1. 9

    With the disclaimer that I am neither an experienced Go programmer, nor have I worked on large teams, I don’t understand what any of this has to do with being bad for smart programmers. In fact, I would say that many of the deficiencies that the article lists are in fact pitfalls for juniors programmers. Much of it comes down to having a substandard type system, so the compiler and associated tooling can’t give you useful guarantees or feedback. An experienced programmer may be able to keep the code’s requirements in their heads, but most junior programmers should have the compiler check their work, and Go’s design makes it impossible to do this.

    1. 12

      I thought Go was well known for having extremely good static analysis tools. The type system isn’t that powerful, but static analysis isn’t just type systems.

      1. 1

        That’s possible. I’m not in tune with the Go ecosystem enough to know if that’s the case, but this is the first I’m hearing of it. I’d be curious to know what these analyses are and what guarantees they provide.

        1. 5

          The golangci-lint list of linters is probably a good view of what people are using generally.

        2. 1

          The analysis package makes it pretty easy to write them too, with the biggest downside being that for some reason I always struggle spelling analysis correctly 😅

          A simple example to check for copyright comments, and a slightly more complicated example to check if you’re actually calling functions that return a function in defer (defer Fun()()).

          Both go vet and staticcheck are implemented with this.

          1. 1

            I wrote one at a previous job to make sure that event constants were matched up with functions of the correct type. Most helpful because that was a common thing people fat-fingered.

      1. 36

        Without discussing any of the other points, this article (published in late 2020) misunderstands or misrepresents (point 5) the state of go dependency management, citing a 2015 thread about vendoring dependencies. The author may not be the most informed writer.

        1. 22

          Most articles that use “Golang” in the title are not from the most informed writers.

          I’m not overly pedantic about these sort of things, but I’ve noticed for a number of years it’s a fairly accurate heuristic (although hardly perfect, exceptions as well).

          1. 5

            I was told this by an Old Gopher with respect to a readme in a GitHub repo & my response was that I had reflexively done so to make finding it with search engines more obvious since Go has many meanings.

            1. 3

              I list “Golang” on my CV for more or less the same reason (as Go (“Golang”)), and there are plenty of exceptions as well of course: like all heuristics it’s far from perfect. But it holds up fairly well in general.

              The SEO value is probably not all that much; right now my “Statically compiling Go programs” article is the first result on a DDG for both “golang compile static” and “go compile static”, and for Google it’s the second result. It doesn’t use the word “Golang” in either the title or body.

        1. 1

          The other feature you quickly find yourself needing is the ability to use arbitrary objects as keys in a hash map. In languages that don’t support that (Perl, Python, Go, JavaScript until recently) you can use strings as keys, generating a unique string for each key object.

          Go does support arbitrary values as keys.

          1. 2

            With the caveat that the type must be comparable. For example, the type may not be a map, slice (array is ok) or a struct containing a map or a slice.

            1. 2

              This is cool, but it doesn’t seem like it can do most syscalls without stopping the world?

                  1. 17

                    Submitter here; I’ve submitted this not because I think it’s a good idea, but because the requirement for EV SSL certificates is another troubling step in pushing access to users in favor of large incumbent players. How long before deliverability from domains without EV certs is penalized?

                      1. 2

                        I’ve also come across Google’s NSJail.

                        1. 1

                          What a surprisingly neutral comparison, I was expecting some bias since it’s on the bubblewrap FAQ, but was pleasantly surprised that this wasn’t the case. Short and sweet.

                        1. 2

                          If you like k8s, there’s some Helm charts for deploying PiHole to your cluster. It’s been running mostly ok for me here for months.

                            1. 6

                              Where’s Motif.css, CDE.css, & 4dwm.css. This is Lobste.rs! ;)

                              1. 3

                                I would pay real, American money for “Amiga3.1.css”.

                                I’d do it myself but I have negative artistic ability. Like, worse than none.

                                1. 2

                                  I’d be down for FVWM.css or i3.css

                                1. 1

                                  People seem to be having pretty strong feelings about this; I just got downvoted as spam(!) for submitting a Twitter thread with photos of someone else’s hardware project.

                                  1. 1

                                    This thread demonstrates the vastly improved AdLib support with Nuked OPL.

