring it like split the function in different in different other functions that are more are more single more single task it. Say that even if you have a high scoring cyclomatic complexity, it means that probably your function is doing a lot of things and probably is a good candidate for refactoring.

Patricio Diaz:

But we will we will talk about it on the final words, like, does it work to to to check out this scoring? But let let let's let's move with what we were talking.

Shay Nehmad:

Mhmm.

Patricio Diaz:

So if if you have a high score, it means that it is that function is too risky. You don't know or probably few people know how the function works because there is no testing. You it's hard to tell what it does. And if somebody goes and change something, you can be sure if that won't introduce a bug or you will introduce a new feature by just screwing up two, three functions that the function is doing, features that differential is doing. So that's the idea of the CRAP scoring will give you insights and highlights on where you need to go and check your code if that is working correctly.

Patricio Diaz:

If it is not tested, probably you will need to test it or you will want to test it to to just reduce the risk of of changing it. So basically, that is the go crap. But and just to summarize everything. The GoCRAB or the CRAP idea only uses two metrics, the cyclomatic complexity and the test coverage. In my tooling, I added one optional level of of testing, is this the mutation testing.

Patricio Diaz:

That's something that I use it. I I use it to use in my projects because I found out that you think you covered all your code with good test, all is green or you see a 100% covered. But sometimes your test has blind spots. And mutation test just find out finds those blind spots. Like, maybe you didn't cover one of the variables of e of an in an if.

Patricio Diaz:

Probably if you are your condition is based on a range or values, probably you are testing in the middle and then yeah, it's just come down, but you didn't test the edges of this range. So what I did is you get the CRAP scoring with the CRAP. But if you use that in conjunction with mutation testing, it would go and validate whatever co rats you already have, either if it's a 100%, if it's not passing mutation testing, probably you shouldn't rely on that coverage because it is not well covered.

Jonathan Hall:

So all three of these concepts of course have existed for a long time. Test coverage as a metric has existed forever. Mutation testing has existed for a long time. And cyclomatic complexity, there's Lenters and other places that do that. But you brought these together.

Jonathan Hall:

Is this the first time they've been brought together in this way? Or it's just, what inspired you to bring them together?

Patricio Diaz:

Again, the CRAP concept is not mine. The CRAP concept is from someone else. Let me tell you who is.

Shay Nehmad:

I just can't with it's such a good name. You keep This is not my crap.

Jonathan Hall:

This is

Shay Nehmad:

not my crap. This is someone else's crap. I say that at work all the time whenever there's a production bug.

Patricio Diaz:

What what I did is to build a tool for Golang because there exists for all our language well, at least for for Rust, which is the one that I I I just crossed it with. And and what I did is just bring it to to and I found it very interesting because I am running the Go CRAP into my previous projects and all of that, and they are throwing a high CRAP score. I did some some mistakes everywhere and I'm trying to fix them and I just what is interesting is when you use this tooling with AI agents, because AI now is is pretty common that builds you gigantic functions with a lot of cyclomatic complexity. And sometimes it says, it is tested. But if you run mutation tests on those, they are not properly tested.

Patricio Diaz:

So this is a good one when you say, hey, build me this based on this specification. And then you run the GoCrop and there you will spot what to ask the agent or just say the agent, hey, go and check this CRAP scoring, use this tool and fix it, refactor what you need overcome unique test because mutation test tells you where is the issue and what is the issue. And started with something at the beginning and say, hey, AI tool now clouded those everything. And a couple of weeks ago, I just posted something in LinkedIn and was testing this CRAP function. Tried to see how it performs with automatic agentic code generation.

Patricio Diaz:

And I just took one of my projects and say, run this Gokrab with these parameters, try to fix all of those. And from 50 issues, it kill at forty and ten, they say, I cannot do this. Like, mutants still live. There is no way and just loop it over and say, I can fix this. Then I went and fix it.

Patricio Diaz:

Fix those 10 because I don't know, human imagination, human knowledge, whatever. But with this tool, I found what is the limit of the AI per se and really push to the limit to the AI agents. And I think it is interesting for like like when you do the specification, build all of that. And before you say it is finished, just run the linter, run the testing and run the GoGraph. And there is a lot more job for the AI agent to do after that.

