Dependabot is a noise machine. It makes you feel like you’re doing work, but you’re actually discouraging more useful work. This is especially true for security alerts in the Go ecosystem.

I recommend turning it off and replacing it with a pair of scheduled GitHub Actions, one running govulncheck, and the other running your test suite against the latest version of your dependencies.

Go is built for grug brained programmers like me.grug brain developer not so smart, but grug brain developer program many long year and learn some things although mostly still confused

📚 | 🌍 The Go-Landlock library restricts the current processes’ ability to use files, using Linux 5.13’s Landlock feature. In a Go program, after starting up and doing program initialization work, run:

As always, an excellent write-up, now on how to use the golang structured logging standard library in an effective and type-safe way.

My takes and experinces with secrets management on NixOS

Best practices for http / grpc handlers.

An authentical library for Go that supports SSO, SAML, etc, from a guy who runs multiple companies with a simple tech stack: https://stevehanov.ca/blog/how-i-run-multiple-10k-mrr-companies-on-a-20month-tech-stack

One of the many “compiles to go, with rust like syntax” programming languages that I happen to like the most.

Regular expression tester with syntax highlighting, explanation, cheat sheet for PHP/PCRE, Python, GO, JavaScript, Java, C