Go 1.22 introduces significant for Loop Scoping change to resolve persistent coding issue
Go (Programming Language) 1.22 is set to introduce a significant change in for loop scoping to address an ongoing problem in Go programming. The problem involves maintaining references to loop variables beyond their intended scope, causing unexpected code behavior. This issue has caused production problems in several companies, including Let's Encrypt. Existing tools have been unable to identify all problematic cases due to false negatives and positives.
To address this, Go 1.22 will change for loops to have per-iteration scope as opposed to per-loop scope. This change will only apply to packages that declare Go 1.22 or later in their go.mod files, ensuring backwards compatibility. Developers can control the transition to the new semantics at a module or file level using //go:build lines. Old code will continue to function as before, allowing for a gradual transition to the new semantics.
Go 1.21 includes a preview of the scoping change, allowing developers to test their code with the new semantics using the GOEXPERIMENT=loopvar environment variable. Google has already adopted the new mode for all builds without any issues in production code. However, the scoping change could cause problematic tests, requiring developers to update their test cases to accommodate the new loop semantics. To assist with this, the loopclosure analyzer in Go 1.21 has improved precision to identify and report issues related to the new semantics. Furthermore, a tool provided by the Go team can help identify specific loops causing test failures when using the new semantics. You can check the full documentation here!
- Programming Language
- Free • Open Source
Related news
External links
- Fixing For Loops in Go 1.22The Go Programming Language • Official source
- Proposal: Less Error-Prone Loop Variable ScopingGo - Goolge Resources • Official source
- LoopvarExperimentGo on GitHub • Official source
Comments
So, do you plan on adding
Librem Mail ?
The reason I ask is because the whole Librem suite seems pretty new. Saw it 'advertised' on your Twitter and I'm wondering what the word on the street about them is, given that their website honestly seems barren of important info regarding their products.
At $7.99/monthly for the whole suite -- mail + VPN + social network + chat -- they seem like a really great option, if only I knew more!
So, POX, any thoughts? Thanks in advance for all the contributions you make to this community.
EDIT: while we're on the subject: how the H do I get in touch with someone from the Librem One team? I can't see a contact e-mail ANYWHERE on their website. Cheers!
[Edited by coralinecastell, August 25]
I haven't used Librem One with Librem Mail yet, but yes I might add it to this list if it's proven to be a good secure and privacy-focused email service. I think you can contact them on their website.
Thank you so much, POX! I somehow missed that section.
Thanks @Pox for the overview. Just noticed that Tutanota is now also available on F-Droid, which is great if you want to move away from Google: https://tutanota.com/blog/posts/open-source-email
Yes it's great, we recently tweeted about that. :)
As pointed out by @anonsubmitter, US-based services are a concern, so RiseUp should be added to the list of risky picks for those with state-level interests.
There is a so-called "canary" warrant, of sorts, with some rather bizarre omissions, according to this self-published question on their canary page:
" Q: Why does the new Canary not mention gag orders, FISA court orders, National Security Letters, etc?
" A: Our initial Canary strategy was only harming users by freaking them out unnecessarily when minor events happened. A Canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason. The current Canary is limited to significant events that could compromise the security of Riseup users. "
I am also less than impressed with RiseUp's "About Us" page, which does not give any real names for its "alumni", presumably staff. Nine identities are given under "the collective", and but under cutesy bird names, in Latin. Only one gives a contact method, via a GPG key. Given the recent exposure of GPG and other related crypto tools as fundamentally flawed, this suggests a rather casual approach to privacy.
See, https://motherboard.vice.com/en_us/article/3k4nd9/pgp-gpg-efail-vulnerability
A Crunchbase profile on RiseUp gives Micah Anderson as the founder, a rather shy individual who is alone among fellow directors over at privacy-focused Calyx Institute in not having a board photo. Makes sense for a privacy guy .. I guess?
See https://www.calyxinstitute.org/about/board
Finally, there are questions raised about RiseUp operating a TOR exit node, here .. https://arxiv.org/pdf/1803.05201.pdf .. PDF may take a moment or three to load. Search ctrl+F to search for RiseUp.
Thank you. I added a warning about RiseUp and any other US-based service.
Update: As might be expected, there are several rabbit holes to dive down into.
In the interests of fairness, here is an article claiming to debunk the last link from Arxiv: https://dustri.org/b/debunking-osint-analysis-of-the-tor-foundation-and-a-few-words-about-tors-directory-authorities.html
The debunker criticises the many spelling and grammatical errors, but as the lead author is French I found that less interesting than the fact that the debunker article does not make any reference to Micah Anderson (mentioned in my comment above).
For those wanting to read more - and whether or not they should trust RiseUp and its involvement with TOR nodes, see author Yasha Levine at: https://surveillancevalley.com/blog/internet-privacy-funded-by-spies-cia
For a bit more back and forth on Levine's book: https://caucus99percent.com/content/concerning-yasha-levine%E2%80%99s-%E2%80%98fact-checking-tor-project%E2%80%99s-government-ties%E2%80%99
cock.li is another http://vc.gg
he seems to be a privacy / security focused kid (and probably a 4channer)
lavabit is another; they claim to be the first
The guy who runs cock.li is an American citizen, so even though he has moved to Romania, cock.li still follows US laws. There was a recording that he operator of cock.li posted in one of his transparency reports that pretty much shows that cock.li is within jurisdiction for US gag orders (though he found a workaround for now by having him take the call about the subpoena and gag order while he was live on Mumble and broadcasted it to everyone on his Mumble server). And if it's under US jurisdiction it's also vulnerable to National Security Letters.
There is also a small amount of logging: https://cock.li/privacy The IP logging isn't a deal breaker for me, but the email service technically being under American jurisdiction is.
Lavabit is based in the US and is thus vulnerable to National Security Letters and gag orders. A National Security Letter is a legal demand from a law enforcement agency, for example "give us backdoor access to your online service". A gag order means that disclosing information about a specific law enforcement request is illegal for the website operator. Both of these were experienced by Lavabit and led to them having to shut down in the first place.
Cock.li and Lavabit are not bad email services, quite the opposite. They are however under an extremely bad legal jurisdiction.
You forgot Yahoo! :))
No I didn't forget. Yahoo is not what you would call a secure and privacy-conscious email provider. :)
Wooooosh! (The ":))" indicates that it was a joke!)
I wasn't sure but I figured it was a pun. :)
Fantastic and insightful list, also very timely. Thank you, POX!
It makes sense that a lot of these companies are Swiss-based since Switzerland is out of the 14 eyes and is not a member of EU.