Shay Nehmad:

Yeah. It seems that originally in for CRAP, I found this, like, original blog post. It's mostly about, like, an AI generated Rust code. I think this has been a useful like, this is both cyclomatic complexity and code coverage are things I commented on for humans as well. Like humans are bad at this stuff as well, just to this is not like an AI specific problem.

Shay Nehmad:

But it it is it does seem that people are looking for more like deterministic tooling to point agents away from this problem. Although, I don't know, I I still feel like you you have to review stuff yourself. Like, you can't just say the code is good because it has a low CRAP score. I mean, it might have a low CRAP score because it's very complicated and it has a million tests and a million mutation tests, but any human looking at this would be like, well, these are two separate concepts. Maybe we need to like, on a more architectural level, maybe they need to be separated.

Shay Nehmad:

But it is interesting to see the evolution of this project, like, from, this to the Go, Grab version. By the way, all the links that if you're watching video I'm sharing is a screen right now. But all these blog posts about car GoCrap and this documentation about GoCrap, all these links will be in the show notes, so you can see that as well. So it's not strictly for AI, I feel, but it does I understand why the the hunger is, like, more there, like you said. You just catch Claude or Codex or GitHub CLI or whatever misbehaving.

Patricio Diaz:

Yeah. And and right now, I'm trying to push this to the Go community. But also now I'm trying to kind of run a poll about well, the thing is, do you have this CRAP scoring? That's fine. It is probably is high in your project.

Patricio Diaz:

But what do you do about it? Does it work to do something about it? What will be your approach for solving it? When we were discussing other tech leads growth in companies I was working on and I was using and broke the test coverage and cyclomatic complexity to the to the discussion and say, we are in our team, we are using these and we are trying to take a bit of the time of the developers in the spring just to try to fix or solve or reduce some of these. And they say, why are you trying to do that?

Patricio Diaz:

Like, it is money. You are spending money in something that probably won't crash or my point is these will kind of highlight something that you don't see. But it is not the end of the world. Like you can just see, you can just live with it, or try to take some action on it. But it doesn't mean that if you have a high CRAP score, everything will go down or your application will crash.

Patricio Diaz:

The only thing is like, if something crash and it is in something that has a high CRAP score, you probably will know that it will take you longer figure it out and fix that issue. It is just that.

Jonathan Hall:

So I'm curious why you would multiply these together, whatever the formula is. Why don't you look at the test coverage and the complexity as two distinct things? Like if I have a really complex function, but it's 100% test covered, does it matter that it's complex?

Patricio Diaz:

No, it doesn't matter.

Jonathan Hall:

And vice versa. If I have really simple functions that are not tested at all, do I care? At all. At all. So what's the value in combining these two things together?

Jonathan Hall:

They're into a

Patricio Diaz:

single Combining these two things, your function is already complex and it should be like that, it doesn't matter. That's fine. It only says that it has a lot of parts and a lot of calculations and all of that. But if you don't cover it properly, the the idea is if you are not sure if everything works, if all the parts are tested and you really know that everything will work and that the only way to do that is using unit testing. That's where the CRAP scoring matters.

Jonathan Hall:

You have a high CRAP score and it helps you focus on which parts to do first basically?

Patricio Diaz:

Yeah, you probably will need first to see if that cyclomatic complexity is real. You really need that or something. Just figure this out. You have a long function. And the first 50 lines is only to calculate one value that you will use in the next in the next lines.

Patricio Diaz:

Probably those 50 lines you could just take out to a function and reduce the complexity and unit test that specific because the only duty it has to do is to calculate that specific value. And it doesn't need to be in the world function. And well, that's just one example. If you found out that the sacrovantik complexity is Okay, that's what it has to be. Then you go and try to put the more testing you can into the function.

Patricio Diaz:

So you are sure that all the parts are tested and value won't crack, won't crash or will send the function for a path that should go. And then the mutation test will help you to figure out if you covered all the path and your testing are meaningful. Like, you don't have blind spots in your in your use cases.

