I am a Principle Software Engineer at GoDaddy working on Studio. Previously, I co-founded Next with Shawn and functioned as the Lead Developer & CTO. You can reach me on Twitter or LinkedIn. I share open-source projects on GitHub and have some old creative work up on Dribbble.
I wanted to share a quick story of CVE-2021-32760 and how it relates to some of the lesser-known intricacies of Go Modules. I was working on a project when I noticed the dreaded Security tab had found something! The Security overview listed a single Dependabot alert, how odd — I’m normally very good at keeping my dependencies up to date. The GitHub Advisory Database has a page describing the vulnerability. Just to be clear, this is not an issue with Go itself — but rather a specific version of an open source module.
I have released my first extension for Visual Studio Code! Entropy Scanner is based on the algorithm that underpins tartufo and truffleHog, but provides real-time feedback on your source code while you are writing it. The extension is open source and can be found on GitHub. Entropy scanners are useful because they can detect certain types of strings without any predefined lists to pattern match against. High entropy strings may contain private keys, auth tokens or other sensitive information that should not be tracked in your version control.
I wanted to point out a few GitHub settings that were new to me. Two-factor authentication, security and analysis features, email privacy and GPG keys are fairly new and not required by default.
I gave a talk at the London Gophers meetup about building image filters like those found in Instagram. This talk covers what I learnt while building a reference implementation of a simple rendering engine using pure Go, with no dependencies. I cover various kinds of lookup tables, storage formats and although useful… why it’s probably a bad idea doing this in Go. There is source code available at github.
I gave a talk at the London Gophers meetup about introducing Go into an organisation that has existing systems written in different languages. This comes from years of experience working with teams that were comfortable with other languages like PHP, Ruby and Java.
If you’re writing Go then you’re probably aware that graceful shutdown was added to the http package in 1.8. The HTTP server also adds support for graceful shutdown, allowing servers to minimize downtime by shutting down only after serving all requests that are in flight. — Go 1.8 is released Similarly, If you’re using Kubernetes then I’m sure you’re aware of, and hopefully using rolling updates for your deployments.
Firebase is an incredible platform, some of their recent additions like Cloud Functions for static hosting are pretty amazing. However, I’d like to share a serious blindspot that I came across while preparing for a product launch. The intent of this post is in no way to discourage anyone from using Firebase. I love Firebase and I recommend you give it a go! This is just an important learning that I wanted to share — hopefully it can prevent you from getting stuck in the same position as me.
You might think that the built-in support for gracefully shutting down http servers is reason enough to be excited for the upcoming Go 1.8. It could also be the proposed sub-millisecond GC pauses. Heck, if you’re having refactoring issues on a Google scale then it could be the controversial addition of alias declarations. Based on my experience, working with small teams and people new to Go, Go 1.8 shipping with a default GOPATH is going to be the most groundbreaking of all new features.