goja
opensnitch
goja | opensnitch | |
---|---|---|
25 | 213 | |
4,944 | 9,701 | |
- | - | |
6.3 | 9.1 | |
3 months ago | about 3 hours ago | |
Go | Python | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
goja
- Goja: ECMAScript/JavaScript engine in pure Go
-
SSR React in Go
dop251/goja
-
Show HN: Flyscrape – A standalone and scriptable web scraper in Go
Your comment was posted 4 minutes ago. That means you still have enough time to edit your comment to change it so it contains real URLs:
<https://github.com/PuerkitoBio/goquery>
<https://github.com/dop251/goja>
(Please do not reply to this comment—I won't be able to delete it once the previous post is fixed if it contains replies.)
- Goja: ECMAScript 5.1 implementation in pure Go
-
TySON: TypeScript as an embeddable configuration language, without depending on Node or V8
Apparently "not depending on Node or V8" means depending on some random Go JS engine instead.
-
Examples of using task scheduler with Go?
Goja https://github.com/dop251/goja
-
Running a Js file inside Go
Either call a JavaScript interpreter like node with exec.Command and read its stdout, or use a pure Go JavaScript interpreter like goja or otto.
-
easytemplate - Go's text/template library with JS Super Powers
Just to also say this is implemented in pure Go we aren't including V8 or any external dependencies we instead use https://github.com/dop251/goja which is a JS VM written completely in Go.
-
how to JSON Marshal a struct if one of its fields is a fucntion
If you want to serialize a function to JSON one idea may be to embed a scripting language like JavaScript into your program. The goja package is a very good solution: a native ES5 JavaScript (with some ES6 syntax support as well) natively implemented in Go so you can get tight data bindings to your Go types and funcs. For your JSON marshalling you could serialize a JavaScript function source (text) and when reloading that, parse that text with goja to be able to run it dynamically in your Go program. Basically you'd need to get away from pure Go for this and towards something that is JSON compatible to (de)serialize to text.
-
Anyone experienced in golang ssr?
Not really. It was built in-house and I don't know of anything about it that went public. I recall it using Goja for the JS runtime. Code was embedded into the binary (think embed package). There was some kind of sorcery to convert what would be HTTP network calls in the browser into local function calls during SSR, but I'm hazy on how it worked I'm afraid.
opensnitch
- Is Linux worth it for the average non-tech user?
-
Safari share menu now violates privacy
opensnitch has existed for a while now. I've never used it, so I can't comment on how well it works.
https://github.com/evilsocket/opensnitch
-
Plasmashell making network pings/sending data from boot?
If you prefer a GUI try https://github.com/evilsocket/opensnitch
- Why do devs refuse to let their games run on Linux?
-
eBPF Verification Is Untenable
The whole BPF verifier and development process is so botched, it's ridiculous. It's like maintainers decided to make this as hard as possible out of pettiness and "they have to use C APIs instead" or something.
- Loading an eBPF module without the CAP_BPF (and in some cases without the CAP_NET_ADMIN which you need for XDP) capabilities will generate a "unknown/invalid memory access" error which is super useless as an error message.
- In my personal opinion a bytecode format for both little endian (bpfel) and big endian (bpfeb) machines is kinda unnecessary. I mean, it's a virtual bytecode format for a reason, right!?
- Compiling eBPF via clang to the bpf bytecode format without debug symbols will make every following error message down the line utterly useless. Took me a while to figure out what "unknown scalar" really means. If you forget that "-g" flag you're totally fucked.
- Anything pointer related that eBPF verifier itself doesn't support will lead to "unknown scalar" errors which are actually out of bounds errors most of the time (e.g. have to use if pointer < size(packet) around it), which only happen in the verification process and can only be shown using the bpftool. If you miss them, good luck getting a better error message out of the kernel while loading the module.
- The bpftool maintainer is kind of unfriendly, he's telling you to read a book about the bytecode format if your code doesn't compile and you're asking about examples on how to use pointers inside a BPF codebase because it seems to enforce specific rules in terms of what kind of method (__always_static) are allowed to modify or allocate memory. There's a lot of limitations that are documented _nowhere_ on the internet, and seemingly all developers are supposed to know them by reading the bpftool codebase itself!? Who's the audience for using the bpftool then? Developers of the bpftool itself?
- The BCC tools (bpf compiler collection) are still using examples that can't compile on an up-to-date kernel. [1] If you don't have the old headers, you'll find a lot of issues that show you the specific git hash where the "bpf-helpers.h" file was still inside the kernel codebase.
- The libbpf repo contain also examples that won't compile. Especially the xdp related ones [2]
- There's also an ongoing migration of all projects (?) to xdp-tools, which seems to be redundant in terms of bpf related topics, but also has only a couple examples that somehow work [3]
- Literally the only userspace eBPF generation framework that worked outside a super outdated enterprise linux environment is the cilium ebpf project [4], but only because they're using the old "bpf-helpers.h" file that are meanwhile removed from the kernel itself. [5] They're also incomplete for things like the new "__u128" and "__bpf_helper_methods" syntax which are sometimes missing.