Shay Nehmad:

Cool beans. Well, other than GoCrap, you did I I know that this was the main thing I wanted to focus on because I to me, I think it's the most generally applicable. There are two other tools that you've worked on that you wanted to share. Right? One about hexagonal architecture Yep.

Shay Nehmad:

That you're gonna be presenting soon as well, and one about test generation. I would love to hear just briefly about those for people who would think it's relevant. I think it's way more specific. So probably if everybody in our in our listenership could add a CRAP score, you know, calculator to their CI pipeline or whatever, these ones are a bit more niche, but I still would love to hear about them.

Patricio Diaz:

Yeah, yeah. The Hexagonal, the Hexagonal is a tool for scaffolding Hexagonal architecture project is as you say is a very niche. But in my previous jobs, when I was doing projects, I'm working on projects. We were using hexagonal architecture and really the developers really struggled a lot to understand where each things should go and how do you structure the code and the flow, the data flow where it comes, what you can connect with whatnot. And the ExaGo, what those help you if you have your DDD planning, your domain definition specifically, then it is easy to translate that to XAGO commands and ask, hey, build me this domain object with these attributes that will create it for you.

Patricio Diaz:

And you say, hey, build me this adapter for a database. And we'll just put what it whatever code goes in in in place. Again, it is a good URL for AI agents. Again, you can use it manually, but as it has an MCP server too, you can just ask an agent build me this or you just give your domain definition, your spec driven development document. Yes.

Patricio Diaz:

It So was keeps

Shay Nehmad:

it in the in the path, in the architectural path you want.

Patricio Diaz:

And it won't hallucinate too much. And and and this is a good one, right, so far.

Shay Nehmad:

Jonathan, have you ever done hexagonal architecture work? Like, worked in a project that had this sort of architecture?

Jonathan Hall:

Every project I work on has that by the time I'm done with it.

Shay Nehmad:

I've never What am I missing? Because I've heard about it a lot and people talk about it a lot, but I've never I just do my architecture based on my experience. Maybe I'm missing like something really

Jonathan Hall:

You're probably using it without realizing it. I mean, it's what I

Shay Nehmad:

mean is- does it mean?

Jonathan Hall:

Do you ever do dependency injection?

Shay Nehmad:

Yeah.

Jonathan Hall:

Then do it essentially.

Patricio Diaz:

The idea about Xagonal architecture is that you have incoming connectors, and you have outgoing connectors, and your core is agnostic of all of that. Your core only knows about data, doesn't know how to connect to a database, REST client, nothing. And all of that you do interfaces and connectors. But talking dirty is kind of the next evolution of all these patterns like MVC and all of that, which you say in which layer should go your code. And this is just that like hexagonal is kind of something like that.

Shay Nehmad:

People love, hexagons. I don't know if you watch, there's this YouTuber, CGP Grey. He also does podcasts. Has, hexagons are the best of guns, and he has, like, a few six minutes video on why that's the best shape.

Jonathan Hall:

Okay.

Shay Nehmad:

It's a pretty good video. So this is a tool that helps you, like, generate, you know, whatever Yeah. It product structure for hexagonal architecture, basically.

Patricio Diaz:

Yeah. Yeah. And and and you you just use it basically when you are scaffolding the project. You won't use it too much. So it is kind of war rial for for developers or AI agents that try to add a few new things.

Patricio Diaz:

But for sure, you don't need to use it every day in your project. But when I

Shay Nehmad:

was all the links to these things are in the show notes as well. So if you're listening, like, oh, I'd like to find like click on this and check it out. Patricio, you have pretty good docs. Like, it's on the I I noticed that the link is not just to a GitHub readme. It's, to a GitHub IO site.

Shay Nehmad:

I appreciate that, and I'm sure anybody who's gonna go is gonna appreciate that too. There's like a quick install, get started, add an entity, create a service, add a HTTP handler, validate it. It's all correct. It's like pretty nice.