                                    1. 2
                                      • Finally getting around to updating my fm radio rtl_sdr plugin for VCVRack 1.X.
                                      • Reading Naomi Klein’s The Shock Doctrine for my video book club.
                                      • Figuring out how to integrate my home monitor setup with my work laptop, more dongles hooray!
                                      1. 2

                                        All you need to do is create a small native wrapper that opens a new tab in the user’s existing browser and package it in an platform specific installer.

                                        Has anyone created something like this? I’d love to be able to ship an javascript frontend that launches in a new instance of Firefox or Chrome (without most browser decorations).

                                        1. 2

                                          Yes.

                                          Lorca:

                                          A very small library to build modern HTML5 desktop apps in Go. It uses Chrome browser as a UI layer. Unlike Electron it doesn’t bundle Chrome into the app package, but rather reuses the one that is already installed. Lorca establishes a connection to the browser window and allows calling Go code from the UI and manipulating UI from Go in a seamless manner.

                                          1. 1

                                            I think Electron is pretty much what you’re describing, right?

                                            1. 3

                                              I’d like to not pacakge in an entire chromium installation!

                                              1. 1

                                                Ah, I misinterpreted what you meant by “a new instance” of the browser.

                                                I’m not aware of a way to get what you’re describing—it seems like you either need to package an entire browser yourself, or at least as much of it as you need, or else you need to rely on the user’s existing browser and don’t have a way to make it look as if your app is its own separate thing.

                                          1. 1

                                            Does anyone have any good diy dashboard for their home/office? Are people using Magic Mirror?

                                            1. 1

                                              Grafana? Not really it’s ideal use case, but it works fine for me.

                                              1. 1

                                                i’m writing one of those this week too. will make noises here when it’s done. i had to do this part first.

                                                1. 1

                                                  I have a DIY dashboard for my home, it’s running on top of Kubernetes and displayed using a Surface 3 mounted to a wall. Source code here: https://github.com/Xe/maison

                                                1. 9

                                                  I think it would have been really nice for UIs if web browsers had historically supported unix sockets as HTTP endpoints, so arbitrary programs could use the web browser as a local GUI without having to worry about exposing a sensitive API over TCP

                                                  1. 4

                                                    You can bind to 127.0.0.1

                                                    1. 8

                                                      That is not as good. With a unix socket, the listening process can set the usual user/group/other permissions. With a TCP socket on 127.0.0.1 you’re exposing your service to everything on the same machine.

                                                      Plus TCP sockets suck at namespacing. Unix sockets are no worse at namespacing than the filesystem.

                                                      1. 1

                                                        even with things like dbus, there are limits to the security model of unix sockets. I’d much prefer a better capabilities system or we can just accept that auth has to be handled by the receiver in some fashion.

                                                        1. 2

                                                          We’re talking about using a browser as an alternative to a TUI. There would be little point worrying about any model more complicated than marking the socket 0600 because the user who started the tool is the one and only user you want to be able to access the tool’s API.

                                                        2. -1

                                                          you’re exposing your service to everything on the same machine

                                                          Not if you’re using a jail.

                                                          1. 2

                                                            That’s a lot of effort for not a lot of payoff. I don’t remember BSD jails ever being usable by ordinary unprivileged users. ezjail meeded root for example. You’re going to have to put the browser in the same jail too if you want to limit access, which is kind of a non starter. You can’t grant access to only one uid or gid. They were ime always pretty slow and troublesome - you had to arrange a whole root filesystem for each, for starters.

                                                            1. 2

                                                              I don’t remember BSD jails ever being usable by ordinary unprivileged users.

                                                              Which is one of the reasons why unprivileged/rootless containers as provided by e.g. podman are really promising.

                                                              1. 1

                                                                They were always incredibly useful IME.

                                                                1. 2

                                                                  Yeah for like full time sysadmins to set up daemons to run for years. Not for one off things like we’re discussing here.

                                                          2. 1

                                                            Indeed, I’ve seen several applications do exactly this.

                                                            For example Google Refine: https://www.youtube.com/watch?v=yNccGtn3Wb0?t=1m12s

                                                        1. 1

                                                          Worth mentioning that go’s wrapper for this (math/bits) has support for replacing the function call with an inlined instruction-based version in the latest version.

                                                            1. 1

                                                              It would, but it’s out of characters.