
Network Programming with Go - basil
http://jan.newmarch.name/go/
======
asto
I find it funny how he skips an introduction to Go saying there are many such
introductions already available but explains networks and the internet in
great detail!

------
stewie2
I really like this book, but what I found most difficult when implementing a
website is the authentication part.

How password should be encrypted? How session id should be generated and
passed to the user? How session information should be saved? (cookie? file?
database? memory?)

Also, I'd be interested in https, from theory to implementation.

~~~
dchest
I understand that your comment is about this book, but I'll go ahead and
answer your questions with links to packages (plus I get a chance to plug a
few of my own creation :). If you want to learn how they work, reading docs
and code is the best exercise. It's not a substitute for the proper book,
though, but may turn out to be useful.

 _How password should be encrypted?_

Choose your package:

    
    
        go get github.com/dchest/scrypt
        go get code.google.com/p/go.crypto/bcrypt
        go get code.google.com/p/go.crypto/pbkdf2
    

_How session id should be generated and passed to the user?_

If you mean how you can authenticate logged in users, then you can use this
package:

    
    
        go get github.com/dchest/authcookie
    

_How session information should be saved? (cookie? file? database? memory?)_

Up to you, but generally it's better to avoid cookies for storing anything
other than IDs. There are a few packages for "sessions" like in PHP, but I
don't remember their names.

One more important question to add:

 _How do I protect against XSRF attacks?_

    
    
        go get code.google.com/p/xsrftoken
    

You can read documentation for these packages here: <http://go.pkgdoc.org/>

As for HTTPS, it's a complicated thing. Pick any good book on it, then apply
your knowledge to the standard package crypto/tls
(<http://golang.org/pkg/crypto/tls/>).

~~~
stewie2
Wow, Thank you very much!

------
plf
Aside from being interesting and a new thing to learn, is Go used extensively
in the professional world?

For network programming I've often used Python + Twisted + ZMQ, what are the
most commonly used alternatives?

~~~
jesstaa
You might find that the blocking style of Go networking code is far less mind
bending than using twisted.

~~~
james4k
Yes, and the beautiful thing about it, is that the blocking calls you make are
actually implemented as evented IO. This is great when you have a large number
of goroutines; it keeps it very fast!

~~~
chc
Wait, what? Do you have any references for that? My impression was that Go
creates new threads for new Goroutines when the current ones are blocked. Is
that not how it works?

~~~
jesstaa
The Go runtime creates new threads to run goroutines when a thread is blocked
making a syscall. The net package avoids having too many threads blocking on
syscalls by using epoll/kqueue etc. for socket I/O.

------
noselasd
Is there any way you can control the number of native threads in go ? I wrote
a small go example that used net/smtp to bombard myself with emails. Just a
loop that fired off a goroutine, which each sent an email.

It was quite disturbing that firing off several thousand goroutines resulted
in several thousand native threads - resulting the system trashing. If I
inserted a very small pause between creating the go routines, this did not
occur and just 1 or 2 native threads were created. I tried the
runtime.GOMAXPROCS, to no awail. Is there any way of controlling this kind of
behavior ?

~~~
jesstaa
It's likely this is related to DNS lookups. Doing a lookup on a modern
operating system requires calling in to some C library. The call in to the C
code means that the thread can no longer be used to schedule goroutines, the
runtime doesn't know how long the C call will take so it creates a new thread
to keep running goroutines. For calls in to C that are very quick this can
lead to a lot of thread creation.

You can do one of:

1\. limit thread creation by using your operating systems limiting features.
eg ulimit

2\. rebuild the standard lib with DISABLE_CGO=1 to avoid the calls in to C if
that's possible in your environment.

3\. batch all your dns lookups in to a single goroutine.

4\. make changes to the operating system so provide async dns lookups.

~~~
noselasd
Thanks, I'll do some testing with these points later on. Though it does sound
like go should batch up gethostbyname/getaddrinfo C calls on one or a few
threads. Having DNS lookups be the cause of thousands of threads to be
created, up till the point where go routines fails is rather ridiculous for a
language that's supposed to be good at concurrency imho.

~~~
jesstaa
Batching the C calls means that you all lookups are delayed by other lookups.
This isn't very good for concurrency especially since it's reliant on network
traffic. If you had a few lookups in the queue, you could end up having
goroutines waiting a few seconds or for lots of lookups this could balloon out
to minutes for a lookup. This is the trade off. In general most programs
aren't making thousands of concurrent DNS lookups.

------
pjmlp
Ever notice how all Go tutorials are just about Web servers somehow?

------
vasco
It seems like when trading C for Go I'll be trading a few more lines of code
for a bunch of black magic and a new syntax. Not sure if want.

~~~
jesstaa
It's easy to forget that the black magic that runs C is commonly confused with
just being an operating system.

