thepudds
LightNews LightNews
thepudds.bsky.social
thepudds
@thepudds.bsky.social
1.2K followers 160 following 140 posts
Go contributor. Posts tend to be about #golang, performance, fuzzing, and Go Modules. He/him. https://github.com/thepudds
github.com
Posts Media Videos Starter Packs
Reposted by thepudds
mpvl.io
Marcel van Lohuizen @mpvl.io · 9h
I'm proud to officially announce CUE Labs!

I co-founded CUE Labs with @myitcv.io to build a Configuration Control Plane, solving config chaos with CUE. Our work also provides the stewardship for the @cuelang.org open source project.

Read our launch post: cue.dev/blog/announc...
A World Without Configuration Chaos: The Configuration Control Plane
Imagine a world where you can answer, with absolute confidence, the critical question: “What is the full impact of this change?” A world where configuration isn’t a source of fear, but a source of rel...
cue.dev
1 3 17
Reposted by thepudds
mvdan.cc
Daniel Martí @mvdan.cc · 9h
So excited to finally share what we've been building at CUE Labs!

Proud to be on this mission with @mpvl.io, @myitcv.io, @rog.bsky.social, @hylomorphism.bsky.social, and @dominikdm.bsky.social.
A World Without Configuration Chaos: The Configuration Control Plane
Imagine a world where you can answer, with absolute confidence, the critical question: “What is the full impact of this change?” A world where configuration isn’t a source of fear, but a source of rel...
cue.dev
4 21
Reposted by thepudds
prattmic.com
Michael Pratt @prattmic.com · 1d
For some added fun, also see go.dev/cl/715362, wherein I discover that VPCOMPRESSQ is horrifically slow on AMD Zen 4, but only with a memory destination.

And thanks to @lemire.bsky.social for writing about this, which made this much faster to track down!
Gerrit Code Review
go.dev
2 7
Reposted by thepudds
prattmic.com
Michael Pratt @prattmic.com · 1d
If you have an interest in understanding garbage collection better, or in how Go's new GC works under-the-hood, I highly recommend reading @michael.express's thorough guide through Go's current and Green Tea GC.
golang.org Go @golang.org · 1d
“The Green Tea Garbage Collector” by Michael Knyszek and Austin Clements — https://go.dev/blog/greenteagc

#golang
1 6 27
Reposted by thepudds
filippo.abyssdomain.expert
Filippo Valsorda @filippo.abyssdomain.expert · 6d
I am using it to test our Go modules against the latest versions of their dependencies (with "go get -u") on a schedule, to be notified early of compatibility issues, but without the supply chain attack risk or the Dependabot churn.
1 1 13
Reposted by thepudds
blainsmith.com
Blain Smith @blainsmith.com · 7d
Resurrecting an old post about how I write HTTP clients in Go since I am doing this again for the 89432894023 time.

blainsmith.com/articles/how...

#GoLang #HTTP
How I Write HTTP Clients - Blain Smith
blainsmith.com
3 7
Reposted by thepudds
steveklabnik.com
Steve Klabnik @steveklabnik.com · 8d
I see a future in #jj-vcs: steveklabnik.com/writing/i-se...
I see a future in jj
Blog post: I see a future in jj by Steve Klabnik
steveklabnik.com
71 48 380
Reposted by thepudds
damienmiller.bsky.social
Damien Miller @damienmiller.bsky.social · 9d
I really do like Golang being "batteries included".

It took only a few hours to write a moderately featureful TLS-terminating reverse HTTP proxy that used nothing outside the built-in libraries.

The only compromise was using JSON for the configuration file. I would have preferred textproto…
5 3 51
Reposted by thepudds
steveklabnik.com
Steve Klabnik @steveklabnik.com · 10d
This is a very cool advanced #jj-vcs workflow: flames-of-code.netlify.app/blog/my-jj-w...
There is life after Git • Flames of Code
Background In my professional work, Azure DevOps (ADO) ended up being the forge of choice. While ADO is reliable for standard Git workflows, it falls short when it comes to stacked Pull Requests (PRs)...
flames-of-code.netlify.app
2 12 41
thepudds.bsky.social
thepudds @thepudds.bsky.social · 11d
Absolutely hilarious.

