[Requires a Separate Ticket]
Please note that this workshop requires a separate ticket.
Please click here for workshop details
The eBPF VM lets you run small snippets of C code inside the Linux kernel. That code can communicate with a user land program, which you can write in Go. The use cases for eBPF are endless, and demand for replacing outdated tracing, networking, debugging, and security systems using it continues to rise astronomically. This talk will introduce eBPF to the audience, demonstrate it’s power, offer solutions to common challenges, and dive into how attendees can start writing their own eBPF code.
In particular this talk will address the number one criticism of eBPF, it’s useability. There are a handful of different packages that Go developers can use for interacting with eBPF, but there’s no consensus on which is best. By the end of my talk, attendees will understand the direction the community is moving towards and feel inspired to start writing Go to leverage the awesome superpowers of eBPF!
One of the misguided norms of Software Engineering is prioritizing code over tests. In college, I was taught the fundamentals of programming and Computer Science by writing code first. I learned that to value code meant to write the most efficient, and readable code. While this isn’t wrong, I’ve come to learn that valuing our code can go a level deeper than that. Valuing our code means adopting a completely different mindset and culture.
It means writing your tests first. That’s right. Write your tests first, before you write any piece of your project’s source code. This, my friend, is called Test Driven Development (TDD for short).
In this talk, I won’t just give you the what, why, when and how’s of TDD. I’ll also be sharing my story on how I switched from writing server code in Node.js to Go, how I discovered TDD, and how the stars aligned to inspire me in promoting TDD to new Go developers.
If you’re a new Go developer who wants to level up your Go coding skills while, at the same time, reap the benefits of TDD (I’m talkin’ optimal test coverage with cleaner code, superb code readability and MORE), then this talk is for you.
Hi there! My name’s Maricris. Pronounced like “Merry Christmas”, without the “mas”. By day, I’m a Developer Advocate at Magic. By wee early in the morning, or late in the evening, I’m a multi-passionate creative. This means I’m passionately taking action in a variety of spaces. A few of these spaces include: software engineering, blogging, youtube content creation, digital art, auth. & identity management, blockchain & self-sovereign identity, community building, and spirituality.
In this talk we will explore the field of Audio Programming using Go. The talk will start with a short explanation of what “Computer Audio” means and how those 1s and 0s eventually go through our headphones as something intelligible, be it your favourite song, podcast or anything else.
After the explanation of how we can reason about the audio, we will make our way through building a program that can create a monotone sound. To do this, we will generate a sine wave that audio programs can interpret and output. Again nothing but the standard library will be used here, as we will be writing it directly to a binary file without any overhead of common filetypes such as .mp3 / .wav.
A bit more advanced - Sample Rates, Frequencies and Amplitudes
Once we have seen how to create such a simple sine wave, we will make our way up to more complex waves. But first, we’ll have to introduce a few concepts such as the Sample Rate, Frequency and Amplitude. We’ll walk through how they change the waves, as well as how our perception of the sound changes along with it.
Next we’ll dive into oscillators, these are the part of the program that allows us to generate different soundwaves, such as sine, square, upward sawtooth, etc… With these, we will add a lot of flexibility to how our audio will sound like. After we have done the setup for the oscillators, we will see how easy it is for a user to generate different sounds.
Making music - From notes to music
In this section of the talk we will briefly take a look at how we can turn musical notation (things like “A, C#, Cb, ..”) into actual sound using the oscillator we created in the previous part. In order to understand what is happening here, we will briefly look at musical scales and how they impact the music we create today. A high-level overview will be given of some of the concepts that will make the music sound more ‘natural’ to our ears.
Wrapping up - GoAudio
To wrap up, we will take a small look at GoAudio, a library I built to assist in creating music with Go. Everything we’ve seen so far in the talk is working code from this library, and GoAudio has zero other dependencies. I’ll briefly highlight some of the other functions we could not cover in-depth in this talk, such as spectral analysis, envelope extraction and harmonic sounds.
