50 Shades of Go: Traps, Gotchas, and Common Mistakes for New Golang Devs
Go is a simple and fun language, but, like any other language, it has a few gotchas... Many of those gotchas are not entirely Go's fault. Some of these mistakes are natural traps if you are coming from another language. Others are due to faulty assumptions and missing details.
A lot of these gotchas may seem obvious if you took the time to learn the language reading the official spec, wiki, mailing list discussions, many great posts and presentations by Rob Pike, and the source code. Not everybody starts the same way though and that's OK. If you are new to Go the information here will save you hours debugging your code.
- Opening Brace Can't Be Placed on a Separate Line
- Unused Variables
- Unused Imports
- Short Variable Declarations Can Be Used Only Inside Functions
- Redeclaring Variables Using Short Variable Declarations
- Accidental Variable Shadowing
- Can't Use "nil" to Initialize a Variable Without an Explicit Type
- Using "nil" Slices and Maps
- Map Capacity
- Strings Can't Be "nil"
- Array Function Arguments
- Unexpected Values in Slice and Array "range" Clauses
- Slices and Arrays Are One-Dimensional
- Accessing Non-Existing Map Keys
- Strings Are Immutable
- Conversions Between Strings and Byte Slices
- Strings and Index Operator
Hacking (Old) Hacker News: Fun with Weak Passwords and Arc
When I was conducting my cloud password security research, I also looked at Hacker News. It's not a cloud application, but it does have pretty common password security qualities. It's also interesting because it's written in Arc (a Lisp dialect) and the code is available (for the old version from 2009).
When you create a Hacker News account you can create passwords which are 4 characters long without any restrictions on the password complexity. This mean that you can have a password that looks like 0000 or 1111. Sure, not everybody will use passwords like that, but there's a good chance that quite a few users will have pretty simple passwords. Even technical people are still people; people choose the easiest possible passwords (when they can), making it easy to conduct online password attacks.
What's interesting is that when you change your password, you are required to have at least 8 characters (still without any complexity requirements). The Arc source code shows that the length requirement used to be 4 characters. Time to look at the code to see what else might be there...
Here's the login code from app.arc:
(def good-login (user pw ip)
(let record (list (seconds)