Patricio Diaz:

Thank you. Thank you. Thank you. And when I when I was building this, I there's a there was a one feature in the in the first versions of ESA Go. There was a one feature like when you when it should create an an adapter, let's say, it'll create the testing file along it.

Patricio Diaz:

But just with a placeholder, like you add your testing here and just go fail, like not implemented, something like that. And for the next iteration, I I tried to do something more automatic. And and I started to think on adding a best creator inside the ExaGo. But I say, as you say, Hexago is pretty niche, so you don't need to use it extensively. But testing you need to create for any other project that you have.

Patricio Diaz:

It could be hexagonal or not, but testing you need to create. And I know Visual Studio Code or all their IDs, they have this generate test for this function, but they are pretty basic and they just create table based test. And that's fine if the results of the functions are kind of primitives or simple variables like an int and string, one error. That's it. You can just compare and say, I want this value and compare it with this other one.

Patricio Diaz:

But but if you let's say, you are using a factory factory pattern and you have a factory function, a new something and need to initialize and give you a fully initialized structure. And let's say like one or two of those attributes would be an interface which you can use with different implementation you already have, like readies for caching or memcache or just internal memory, doesn't matter. But it should be one interface. You will like to test if given the configuration for that factory function, it will return you the structure initialize it as you want. There the testing becomes a real headache.

Patricio Diaz:

And I found and it's not my invention, it's something that in some courses you will find and you will even find in the standard library code. There is a concept about this closure function testing, which means you start with a kind of table testing. But instead of offsetting the wanted value, you set a list of functions and you pass the returning value to that and you define what you want to test specifically. And you don't need to use all the functions. You say for this configuration I sent and you specify, verify me if is the these values from implements this this interface.

Patricio Diaz:

See if this file has this or something. You can you can you construct a small Sort

Shay Nehmad:

a higher higher order asserts on the

Patricio Diaz:

That that yeah. Yeah. You you get the idea. So the GoTest

Shay Nehmad:

I I do. This is for pretty advanced architectures, I feel. It's not like for your garden, you know, 100 line script. This is for like real big software. This is not something you would reach for all this tooling for just like, oh, I wrote a script that does something small.

Patricio Diaz:

Yeah. Well, I wouldn't say that. Like if if if you are trying to test something complex like an S structure or an interface, the table let's compare just what opened out from the function and what you wanted, it won't work. So I found that this is more comfortable, it's more easy and more easy to understand, to extend, and it is more efficient to do. And my decision maker, that's the strongest feature that it has.

Patricio Diaz:

So like you can take that function and try to scaffold the function based on what is the complexity and what are the functions that receives or sends. By the way, I publish it. Can send it to you later. I started to publish a kind of a web book with test cases that I found in my code base and all related to the projects that I published and how I ended up testing those. And so far I have 32 scenarios, different scenario for testing from the simple ones to channels, mutexes, and real, real complex scenarios.

Patricio Diaz:

My idea is to go test JEM, the tooling, sure in the end cover all these scenarios that I found. And it shouldn't be just the simple table test or these closure test, collection test that you have, but it is an ongoing project. Again, it relates to GoGraph because I found I need to test something. Just go to GoDeskGen, generate the code and I start adding a lot of unique cases, testing cases for that. Yeah, I mentioned the web book and something I didn't mention because I kind of forgot about it.

Patricio Diaz:

I also build Visual Studio Code extension, which what it does Lots

Shay Nehmad:

of lots of dev tooling.

Patricio Diaz:

Yeah. Yeah. Mostly it's for my use, but I would like to share with the with the community. This goes through analyzer. What it does is just stick and will tell you if it is properly ordered to not consume too much.

Patricio Diaz:

Too much padding and stuff. Yeah, the padding, all of that. And also there's a new feature for telling you if the order is also putting some pressure on the garbage collector, something I didn't know about it until I read it. And I say it was good and cool to add it. So I will just check to if the button is correct, the ordering for the button is correct.

Patricio Diaz:

And also if the order won't put or not pressure on the garbage collector. It's pretty interesting if you use it with Visual Studio Code, it could be with set, with cursor, whatever Visual Studio Code clone. Yeah.

