Limeleaf@limeleaf@social.coop

"We are a worker-owned cooperative that helps teams build fast, reliable, maintainable software using Go and Rust.We're also building ethical, privacy-focused, and open source products for real people and the #Fediverse. We're currently working on https://limecast.net and https://apply.coop"

https://mastodon.social/@limeleaf@social.coop

Sigh. We are, as a security community, making good progress on some old as well as some new topics. #Rust, #Go, and other memory safe systems languages are going well and having a real impact in reducing memory safety issues - which has been the most important security bug class for decades, and we are finally improving! Compartmentalization and isolation of processes and services have now become common knowledge and the minimum bar for new designs. Security and privacy by design are being honored in many new projects, and not just as lip service, but because the involved developers deeply believe in these principles nowadays. #E2EE is finally available to most end-users, both for messaging and backups.

And again and again, we are forced into having discussions (https://www.theregister.com/2025/04/03/eu_backdoor_encryption/) about breaking all the progress.

Let me be clear for Nth time:
* We *cannot* build encryption systems that can only be broken by the "good guys". If they are not completely secure, foreign enemy states, organized crime, and intimate partners will break and abuse them as well. There is no halfway in this technology. Either it is secure or it isn't - for and against everybody.
* We *cannot* build safe, government-controlled censorship filters into our global messaging apps that are not totally broken under the assumption of (current or future) bad government policies and/or insider attacks at the technology providers (https://www.mayrhofer.eu.org/talk/insider-attack-resistance-in-the-android-ecosystem/). Either one-to-one communication remains secure and private, or it doesn't (https://www.ins.jku.at/chatcontrol/).
* We *cannot* allow exploitation of open security vulnerabilities in smartphones or other devices for law enforcement. If they are not closed, they are exploitable by everybody. "Nobody but us" is an illusion, and makes everybody less secure.

My latest recorded public talk on the topic was https://www.mayrhofer.eu.org/talk/secure-messaging-and-attacks-against-it/, and nothing factual has changed since then. Policymakers keep asking for a different technological reality than the one we live in, and that sort of thing doesn't tend to produce good, sustainable outcomes.

(Edited to only fix a typo. No content changes.)

CC @epicenter_works @edri @suka_hiroaki @heisec @matthew_d_green @ilumium

It's nice when you finish a bit of work that goes well and requires no yak shaving in order to get done.

For the past week I've been struggling again with the #frontend bits of #ONI, the single user #ActivityPub server, when I decided to take a little break and work on something else.

So today I've add support for the traversal resistant file API for the FS storage part of #GoActivityPub. I'm still waiting for the symlink support to be added in the next major #Go version, but other than that we've increased robustness a little bit despite it being designed mainly for full transparency development work and not being run in production environments.

I took some time to collect my thoughts on the age-old argument: what explains the aversion to assertion-based testing frameworks in Go?

https://matttproud.com/blog/posts/testing-frameworks-and-mini-languages.html

In particular:

1. Where did the tension come from?
2. How could it have arisen
3. What is the philosophical basis for it
4. What are the implications of using one of these frameworks?
5. How does the assertion framework question fit in the overall psychological preference space of software developers?

I haven't painted anything #GO-related in some time, for a number of reasons... But the other day I was thinking about S3 and its possible twists, and I decided to go with the flow and paint this #Crowley and #Aziprahale inspired #hands <:

I’m interested in seeing Fedi’s opinion on this. Also reply with a more detailed opinion and your language of choice if you feel so inclined. Boost if you are interested in this too.

When my compiler reports an error, I most often see this as:

色々な言語で作った複数のWASMコンポーネントを連携させる
https://qiita.com/ssc-riosato/items/64137a4517d168ba0fbf?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

Super Secret Ice Cream, of Bethlehem, NH, a James Beard finalist https://www.diningandcooking.com/1997949/super-secret-ice-cream-of-bethlehem-nh-a-james-beard-finalist/ #Apple|GooglePlay #bethlehem #CulinaryArt #download #FinalNominee #food #FoodTopics #FreeWmurApp #GO #JamesBeardAward #JamesBeardFinalist #KristinaZontini #NewHampshire #NewHampshireChronicle #NhIceCreamShop #PrestigiousJamesBeardAward #story #SuperSecretIceCream #Update #VideoPlayer

Well, this is a little worrying. I hope there's a maintainer out there that can find 10 minutes to tag a new version. In the meanwhile using the unstable version works well enough as there's no API changes.

https://mastodon.social/@golang_discussions/114272847659788808

Amazing blog to expand your knowledge in #Rust , #Go , #Python , #JavaScript , and more! Perfect for beginners and those looking to dive deeper… Totally worth checking out!

Leapcell https://leapcell.io/articles

Golang On The PS2 https://hackaday.com/2025/03/31/golang-on-the-ps2/ #SoftwareDevelopment #PlaystationHacks #playstation2 #golang #code #ps2 #Go

Golang On The PS2 - A great many PlayStation 2 games were coded in C++, and there are homebrew SDKs th... - https://hackaday.com/2025/03/31/golang-on-the-ps2/ #softwaredevelopment #playstationhacks #playstation2 #golang #code #ps2 #go

I was trying to read a book on Go and follow along, but struggled for anything to sink in.

After a couple of months of making no progress I decided to rewrite a small #python project in #go

Although I've been moving at a snails pace compared to writing python. I have learned and retained more than just reading a book.

So, we did a thing.

https://github.com/systemd/systemd/pull/36914

Looking to integrate Korifi with your Go applications? I've published a blog post that walks you through connecting to Korifi on a Kind cluster. It includes authentication tips and code examples for getting started. Check it out here: https://gciavarrini.github.io/blog/go_korifi/

@icecolbeveridge Compare the technique of "tewari", from the game of Go, which asks, "Would these moves have been effective if played in a different order?"

(This makes more sense for Go, a game of placement, than for Chess, a game of movement.)

https://senseis.xmp.net/?Tewari

I’m probably one of the few that advocates for 100% Code Coverage.

There may be some justifiable exceptions, but overall it’s just a good practice to avoid something that doesn’t work as expected.

I am trying to go!

Low energy morning, so instead of fixing bugs I'll just add UPX packing on my docker images' binaries.

My day so far... Started with a bunch of broken #Go #code and now I'm staring at a functioning relay wondering what I did right.