Go 1.12 Released

I'll add, too, that anyone who wants to try TLS 1.3 right now can do so with the latest source builds of the Caddy web server. We just merged support for TLS 1.3 a few minutes after the Go 1.12 release: https://github.com/mholt/caddy/pull/2399

If you have a domain name pointed at your machine:

    $ caddy -host example.com

(Roughly equivalent to python -m SimpleHTTPServer but with HTTPS, and production-ready.)

Or if you just want to try things out:

    $ caddy "tls self_signed"

I was curious about new features in tls1.3 and this doc was a good breakdown

https://www.cloudflare.com/learning-resources/tls-1-3/

Any concerns exposing Go tls1.3 directly to the internet today?

Is 0-RTT on the roadmap for Go 1.13?

I know and understand the philosophy behind limited exposure/customization of the handshake process. However, there is a lot of value in implementing TLS extensions, adding early data on client hello, etc. I saw [0] but didn't see any details. Is it possible/reasonable to extract some of the internals to /x/crypto/tls or similar? Or is it either too hard to maintain or is there just too much fear about misuse?

0 - https://github.com/golang/go/issues/25807

Is there any performance issue that we should be aware of when turning on TLS 1.3? Go's standard library has many assembly implementations (to leverage CPU special opcodes). What is the speed of the TLS 1.3 crypto stack in Go?

What's the plan for pairing based curves now that the Extended Tower Number Field Sieve has made BN256 unusable for many applications[1]? Do you plan on integrating BLS curves any time soon?

[1] see https://godoc.org/golang.org/x/crypto/bn256

How can we help with getting support for Ed25519 in crypto/x509 and crypto/tls?

OK thanks, basic question, but.. What is TLS?

I’ve only heard of one or two breakages...

I'm impressed every release by Go's GC improvements. IIRC, they started with a terrible conservative GC. It was slow and (particularly on 32-bit platforms) ineffective. But then they made it increasingly precise, then targeted 10 ms pause times, then sub-millisecond, and so on. All with far fewer knobs than the Oracle JVM.

I understand there's still a cost compared to non-GCed languages, but I think it's mostly RAM usage (perhaps affecting CPU cache effectiveness and thus efficiency) rather than tail latency.

> It appears to be ~3-4 ms faster when counting repositories like redis which is rather nice for me as a free speed boost.

Nice! Out of curiosity: what is the total running time? Or in other words: what is the average performance improvement in percentages?

The large binary size is mainly due to the Go runtime being packed into the binary itself. You can compile with "-ldflags -s" to make it slightly smaller. But it will almost never be comparable to Rust/Emscripten binary sizes.

OTOH, there is a new project called TinyGo (https://tinygo.org) which generates LLVM byte code from Go. This allows a subset of the Go spec, sans any GC or runtime, and generates binaries comparable to Rust/Emscripten.

I was the one who converted Google's CLA system from "Please fax us this form" to a web form. At the time (2007, 2008?) I added all the fields from the fax template to the web form. But we dropped the phone number & physical address years ago. And they were optional even before that.

Nowadays we ask for your name, email address, and optional GitHub username.

Probably to keep a file of all contributors' contact information to get your permission if they ever wanted to do a license change?

Because Go is owned and controlled by Google, the company famous for personal data collection and misuse.

This FOSDEM Francesc explained the rationale behind this change, and namely in order to have an easier time comparing maps while debugging.

The outputs of examples in many tutorials need to be corrected. :)

What not add a new format verb instead?

Definitely a trade-off here between being handy for people that know what's gong on and confusing for beginners...

Why should that confuse?

To me it's a deeper issue that this and breaches the single responsibility principle.

fmt should only print, not manipulate the data it is asked to print.

I believe that the spec says that maps iterate over keys effectively at random and so that should be the result of any operation that iterates over keys.

The Go team doesn't own the official Docker containers and we don't notify the maintainers when we do a release. We probably should.

I had to check what the Go docker image does.... It does NOTHING, it just builds and installs Go, why would you even need a container for this?

The fact that Go is mostly controlled by Google doesn't bother you, but that does?

(I consciously avoided getting a Gmail account for years until I bought an Android phone which requires such an account, so I understand where you're coming from but this issue seems meh to me.)

You can now use plain GitHub PRs.

You might be interested in this, although support is extremely limited and restricted to specific areas: https://github.com/golang/go/wiki/Mobile#building-and-deploy...

Sort of... it works with GoMobile but because it doesnt use LLVM there is no support for bitcode which means WatchOS and tvOS are off limits and maybe iOS someday.

Satire, I presume! Cue polite laughter

They've been preoccupied with "Error Values"

https://github.com/golang/go/issues/29934

Not yet

Can you please not do programming language flamewars on HN (or any flamewars)? We're hoping for somewhat better discussion quality than that here.

https://news.ycombinator.com/newsguidelines.html

This is a rather unique take on Go that I haven't seen before. A quick scan of your post history indicates you feel quite strongly (negatively) about Go. May I ask what inspired this particular take, and what language background you have?