Go

Fuzzy generics

Several months of using 1.18 features
D.go
Alexey Palazhchenko
<p>Several months ago, a new project was started: FerretDB, an open-source alternative to MongoDB. It is a proxy between MongoDB clients/driver and PostgreSQL, developed in Go. Since the very first commit, it used a version of Go which soon will be released as Go 1.18. The two biggest reasons for that were first-class support for type parameters (generics) and fuzzing. In my talk, I will cover both of them: how they work in theory and our practice, how they were useful for us (spoiler: very useful), and what are their downsides and gotchas.</p>
In recent months, we've seen a plethora of supply chain attacks. You all probably remember the log4j vulnerability - impacting literally half of the world's software - and the consequent rush to fix it. A new way to cause the vulnerability was out, at any time of the day. Fixing a widespread vulnerability like log4shell is almost impossible: it requires a lot of coordination and time. During such time windows, the attackers have continued compromising systems using log4shell techniques. People started spending weekends building detection tools for understanding whether someone attempted log4shell compromising their systems or not. Inspecting every network packet on the fly, or petabytes of logs afterward, by looking for lots of log4shell combinations has been unfeasible most of the time, given the crazy number of possible ways to carry out such attacks. I've seen people to DDoS their systems using regular expressions to detect log4shell! Hilarious, isn't it? For this reason, I built a blazingly fast parser using Go and Ragel. Join me in this talk to learn everything about building finite-state machines 20x faster than RegEx, in Go with Ragel. This talk is to give the spotlight they deserve to these two technologies working remarkably well together.

Additional information

Type devroom

More sessions

2/5/22
Go
Maartje Eyskens
D.go
<p>A warm welcome to The Go Devroom at FOSDEM 2022</p>
2/5/22
Go
Jesús Espino
D.go
<p>Slices, Maps and Channels in go, are first class citizens of the language, they are used widely in our day to day work, but… do you know how they works under the hood? Do you know the implications of adding elements to an slice, or new keys to a map?</p> <p>Do you know why you can’t relay in maps order? Do you know how channels handle the buffer or the blocked goroutines? If you don’t know about that, this is your talk. I going to access the go runtime memory state of the maps, slices ...
2/5/22
Go
Carl Johnson
D.go
<p>Error handling is one of Go’s key features. The errors.As helper added in Go 1.13 gives Gophers the tools they need to build their own error domains and ensure that all errors are handled properly across their applications.</p>
2/5/22
Go
Ron Evans
D.go
<p>Last year in "Go Without Wires" we saw how you can use TinyGo to program code that runs directly on Bluetooth devices.</p> <p>Now in "Go Further Without Wires" we will see some of the ways that TinyGo can connect to WiFi networks, and consequently to the Internet itself.</p> <p>This talk will include several actual demonstrations, including a drone.</p>
2/5/22
Go
Bryan Boreham
D.go
<p>The Go regexp package is an extremely competent piece of engineering, with attractive features such as being guaranteed to run in time linear in the size of the input. However, it can be made to go faster.</p> <p>This talk will describe:</p> <ul> <li>how Go regexp works</li> <li>five changes that improve regexp performance</li> <li>the basic profiling techniques used to identify these optimisations</li> <li>further opportunities for optimisation, including via Generics.</li> </ul>
2/5/22
Go
Miki Tebeka
D.go
<p>We'll look into JSON serialztion, starting from the easy cases and moving toward more advanced ones.</p>
2/5/22
Go
Zygmunt Krynicki
D.go
<p>The Go ecosystem has established itself as the language of choice for many cloud and server software. We present arguments that Go is also uniquely suited to thrive for Linux-based embedded development. We present our case in the context of the SysOTA and NetOTA projects</p>