Shay Nehmad:

There's a lot of these forks out there at the moment. Cool.

Jonathan Hall:

I was noticing that you are scheduled to speak at GopherCon LaTown. Yeah. That's correct. In September. What are you speaking about there?

Patricio Diaz:

About days ago.

Jonathan Hall:

Yeah. Cool.

Patricio Diaz:

Because because Go CRAP and Go Test weren't Go CRAP didn't existed when I send the the paper proposal and Go Test was just just born a few days born, so I didn't And

Jonathan Hall:

are you speaking in English there? It looks like this is at least a trilingual conference, English, Spanish, and Portuguese.

Patricio Diaz:

I believe I will be the first Spanish talker in that conference. Always was in Portuguese and English and they announced that in this edition we will have Spanish speakers. And I believe mine is the only one that you will find in Spanish.

Jonathan Hall:

Okay. Nice. Well, I wish I could go. I love Brazil. It's been many years since I've been there.

Jonathan Hall:

It looks like a bunch of other great speakers would be there too. It would be fun if I could make it, but unfortunately I won't be able to.

Patricio Diaz:

Yeah, yeah. I'm looking forward to meet some a lot of people that I knew about because of you like Filippo. This is the only one

Shay Nehmad:

from I second Filippo mentioned this episode. You don't know because we recorded the episode right before we started the interview, but we mentioned him, during the show as well because we had some crypto related things.

Patricio Diaz:

Yeah, he he he'll be there. And the this guy from Adelina Labs too.

Jonathan Hall:

Bill Kennedy? Yeah, Bill.

Patricio Diaz:

Bill Kennedy, yeah. He was doing a We workshop

Shay Nehmad:

just met him. Bill's a great guy. He's such a chill dude. It was so cool to hang out with him in Canada. I know.

Shay Nehmad:

You went to his workshop, right Jonathan?

Jonathan Hall:

For the first half, yeah. And I had a headache that day, had to go lie down halfway through, but yeah, I did go.

Shay Nehmad:

Yeah, I heard a lot of good stuff about this ultimate AI. Wait, if it's the same time as your talk, Patricio, then that workshop sucks. But But if it's not the same time as your as your talk I heard a lot of good things about the Ultimate AI thing. I couldn't go when I when we were in Canada because I had to talk at exactly the same time. But I heard I heard a lot of good things about that workshop.

Shay Nehmad:

And I guess if people want to follow all this, cool work you're doing, Patricia, LinkedIn is a good place to, connect with you?

Patricio Diaz:

Yeah, yeah, that's correct. Yeah, LinkedIn is a good place.

Shay Nehmad:

Link LinkedIn's in the show notes as well. We're coming up to a close here, and we have our I don't know if it's new at this point. It's July. But our current, stumper question. Jonathan, why don't you take it?

Jonathan Hall:

Because I'm worried

Shay Nehmad:

I'm always worried that I'll I'll ask the question from last year.

Jonathan Hall:

Oh, just like when the the new year comes and you and you sign your date things wrong.

Shay Nehmad:

Yeah. I do that all the time.

Jonathan Hall:

So the question is, can you tell us about your favorite third party, Go library? Yeah.

Patricio Diaz:

Yeah. That that that that's a kind of tough question. Even I did it myself when I listened to podcast. I think I will go with these two, Cobra and Viper from SP13, something like that. It is the tooling for building CLI tools.

Patricio Diaz:

And the other one is for reading config. I can think on building a project without using either one or the other. They are really, really good.

Shay Nehmad:

Yeah. Yeah. They they're they're not standard library in the sense that they're very opinionated, very big and whatever. But they're they're part of, like, so many, projects that are super important, like Hugo and Kubernetes and whatever. They're not standard library, but they might as well be.

Shay Nehmad:

You know what I mean?

Jonathan Hall:

Yeah. Good answer.

Shay Nehmad:

I I like those too. I use them a lot. Although, there is one problem with COBRA.

Jonathan Hall:

Oh, yeah?

Shay Nehmad:

Why didn't it call it Gobra?

