If you’re writing Go then you’re probably aware that graceful shutdown was added to the http package in 1.8. The HTTP server also adds support for graceful shutdown, allowing servers to minimize downtime by shutting down only after serving all requests that are in flight. — Go 1.8 is released Similarly, If you’re using Kubernetes then I’m sure you’re aware of, and hopefully using rolling updates for your deployments.
I wanted to share a few tips on working with environment variables. I will be mentioning a few libraries specific to Go but the principles should apply to most languages. Keep in mind these are my opinions and come from learnings in a very specific context, feel free to disagree. Don’t auto-load .env files in application code I love .env files — they make my configuration portable and easy to change.
This post was written before Go 1.18 was released, however I am keeping the code snippets up to date as the beta’s and final release become available. It’s been 5 years since I wrote about the most exciting feature of Go 1.8 and there have been significant improvements in the language, toolchain and ecosystem since then. I’m not going to cover any of that… Go 1.18 is around the corner, being set to release in February of 2022, and the release notes already describe a very exciting, albeit small, feature.
I wanted to share a quick story of CVE-2021-32760 and how it relates to some of the lesser-known intricacies of Go Modules. I was working on a project when I noticed the dreaded Security tab had found something! The Security overview listed a single Dependabot alert, how odd — I’m normally very good at keeping my dependencies up to date. The GitHub Advisory Database has a page describing the vulnerability.
I have released my first extension for Visual Studio Code! Entropy Scanner is based on the algorithm that underpins tartufo and truffleHog, but provides real-time feedback on your source code while you are writing it. The extension is open source and can be found on GitHub. Entropy scanners are useful because they can detect certain types of strings without any predefined lists to pattern match against. High entropy strings may contain private keys, auth tokens or other sensitive information that should not be tracked in your version control.
I wanted to point out a few GitHub settings that were new to me. Two-factor authentication, security and analysis features, email privacy and GPG keys are fairly new and not required by default.
I forgot to mention that I was on the Go Time podcast, episode 171, talking about the new embed directive being released in Go 1.16. This was my first time appearing on a podcast, and honestly I think my nerves show. That said, I love this show and hopefully my own small contribution is meaningful in some way.
I gave a talk at the London Gophers meetup about building image filters like those found in Instagram. This talk covers what I learnt while building a reference implementation of a simple rendering engine using pure Go, with no dependencies. I cover various kinds of lookup tables, storage formats and although useful… why it’s probably a bad idea doing this in Go. There is source code available at github.
I gave a talk at the London Gophers meetup about introducing Go into an organisation that has existing systems written in different languages. This comes from years of experience working with teams that were comfortable with other languages like PHP, Ruby and Java.
If you’re writing Go then you’re probably aware that graceful shutdown was added to the http package in 1.8. The HTTP server also adds support for graceful shutdown, allowing servers to minimize downtime by shutting down only after serving all requests that are in flight. — Go 1.8 is released Similarly, If you’re using Kubernetes then I’m sure you’re aware of, and hopefully using rolling updates for your deployments.
Firebase is an incredible platform, some of their recent additions like Cloud Functions for static hosting are pretty amazing. However, I’d like to share a serious blindspot that I came across while preparing for a product launch. The intent of this post is in no way to discourage anyone from using Firebase. I love Firebase and I recommend you give it a go! This is just an important learning that I wanted to share — hopefully it can prevent you from getting stuck in the same position as me.
You might think that the built-in support for gracefully shutting down http servers is reason enough to be excited for the upcoming Go 1.8. It could also be the proposed sub-millisecond GC pauses. Heck, if you’re having refactoring issues on a Google scale then it could be the controversial addition of alias declarations. Based on my experience, working with small teams and people new to Go, Go 1.8 shipping with a default GOPATH is going to be the most groundbreaking of all new features.