Is It Tuesday Again?

Hi ,

While the past weekend was longer than usual, due to a public holiday over here, it didn't give me a chance to complete this newsletter on time. Or to complete it at all in the way I planned. As I'm writing this, I sit in front of two unfinished Spotlights I intended to include in this issue. (Nah, not both at once; I rather switched from a subject I considered "long" to one that seemed "shorter," only to discover that I wouldn't be able to finish either one on time. (It's 10:30pm right now, and I'm even unbothered about using nested parens to finish the intro before midnight.))

I couldn't even come up with a good hook derived from the featured articles. They're so different from each other. No leitmotif, no "read thread", as we say in Germany (and "leitmotif", btw, is also of German origin. (Ha, another set of parens.)) Oh, is "German" a good topic maybe, while we're at it? News from Krautland?

Nah.

Better just go ahead and jump right into the articles, while I'm making meticulous but ineffective plans on how to finish a Spotlight by next weekend. ¯_(ツ)_/¯

–Christoph

Featured articles

Introducing the pkg.go.dev API

Do you love pkg.go.dev? Now you can share that love with your tools! Go's package directory got a REST API.

The 10 Go Error Handling Commandments · Preslav Rachev

Sure, there are quite a few ways to get error handling wrong. But error handling isn't rocket science. Ten rules to grok, clear and concise, make a gopher healthy, wealthy, and wise.

The maintainer's dilemma | spf13

Steve Francia, creator of Cobra and Afero, faces hundreds of issues and PRs on his projects, and he isn't the only one. AI to the rescue?

Podcast corner

086: Just use postgres, man

Should you reach for ClickHouse before you have the scale to justify it? Dominic and Morten debate database tradeoffs, shipped new version of DeployCrate and StaticBackend, and are concerned about what AI-assisted coding may be doing to their (and everyone's) skills.

(AI) Some imp(AI)ortant sec(AI)urity fixes (AI). And AI is every(AI)where!

Jonathan Hall and Miriah Peterson cover Go security releases, proposals, and ask the hard question: Do language-specific conferences still matter in times of AI?

More articles, videos, talks

The implementation of select in Go

select, the concurrency-ish sister of switch, exposes an elegant mechanism for concurrent flow control. But how much, and what kind of, complexity does select hide beneath its tidy surface?

Testing Go CLIs with testscript

go test is made for unit testing, right? So, for integration tests, you use... go test.

Wot?!

The trick for doing this is buried in Go's source code. But it's not Go code...

I built a Slack client because :wave: was lagging | Grant Ammons

Two seconds.

Two short seconds are the reason why this Slack client exists.

Configuring a Go HTTP Server for Unencrypted HTTP/2 (h2c) | ClarityBoss

"HTTP/2 cleartext"...? Wouldn't this be just plain HTTP? No, HTTP/2 knows only secure transfer, unlike HTTP/1.x. Okay, so why not just juse HTTP/1.1? Well, the author's situation is a bit special: Cloud Run terminates TLS at the perimeter but has a known issue with using HTTP/1.1 between the TLS termination point and the backend. Fortuntately, Cloud Run has an option to forward traffic as HTTP/2 cleartext. And even more fortunately, Go 1.24+ makes using HTTP/2 cleartext quite straightforward.

A regression in code I didn't touch

Imagine you observe a sudden performance regression, and you're pretty dang sure you didn't change the affected code in any way!

It turned out that the root cause is outside the language, buried in modern CPU architecture.

A Practical Guide to Profiling in Go | The GoLand Blog

Sure, a part of the article is about the GoLand IDE, but a large fraction of the article explains profiling in general and is a great read for everyone.

Gobee: write eBPF programs in Go, transpiled via clang

Kernel-side programming for eBPF means writing ugly and error-prone code in the only language that has no way to prevent regular security vulnerabilities caused by memory corruption. Now gobee doesn't make C magicall disappear, but it puts Go in front of it, or, more precisely, a strict subset of Go.

