Speakers

Unlocking Ebpf from Go

The eBPF VM lets you run small snippets of C code inside the Linux kernel. That code can communicate with a user land program, which you can write in Go. The use cases for eBPF are endless, and demand for replacing outdated tracing, networking, debugging, and security systems using it continues to rise astronomically. This talk will introduce eBPF to the audience, demonstrate it’s power, offer solutions to common challenges, and dive into how attendees can start writing their own eBPF code.

In particular this talk will address the number one criticism of eBPF, it’s useability. There are a handful of different packages that Go developers can use for interacting with eBPF, but there’s no consensus on which is best. By the end of my talk, attendees will understand the direction the community is moving towards and feel inspired to start writing Go to leverage the awesome superpowers of eBPF!

Create Your Go Projects with TDD in Mind

One of the misguided norms of Software Engineering is prioritizing code over tests. In college, I was taught the fundamentals of programming and Computer Science by writing code first. I learned that to value code meant to write the most efficient, and readable code. While this isn’t wrong, I’ve come to learn that valuing our code can go a level deeper than that. Valuing our code means adopting a completely different mindset and culture.

It means writing your tests first. That’s right. Write your tests first, before you write any piece of your project’s source code. This, my friend, is called Test Driven Development (TDD for short).

In this talk, I won’t just give you the what, why, when and how’s of TDD. I’ll also be sharing my story on how I switched from writing server code in Node.js to Go, how I discovered TDD, and how the stars aligned to inspire me in promoting TDD to new Go developers.

If you’re a new Go developer who wants to level up your Go coding skills while, at the same time, reap the benefits of TDD (I’m talkin’ optimal test coverage with cleaner code, superb code readability and MORE), then this talk is for you.

Audio Programming with Go

Warming Up
In this talk we will explore the field of Audio Programming using Go. The talk will start with a short explanation of what “Computer Audio” means and how those 1s and 0s eventually go through our headphones as something intelligible, be it your favourite song, podcast or anything else.

Simple sounds
After the explanation of how we can reason about the audio, we will make our way through building a program that can create a monotone sound. To do this, we will generate a sine wave that audio programs can interpret and output. Again nothing but the standard library will be used here, as we will be writing it directly to a binary file without any overhead of common filetypes such as .mp3 / .wav.

A bit more advanced - Sample Rates, Frequencies and Amplitudes
Once we have seen how to create such a simple sine wave, we will make our way up to more complex waves. But first, we’ll have to introduce a few concepts such as the Sample Rate, Frequency and Amplitude. We’ll walk through how they change the waves, as well as how our perception of the sound changes along with it.

Oscillators
Next we’ll dive into oscillators, these are the part of the program that allows us to generate different soundwaves, such as sine, square, upward sawtooth, etc… With these, we will add a lot of flexibility to how our audio will sound like. After we have done the setup for the oscillators, we will see how easy it is for a user to generate different sounds.

Making music - From notes to music
In this section of the talk we will briefly take a look at how we can turn musical notation (things like “A, C#, Cb, ..”) into actual sound using the oscillator we created in the previous part. In order to understand what is happening here, we will briefly look at musical scales and how they impact the music we create today. A high-level overview will be given of some of the concepts that will make the music sound more ‘natural’ to our ears.

Wrapping up - GoAudio
To wrap up, we will take a small look at GoAudio, a library I built to assist in creating music with Go. Everything we’ve seen so far in the talk is working code from this library, and GoAudio has zero other dependencies. I’ll briefly highlight some of the other functions we could not cover in-depth in this talk, such as spectral analysis, envelope extraction and harmonic sounds.

Numbers Are Just Numbers, or How Go Avoided the Integer Promotion Footgun

Compared to its direct ancestors, Go does not support inter promotion for number types; the compiler will not help you out if you want to add two integers of different types. This seems like an annoying oversight, but in practice it is rarely a problem, and avoids one of the biggest sources of subtle programming errors; undefined behaviour arising from integer promotion.

In this talk I’ll touch on the history of numeric types in early computer hardware, back in the days when numbers were just binary–sometimes decimal–integers and the programmer was responsible for remembering where the decimal point went and how early languages like FORTRAN existed in part to free the programmer from the error prone floating point management.

