You're using IE. Scroll down.

Golang round 2

A while back I wrote a critique of golang based on the introductory examples. The premise was simply I should be able to read it without reading the language spec and it didn’t pan out well. The result was more anecdotal than relevant. Now I committed to reading the docs and doing a real project in go.

I came into this after some investigation into clojure’s core.async. While like mostly everything in lisps core.async is written on top of the language in Go channels and coroutines are baked into the runtime which gives it blazing fast speed. It was so fast I thought it was broken.

The syntax is still confusing at parts and things like := vs = is just compounding the = vs == problem. The lack of named and default parameters is a bit vexing on a modern language but workable. The seemingly arbitrary new vs make and the hidden pointers make for some confusing surprises. I’d also expect some built in support for creating data pipelines but programs need to create all the necessary scaffolding for common patterns like map/filter/reduce. Third party libraries like GoFlow introduce flow based programing and fill the gap but being channels such a central feature the language should cover pipelining better.

This is getting data from a non trivial JSON structure in Go, minus proper error handling.

Go is strongly typed and the solution for dealing with JSON objects is going through Go’s void type, the generic interface interface{}, and then using an akward switch construct to cast to the correct data type. When the schema is well defined the JSON library allows you to unmarshal the data directly into structures but for unstructured data is this is the idiomatic way.

Using the “any type” trapdoor is sometimes necessary but when it’s a pattern it’s a sign something is wrong. It struck me when I read about copying and appending to arrays and discovered it’s a builtin. Why a builtin and not a method of slice ? Because the type system doesn’t allow it!


The Go type system doesn’t allow append to be a method and doesn’t allow program code to have generic methods. The type system makes us, the programmers, second rate citizens in the language. We can’t extend the language in meaninful ways like writing a list implementation or higher level functions without going around the type system with interface{} and writing our own runtime type system.

Some languages allow generics or templates to tackle this, others like Haskel have a type system with both type variables and enumarated types. So far Go offers cpp on steroids enabling template preprocessors. Such deliberate avoidance of generics makes golang turn into what it hates most.

/tech | edited on 2015/11/01 -- permalink, click to comment

Chip and PIN and the USA

Will chip&pin credit card technology really increase security ?

The usual scenario in USA is getting your credit card swiped through some PC keyboard or Square reader attached to an iPad. Is that keyboard attached to a malware infected PC ? Is that iPad running a fraudster app ? Are those things card skimmers that will instantly transmit all your card information to cloners ? Every time a payer lets the card get swiped it’s a russian roulette. In fact, those transactions are nearly indistinct from fraudulent transactions except for the reputation of the merchant as they use exactly the same information a fraudster can steal at the point of sale.

EMV chip and pin uses dedicated tamper proof payment terminals which are independent from the store computers. That alone provides much better security for the card holder as a fraudster needs to physically access and modify the payment terminal to steal card data. While it’s totally possible to produce a fake payment terminal that looks legitimate it’s hard to install them at scale, as opposed to infecting windows point of sale networks with card stealing malware. One thing a tampered EMV payment terminal can do is capture your PIN which is bad if the fraudster also steals the card. Modern EMV cards and terminals prevent chip cloning and security conscious banks issue cards which chip data can only be used for EMV transactions so cloning shouldn’t be much of a concern. I’ve been very abrasive about the earlier EMV protocols but the truth is even those fundamentally flawed protocols provided much better security than band swipe.

For the merchants chip and pin releases them from the considerable burden and liability of processing credit card numbers. It also allows them to tap into the world market of EMV payment terminals and there’s the fact merchants will be liable for all fraud on non EMV transactions.
So why all the fud and resistance to the switch ? One reason is an unsecure swipe gadget is under 5 USD while a secure EMV terminal costs from 50 USD to to 500 USD depending on the features and complexity. Another could be that EMV chip payments, like Apple Pay, don’t give the store’s system any information about the payer as opposed to swipe which gives the store the payers name and credit card number.

So yeah, chip&pin definitely increases security.

/tech | edited on 2015/10/10 -- permalink, click to comment

SanFran ? SanAnthony!

Lately San Francisco has been in the news a lot for mostly the wrong reasons. Aparently tech companies continue to flock to sanfran despite being well past the cost breaking point. Out of control homeless population and absurd house prices go hand, in hand with people living month to month on six figure salaries and finding themselves on the streets immediately after the slightest hardship.

I live in Lisbon, a fairly cheap city in Europe, and all this sounds pretty crazy. As Make’s Sabrina Merlo noted on her visit to our Maker Faire Lisbon and San Francisco look like long lost twin cities, with the same by the sea feel, the same bridge and the same street cars. It’s October, sunny outside and I’m in a short sleeve polo shirt. Just had a good meal for 8 euros but sometimes go crazy and splurge 20 euros for tasty sushi. Housing is affordable and while we keep complaining about our public transport it covers all the wider metro area and it’s stellar by USA standards. A large part of the population has at least rudimentary English communication skills, certainly due to the fact tv is subtitled not dubbed, and we invented the multicultural metropolis.

While Lisbon remains mostly untapped Portuguese talent is well known as quite a few of the skilled engineers our technical universities graduate every year end up in London, Dublin or Berlin. Some smaller and more agile tech companies are already taking advantage of the Portuguese amenities but the practice hasn’t caught on yet. Maybe with the move of Web Summit to Lisbon that will change and more tech companies will open offices in Lisbon.

/tech | edited on 2015/10/04 -- permalink, click to comment

Maker Faire

Maker Faire Lisbon 2015 is done. First off, let me tell you putting an event together is very hard work. But more on that latter.

