Go Open Source
Recently we wrote about how we transliterated a large Python codebase to Go. In doing so we ended up porting or writing some useful things we had already written in Python or Python already had. We’ve also written some useful tools for understanding and debugging Go. We’ve decided to open source these Go libraries and give them back to the community as a way of saying thanks.
Go has an excellent, albeit young, builtin TLS library in its standard library. However, there are a few critical complications with its young age.
- Go TLS does not support hardware accelerated crypto.
- Go TLS does not have wide support for backwards compatibility with less secure and older protocol versions (a good thing, until you have no other option).
- Go TLS does not give much control over the certificate validation process, which makes it difficult or impossible to add additional checks and validations.
- Oh, and Go TLS is vulnerable to timing attacks.
At Space Monkey, we needed the hardware acceleration, certificate validation customization, and didn’t want timing attacks. So we wrapped OpenSSL and got significant speed improvements over Go TLS.
Then the internet found out about the “heartbleed” bug.
We’re still betting on OpenSSL. Heartbleed was a nasty bug, but it and the subsequent bugs found are now fixed, and the OpenSSL project is stronger than ever.
You can find out more here:
Go errors are simplistic at best. While we in no way are interested in capturing Python’s exception throwing semantics in Go, we did miss getting stack traces of error creation sites, exception hierarchies, and a few other things. Our hierarchical error library mimics many of the features we used exceptions for in Python, while remaining idiomatic Go.
Python had leveled and hierarchical logging. While the glog package provides the levels, it doesn’t match the abilities we had in Python to set up different logging handlers per package. So, we wrote a flexible leveled logging library that easily supports structured and unstructured output targets based on configurable named loggers.
Our Python codebase had many function calls instrumented to collect and report timing data using a system that provided function decorators. This is what we came up with for Go.
We open sourced this a while ago, but we’ve submitted significant changes to the package since our original release. This library extends Go’s flag library to include working with flagfiles, as gflags does, in addition to some other small extensions. It was extended to support config files written using a subset of Python’s ConfigParsersyntax.
We got lots of requests for releasing some of our Python projects as well; we anticipate open sourcing more things, but these are what we have ready to go for now.
Want to work on Go?
We’re a small team based in Salt Lake City, and we’re looking for Go developers! Drop us a line.
Originally published on May 12th, 2014 by JT Olds