TBH, though, it probably would not have happened with the original TIE fighter ASCII art:

|A|
|V|

Very nice save by cutting over to:

|-()-|

(Maybe the Star Wars wiki needs to be updated too? Is
@markhamillofficial.bsky.social
the admin on that? 🤔)
1
Reposted by thepudds
filippo.abyssdomain.expert
Filippo Valsorda @filippo.abyssdomain.expert · 12d
Oh my god it actually worked.

This might be my funniest—but totally serious—cryptography engineering contribution.
3 2 29
thepudds.bsky.social
thepudds @thepudds.bsky.social · 15d
@simonwillison.net with some commentary on the new CrossOriginProtection CSRF protection in the http package for #golang 1.25...

🚀
simonwillison.net Simon Willison @simonwillison.net · 15d
Does widespread browser implementation of the Sec-Fetch-Site HTTP header mean we can protect against CSRF attacks without needing those hidden form tokens? It looks like the answer may be a cautious "yes"! simonwillison.net/2025/Oct/15/...
A modern approach to preventing CSRF in Go
Alex Edwards writes about the new http.CrossOriginProtection middleware that was added to the Go standard library in version 1.25 in August and asks: Have we finally reached the point where …
simonwillison.net
2
thepudds.bsky.social
thepudds @thepudds.bsky.social · 15d
FWIW, I think at least some of the early conversation about relying on Sec-Fetch-Site in the Go standard library might have happened here on Bluesky.

(@filippo.abyssdomain.expert with @empijei.bsky.social, @jub0bs.com, others...).

bsky.app/profile/fili...
filippo.abyssdomain.expert Filippo Valsorda @filippo.abyssdomain.expert · Apr 17
I'm looking into github.com/gorilla/csrf to figure out if we could bring CSRF protection to the standard library.

I am 90% sure the secret key is useless: it signs a random token with no metadata, and the attacker can just get and reuse a valid signed token.

Am I missing something?
9
thepudds.bsky.social
thepudds @thepudds.bsky.social · 29d
(SMP support a ~couple months ago, the gvisor network stack running under UEFI more recently, ...)

bsky.app/profile/andr...
andreabarisani.bsky.social Andrea Barisani @andreabarisani.bsky.social · Sep 15
Screw PXE, this means the entire Go TLS and networking stack is available under UEFI.

In seconds I added DHCP and an SSH server to remotely manage my pre-boot environments.

I see much potential.
andreabarisani.bsky.social Andrea Barisani @andreabarisani.bsky.social · Sep 15
Adding networking to go-boot through UEFI Simple Network Protocol.

It took 77 LOCs of pure Go to add the UEFI driver and bridge it to gVisor stack.
thepudds.bsky.social
thepudds @thepudds.bsky.social · 29d
@andreabarisani.bsky.social is the author of the new-ish proposal for bare metal support for Go, which seems to be gathering some momentum AFAICT.

Andrea continues to share some fairly exciting progress... 🚀

( #golang proposal: github.com/golang/go/is... )
andreabarisani.bsky.social Andrea Barisani @andreabarisani.bsky.social · 29d
First ever boot of a TamaGo unikernel in the cloud, here on Google Cloud Compute Engine, automatically deployed from remote userspace!