Maker Faire makes me warm inside like few things do. Bringing more than 100 makers, hackers and tinkerers together in one space to show tens of thousands of attendees we can create and make new things where there was none before the Faire is a show of capability and potential. Most of the makers at our Maker Faire are hobbyists and after their day job they go home and pour their passion for making into the projects they come share with us. And we have the students, some younger who thanks to brilliant teachers have the opportunity to explore and some older who despite manage to find each other and create hubs of making. At the end of the day thanks to our awesome sponsors two of those groups went home with new 3D printers and we got to share their joy for the recognition and the possibilities new tools bring. But awards and Ribbons are just the cherry on top, the one true prize for all participants is coming together and sharing.

maker faire panorama

Back to the hard work, I had been involved in making Codebits for the last few years, hosting the Amazing Codebits Quizshow but also special features like the MEO wallet hardware conversions and any spur of the moment things like filling in for the award presenter or doing damage control on an elaborate prank, but this year I got to be involved in almost all aspects of Maker Faire from project selection to checkin and don’t let anyone fool you into thinking putting on events is an easy job. Luckily we are in this with the great Ciencia Viva team and attracted a host of volunteers that handled all work during the event professionally and with remarkable dedication. Sleep deprivation, aches all over and mild sunstroke, just a small price to pay for the greatest show and tell in the world.

/personal | edited on 2015/09/21 -- permalink, click to comment

Week In Review 2015W34

Into the memory hole google goes

Italian city goes back for Microsoft Office because Microsoft Office lockin which is why you shouldn’t start in the first place.

UK health agency back electrical tobacco vaporizers cause they’re not as bad and don’t turn people into tobacco smokers as opposed to the rest of the world is wrong. I guess it’s cause as they claim to be the case for ecigs their paper as much less science than a regular paper.

Spreading information is now a crime in Denmark

Oh boy, Ashley Madison DB out in the wild

/wir | edited on 2015/08/24 -- permalink, click to comment

Week in review 2015w33

In case you’re wondering what’s going on during the summer your elected representatives are being barred from accessing the TTIP, a US-EU treaty being negotiated by your unelected representatives and lobbies.

Google is now alphabet soup.

Yay more android vulnerabilities. If no one looks for vulnerabilities do they exist in oracle software ? Yes and the NSA are probably exploiting them and the Intel SMM exploit that’s been around for decades too. And more Mac thunderbolt exploit. And more car exploits. And bios level crapware on Lenovo laptops. And trivial attacks against Volkswagens that Volkswagen managed to silence for two years. Maybe that’s why the NSA is switching to the quantum resistant encryption they don’t want us to have.

Space lettuce. Now all we need is space bacon.

/wir | edited on 2015/08/17 -- permalink, click to comment

Week in review 2015w32

oh boy, nmi handling previledge escalaction on current linux, thunderbolt hardware attacks on macs, certigate android remote exploit and bitfliping using javascript on a browser. considering the tempest attack using a printer as receiver, square reader hijacks and garage door dupers it must be black hat time again.

nokia sells maps for about one instagram and microsoft wants you to pay $15 to play dvds on windows10, someone is partying like it’s 1999.

the only thing flash seems to be used these is to deliver exploits using space bought on ad networks.

shadows of funny mustaches still make the germans think hard but cameron and saudia arabia are brothers in arms. better just do like china and put police on the isps.

internet lasers on solar powered flying drones.

/wir | edited on 2015/08/10 -- permalink, click to comment

Week In Review 2015w31

I haven’t been getting any of those windows 10 wifi passwords probably because something happened on everybody’s install. Mainstream press picked up fast on solitaire needing a subscription and not so fast on windows 10 relaying everything you do, including keypresses, back to microsoft. Cause you know, that’s totally kosher these days.

Europe really doesn’t like Facebook trying to be the internet ID card

Text an android, pwn an android. Meanwhile Pakistan and United Kingdom are sister countries in banning messaging apps.

Finally someone is getting prossecuted for widespread spying of the German govt and distribution of state secrets. Sadly, it’s the journalists who reported it. Better be on the lookout for funny moustaches.

Cause it’s not all bad, new 3d stackable apparently memristory memory and single molecule transistors, effective ebola vaccines and a confirmation of the mysterious EM drive.

/wir | edited on 2015/08/10 -- permalink, click to comment

Week in review 2015w30

Oh boy, steam bug that allows account hijacking and trivial privilege escalation OS x 10.10.

I remember when the IETF was about furthering the Internet instead of working to protect the dns business model.

We got to the point where having interns designing the cyber in a car graduates from milk curding interfaces to getting people killed.

Universal comes clean they are copyright infringing pirates. In technical terms they issued a DMCA takedown against a server on, which they were probably running to host the campaign against google.

In 2012 someone filled a patent against MRTG and now it was issued.

Australia must be an horrible country cause they just assume someone will attack them.

Hackingteam never heard of Barbara Streisand.

On something very cool, British man gets an eye implant.

/wir | edited on 2015/08/10 -- permalink, click to comment

Week in review 2015w29

Now even Facebook wants flash dead, probably because it messes up their mobile stuff. Also, if you were doing something useful with Facebook messenger move somewhere else.

Windows 10 updates will be mandatory, maybe so Microsoft can declare chrome and Firefox malware.

Nintendo’s CEO Satoru Iwata and privacy champion Casper Bowden both died this week.

EU high court says UK’s spying law is illegal and UK high court says ripping CDs you own is illegal. One of these courts is on the wrong side of history.

If only there was a public immutable secure ledger system we could use instead of scamming people out of their property.

Stop the presses, bacon flavored seaweed.

/wir | edited on 2015/08/10 -- permalink, click to comment
blog comments powered by Disqus