The Smart Gopher Gets The Cheese

Hi ,

You may know the saying: "The second mouse gets the cheese." Sure, it does—after the first mouse got killed by the trap.

Gophers, fortunately, aren't exposed to life-threatening traps, so whenever they fall into one, they always survive to tell the tale. So did the authors of the three featured articles. They observed various constraints and traps: A request body size that can only shrink, apps that leak goroutines, and a tendency to reply to a task like building an AI harness with creating bloated frameworks. And they talk about it so that you don't fall into the same traps. So be a smart gopher, learn from others, and get the yummy cheese faster and easier.

Oh, and there's one noteworthy observation to share. While each topic is unique and interesting in its own right, they all have one thing in common: The solutions involve only simple Go, the standard library, and standard tooling. The power of Go.

–Christoph

Featured articles

MaxBytes Middleware in Go: Same Trap, Different Escape - Viktor Nikolaiev's blog

Changing per-route request body size limits is not easy: Usually, in a chain of middlewares, the one that is invoked first can set maxBytes. All subsequent middlewares can only set a tighter limit; increasing it is not possible anymore.

Viktor Nikolaiev found a way of working around this: By smuggling a pointer in context through the middleware chain, middlewares invoked later can override maxBytes set earlier.

(In a comment, Efron Licht shares another approach: He makes the value a configurable attribute that is accessible to all middleware. Pick your favorite.)

Accepted proposal: a goroutine leak profile in the Go standard library

In Go 1.27, pprof will be able to detect goroutine leaks. But how can a process leak goroutines, exactly? This article gives an overview and explains how pprof's upcoming goroutineleak profile detects leaks and why it doesn't replace uber-go/goleak.

Building Agents in Go Without a Framework

"Agentic AI" is a big phrase, but, in the end, it boils down to a much simpler phrase: "control flow".

Daniel Chalef concludes that Go has all the traits it takes to write effective and efficient agentic runtimes <cough, cough> control flows without requiring sophisticated (er, bloated) frameworks:

"Most teams skip frameworks, because the agent harness (the loop that drives the model) is about forty lines of Go."

Podcast corner

Go's revolving door, live from ElevateDev

Imagine your reputation builds on your .NET and C# skills, and then you're told to write Go. "Panic" might be an appropriate description of your inner state at that moment; at least it was for Luis Ciorone, this show's guest, and his team when their company decided to switch from .NET to Go. But all's well that ends well: The team found that Go's single-binary deployment style, it's simplicity and shallow learning curve (both seniors and new grads became productive with Go within a week!), and it's minimal runtime overhead make Go a highly efficient and enjoyable language to work in.

Also on the show: a critical review of The Primagen's video "I am done with Golang." (Video TL/DR: The Primeagen complains about Go having become too complex and advertises Odin, a language with plain, tedious manual memory management (not even Rust's level of compiler-aided memory management) as his new favorite.)

090: Want financial advice? Here we talk about Go and how we're building businesses using Go

DataStar instead of React? Are AI tools suitable for long-term sustainability? Dominic and Morten discuss these and more questions in this week's episode.

Quote of the Week: What You See

An LLM can generate a straightforward Go function and I can review it in seconds, because there are no hidden decorators, no annotation-driven behavior, no framework doing half the work behind my back. What you see is what runs.

– Preslav Rachev

Just what I keep saying. Go is in the sweet spot of languages being understandable to humans and LLMs alike.

More articles, videos, talks

Building a pkg.go.dev TUI explorer - YouTube

pkg.go.dev has a new API (See the May 26 issue. Alex Pliutau felt that an API is nothing without a TUI that plugs into it.

How does struct{} take zero bytes in Go

The article mentions that the Swiss table implementation of Go maps (new since Go 1.25) causes a map with struct{} values to take the same space as a map with bool values, not less. This is actually a regression. A fix is already available as a Go Experiment.

The Reflect Package | Internals for Interns

Reflecting on reflect (apologies for the worn pun). Jesús Espino explains how reflection uses metadata compiled into the binary to examine types and values at runtime.

(A caveat emptor seems due at this point: Beware of using certain methods of the reflect package, or, at least, carefully justify the usage, as using them will inflate the size of the binary.)

Announcing the next generation of Distrobox

Distrobox (tagline: "Use any Linux distribution inside your terminal") is moving from 100% shell script (!) to Go. 🥳

Projects

Tools and applications

goposta/posta: Self-hosted email delivery platform that enables applications to send emails via HTTP APIs while handling SMTP delivery, templates, storage, security, and analytics. Fully self-hostable alternative to services like SendGrid or Mailgun.

Someone who worked for a large transactional and marketing email platform points out that "bounce rates are likely going to be REALLY REALLY high running it yourself. Using one of the transactional platforms is mostly paying for the reputation of their IP space." (Emphasis mine.) So you'd still might want to run the email sending step via one of the established platforms.

titpetric/phpscript: phpscript - an inter-operable PHP syntax VM written in Go (no CGO).

"This project is an extensive experiment that got out of hand."—A PHP runtime for interfacing with Go code.

edaywalid/whook: Self-hostable webhook gateway: durably capture, inspect, retry, and replay inbound webhooks. Single Go binary.

The webhook concept sounds simple: Send a URL with some payload in the query string to another host. But if you look closer, questions arise: How to reliably keep watching out for incoming webhook calls and never miss one? How to replay past webhooks for debugging? How to dispatch a webhook to various destinations?

The answer (by this repo): Put a webhook proxy in front of your application and never worry again.

Completely unrelated to Go

Plugins case study: Pluggy

Plugins? Not one of Go's strengths, to be honest. An attempt to add a (Linux-only) plugin mechanism died on the vine. Common alternatives include spawning child processes with stdin/stdout communication, REST or gRPC connections; and embedding a scripting language interpreter.

Talking about interpreted languages, these have an obvious advantage here. They can load and run source code at runtime. Sounds trivial to write a plugin system for, say, Python.

Which doesn't mean looking at a plugin library for Python isn't interesting, especially as the article goes deep down into fundamental concepts of plugin systems.

Building a Soviet Nail Factory: how KPIs killed efficiency

Goodhart's law: When a measure becomes a target, it ceases to be a good measure. Tokenmaxxing is only the latest incarnation of this truth.

The Soviet nail factory mentioned in the article is a great (albeit exaggerated) example of a measure-as-a-target going totally down the wrong way.

Compliance as a runtime problem

When a storage service provider claims your data is encrypted and secure, you have to trust them. When an AI model provider claims that their enterprise-level tiers keep your data safe, you have to trust them.

And all is fine, until you learn that the company leaked your "encrypted" data or fed your data to their AI.

Willem Schot, who some of you might remember as a Go blogger, is working on resolving a big challenge: How to verify compliance at runtime, rather than believing a company's marketing.

I hate compilers

"Reproducible builds are surprisingly hard"—so we should be super glad that the Go toolchain has them.