A decade later hardware support for numeric types evolves triggering an evolution in programming languages from word oriented languages like Richard’s BCPL to the byte oriented languages of C, C++ and Java. Now numbers aren’t just numbers any more; byte, char, short, int, long, double allow programmers to specify the precision and storage requirements for each field and variable in their program, but raises the question of how will these various types interact. Integer promotion, as solution that probably sounded reasonable when integers were 16 bits, haunts those languages through the spectre of underlined behaviour.

In contrast Go has no integer promotion, forcing the programmer to ensure that all the types of an expression are the same. Yet as draconian as this statement sounds, Go programmers are rarely aware of this because the countervailing force of one of Go’s greatest contributions; untyped, unsized, ideal constants.

Demystifying Technical Debt

Several articles and books have discussed how technical debt grows and changes. However, I’ve yet to find a good exact definition and a way to measure it. This talk analyses how you could measure it, how to make smarter decisions and how to maintain software over decades.

I will cover technical friction in all shapes and forms and how it impacts development over time. Then I’ll give a metaphor to understand technical friction intuitively. I’ll also cover perceived and estimated technical friction, and how people can go wrong with both of them. Finally I’ll show how perceived and estimated friction give arise to technical debt.

Once you understand technical debt it won’t be a scary monster that kills your software, but an understandable side-effect of software development and progress.

The talk is intended for all-levels.

Designing Payloads for Event-Driven Systems

As modern software architecture evolves and we adopt event-driven systems into our practice, let’s take time to get into the nitty-gritty of designing the payloads that actually carry those events around. With strategies for which fields to include and how to handle changes to the data structure as the requirements evolve, this session has real-world advice to keep you on track.

When it comes to data formats, choosing between self-contained formats such as JSON or XML, or a serialization format like Avro, this session covers how to design an approach that fits your application and platform. The session includes examples of using event-streaming tools such as Kafka with your Go application and offers to gotchas to avoid when teaching your applications to play nicely together.

The Dark Side of Go: A 2020 Go Malware Round-Up

As Go has become a popular programming language among application developers, some malware authors have also jumped on the same bandwagon. Many of the features offered by Go, such as battery-included design, ease of cross-compiled binaries and powerful standard library, are fully utilized by malware authors to achieve their goals of stealing secrets, making money or just destruction. In the last few years, we have seen a steady increase of more malware written in Go. This, together with some of the uniqueness of Go’s binary format, has led to classic security tools having a hard time keeping up with this new threat. As a consequence, many of these attacks go by unnoticed until it is too late.

This presentation will take a look at some of the major malware attacks from 2020 that used malware written in Go. We will see how Go was used in espionage attacks against two Eastern European countries’ ministry of foreign affairs and attacks from a Russian intelligence agency against COVID-19 vaccine researchers. In addition to nation-state malware targeting Europeans, we will also take a look at how malware written in Go was used to target oppressed minority groups in Asia.

Cybercriminals have also been using Go in their toolset and we explore how they have used ransomware written in Go to take down parts of big companies such as Honda and Whirlpool, to compromising cloud environments for cryptomining.

In this unorthodox talk at a developer conference, the audience will get a taste of the (mis)uses of Go that happen behind our backs. So follow me as we take a look at what happened over on the dark side during the year 2020 that we all just want to forget and wish never happened.

Best Friends Forever(BFFs): Lambda and Go Apps

Engineers often think of serverless functions as background workers for tasks like file processing or event processing. Serverless functions like AWS Lambda have so much more potential and should be top of mind when building Go web applications.

In this talk, we will demonstrate how easy it is to build a serverless Go web application using AWS Lambda and Amazon API Gateway. Choosing to build a serverless web application allows us to easily build scalable applications and removes a wide variety of concerns, enabling us to focus on writing awesome application code.

Most of the beginner Go content on the topic of web apps doesn’t consider going serverless, even though it can be more efficient, less verbose and easier to work with. The content in this session will be very useful to those starting out with Go or learning about serverless.

This talk is co-given by Adelina Simion and Xiao Liu.

Terminal Emulator Basics in Golang

Have you ever wondered what happens when you type something on your terminal? Why signal interrupts such as Ctrl-Z exist? Why are they called terminals in the first place? This talk will answer these questions and more. We’ll cover the basics of the TTY subsystem and build a simple terminal emulator in Go.

Talk outline:
- Introduction: A brief background of the current state of the TTY subsystem
- Why PTY?: This section explains how Linux PTY works
- 10-minute Codelab: Build and run a simple terminal emulator in Golang
- Conclusion: We use terminals all the time, some of us all day most days.