Compared to its direct ancestors, Go does not support inter promotion for number types; the compiler will not help you out if you want to add two integers of different types. This seems like an annoying oversight, but in practice it is rarely a problem, and avoids one of the biggest sources of subtle programming errors; undefined behaviour arising from integer promotion.
In this talk I’ll touch on the history of numeric types in early computer hardware, back in the days when numbers were just binary–sometimes decimal–integers and the programmer was responsible for remembering where the decimal point went and how early languages like FORTRAN existed in part to free the programmer from the error prone floating point management.
A decade later hardware support for numeric types evolves triggering an evolution in programming languages from word oriented languages like Richard’s BCPL to the byte oriented languages of C, C++ and Java. Now numbers aren’t just numbers any more; byte, char, short, int, long, double allow programmers to specify the precision and storage requirements for each field and variable in their program, but raises the question of how will these various types interact. Integer promotion, as solution that probably sounded reasonable when integers were 16 bits, haunts those languages through the spectre of underlined behaviour.
In contrast Go has no integer promotion, forcing the programmer to ensure that all the types of an expression are the same. Yet as draconian as this statement sounds, Go programmers are rarely aware of this because the countervailing force of one of Go’s greatest contributions; untyped, unsized, ideal constants.
David is an open source contributor and project member for the Go programming language. David is a well-respected voice within the tech community, speaking on a variety of topics such as software design, performance, and the Go programming language.
In 2009, while idly perusing Google Reader (we’ll never forget!) he ran across the announcement of a new open source language, Go. It was love at first sight. From that point David’s passion has taken him around the world writing, teaching, and speaking about Go.
David is currently a member of the technical staff at VMware. Prior to their acquisition he served as a Staff Engineer at Heptio, a Seattle based company, focused on building tools to help developers become more productive with Kubernetes.
Several articles and books have discussed how technical debt grows and changes. However, I’ve yet to find a good exact definition and a way to measure it. This talk analyses how you could measure it, how to make smarter decisions and how to maintain software over decades.
I will cover technical friction in all shapes and forms and how it impacts development over time. Then I’ll give a metaphor to understand technical friction intuitively. I’ll also cover perceived and estimated technical friction, and how people can go wrong with both of them. Finally I’ll show how perceived and estimated friction give arise to technical debt.
Once you understand technical debt it won’t be a scary monster that kills your software, but an understandable side-effect of software development and progress.
The talk is intended for all-levels.
Egon Elbre is a software engineer with over 10 years of experience. He started playing with Go just after the first public announcement and has hung around since then. He loves finding new ways of looking at code such that it would be easier to maintain, understand and, most of all, ensure that it delivers value. He strongly believes that there are explanations that help people learn and be productive faster. When he’s not neck deep in code he’s either drawing or playing the piano.
As modern software architecture evolves and we adopt event-driven systems into our practice, let’s take time to get into the nitty-gritty of designing the payloads that actually carry those events around. With strategies for which fields to include and how to handle changes to the data structure as the requirements evolve, this session has real-world advice to keep you on track.
When it comes to data formats, choosing between self-contained formats such as JSON or XML, or a serialization format like Avro, this session covers how to design an approach that fits your application and platform. The session includes examples of using event-streaming tools such as Kafka with your Go application and offers to gotchas to avoid when teaching your applications to play nicely together.
Lorna Jane Mitchell
Lorna is based in Yorkshire, UK; she is a Developer Advocate at Aiven as well as a published author and experienced conference speaker. She brings her technical expertise on a range of topics to audiences all over the world with her writing and speaking engagements. Lorna has a strong background in open source, and a passion is for better Developer Experiences for developers everywhere.
As Go has become a popular programming language among application developers, some malware authors have also jumped on the same bandwagon. Many of the features offered by Go, such as battery-included design, ease of cross-compiled binaries and powerful standard library, are fully utilized by malware authors to achieve their goals of stealing secrets, making money or just destruction. In the last few years, we have seen a steady increase of more malware written in Go. This, together with some of the uniqueness of Go’s binary format, has led to classic security tools having a hard time keeping up with this new threat. As a consequence, many of these attacks go by unnoticed until it is too late.
