14 comments

[ 3.9 ms ] story [ 47.0 ms ] thread
Runnable code in documentation, talk slides, blog posts and as a pastebin/playground is extremely convenient and user friendly.
check out runnable.com :)
And by the way, Go 1.3 will include support for Native Client (aka "NaCL").

Also: Russ Cox is the Chuck Norris of Go programming.

So this is how Go will make its appearance on Chrome Browser & Chrome OS? Pretty cool. I was a little scared off from NaCl from the C/C++ requirement, but Go will make that a little easier to handle. When is 1.3 suppose to be released?
Not really, at least not in 1.3.

As http://golang.org/s/go13nacl describes, supporting Chrome is not a goal for 1.3 release, only being able to run nacl-sandboxed executables from command line.

Can you expand on the Russ Norris part? Just out of curiosity as I also have much respect for Chuck Cox.
I'm very interested in the NaCl approach to server-side jails:

  > To isolate user programs from Google's infrastructure, the back 
  > end runs them under Native Client (or "NaCl"), a technology 
  > developed by Google to permit the safe execution of x86 programs 
  > inside web browsers. The back end uses a special 
  > version of the gc tool chain that generates NaCl executables
I'm a bit sad that the article didn't discuss using NaCl for constrained execution environments a bit more. Docker/linux containers are still a bit heavy-weight for low-budget ARM servers, and it'd be interesting to check out NaCl as a more lightweight, per-executable sandbox.
I don't think the NaCl port will do ARM code generation.

I'll write more about Go's NaCl support once it's actually in the tree. :-)

I'm annoyed that NaCl's SFI is being repurposed so blatantly uselessly. The overhead isn't that much, but when seccomp provides equal or better security without any expense, it really seems like reinventing the wheel.
If anyone's interested, https://coderpad.io has this exact feature as well - you can give an interview candidate a problem in Go, and watch them solve it in realtime. As you go, you can execute any of the code written so far.

My sandboxing uses Docker instead of NaCl.

How do you handle things like filesystem, threading, networks and time?
The time thing is ingenious. It reduces backend memory usage and allows caching.

However, it's possible to achieve the same advantage of cacheability, by executing a unmodified binary and recording the output in a time stamped manner, save it in a cache and replay it later.