Bit weirded out by the idea that it installs via a batch file that the Readme dedicates a chapter on how Windows will flag it as a Trojan. As well as the fact that it mentions it is a 30 minute demo, but only does so buried in the Readme. Just feels suspicious to me.
I chose to make this as an extension so I could quickly inject data for unit tests and UI previews. I've thought to pulling out the code and making it a library as well, but Faker and chance already exist in the JS ecosystem.
As an American living in Turkey to produce software systems for the Education industry. It is in my honest opinion this is mostly all false. Evolution was not removed (if I'm correct it was shifted in which years it was taught, pushing it later in the primary education years). Jihadism is not on the agenda at all. But some south-eastern/eastern provinces do place Islam studies on the bill (in historical manners). It's much like how the US has a "Bible belt" in the south where creationism is taught along evolution. Turkey has a "Quran belt" in it's south-eastern border that also places more emphasis in religious teachings along side it's sciences. In the western portions this is essentially non-existent besides the historical context (Ottoman was Islamic after all)
Reliability of the language and tool sets is a big one. Availability of coders in the language is another, there's an over abundance of C++/Java coders looking for work, but finding a team of Rust developers is a bit trickier.
Also in general, I would start with a list of languages that are built-for, or can easily support, what your product is. For instance, I love Go but wouldn't use it for a GUI application.
And in honesty, managed languages are a bit better in my opinion for projects that will require many devs to work on it. As much as this statement might catch flack, C++ is wonderful and powerful and I trust my ability to use it; but do I trust the workforce to? It's very easy for a dev to write a patch fix that also manages to introduce a memory leak or null pointer and crash the whole thing.
I don't use an ORM currently, just plain 'ol SQL queries. And in actuality I prefer it SOO much more. Like originally I was using Hibernate with the Java JPA, but I found it just got in the way a lot and the dependencies where finicky. Where as in Go and raw SQL I know EXACTLY what it's asking for and can pre-compose my queries externally. Any changes to the tables I have to make, as in renaming or adding columns, is just a quick change to the SQL query itself. And if needed, 1 line added to the Struct definition.
Also I'm more of a custom approach person which makes me very productive with Go. It's allows me to have laser focus on my needs instead of hooking up and reading docs and every little integration feature the framework has. And in result, I don't have dependency on a monolithic framework which could very well break everything in it's next release.
And finally, Go will build to binary for any-platform. So I can pre-build for the ARM processors, or Linux, or whatever else on Windows and just ship the binaries for server updates instead of managing make scripts and dependency resolution and blah blah blah. And if I wanted to I could sell the API "program" and sleep a little better about the IP contained in it (yes I know de-compilers exist). I could do this with C++ as well, but that's a whole 'nother ball game when it comes to tracking down memory leaks and segfaults.
Go optimizes for readability and lack of surprise at the expense of conciseness, which is why you feel it may not be productive. I think that the better maintainability vs. something like Rails massively outweighs the upfront cost of having to type more code, but other people might judge differently.
Furthermore, Go emphasizes "doing it your own way". There are no big web frameworks in Go, you just pull in some small and rather orthogonal libraries and make up your own abstractions to tie them together as you build your application. The end result is something that's highly optimized for your personal needs, but it requires a certain way of thinking and working that's not for everyone (and not always desirable). Some people do better when given more freedom; those should prefer Go etc. Some people do better when working within a well-known set of rules; those should prefer Rails etc.
Regarding ORM, I use Gorp (https://github.com/go-gorp/gorp) for INSERT, UPDATE, DELETE and basic SELECTs (e.g `SELECT * FROM things WHERE id = $1`), but when doing complex reports, I write SQL by hand [1] because ORMs are usually too constrained. I always feel like I know more SQL than the people who designed the ORM.
I'm struggling to think of instances where you would want to rename a column without changing the behavior of the column. The latter would mean that you have to review those 50 places anyway.
Gorilla Mux isn't bad either and is pretty tried and tested.
Also Go is one of the few (if not only?) languages with HTTP/2 built in to the standard library. Not to mention the gRPC over TLS that comes stock as well.
What about the "I've lost that email account, can I switch it to another to recover my account?" case. Or the "I'm the legal guardian of this person and need the account control switched to my personal email", or in the business world "this employee doesn't work here anymore and as administrator I would like the account transferred to me" cases. Locking customer support systems down tightly has it's own pros/cons.
I suppose I was more specific than I really should have been. More broadly, I'm trying to say that you have control over the tools and processes followed by your customer service. They can be used to combat social engineering.
For something as important as the credentials for a bitcoin exchange account, as Alex gave as his example, there should be policies specifying the reasons why account credentials can be changed and what evidence must be presented to do so. Front-line customer service reps shouldn't be flying by the seat of their pants when making difficult decisions with potentially hundreds of thousands of dollars on the line.
What happens when someone calls the CS person and tells them to type in their email address instead of copy pasting it or whatever. If there are any bugs at all in the CS software then it won’t be hard for the CS person to believe there is a bug they need to work around similar to the other bugs that are already in their dashboard.
The point of social engineering attacks is that they’re innocuous requests that don’t raise suspicion, and are hard to train people against.
I was actually making an open source sim city clone in JS myself a while ago. Didn't get this far at all, but I was mostly in it to test if I could get async updating from the simulation portion. Essentially doing threading in JS. Which I was somewhat successful in using Web Workers and shared buffer arrays, would be interested in helping with this project. Unfortunately in my research I didn't find any concrete documentation on how the simulation algorithm actually works, so I doubt this would end up a direct clone on SC2K.
I just upgraded myself to a 4K 28" monitor. Mine has 1ms response time. I noticed a slight loss of productivity in the initial stage, but really just because I was getting used to it. Now I'd say it's increasing productivity since I don't have to Alt+Tab all the time anymore. I can fit 4 source files comfortably now. So, in regards to your drop in productivity, I'd say give it time.
This may actually solve an issue I was about to tackle, which is high-speed notification delivery. Currently I was going to do a nasty wrestle of PUB/SUB with Lists and blocking keys to try and get a cluster of message processing servers to digest notifications when they get added to the "queue". My purpose in this is notifications, as in actual push notifications for mobile/web/etc. This seems like it fits perfectly with what I had planned. Especially since this ensures message delivery instead of fire-and-forget as you mentioned. As a question though... is the XACK commands working in your current branch? Since that is key to my usage of ensuring message consumption.
