Russtopia Labs

I installed Gogs after a few repos I planned to use on GitHub disappeared without explanation, and after Microsoft's acquisition of same, it made me think about the over-centralization of community-developed software. A self-hosted solution that enables easy point-and-click mirroring of important repositories for my projects, both in-house and 3rd-party, ensures I won't be bitten by upstream catastrophes. (So far, Microsoft's stewardship has been fine, but always be prepared). It's also a very nice way to host one's own private repos before they're ready for prime-time on github.

Gogs is written in Go and is easy to install and configure, IMHO much more so than GitLab, though it's of course less feature-rich; the only major feature I wish Gogs had is an integrated code review tool, but the web plugin hypothes.is https://stackshare.io/hypothes-is/hypothes-is is quite suitable as a code review tool. Set up a group for each code review, and just highlight lines to add comments in pull request pages of Gogs.

Got frustrated with the complexities of heavyweight build automation/continuous integration tools like Jenkins, Concourse or Buildbot so I built my own in Go . https://gogs.blitter.com/Russtopia/bacillus. Well under 1K SLOC, no JVM or containers required. Config nearly 100% in the launch script itself.

Go is a lean, powerful language that takes a lot of cognitive load off of the developer with rich data manipulation functions and easy to use HTTP/net libs and concurrency. Combined with gopherjs this old-timey embedded programmer finally found a sensible language for both front- and back-end web development.

As a personal research project I wanted to add post-quantum crypto KEM (key encapsulation) algorithms and new symmetric crypto session algorithms to openssh. I found the openssh code and its channel/context management extremely complex.

Concurrently, I was learning Go. It occurred to me that Go's excellent standard library, including crypto libraries, plus its much safer memory model and string/buffer handling would be better suited to a secure remote shell solution. So I started from scratch, writing a clean-room Go-based solution, without regard for ssh compatibility. Interactive and token-based login, secure copy and tunnels.

Of course, it needs a proper security audit for side channel attacks, protocol vulnerabilities and so on -- but I was impressed by how much simpler a client-server application with crypto and complex terminal handling was in Go.

$ sloc openssh-portable 
  Languages  Files    Code  Comment  Blank   Total  CodeLns
      Total    502  112982    14327  15705  143014   100.0%
          C    389  105938    13349  14416  133703    93.5%
      Shell     92    6118      937   1129    8184     5.7%
       Make     16     468       37    131     636     0.4%
        AWK      1     363        0      7     370     0.3%
        C++      3      79        4     18     101     0.1%
       Conf      1      16        0      4      20     0.0%
$ sloc xs
  Languages  Files  Code  Comment  Blank  Total  CodeLns
      Total     34  3658     1231    655   5544   100.0%
         Go     19  3230     1199    507   4936    89.0%
   Markdown      2   181        0     76    257     4.6%
       Make      7   148        4     50    202     3.6%
       YAML      1    39        0      5     44     0.8%
       Text      1    30        0      7     37     0.7%
     Modula      1    16        0      2     18     0.3%
      Shell      3    14       28      8     50     0.9%

https://gogs.blitter.com/RLabs/xs