This presentation will take a look at some of the major malware attacks from 2020 that used malware written in Go. We will see how Go was used in espionage attacks against two Eastern European countries’ ministry of foreign affairs and attacks from a Russian intelligence agency against COVID-19 vaccine researchers. In addition to nation-state malware targeting Europeans, we will also take a look at how malware written in Go was used to target oppressed minority groups in Asia.
Cybercriminals have also been using Go in their toolset and we explore how they have used ransomware written in Go to take down parts of big companies such as Honda and Whirlpool, to compromising cloud environments for cryptomining.
In this unorthodox talk at a developer conference, the audience will get a taste of the (mis)uses of Go that happen behind our backs. So follow me as we take a look at what happened over on the dark side during the year 2020 that we all just want to forget and wish never happened.
Dr Joakim Kennedy is a Security Researcher at Intezer and a Go coder since 2016. His job involves analyzing malware and tracking threat actors. He has been a featured speaker at multiple BSides and other industry events. In addition to tracking bad things on the internet, he is the creator and maintainer of the Go Reverse Engineering Toolkit (github.com/goretk) and other open-source tools to analyze and work with Go binaries.
Engineers often think of serverless functions as background workers for tasks like file processing or event processing. Serverless functions like AWS Lambda have so much more potential and should be top of mind when building Go web applications.
In this talk, we will demonstrate how easy it is to build a serverless Go web application using AWS Lambda and Amazon API Gateway. Choosing to build a serverless web application allows us to easily build scalable applications and removes a wide variety of concerns, enabling us to focus on writing awesome application code.
Most of the beginner Go content on the topic of web apps doesn’t consider going serverless, even though it can be more efficient, less verbose and easier to work with. The content in this session will be very useful to those starting out with Go or learning about serverless.
This talk is co-given by Adelina Simion and Xiao Liu.
Hi, I am Xiao Liu and I am Senior Software Engineer at Cytora. We are an InsurTech company providing ML solutions to boost underwriting productivity. I have been building in production with Go for 2 years and using Serverless architecture for 4 years. I believe Golang and Serverless are best friends!
Have you ever wondered what happens when you type something on your terminal? Why signal interrupts such as Ctrl-Z exist? Why are they called terminals in the first place? This talk will answer these questions and more. We’ll cover the basics of the TTY subsystem and build a simple terminal emulator in Go.
- Introduction: A brief background of the current state of the TTY subsystem
- Why PTY?: This section explains how Linux PTY works
- 10-minute Codelab: Build and run a simple terminal emulator in Golang
- Conclusion: We use terminals all the time, some of us all day most days.
Data management architectures are changing dramatically. Users and businesses alike have come to expect short feedback loops that require migrating historically batch-based workloads to streaming workloads.
Batch based data pipelines have typically been favored because they’re forgiving in performance and error handling concerns making them easy to write and scale, but have the major downside of having to wait hours or sometimes days to get results. Converting the same insights to streaming workloads introduces new failure modes and availability challenges, but the benefits of the shortened feedback loop lead to faster returns on investment.
Scaling streaming data pipelines is no small feat however. Segment processes hundreds of petabytes of event data per day, exactly once, with reliable processing and delivery but it took a long time and many bright engineers to get here. Come learn from an experienced Go programmer about how to plan, build and maintain these systems and take actionable advice back to your organization to improve your data infrastructure!
Alan Braithwaite is a hacker who cares deeply about building reliable, scalable systems. During his tenure at Cloudflare he helped bring the data pipeline to 8 million events per second using Go. Now at Segment, he’s helping scale the microservices based platform using the power gained from the plush gopher which sits on his desk.
Using gopls is great for code intelligence, but can be challenging to run in a web-based editor environment where sessions can be quite short and setting up the full filesystem for gopls can be expensive. At Encore we’ve built a much more lightweight way of running gopls, by creating an io/fs filesystem that streams directly from a remote Git repository combined with a FUSE filesystem.
In this talk we’ll dive into the solution, how each part works and how they fit together, and demo the final result. We’ll also announce the open-sourcing of these components to make it easier for others to build upon these ideas.