Jonathan Hall:

Oh my gosh.

Shay Nehmad:

I mean, it's so so obvious. No. People have a lot of problems with Viper and Cobra because they think it's too complicated, but I like it. I think it's Alright. The or what it does, it's, like, the right level of complexity.

Shay Nehmad:

I wonder what what the CRAP score for Viper and Cobra is.

Jonathan Hall:

Maybe you can maybe you

Shay Nehmad:

can run a go CRAP on it and give them give them a a score.

Patricio Diaz:

Yeah. For sure. For sure. For sure.

Shay Nehmad:

That would be interesting.

Jonathan Hall:

Can you imagine

Shay Nehmad:

that issue as an open source maintainer? Your code is crap. I have scientific proof.

Patricio Diaz:

I'm I'm thinking on starting to get the CRAP score for a few of the

Shay Nehmad:

Like major open source stuff?

Patricio Diaz:

Projects. I'm trying to I'm thinking of sending a challenge to all my friends that I still work on some big company where we were working on and ask them if they dare to put this in their CI and see how is the craps scoring for their quote.

Shay Nehmad:

I'm telling you, the CRAPmark, the Go CRAPmark page, people are gonna love it. You post it on, like, Reddit or whatever. Here's the CRAP score for all the open source code in the projects. People are gonna go wild for it. But they're gonna misunderstand it.

Shay Nehmad:

Right? They're gonna say, oh, the CRAP score is high, therefore this project is bad, even if evidently the project is totally fine. But I don't know, people love these comparisons. Well, I'm sorry that we gave you homework at the end of this, interview.

Jonathan Hall:

That's not usually,

Shay Nehmad:

how this goes.

Jonathan Hall:

Well, Patricio, I want to thank you for taking the time to talk to us. It's been a pleasure learning about your projects and talking to you. I wish you the best of luck in Brazil there at GopherJS, LATAM. Yeah, let us know how it goes. Maybe when the videos are out, I hope they do videos, share a link on the Gopher Slack.

Jonathan Hall:

We'd love to watch your presentation. Those of us who speak Yeah,

Shay Nehmad:

not gonna watch it. My kid might be able to watch it. She knows Spanish because of her because of her kindergarten teachers, but I don't know Spanish yet. Oh.

Patricio Diaz:

Sorry. You can use it as a translation.

Shay Nehmad:

I just got a private viewing,

Jonathan Hall:

so I

Shay Nehmad:

think I'm gonna

Jonathan Hall:

You a few months to learn Spanish anyway, Shay, so so I No excuse.

Shay Nehmad:

This is a different topic when I recently have deleted Duolingo and stopped my subscription. I'm not

Jonathan Hall:

Oh, yeah.

Shay Nehmad:

I'm done. I'm done. Alright. Some other time we'll talk about it. Thanks a lot, Patricio.

Patricio Diaz:

Thanks for having me. You wanna since

Shay Nehmad:

you're a listener, do you wanna do the outro? You know it.

Jonathan Hall:

Oh, yeah.

Shay Nehmad:

The program exit.

Patricio Diaz:

Yeah. Exit. Quick,

Shay Nehmad:

programming note. We realized after, finishing recording the episode, Jonathan and I are not gonna be here next week, so we're just gonna skip the episode next week. Let us know if you want, like, us to publish an older episode again or something like that. Probably not. But

Jonathan Hall:

Probably not.

Shay Nehmad:

We may just miss a week. So listen to this episode with 0.5 speed, and then, you know, you got enough content for a couple

Jonathan Hall:

of weeks. There you go. And we will see you in two weeks.

Shay Nehmad:

Program exit up. Goodbye.

Creators and Guests

Jonathan Hall
Host
Jonathan Hall
Freelance Gopher, Continuous Delivery consultant, and host of the Boldly Go YouTube channel.
Shay Nehmad
Host
Shay Nehmad
Engineering Enablement Architect @ Orca
💩 Security releases you MUST parse, GopherJS, TypeScript 7, and Patricio Diaz CRAPs on your code
Broadcast by