I have recently been frustrated by one thing: there is practically no library for caching singleton values. The thing is most caches are designed to keep a lot of things in one caching container. What if I did not need the key-value generic map? So I have decided to create one myself. This was not very painful, but I feel strange that practically no-one has done this before. Sincerely, I am writi
A common problem with a familiar shape: a process can dial outbound to the internet, but nothing on the internet can dial it back. Your dev server on a laptop. A service in a private VPC. A homelab app behind your router. A container in a pod with no ingress. Same shape every time — outbound works, inbound doesn't. rift is a small Go binary I built to solve that. Run it as a server on a VPS you ow
What if your Kubernetes cluster simply refused to run unsigned images? I spent some time experimenting with enforcing image provenance in a small Kubernetes setup using MicroK8s. The idea was simple: Only container images with valid cryptographic signatures are allowed to run in the cluster. For this I used: GitLab CI/CD (build + signing pipeline) Cosign / Sigstore (image signing) Kyverno (admissi
TL;DR. golang.org/x/net/idna.Lookup.ToASCII runs UTS-46 NFKC mapping 0-9. A pre-IDNA net.ParseIP check rejects the NO_PROXY lists, TLS-SNI routers, and cookie-domain validators that TrimRight + ParseAddr golang.org/x/net/http/httpproxy, the canonical safe pattern, and two I ran into this one while writing a Go HTTP client for a private project. I idna.Lookup.ToASCII canonicalising the host The sha
Israel national security minister served gold death penalty noose birthday cake
This isn't an anti-Go post. Go is a great language. This is about what I want to understand. I just finished building an L7 HTTP load balancer in Go. It accepts connections. It parses HTTP headers. It forwards requests to backend servers using round-robin. It handles concurrent connections with goroutines. It has health checks. It works. And somewhere in the middle of it working, I realized I didn
I was working on a personal project recently. A job scraper. And in the process, I came across a pattern that’s genuinely changed how I think about structuring backend systems in Go. It's called the Pipeline Pattern. And as it turns out, it actually shows up in a lot of places - payments, analytics, APIs, etc. In this article, I’ll be walking you through it using my job scraper project. Which is a
Most teams I have worked with have one auth test in their suite. It looks like this: test('valid token verifies', () => { const token = signSync({ sub: 'user-1', aud: 'api://backend' }, secret); const result = verify(token, options); expect(result.valid).toBe(true); }); That test is fine. It is also a smoke test, not a regression suite. It catches the case where verification is completely b