- The only working examples that can also be used for reference on "what's available" in terms of eBPF and kernel userspace APIs is a forked repo of the bootlin project [6] which literally taught me how to use eBPF in practice.
- All other (official?) examples show you how to make a bpf_printk call, but _none_ of them show you how to even interact with bpf maps (whose syntax changed like 5 times over the course of the last years, and 4 of them don't run through the verifier, obviously). They're also somewhat documented in the wiki of the libbpf project, without further explanation on why or what [7]. Without that bootlin repo I still would have no idea other than how to make a print inside a "kretprobe". Anything more advanced is totally undocumented.
- OpenSnitch even has a workflow that copies their own codebase inside the kernel codebase, just to make it compile - because all other ways are too redundant or too broken. Not kidding you. [8]
Note that none of any BPF related projects uses any kind of reliable version scheme, and none of those project uses anything "modern" like conan (or whatever) as a package manager. Because that would have been too easy to use, and too easy on documenting on what breaks when. /s
Overall I have to say, BPF was the worst development experience I ever had. Writing a kernel module is _easier_ than writing a BPF module, because then you have at least reliable tooling. In the BPF world, anything will and can break at any unpredictable moment. If you compare that to the experience of other development environments like say, JVM or even the JS world, where debuggers that interact with JIT compilers are the norm, well ... then you've successfully been transferred back to the PTSD moments of the 90s.
Honestly I don't know how people can use BPF and say "yeah this has been a great experience and I love it" and not realize how broken the tooling is on every damn level.
I totally recommend reading the book [9] and watching the YouTube videos of Liz Rice [10]. They're awesome, and they show you how to tackle some of the problems I mentioned. I think that without her work, BPF would have had zero chance of success.
What's missing in the BPF world is definitely better tooling, better error messages (e.g. "did you forget to do this?" or even "unexpected statement" would be sooooo much better than the current state), and an easier way to debug an eBPF program. Documentation on what's available and what is not is also necessary, because it's impossible to find out right now. If I am not allowed to use pointers or whatever, then say so in the beginning.
[1] https://github.com/iovisor/bcc
[2] https://github.com/libbpf/libbpf
[3] https://github.com/xdp-project/xdp-tools
[4] https://github.com/cilium/ebpf/
[5] https://github.com/cilium/ebpf/tree/master/examples/headers
[6] https://elixir.bootlin.com/linux/latest/source/tools/testing...
[7] https://github.com/libbpf/libbpf/wiki/Libbpf-1.0-migration-g...
[8] https://github.com/evilsocket/opensnitch/blob/master/ebpf_pr...
[9] https://isovalent.com/learning-ebpf/
[10] (e.g.) https://www.youtube.com/watch?v=L3_AOFSNKK8
-
I didn't realize firewalls aren't turned on by default in linux and I've had it off for months, how screwed am I?
Close to zero most probably. If you want something different, to block/monitor what applications access the internet, block ads, etc, try https://github.com/evilsocket/opensnitch
-
Installing Opensnitch on Gentoo: A classic tale of not knowing what I'm doing
The last thing I built from source was a suckless utility which was nothing but a treat to play with and hack on, so I felt confident I could manage this even though the project's wiki page on compilation warned that it might fail on distro's other then debain and ubuntu. First order of business was translating the apt-get command for the dependencies into an emerge command that would install the same packages. Once that was done, I went on to the go dependencies which all seemed to install without a hitch except for the first one which gave this "build constraints eliminates all Go files" message but didn't tell me that the installation had failed otherwise. I spent a good amount of time trying to decipher this message which eventually turned into just familiarizing myself with go since I hadn't really touched it before before deciding it was fine. Then I tried to build it. It didn't work.
- Am I doing enough?
-
PSA: New cross-platform "Fractureiser" Minecraft modpack malware being exploited in the wild
OpenSnitch is a clone of the popular 'LittleSnitch' firewall for Mac. The main feature is that it will tell you about every single connection your computer is doing. A bit annoying for the first few days, but not too bad once you've already allowed the apps you use regularly. I think this would have been the perfect tool for the job.
-
Identifying PID generating DNS requests
take a look at opensnitch or picosnitch
What are some alternatives?
otto - A JavaScript interpreter in Go (golang)
portmaster - 🏔 Love Freedom - ❌ Block Mass Surveillance
v8go - Execute JavaScript from Go
ufw-stats - ufw-stats: Show ufw actions since boot, with ip address information from RIPE database.
go-lua - A Lua VM in Go
flathub - Pull requests for new applications to be added
gopher-lua - GopherLua: VM and compiler for Lua in Go
firejail - Linux namespaces and seccomp-bpf sandbox
tengo - A fast script language for Go
rustsec - RustSec API & Tooling
go-python - naive go bindings to the CPython2 C-API
picosnitch - Monitor Network Traffic Per Executable, Beautifully Visualized