Why It Takes a Team of Engineers Just to Process Events in Realtime

Data management architectures are changing dramatically. Users and businesses alike have come to expect short feedback loops that require migrating historically batch-based workloads to streaming workloads.

Batch based data pipelines have typically been favored because they’re forgiving in performance and error handling concerns making them easy to write and scale, but have the major downside of having to wait hours or sometimes days to get results. Converting the same insights to streaming workloads introduces new failure modes and availability challenges, but the benefits of the shortened feedback loop lead to faster returns on investment.

Scaling streaming data pipelines is no small feat however. Segment processes hundreds of petabytes of event data per day, exactly once, with reliable processing and delivery but it took a long time and many bright engineers to get here. Come learn from an experienced Go programmer about how to plan, build and maintain these systems and take actionable advice back to your organization to improve your data infrastructure!

Fusing Io/Fs with Gopls: Building a Cloud-based Go Editor from Scratch

Using gopls is great for code intelligence, but can be challenging to run in a web-based editor environment where sessions can be quite short and setting up the full filesystem for gopls can be expensive. At Encore we’ve built a much more lightweight way of running gopls, by creating an io/fs filesystem that streams directly from a remote Git repository combined with a FUSE filesystem.

In this talk we’ll dive into the solution, how each part works and how they fit together, and demo the final result. We’ll also announce the open-sourcing of these components to make it easier for others to build upon these ideas.

Talk Outline
- Introduction & problem statement
- Why is this useful and how are we approaching it?
- Overview of what the final architecture will look like
- Overview of the Language Server Protocol & gopls
- The new io/fs package
- Building an io/fs.FS implementation that streams from git, over gRPC
- Introduction to FUSE
- Building a FUSE adapter for io/fs with go-fuse
- Live demo of completed solution

Function Inlining

The Go compiler tries to make good decisions for you, and doesn’t provide you with many knobs to turn. In the general case, the small runtime cost of a function call is not something we should worry about. However in the critical “hot path” section of our code, inlining is very useful, i.e. having the compiler replace a frequent function call instruction with the full function body. This trades a few KB of executable size for a more efficient execution, essentially avoiding executing the function prologue.

We’ll see how the compiler has improved over the years, and why mid-stack inlining is important. We need to understand a few specific compiler rules, if we want to enable inlining for a specific important function.

Beyond the simple cost of a “function call and prologue”, we’ll see that inlining effectively enables further fascinating compiler optimizations based on static analysis of code with more hints about the actual context at call site: Constant propagation, Bound check elimination, Instructions Reordering, Dead code elimination.

Derisking Migrations of API Backends

This talk will discuss in detail how backends for API endpoints can be seamlessly migrated with zero downtime and no business impact. We will learn about the Strangler design pattern for managing the migration, how to put it into practice with techniques like traffic shadowing and traffic splitting, and how this can be achieved with a gateway service built in Go. Using examples from a recent migration effort, the speaker will also share some tips on what metrics to monitor and what additional tooling can help to ensure the migration stays on track and disaster-proof.

OpenTelemetry for Dummies: Instrumenting Go Apps

Though tracing technologies are not necessarily a new concept only in the recent years it gained enough traction to become one of the key dimensions required to build observability stacks. Undoubtedly the major force behind this traction are the standards created to help developers to collect telemetry data from their applications, such as OpenTelemetry—an observability framework for cloud-native software.

OpenTelemetry provides a single set of APIs, libraries, agents, and collectors that ensures technology agnostic collection of traces and metrics—but the implementation for each programming language is different. While Java has an agent capable of automatically instrumenting the JVM with additional bytecode, other programming languages like Go have to handle this instrumentation manually.

But Go developers have nothing to fear. This talk will explain in a for-the-rest-of-us style how to instrument applications written in Go and how to send the telemetry data to a backend using a collector.

The Joy of Docs, or, Technical Writing for Developers and Engineers

Technical writing is rarely taught in code schools and CS programs or listed among the qualifications for an engineering job. Yet users rely heavily on documentation to use the tools they need to use. Not only that, decisions about which tool to use often take into account the availability of quality documentation. It’s important not to leave the task of writing docs to technical writers who may not fully understand the underlying technology or use cases. This talk will teach you the basics of technical writing–from tutorials and API documentation to pull requests and release notes - so you can increase adoption of your software and keep your users–and your coworkers–happy.

Best Friends Forever(BFFs): Lambda and Go Apps

Engineers often think of serverless functions as background workers for tasks like file processing or event processing. Serverless functions like AWS Lambda have so much more potential and should be top of mind when building Go web applications.

