#GoSF: Identity, Safe Secrets, and IoT Friendly Languages

GoSF at Betable

The Go gopher was designed by Renee French. CC BY 3.0 US

Last night’s meetup, which was hosted by Betable, included two presentations and two lightning talks rounding out a solid evening for the GoSF group. Topics included identity on the web, safe storage of tokens (beyond ENV vars), and even the debut of a new Go-inspired embedded systems language.

Let’s take a look at each!

Web Authentication Adventures in Go with OAUTH 2.0 and dex

Brandon Philips, the CTO at CoreOS, introduced dex, an open source standards-based identity provider and authentication solution, developed and maintained by CoreOS. Why build another solution? In Brandon’s own words, “Identity is the plumbing of the web. When it goes wrong, it goes really wrong.”

Most sites implement what Philips calls NASCAR solutions for “Login with Twitter” style third party auths. If Identity on the web is so important, it seems silly for each and every new site to reinvent the wheel.

Enter dex: a Go-based implementation of  OpenID Connect (OIDC).  If you’re unfamiliar, OIDC is a layer on top of OAuth 2.0. Brandon followed his slides with a demo of dex in action.

Dex is a relatively new project, with a lot of ambitions to make identity management simple. They’re looking for contributors, if you’d like to get involved you can get on the train here.

Lightning Talks

Transitioning and netbooting Macs from VMWare to Linux

We went “Down the Rabbit Hole” with Reza Jelveh. Reza is a developer at Sauce Labs. They make the popular Selenium automated testing tool. He recently was tasked with migrating Selenium’s infrastructure from VMWare to KVM. Ouch.

Reza’s talk was anecdotal. He covered many of the pitfalls he ran into while making the transition over to KVM. These tied back to a common theme of lessons to learn from trying to reinvent the wheel.

He stumbled into a situation where everything was mostly working, except for netboot. The VMWare solution relied on Bless, which obviously wasn’t an option on Linux. Finding a workable Linux solution took weeks of debugging and running around to figure it out. Really, he admitted, they could have just avoided the whole thing by not making assumptions and looking for the solutions to the problem rather than trying to be clever and do it themselves.

If you’d like to hear more about Reza’s journey, reach out to him on Twitter.

Docker plugins and storage

David Calavera shared a new way to think about ‘secrets’. For complex applications, like those that require passwords, there’s a better way to pass information around than environment variables. What’s a safe API that every language already implements? The FileSystem API! A bit of Go + Docker + HashiCorp’s vault make this easy.

David launched his demo with a quick refresher on Docker’s plug-in volume. This  allows Docker to integrate with external storage systems.

He then demo’d Vault. Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets. David tied it together FUSE (Filesystem In Userspace), a Linux kernel filesystem and protocol for translating requests into usable resources.

With all of the pieces in place, David concluded the demo by showing how easy it is to pass secrets around. One of the benefits of this approach is the secret only ever lives inside of the Docker container. Additionally, it’s easier to revoke tokens and safely audit your system’s handling of secrets.

If you’d like to learn more, David added his demo to GitHub. And of course, you can also reach him on Twitter.

Go-like Language for Embedded Systems

The evening closed with Red Hat Engineer Frederick Kautz presenting a new language built for embedded systems – Gomez. Fun fact, Gomez was open sourced just a few hours prior to his presentation.

Kautz went into why C family languages and Go did and did not work well for the constraints of embedded systems. Essentially, this came down to C being too easy to shoot yourself in the foot with, and Go relying too heavily on a full fledged OS.

He also considered Rust, but found that its complex language for a C programmer to pick up and be immediately productive. Hence, Gomez was introduced, which borrows the ease of use of Go, but is also adapted to the complexity of an embedded system.

Gomez accomplishes by pairing with LLVM as a compiler. Gomez parses simplified Go source code, adds a few restrictions to make it suitable for embedded devices, and emits LLVM.

Kautz dived into code and demonstrated how Gomez was built. As a newly open sourced project he encourages everyone to check it out for themselves.

Until The Next GoSF Meetup…

Thanks to all the speakers and everyone in the crowd who participated in lively Q&As. We look forward to seeing more at our biggest event of the year, Gopherfest, on November 18th, 2015.

Interested in participating in #GoSF? Feel like speaking or hosting? Reach out to us here .

  • Excellent article and this is going to make our life so much simpler as our business uses Stripe and Xero. Well done.

    • ironio

      Thanks Angeli! Glad this was useful, and let us know if you need any help getting setup. Cheers.