Lies we tell ourselves to keep using Golang

fasterthanli.me/articles/lies-…
Walter Bright (D language) defending operator overloading in the comments In repsonse to "operator overloading is the spawn of Sa
(The reason I go through comments on HN/etc. is that for every 6 "the author is a platypus" and 3 "amen" there's 1 person genuinely thinking about this for the first time and it's a worthwhile exchange)
Kudos to all the geniuses who think my get rich quick scheme is to argue a nuanced viewpoint every couple years and being on the receiving end of a bunch of hate mail and a bill for the bandwidth.

Y'all got me all figured out.
I love how the Go team can say "we literally don't care about language design, anyone who does is a nerd and we don't hire nerds" every occasion they get for eight years straight and when I say "they didn't design a language" suddenly I'm the asshole
see, it's not just me. I use Go. I'm not a Rustacean. I've also used a whole bunch
unflagged after 2 hours. the cycle is complete
flagged again, removed from frontpage. nothing to see here, carry on!

reasoning for taking the article off the front page: I think that suspicion is incorrect. HN has had plenty of thIt's normal for users to flag meta follow-ups to recent big
I don't know, maybe if your community rips itself apart two days in a row reading articles /I did not post there/, the problem isn't the articles.

This isn't censorship, they can do whatever they want on their site but it did seem like a LOT of people wanted to read/discuss this
see, this is what we have content warnings for: reddit comments:  Read this on my lunch break, now to go bac
the rules of this city are very unclear HN comment:  I think you're getting somewhat hung up on the
fasterthanli.me is sustaining a DDoS attack: 6M requests in the past 2 hours, mostly from China and the US (they're just hammering the front page).

I had to turn on Cloudflare's attack mode, sorry for the javascript challenge. cloudflare requests graphcloudflare web traffic requests by country, showing China, U
Although most of it is static /content/, my site works more like a CMS: there's DB queries (sqlite) involved, templating, HTML rewriting, etc - here's what the server is spending time on.

I never needed to add caching (despite HN) until today 😊

There's about 40K concurrent connections right now fighting for access to a single SQLite database, it's time to set up some rate limiting too.
250K current connections now - server process is only using 800MB of RAM, which is nice. Setting up rate limiting soon, but I'll have to limit connections in some way as well. Luckily I've written that kind of code often before 😊
Oh, would you look at that, it's back up and fast again.
oh it was very complex, I'm gonna have to use a picture for this

(joke aside, cloudflare is dealing with most of the nonsense here)

me using tower's GlobalConcurrencyLimitLayer - it's like, 5
oh, cloudflare does not cache static HTML content by default hahaha was that always like that? guess they have to get people to buy page rules
well, the attack stopped for now. if it picks up again I'll have to implement actual caching on my side, since cloudflare doesn't let me do what I want (cache HTML, only for logged-out users). but for now I have other stuff to do.
The attack came from Singapore, Los Angeles, London, Hong Kong, Frankfurt. Using 4 Chrome-like user agents. Mostly resulted in 503/403/499/524. screenshot of cloudflare web analytics, showing what the att
More details on the the attack & how cloudflare reacted to it (from their Security graphs) over the past 6 hours: 3.3M managed challenges, 864K js chal716K china, 539K united states, 523K tor, 313K vietnam, 224Kbetween 180K and 60K requests from 5 different IPs
Welcome back DDoS kids! I'm ready to take care of that next wave, let's see how this go. a graph showing a spike to 5.5M requests in a 5-minute bucke
To whoever is behind the attack: thanks for the free load testing service (doing it myself is against the ToS of several things), this is costing you more than it's costing me and I'm getting entertainment + experience hardening my stuff against it. A++
Hey no come back! the attack stopped too soon, I was just about to deploy a change :(
Just to show you what I'm seeing:
attack: 350K connections
no attack: 5K connections sudo ss | wc -l, twice
Ah yes I forgot cloudflare doesn't know how to close connections so a 128 limit means the site is unavailable after just a little while. I need me some idle timeouts.

Love to pay for slowloris as a service.
attack is pretty well distributed, I'm not gonna block a whole country over it though

hey @digitalocean, that's against your ToS right? list of ASNs sending me garbage: chinanet, asdetuk, rackdog,
y'all wanna see some gnarly #rustlang errors?

(and the diff that fixes it) big-ass error, yada yada trait bound not satisfied, my towerjust making my service generic
the logical next step is adding some observability to this codebase (and then some actual caching) but I'm gonna chill for a bit and maybe do that later
the problem if I add observability as-is is that I'm gonna blow through the @honeycombio plan limits

unless somehow those limits were lifted for the next 48hrs or so (🙏) I'd be blind until the next billing period so that's not good. (but today's the 30th? idk)
note: this is ABSOLUTELY NOT the "go team" or the "go community" reacting to my article. this is one person, a small discord, or some channers having their fun.

the go team got sad and blocked me, they'd never do a DDoS lol
front page of HN, day 3 😬

big bookclub energy 20th place, a Rust match made in hell
in all that commotion I hadn't noticed my video platform was attacked too

the attacker left me a lil' message in the user-agent the user-agent says "circus performer"
oh duh, my SQL code 1) doesn't cache prepared statements, 2) runs blocking code in an async context (should use spawn_blocking)

I missed a bunch of low-hanging fruits in the initial implementation, this'll be easy to fix.

also telemetry is all set now - gotta cache that feed! latencies for various endpoints: index.xml has a 192ms P95,
this is why I love observability: I'm not happy about these SQL queries but I had no idea I was spending so much time truncating HTML.

there's a bunch of trivial ways to fix this, which is great news! a honeycomb trace for serving my homepage: there's 5 SQL que
I thought my load testing tool broke, but no, it just completes instantly now

lib.rs/moka stays winning code that retrieves from cachecode that renders a template and inserts into cacheresult of running oha: it says 21832 requests per second but
woops, heat fell off the map latency for /, going from around ~160ms (to 260ms) down to ~

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with fasterthanlime 🌌

fasterthanlime 🌌 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @fasterthanlime

Apr 28
lol someone reposted "I Want Off Mr Golang's Wild Ride" on the orange website and it got flagged news.ycombinator.com/item?id=311917…
> So they wanted out in 2020 and they’re still on in 2022. So either the language isn’t really that bad or they have an attention deficit?

nah bro I'm not the one doing the Go writing anymore but it followed me through three fucking jobs.
update: the post got unflagged and I wrote a lil' addendum for 2022.

fasterthanli.me/articles/i-wan… a screenshot of the "April 2022 update" I added tothe rest of the "April 2022 update".
Read 8 tweets
Apr 27
Every incident makes me hate Golang a little more.
"Oh but Go is okay for throaway code"

Friend. There is no such thing as throwaway code.
I would never shame people for choosing Go for a project AS LONG AS it's never deployed anywhere.

Especially not downstream of my shit, which can wake me up in the middle of the night.
Read 10 tweets
Apr 27
okay maybe I do move stuff out of hetzner lol

my server lost ipv4 connectivity (ipv6 is fine)
alt: planned maintenance on hetzner's part, "expecting no downtime". yeah.
time to move everything to @flydotio - was planning on doing that anyway, hang on for half an hour or so
Read 12 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(