In this talk, we will demonstrate how easy it is to build a serverless Go web application using AWS Lambda and Amazon API Gateway. Choosing to build a serverless web application allows us to easily build scalable applications and removes a wide variety of concerns, enabling us to focus on writing awesome application code.

Most of the beginner Go content on the topic of web apps doesn’t consider going serverless, even though it can be more efficient, less verbose and easier to work with. The content in this session will be very useful to those starting out with Go or learning about serverless.

This talk is co-given by Adelina Simion and Xiao Liu.

Panel: Go Security

Panel: Go Tooling

Panel: Go Tooling

Panel: Go Security

Panel: Go Tooling

Panel: Go Tooling

Panel: Go Tooling

Panel: Go Security

Panel: Go Security

(Neural) Natural Language Processing in Go

Are you loving Go? But you’re having an affair with NLP?

In this session, Matteo will talk about spaGO, a lightweight Machine Learning library written in pure Go designed to support relevant neural architectures in Natural Language Processing.

spaGO makes it possible to create and train your own neural model, or import a pre-trained one from Hugging Face and FlairNLP, without moving to other languages and without the burden of third-party deep learning frameworks (so the deployment is just a single executable for your server!).

Matteo will tour the spaGO library’s main packages in a top-down fashion, providing a quick overview of 1. the built-in NLP modules served via gRPC and HTTP JSON API; 2. the straightforward implementation of well-known neural models (e.g., MLP, LSTM, BERT); 2. the underlying mechanism of the internal machine learning framework;

By the end of this talk, you will know how to exploit in your own projects the potential of state-of-the-art neural models for Named Entity Recognition, Sentiment Analysis, Question-Answering, and much more.

Between Order and Chaos: Creating Immersive Generative Art With Go

Generative art is a unique form of artistic expression, building bridges between computer programming, randomness, and visual aesthetics. It has kept my imagination for over a decade. While I have never been particularly skilled at drawing, I have always been amazed by what one could achieve with a couple of lines of code. At the beginning of this year, I wrote and and self-published a book about the use of Go as a language for graphics and generative art programming.

Unlike popular choices such as Processing, NodeBox, openFrameworks, etc., I picked Go for two simple reasons:

Go’s syntax is easy enough that virtually anyone can learn it quickly. The language is far more versatile than what most programmers use it for.

I am hoping that my talk will give the audience a new perspective about their favorite language, and the chance to discover an artistic side they did not know thy possessed.

Pion WebRTC: Real-Time Communication for Conferences, Broadcasts, Remote Control and Robotics all in Go!

Learn about the amazing things you can build with Go and WebRTC. Sean will start from the basics and talk about what features WebRTC gives you, and the challenges it has to overcome. He will run through the basics of building with Pion WebRTC and after that a quick showcase of all the amazing Go projects being built with WebRTC.

Dynamic Go Instrumentation for Production Environments

Current main use-cases for dynamic instrumentation include application performance monitoring (APM) and security (RASP). For example, a security team might want to block the latest 0-day vulnerabilities before the code gets actually fixed by the developers, and without asking them to do any modification. But as of today, the main instrumentation strategy for Go has been static code instrumentation, manually applied by developers to their Go source code. This solution is unfortunately limited to the Go packages the development teams can modify, hardly scalable and maintainable, but most importantly not performed by the interested team.

Dynamic instrumentation is here to reduce the friction between dev and ops teams by empowering ops teams with the ability to fully operate their production systems. When having a look at existing dynamic instrumentation solutions, from trap-based instrumentation to binary-rewriting, none of them perfectly suits our production needs for a safe, efficient, and full-stack instrumentation solution of live production systems.

Fortunately, this can be made real, and in pure Go, thanks to the fantastic Go ecosystem, by leveraging compile-time instrumentation adding run-time instrumentation capabilities to the compiled Go program.

When Toy Languages Grow Up

What features would you choose to put in a programming language made just for yourself? In 2019, I wrote myself a toy programming language in Go called Ink. Though I didn’t predict it at the time, in the next two years since, I’ve written tens of thousands of lines of Ink programs to build compilers, ray tracers, web apps, and personal dashboards touched by tens of thousands of people and used by myself daily. In this talk, I want to show you how the Ink programming language works under the hood, and share what I’ve learned about language design, making side projects, and tackling big ideas through my two-year journey of designing and building Ink and Ink programs.