Conf42 Golang 2026 (Playlist)

Videos! Lots of. View talks from Gophers all over the world about topics from all over Gopherland.

mvm - compatibility matrix

Marc Vertes (of yaegi fame) strives to make his Go interpreter mvm as compatible as possible with the standard Go compiler. To track progress, he created a page showing the results of running the standard library's test suites through mvm test.

The state today: 96% of individual test cases pass (about 1,640 of 1,710), but only 61/170 stdlib and 9/50 external packages pass their entire suite. Because sometime, just one missing symbol reds a whole package. I find that gap more useful than any single "X% compatible" number, and watching it shrink is the point.

Dropping Privileges in Go

You know the code you've written. You know what it does and what resources it accesses. But do you know this for all the library code it calls? Can you know this? And what about attackers taking over your running binary?

To minimize the blast radius of malfunctioning code, you could wrap it into a microVM, with quite some execution overhead involved. The lightweight alternative to this is to cut process privileges ruthlessly. Unix-like systems offer plenty of knobs and levers for this.

That one time I used Go panics for flow control

An ugly (the author's word!) but effective solution to the problem of how to cancel a long-running function that doesn't support context cancellation.

Projects

Libraries

Arceus-7/matrix: A clean, generic, zero-dependency matrix math package for Go with support for arithmetic, decompositions, and linear system solving.

More lightweight than gonum/mat, more element types supported, but mat might cover complex use cases better (says the author).

Tools and applications

ccrsxx/api: My personal API for my projects built with Go using modern net/http

I'll let the author speak for this: "The resource improvements is the most interesting part of this migration IMO. My Docker image decreased from 205MB (Node.js) to just 10.1MB (Go), and average RAM usage dropped from ~100MB down to just 10MB. Running this on my server feels so lightweight now. Screenshot: https://i.ibb.co.com/xKvQJRqN/image.png

"Coming from JavaScript world, I honestly disliked Go's error handling at first, it just felt way too verbose. But now I actually love it. Treating errors as real values instead of just throwing exceptions and let it bubble, it makes the code so much more predictable, and it really forces you to think about every possible unhappy path."

phlx0/drift: Terminal screensaver that activates when you're idle — constellations, rain, particles & more. Press any key to resume. Just drift away!

The times of screen burn-in are long gone, along with cathode-ray tubes, but screensavers aren't quite dead yet. Here's one that exclusively saves your terminal's screen and nothing else, featuring various animations, from drifting stars to Conway's Game of Life.

account-center: Self-hosted, OIDC-authenticated portal for internal services and knowledge base articles

So you've implemented OpenID Connect to authenticate and authorize users. But where to send them after login? Account Center is the one-stop shop for freshly logged-in users, showing them the services they can access (through a service catalog) and how to access these services (through a knowledge base).

townsendmerino/ken: Fast hybrid code search for agents. Pure Go, drop-in MCP-compatible with semble.

When LLMs search through code using grep (or ripgrep or the like), they can quickly burn a lot of tokens. Specialized search tools like ken digest codebases for LLM-friendly lexical and semantic search.

Completely unrelated to Go

A Markdown-based test suite

What if your tests were written in... Markdown? Like the Markdown-formatted specs that LLMs love so much, but without any AI around? Julio Merino gave it a try for testing his EndBasic compiler.

The just-say-no engineer was a ZIRP phenomenon

...where ZIRP means “zero interest rate policy”. What happened? During the years when interest rates were zero, tech companies spent money as if there was no tomorrow. Engineering jobs were plenty and highly paid, and just-say-no engineers had an important role in large teams, where they fought against code bloat. Now they've lost their jobs, and AI is creating more code bloat than ever.

The last six months in LLMs in five minutes

The state of the pelican.

We see something that works, and then we understand it – Daniel Lemire's blog

Thinkism is a trap worth thinking about.

(via)

Prompts are technical debt too

"A set of prompts that you carefully crafted in January this year might be out of date or actively harmful by February. Worse still, you might not even notice."