Drew DeVault's Blog

pkg.go.dev is more concerned with Google's interests than good engineering

pkg.go.dev sucks. It’s certainly prettier than godoc.org, but under the covers, it’s a failure of engineering characteristic of the Google approach.

The falsehoods of anti-AGPL propaganda

Google is well-known for forbidding the use of software using the GNU Affero General Public License, commonly known as “AGPL”. Google is also well-known for being the subject of cargo-culting by fad startups. Unfortunately, this means that they are susceptible to what is ultimately anti-AGPL propaganda from Google, with little to no basis in fact.

Status update, July 2020

Hello again! Another month of FOSS development behind us, and we’re back again to share the results. I took a week off at the end of June, so my progress this month is somewhat less than usual. Regardless, I have some updates for you, mainly in the domain of SourceHut work.

March 2nd, 1943

It’s March 2nd, 1943. The user asks your software to schedule a meeting with Acmecorp at “9 AM on the first Monday of next month”.

General-purpose OS, special-purpose OS, and now: vendor-purpose OS

There have, historically, been two kinds of operating systems: general-purpose, and special-purpose. These roles are defined by the function they serve for the user. Examples of general-purpose operating systems include Unix (Linux, BSD, etc), Solaris, Haiku, Plan 9, and so on. These are well-suited to general computing tasks, and are optimized to solve the most problems possible, perhaps at the expense of those in some niche domains. Special-purpose operating systems serve those niche domains, and are less suitable for general computing. Examples of these include FreeRTOS, Rockbox, Genode, and so on.

Introducing the BARE message encoding

I like stateless tokens. We started with stateful tokens: where a generated string acts as a unique identifier for a resource, and the resource itself is looked up separately. For example, your sr.ht OAuth token is a stateful token: we just generate a random number and hand it to you, something like “a97c4aeeec705f81539aa”. To find the information associated with this token, we query the database — our local state — to find it.

Email service provider recommendations

Email is important to my daily workflow, and I’ve built many tools which encourage productive use of it for software development. As such, I’m often asked for advice on choosing a good email service provider. Personally, I run my own mail servers, but about a year ago I signed up for and evaluated many different service providers available today so that I could make informed recommendations to people. Here are my top picks, as well as the criteria by which they were evaluated.

Status update, June 2020

Like last month, I am writing to you from the past, preparing this status update a day earlier than usual. This time it’s because I expect to be busy with planned sr.ht maintenance tomorrow, so I’m getting the status updates written ahead of time.

Can we talk about client-side certificates?

I’m working on improving the means by which API users authenticate with the SourceHut API. Today, I was reading RFC 6749 (OAuth2) for this purpose, and it got me thinking about the original OAuth spec. I recalled vaguely that it had the API clients actually sign every request, and… yep, indeed it does. This also got me thinking: what else signs requests? TLS!

Add a "contrib" directory to your projects

There’s a common pattern among free- and open-source software projects to include a “contrib” directory at the top of their source code tree. I’ve seen this in many projects for many years, but I’ve seen it discussed only rarely — so here we are!