Golang

Every now and then I find myself needing to remember how HTTP request timeouts work in Go, and how to configure them. This has changed over time as http.Client gained the Timeout option, the various Timeout options you can set on the http.Transport and its underlying net.Dialer, and eventually the introduction of the context package in Go 1.7 that allows us to set a timeout/deadline on the request which in turn lead to the deprecation of http.

As I got into the ActivityPub side of the Fediverse I ended up hosting my own instance. Fediverse after all. But I wanted something I could easily operate and run which meant Mastodon was out and most Elixir-based solutions aren’t entirely simple to deploy and manage. Thankfully I stumbled across GoToSocial which is written in Go and has a fabulous community to boot. GoToSocial’s niche is small or single-user instances running on low-powered devices, like single-board computers or old laptops repurposed as home servers.

In Pulumi resources have inputs and outputs. Inputs are fairly obvious but Outputs have some interesting characteristics that are worth taking a closer look at. Outputs are effectively promises to resolve to a value once a resource is created. Outputs can in turn be used as inputs to a different resource which has the nice side-effect of establishing ordering/dependencies. When using Pulumi with Go you’ll see that resource structs have a $TypeOutput for most of their fields, like StringOutput.

A component resource is essentially a bundling of a number of resources. For example, when I want to provision a server I also need to assign it IPv4 and IPv6 addresses. I can do this independently, or I can create a custom Server component that does these things for me. This lets me encapsulate the way I work with infrastructure in my code and I can test the behaviour of a component.

Server-Side Request Forgery is a web security vulnerability in which we attempt to trick the server to access resources that we, the client who did the request, would normally not be able to access. In practice this usually means trying to access other resources within the network the server is running in or other services on the same host. This usually happens when there’s a way for an attacker to control the URL a server is going to access.

My home WiFi router is an ASUS RT-AC66U. It’s a great device with a tolerable manufacturer provided UI and quite a lot of advanced features. Though it’s marketed as a WiFi router I use it as a WiFi access point and switch, it doesn’t route. I have a Linux box that does that. Since a lot of my devices are wireless a lot of my traffic flows through my WiFi access point.