Looking forward to polish and publish this.
1 3
Reposted by thepudds
jakebailey.dev
Jake Bailey @jakebailey.dev · Sep 30
Fun little Go compiler CL merged today: go.dev/cl/706655

Uninlined generic functions have a "dict" arg, since Go generics are neither erased nor monomorphized, but instead instantiated for each "GC shape" (e.g. T=*int and T=*float64 get the same code, but T=int32 and T=int64 do not).
1 4 20
Reposted by thepudds
steveklabnik.com
Steve Klabnik @steveklabnik.com · Sep 28
Stupid #jj-vcs tricks

andre.arko.net/2025/09/28/s...
stupid jj tricks
This post was originally given as a talk for JJ Con. The slides are also available. Welcome to “stupid jj tricks”. Today, I’ll be taking you on a tour through many different jj configurations that I h...
andre.arko.net
1 8 49
Reposted by thepudds
pcwalton.bsky.social
Patrick Walton @pcwalton.bsky.social · Sep 28
OK, I love this. tl;dr using knowledge of your allocator, speed up linked list traversal by adding a branch that guesses where the next linked list element is and pre-populates the "next" variable to eliminate stalls if the allocations are well-behaved.
2 31
Reposted by thepudds
prattmic.com
Michael Pratt @prattmic.com · Sep 26
If you haven't been keeping up, Go 1.21 reduced overhead from ~10% to ~1%. 1.22 overhauled the format to improve reliability and add information. 1.25 has a built in trace flight recorder. And we have an active proposal (go.dev/issue/62627) for a trace parsing package to enable arbitrary tooling.
proposal: x/debug/trace: add package for parsing execution traces · Issue #62627 · golang/go
As part of #60773 (tracking issue #57175) I've been working on a new parser for the execution tracer, and to save work down the line I've also been trying to come up with a nice API that would work...
go.dev
1 3 12
Reposted by thepudds
prattmic.com
Michael Pratt @prattmic.com · Sep 26
Go's execution tracer is a woefully underutilized tool. It contains tons of information about what is happening at any given moment that you won't get with a profile.

In addition to showing flight recording capabilities, this post provides a nice example of how to use tracing to diagnose a problem.
golang.org Go @golang.org · Sep 26
“Flight Recorder in Go 1.25” by Carlos Amedee and Michael Knyszek — https://go.dev/blog/flight-recorder

#golang
1 9 30
Reposted by thepudds
kakkoyun.me
Kemal Akkoyun @kakkoyun.me · Sep 23
I recently spoke at GopherCon UK 2025 about the hidden power of #Go’s `-toolexec` flag. How it can turn every `go build` into a programmable pipeline for things like error-handling enforcement and observability hooks. Here’s the recording:
Unleashing the Go Toolchain - Kemal Akkoyun
The -toolexec flag hides a super-power in the Go toolchain: it lets you turn every go build into a programmable pipeline. In this session we’ll reveal how a simple wrapper command can inject custom…
youtu.be
2 7
Reposted by thepudds
bboreham.bsky.social
Bryan Boreham @bboreham.bsky.social · Sep 18
My talk from #gopherconuk is up on YouTube!
My take on how map is implemented in Go, and what changed from Go 1.23 to 1.24 and 1.25.

youtu.be/M05t7Q6LbFs

* Talk contains no AI, but does contain pictures of cats.
Swiss Maps in Go - Bryan Boreham
YouTube video by GopherCon UK
youtu.be
2 8
Reposted by thepudds
commaok.xyz
Josh Bleecher Snyder @commaok.xyz · Sep 16
New blog post: Security through intentional redundancy

commaok.xyz/post/securit...
Security through intentional redundancy
When writing a service, it’s very easy to accidentally forget to check permissions or ownership of an object. This code has a gaping security hole in it: func (s *Server) deletePhoto(w http.ResponseWr...
commaok.xyz
2 6
Reposted by thepudds
andreabarisani.bsky.social
Andrea Barisani @andreabarisani.bsky.social · Sep 15
Screw PXE, this means the entire Go TLS and networking stack is available under UEFI.

In seconds I added DHCP and an SSH server to remotely manage my pre-boot environments.

I see much potential.
andreabarisani.bsky.social Andrea Barisani @andreabarisani.bsky.social · Sep 15
Adding networking to go-boot through UEFI Simple Network Protocol.

It took 77 LOCs of pure Go to add the UEFI driver and bridge it to gVisor stack.
9 45
Reposted by thepudds
dave.cheney.net
Dave Cheney @dave.cheney.net · Sep 9
This talk is like the solstice, it appears twice a year :)
1 5