Ctx is Key!

Ever wonder what that ctx context.Context object is? You’ve probably been copy-pasting it without issue, but you’re barely scratching the surface of this awesome little object. Come learn the simple yet powerful API of a ctx object which can easily improve the health of your RPC ecosystem!

Talk Topics:

Design of the Context object: Learn about the problem that Context objects were designed to solve and their surprisingly simple design.

Simple API of the context package: Become an expert in the entire API of the context package and context objects.

Useful usage patterns: Apply the design principles and API we just learned into a few common and powerful usage patterns that you can apply to your microservices/RPCs.

Quantum-Resistant Native Go Programs: Taking the (Quantum) Leap

The arrival of Quantum computers threatens the security of cryptography as we know it. To take a step ahead, NIST launched a competition in 2016 to find the best quantum-resistant algorithms. Out of the 105 initial candidate schemes, only 15 were selected as finalists in 2020. The research community has done extensive work on assessing their security and weaknesses, and we are now at a point where we can start using them in practice. Unlike the competition that designated AES as the standard for symmetric encryption, it is expected for multiple schemes to be standardized at the end of this one. Indeed, the wide range of approaches taken by the finalists all come with different advantages and disadvantages that might not be suited for all use-cases.

This presentation motivates the need for post-quantum cryptography, offers an introduction to the various techniques used to build quantum-resistant protocols and gives an insight on what to expect in the coming years.

Among the remaining candidates, we selected Kyber and Dilithium - two schemes offering respectively a Key Encapsulation Mechanism and a Signature algorithm- and ported the reference implementations to Go. We deviate from a straightforward code translation in order to preserve the security of the implementation, especially against Side-Channel attacks, and to benefit from Go’s special features to obtain a fast and reliable library. We are open-sourcing the library we developed, and it will be available on Github at the time of the talk. We will go through its API and the way one might use it in their own codebase to obtain quantum resistant protocols.

Quantum-Resistant Native Go Programs: Taking the (Quantum) Leap

The arrival of Quantum computers threatens the security of cryptography as we know it. To take a step ahead, NIST launched a competition in 2016 to find the best quantum-resistant algorithms. Out of the 105 initial candidate schemes, only 15 were selected as finalists in 2020. The research community has done extensive work on assessing their security and weaknesses, and we are now at a point where we can start using them in practice. Unlike the competition that designated AES as the standard for symmetric encryption, it is expected for multiple schemes to be standardized at the end of this one. Indeed, the wide range of approaches taken by the finalists all come with different advantages and disadvantages that might not be suited for all use-cases.

This presentation motivates the need for post-quantum cryptography, offers an introduction to the various techniques used to build quantum-resistant protocols and gives an insight on what to expect in the coming years.

Among the remaining candidates, we selected Kyber and Dilithium - two schemes offering respectively a Key Encapsulation Mechanism and a Signature algorithm- and ported the reference implementations to Go. We deviate from a straightforward code translation in order to preserve the security of the implementation, especially against Side-Channel attacks, and to benefit from Go’s special features to obtain a fast and reliable library. We are open-sourcing the library we developed, and it will be available on Github at the time of the talk. We will go through its API and the way one might use it in their own codebase to obtain quantum resistant protocols.

The Dependency Jungle: Supply Chain Security and Kubernetes

Go modules make it easier than ever to include third-party dependencies in your code, but developers are still responsible for understanding what is in those dependencies and keeping them up to date. This problem gets more difficult as projects get larger.

This talk will cover Dan's experience trying to fix a few known vulnerabilities by upgrading dependencies in Kubernetes, and some (possibly) surprising things he found!

Workshop: Profiling and Tracing Go Applications

[Requires a Separate Ticket]

Please note that this workshop requires a separate ticket.

Please click here for workshop details

Workshop: Profiling and Tracing Go Applications

[Requires a Separate Ticket]

Please note that this workshop requires a separate ticket.

Please click here for workshop details

Workshop: Application Security

[Requires a Separate Ticket]

Please note that this workshop requires a separate ticket.

Please click here for workshop details

Workshop: Practical Go, The Skills You’ll Need to Work with Go

[Requires a Separate Ticket]

Please note that this workshop requires a separate ticket.

Please click here for workshop details

Workshop: Practical Go, The Skills You’ll Need to Work with Go

[Requires a Separate Ticket]

Please note that this workshop requires a separate ticket.

Please click here for workshop details