- Introduction & problem statement
- Why is this useful and how are we approaching it?
- Overview of what the final architecture will look like
- Overview of the Language Server Protocol & gopls
- The new io/fs package
- Building an io/fs.FS implementation that streams from git, over gRPC
- Introduction to FUSE
- Building a FUSE adapter for io/fs with go-fuse
- Live demo of completed solution
The Go compiler tries to make good decisions for you, and doesn’t provide you with many knobs to turn. In the general case, the small runtime cost of a function call is not something we should worry about. However in the critical “hot path” section of our code, inlining is very useful, i.e. having the compiler replace a frequent function call instruction with the full function body. This trades a few KB of executable size for a more efficient execution, essentially avoiding executing the function prologue.
We’ll see how the compiler has improved over the years, and why mid-stack inlining is important. We need to understand a few specific compiler rules, if we want to enable inlining for a specific important function.
Beyond the simple cost of a “function call and prologue”, we’ll see that inlining effectively enables further fascinating compiler optimizations based on static analysis of code with more hints about the actual context at call site: Constant propagation, Bound check elimination, Instructions Reordering, Dead code elimination.
This talk will discuss in detail how backends for API endpoints can be seamlessly migrated with zero downtime and no business impact. We will learn about the Strangler design pattern for managing the migration, how to put it into practice with techniques like traffic shadowing and traffic splitting, and how this can be achieved with a gateway service built in Go. Using examples from a recent migration effort, the speaker will also share some tips on what metrics to monitor and what additional tooling can help to ensure the migration stays on track and disaster-proof.
Sushant is a Staff Software Engineer at Lyft, and has over 10 years of experience building web, mobile and desktop apps. In his current role, he is responsible for building and operating distributed backend services that power core experiences in the Lyft passenger apps. He also has over 4 years of experience building application platforms using Kubernetes and other cloud native technologies
Though tracing technologies are not necessarily a new concept only in the recent years it gained enough traction to become one of the key dimensions required to build observability stacks. Undoubtedly the major force behind this traction are the standards created to help developers to collect telemetry data from their applications, such as OpenTelemetry—an observability framework for cloud-native software.
OpenTelemetry provides a single set of APIs, libraries, agents, and collectors that ensures technology agnostic collection of traces and metrics—but the implementation for each programming language is different. While Java has an agent capable of automatically instrumenting the JVM with additional bytecode, other programming languages like Go have to handle this instrumentation manually.
But Go developers have nothing to fear. This talk will explain in a for-the-rest-of-us style how to instrument applications written in Go and how to send the telemetry data to a backend using a collector.
Ricardo is Principal Developer Advocate at Elastic—the company behind the Elastic Stack (Elasticsearch, Kibana, Beats, and Logstash) and Elastic Cloud, where he does community advocacy for North America. With +20 years of experience he specializes in Distributed Systems, Databases, Streaming Data, and Big Data. Prior to Elastic he worked for other vendors such as Confluent, Oracle, and Red Hat, as well as several consulting firms. These days Ricardo spend most of his time making developers fall in love with technology.
While not working he loves barbecuing on his backyard with his family and friends, where he gets the chance to talk about anything that is not IT related. He lives in North Carolina, USA with his wife and son.
Technical writing is rarely taught in code schools and CS programs or listed among the qualifications for an engineering job. Yet users rely heavily on documentation to use the tools they need to use. Not only that, decisions about which tool to use often take into account the availability of quality documentation. It’s important not to leave the task of writing docs to technical writers who may not fully understand the underlying technology or use cases. This talk will teach you the basics of technical writing–from tutorials and API documentation to pull requests and release notes - so you can increase adoption of your software and keep your users–and your coworkers–happy.
Dana Scheider is a software engineer at Envato. Hailing from Portland, Oregon, she currently lives in Melbourne, Australia, and is a core maintainer of Cucumber. She is particularly interested in testing, behaviour-driven development, diversity and inclusion, and improving processes within engineering organisations. Dana’s extracurricular interests include mathematics, opera, foreign languages, and Star Trek. An in-demand speaker, notable conference appearances include SwanseaCon, CukeUp! London, Full Stack Toronto, RubyConf Colombia, and Covalence Conf.
