Roberto Empijei Clapis's Avatar

Roberto Empijei Clapis

@empijei.bsky.social

Security Toolsmith Posts mostly about Go, banter, web development, security and cooking. https://empijei.science

450 Followers  |  79 Following  |  70 Posts  |  Joined: 11.10.2023  |  1.808

Latest posts by empijei.bsky.social on Bluesky


Post image Post image

This always reminds me of Ari Bach's Valhalla series passage on units of measurement:

18.02.2026 07:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Will do next time πŸ˜‚

18.02.2026 06:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Nasa uses metric... πŸ˜‚

18.02.2026 06:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

My guess for the former is that, especially for the stdlib, it would be super easy to end up with all programs transitively importing massive chunks of code just to do the most basic tasks. So this had to be done.

The latter is probably just for convenience.

18.02.2026 05:46 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

πŸ˜…

18.02.2026 05:42 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
go/src/go/build/deps_test.go at f65692ea562bf24c21ae46854e98584dd4bcc201 Β· golang/go The Go programming language. Contribute to golang/go development by creating an account on GitHub.

Very few people know that the Go standard library has an internal DSL used to make sure that no new intra-stdlib dependencies are added when a change happens:

github.com/golang/go/bl...

17.02.2026 14:04 β€” πŸ‘ 115    πŸ” 13    πŸ’¬ 4    πŸ“Œ 0

And we will *definitely* have to clean it up.

17.02.2026 07:40 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This is all going to be such a mess to clean up...

17.02.2026 07:40 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

My entire career is fueled by anger towards the web platform

27.01.2026 13:29 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Have a hierarchy of formats and pick the best, if the format is the same, bitrate, if that is also the same roll a dice.

27.01.2026 13:29 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Don't we all?

27.01.2026 13:27 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

The first word that my eldest daughter read in her life is "Go", from one of my @golab.io t-shirts πŸ˜‚. I guess having a language with a simple name has its nice quirks.

27.01.2026 07:41 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

It is dismaying to see how often people are willing to sacrifice the very principle a rule was created to protect, just to ensure the rule they understood is enforced.

26.01.2026 09:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

I just found the best use for AI: you can give it a recipe that uses units of measurement that come from the middle ages or the US and ask it to translate it to contemporary units.

18.01.2026 08:42 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
a white cat is sitting on a box and says but why ? Alt: a white monkey is sitting on a box and says but why ?

But... Why... πŸ˜‚

Also, how long does it take to process the http package?

13.01.2026 08:00 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Today I achieved greatness: I managed to make a thin omelette on a stainless steel pan; none stuck and it was cooked to perfection.

It's not much, but it's extremely satisfying.

07.01.2026 19:51 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
A modern approach to preventing CSRF in Go Alex Edwards writes about the new http.CrossOriginProtection middleware that was added to the Go standard library in version 1.25 in August and asks: Have we finally reached the point where …

Does widespread browser implementation of the Sec-Fetch-Site HTTP header mean we can protect against CSRF attacks without needing those hidden form tokens? It looks like the answer may be a cautious "yes"! simonwillison.net/2025/Oct/15/...

15.10.2025 05:07 β€” πŸ‘ 52    πŸ” 14    πŸ’¬ 6    πŸ“Œ 1

@anto.pt

07.05.2025 13:10 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Build your own ResponseWriter: safer HTTP in Go Go's `http.ResponseWriter` writes directly to the socket, which can lead to subtle bugs like forgetting to set a status code or accidentally modifying headers too late. In this article I explain how t...

Nice writeup :)
anto.pt/articles/go-...

07.05.2025 13:07 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 1
Preview
proposal: all: add bare metal support Β· Issue #73608 Β· golang/go Proposal Details This proposal follows updates on the TamaGo project, which brings bare metal execution for Go on AMD64, ARM and RISCV64 targets. While similar proposals (see #37503 and #46802) hav...

Go on bare metal and no os-specific code, would love for this to be accepted.

github.com/golang/go/is...

06.05.2025 11:06 β€” πŸ‘ 8    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0

I'd call this approach "vibe fuzzing".

03.05.2025 05:51 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

This will give you a lot more confidence in your code and will allow you to find very niche bugs that would be very hard to find with conventional testing.

03.05.2025 05:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Every bug you find in the AI code you ask the AI to fix, and you carefully fix yours.

The AI code will quickly become a fever dream/garbage fire, but you don't care since it's not code you'll ever run in prod.

The big advantage is that it's very likely to have bugs that are different from yours.

03.05.2025 05:48 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

The best fuzzing is, in fact, differential fuzzing. The issue is that you rarely have a reference implementation for your problem.

This is where AI comes in.

You vibe code the alternative implementation and you leave it in your tests, to compare against yours.

03.05.2025 05:48 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

I think I found an excellent use for vibe coding.

If you're writing complex code with many branches, nuances or that processes untrusted inputs, you should really invest time fuzzing it.

The problem with fuzzing is that it yields the best results when you can write strong assertions on the results

03.05.2025 05:48 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

As we discussed today, Sec-Fetch-Site should do most of the work for us 😊

17.04.2025 11:49 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

I still have to change its color, dammit XD

01.04.2025 17:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
πŸ” Arriva il Cybersecurity Bootcamp

mailchi.mp/develer/arri...

25.03.2025 14:46 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
A 10x Faster TypeScript - TypeScript Embarking on a native port of the existing TypeScript compiler and toolset to achieve a 10x performance speed-up.

And it's in Go!

devblogs.microsoft.com/typescript/t...

11.03.2025 18:51 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1

Companies will realize that it is better (aka cheaper) to have a slower programmer that is more precise than an LLM-driven developer.

23.02.2025 08:52 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@empijei is following 20 prominent accounts