1. 13
  1.  

    1. 3

      The quote where Rob Pike says he was making a language for programmers who were just out of school gets tossed around a lot as being something somehow damning of Go, but this really seems like an example of that: Google wants to be able to let junior developers write a web service and quickly audit that they didn’t do anything wrong. This feels like a means to that end.

    2. 2

      Here’s the godoc, which contains some more info: https://pkg.go.dev/github.com/google/go-safeweb/safehttp

      This seems like more of a proof of concept than something people are expected to actually use - is that the case?

      1. 2

        This seems like more of a proof of concept than something people are expected to actually use - is that the case?

        I have nothing to do with the project, but to me it’s a bad sign that they have pull requests that are open (with zero discussion) since 2021 and 2022. A look at the commit history suggests that a small number of people did a bunch of work in 2021 and 2022, but that nearly nothing significant has changed since then. (There are 11 commits since 2022, and most of those are tweaks like linting and gofmt or bumping versions of modules.)

        Maybe this was a side project and the main authors have moved on (to something else as a side project or out of Google)?

    3. 1

      Oh nice, I see they are automatically protecting against Slow Loris DDoS attacks: https://github.com/google/go-safeweb/blob/c2d1215a6a2445915c6971347b2f4bd0c582a519/safehttp/server.go#L99

      1. 1

        Link to the slow loris thing: https://www.okta.com/identity-101/slowloris/