Katie is a software engineer on the Go security team, and is currently leading the effort to add native fuzz testing to Go. Previously, she was the tech lead of the module mirror and checksum database, which provided consistency, availability, and security to the downloading and management of Go source code.
Julie is a senior software engineer on the Go team at Google. She is the tech lead for the Go package discovery site (pkg.go.dev), which enables users to discover and evaluate third party Go packages for their projects.
Katie is a software engineer on the Go security team, and is currently leading the effort to add native fuzz testing to Go. Previously, she was the tech lead of the module mirror and checksum database, which provided consistency, availability, and security to the downloading and management of Go source code.
Suzy is a software engineer on the Go tools team. She is focused on improving the Go developer experience and is the lead for the Go debugging experience in VSCode.
Are you loving Go? But you’re having an affair with NLP?
In this session, Matteo will talk about spaGO, a lightweight Machine Learning library written in pure Go designed to support relevant neural architectures in Natural Language Processing.
spaGO makes it possible to create and train your own neural model, or import a pre-trained one from Hugging Face and FlairNLP, without moving to other languages and without the burden of third-party deep learning frameworks (so the deployment is just a single executable for your server!).
Matteo will tour the spaGO library’s main packages in a top-down fashion, providing a quick overview of 1. the built-in NLP modules served via gRPC and HTTP JSON API; 2. the straightforward implementation of well-known neural models (e.g., MLP, LSTM, BERT); 2. the underlying mechanism of the internal machine learning framework;
By the end of this talk, you will know how to exploit in your own projects the potential of state-of-the-art neural models for Named Entity Recognition, Sentiment Analysis, Question-Answering, and much more.
Matteo Grella’s expertise has the distinction of combining vision, leadership and technical background.
He has been engaged in Artificial Intelligence projects by private companies, academic institutes and government organizations, among them the University of Turin, the Accademia Della Crusca and the Italian Ministry of Defense.
With a particular focus on Natural Language Processing and related Machine Learning models, Matteo is active on open-source and authoring research papers. As Head of Artificial Intelligence, Matteo is responsible for the application of these technologies in the context of security-risks analysis within the EXOP Group.
Generative art is a unique form of artistic expression, building bridges between computer programming, randomness, and visual aesthetics. It has kept my imagination for over a decade. While I have never been particularly skilled at drawing, I have always been amazed by what one could achieve with a couple of lines of code. At the beginning of this year, I wrote and and self-published a book about the use of Go as a language for graphics and generative art programming.
Unlike popular choices such as Processing, NodeBox, openFrameworks, etc., I picked Go for two simple reasons:
Go’s syntax is easy enough that virtually anyone can learn it quickly. The language is far more versatile than what most programmers use it for.
I am hoping that my talk will give the audience a new perspective about their favorite language, and the chance to discover an artistic side they did not know thy possessed.
Learn about the amazing things you can build with Go and WebRTC. Sean will start from the basics and talk about what features WebRTC gives you, and the challenges it has to overcome. He will run through the basics of building with Pion WebRTC and after that a quick showcase of all the amazing Go projects being built with WebRTC.
The arrival of Quantum computers threatens the security of cryptography as we know it. To take a step ahead, NIST launched a competition in 2016 to find the best quantum-resistant algorithms. Out of the 105 initial candidate schemes, only 15 were selected as finalists in 2020. The research community has done extensive work on assessing their security and weaknesses, and we are now at a point where we can start using them in practice. Unlike the competition that designated AES as the standard for symmetric encryption, it is expected for multiple schemes to be standardized at the end of this one. Indeed, the wide range of approaches taken by the finalists all come with different advantages and disadvantages that might not be suited for all use-cases.
This presentation motivates the need for post-quantum cryptography, offers an introduction to the various techniques used to build quantum-resistant protocols and gives an insight on what to expect in the coming years.
Among the remaining candidates, we selected Kyber and Dilithium - two schemes offering respectively a Key Encapsulation Mechanism and a Signature algorithm- and ported the reference implementations to Go. We deviate from a straightforward code translation in order to preserve the security of the implementation, especially against Side-Channel attacks, and to benefit from Go’s special features to obtain a fast and reliable library. We are open-sourcing the library we developed, and it will be available on Github at the time of the talk. We will go through its API and the way one might use it in their own codebase to obtain quantum resistant protocols.
Currently finishing my MS in Cybersecurity at EPFL in Switzerland, I have a strong interest in applied cryptography, notably towards privacy enhancing technologies, and enjoy using Go to port my ideas from paper to working prototypes. I am passionate about bubbles, photography and bouldering.
Yolan is a security researcher delving into (and dwelling on) cryptography, crypto coding, blockchains technologies and other fun things. He has spoken at Black Hat USA, BSidesLV, Cryptovillage, NorthSec and DEF CON, on topics including automation in cryptography, public keys vulnerabilities, or vulnerability research, and presented at FDTC the first known practical fault attack against the EdDSA signature scheme.
Current main use-cases for dynamic instrumentation include application performance monitoring (APM) and security (RASP). For example, a security team might want to block the latest 0-day vulnerabilities before the code gets actually fixed by the developers, and without asking them to do any modification. But as of today, the main instrumentation strategy for Go has been static code instrumentation, manually applied by developers to their Go source code. This solution is unfortunately limited to the Go packages the development teams can modify, hardly scalable and maintainable, but most importantly not performed by the interested team.
Dynamic instrumentation is here to reduce the friction between dev and ops teams by empowering ops teams with the ability to fully operate their production systems. When having a look at existing dynamic instrumentation solutions, from trap-based instrumentation to binary-rewriting, none of them perfectly suits our production needs for a safe, efficient, and full-stack instrumentation solution of live production systems.
Fortunately, this can be made real, and in pure Go, thanks to the fantastic Go ecosystem, by leveraging compile-time instrumentation adding run-time instrumentation capabilities to the compiled Go program.
What features would you choose to put in a programming language made just for yourself? In 2019, I wrote myself a toy programming language in Go called Ink. Though I didn’t predict it at the time, in the next two years since, I’ve written tens of thousands of lines of Ink programs to build compilers, ray tracers, web apps, and personal dashboards touched by tens of thousands of people and used by myself daily. In this talk, I want to show you how the Ink programming language works under the hood, and share what I’ve learned about language design, making side projects, and tackling big ideas through my two-year journey of designing and building Ink and Ink programs.
Linus is a writer and software engineer from Berkeley, California. He’s written almost 400k words about creative projects, community building, and startups on his blog, where he also shares updates to his collection of side projects from programming languages and compilers to personal productivity apps, UI libraries, ray tracers, art projects, and interactive coding environments. Linus’s most popular side project to date is Tabloid, an esoteric programming language that reads like clickbait headlines.
Ever wonder what that ctx context.Context object is? You’ve probably been copy-pasting it without issue, but you’re barely scratching the surface of this awesome little object. Come learn the simple yet powerful API of a ctx object which can easily improve the health of your RPC ecosystem!
Design of the Context object: Learn about the problem that Context objects were designed to solve and their surprisingly simple design.
Simple API of the context package: Become an expert in the entire API of the context package and context objects.
Useful usage patterns: Apply the design principles and API we just learned into a few common and powerful usage patterns that you can apply to your microservices/RPCs.
Go modules make it easier than ever to include third-party dependencies in your code, but developers are still responsible for understanding what is in those dependencies and keeping them up to date. This problem gets more difficult as projects get larger.
This talk will cover Dan's experience trying to fix a few known vulnerabilities by upgrading dependencies in Kubernetes, and some (possibly) surprising things he found!
Dan Lorenc is a Staff Software Engineer and the lead for Google’s Open Source Security Team (GOSST) He’s been working in the Cloud space for eight years and has mostly focused on open source tools related to building containers easily and securely. He founded projects like Minikube, Skaffold, TektonCD and Sigstore. Dan regularly blogs about supply chain security and serves on the TAC for the OpenSSF.