Jails are a FreeBSD concept, not implemented in OpenBSD. OpenBSD has a lighter form of sandboxing with `pledge` and `unveil`. My favourite explanation for these system calls is from SerenityOS, which uses similar versions of the calls:
It is good idea in terms of long-term money spendings: if you already have good C++ HTTP framework, you spend less cpu/memory and can make web-service\site that can live forever for 0.00001 dollars a month. Of if you planning to serve lost of requests AND want users to feel low latency responce, you have no options: Rust, Go, C++, maybe something else. Main fight must occur on the "C++ vs Rust" scene, but C++ certainly wont die in another 20 yers, so you happy using it for long-term projects.
> Of if you planning to serve lost of requests AND want users to feel low latency responce, you have no options: Rust, Go, C++, maybe something else.
That sounds like a lot of options. While I don't exactly like Go, that's very much the sort of things it was designed for, "stdlib-only" go will give you everything you need with pretty much guaranteed safety.
> Main fight must occur on the "C++ vs Rust" scene, but C++ certainly wont die in another 20 yers, so you happy using it for long-term projects.
The concern is less the death of C++ and more exposing C over the web, which exponentially increases the damage of any mistake you make (likewise C++ though likely with a lower exponent).
As I remember, Go was "invented" to allow writing SMALL projects, where people previously used Bash/C/Perl. Like all these small command-line utilities and scripts to solve Site-Reliability-Engineer-tasks or DevOps-tasks. Using Go in projects larger than "multithreaded custom-binary-format to CSV converter" or "daemon watching sensors and inserting ROWS to some DB" is not very good. Big thing about GO is lots of libs available for everything (but in that view Python is better).
Have experience with GO. Feels like C in terms of lack of templates, and feels like Java in terms of "how I avoid world-freezes by GC". Go seems semantically less rich than C++ language makes you write MORE code for the same thing you would write in C++ using your HTTP-framework.
> feels like Java in terms of "how I avoid world-freezes by GC"
No… that’s not Go’s GC that you have experience with. I don’t know what language you used that you confused with Go. GC pauses in Go are notoriously tiny, since Go prioritizes consistently low latency. I’ve worked on many Go projects, and GC is not something that I worry about.
> Feels like C in terms of lack of templates
Are you seriously implying that C was not designed for large projects? That it was designed for tiny projects only? Because that’s not what history shows us, and C is used in massive projects like the Linux kernel. (Which causes innumerable CVEs related to human errors that C doesn’t attempt to prevent, unfortunately.)
It also doesn’t matter how fast you can churn out code if it’s Swiss cheese full of memory safety vulnerabilities. No one has ever pointed me to a popular C or C++ project that hasn’t been rife with vulnerabilities that would have been trivially avoided by using any memory safe language… so it’s a fair assumption that any C++ that you’re churning out has problems.
You mention Rust, and that’s a perfectly valid option if you have such a passionate hatred of garbage collectors. But, using C++ for a web service in 2021? No thanks. We need to be minimizing attack surface these days. (Memory safe languages can’t prevent all vulnerabilities, but neither do seatbelts. You should still wear a seatbelt when driving. Unbuckling doesn’t make the car go faster, and seatbelts do prevent certain classes of injuries.)
> Are you seriously implying that C was not designed for large projects?
C was designed to move from asm to something highlevel. C made possible to write larger projects than in ASM. That's all. There is no absulute measurement of project size, only relative: larger->smaller. Go goes to "smaller" direction compared to C++.
All that arguments about safe/bugs etc is old. In modern C++ you write with no controlling memory allocation at all and you dont write your own arrays with can be overflown.
> All that arguments about safe/bugs etc is old. In modern C++ you write with no controlling memory allocation at all and you dont write your own arrays with can be overflown.
People say this, but they never point to any large, popular projects that demonstrate it.
If you write any serious project in Rust, you'll quickly realize how unsafe "modern" C++ is. There's just no comparison. I'm happy for people to pick whatever memory safe language meets their needs, and most of those are garbage collected. Garbage collectors are fine for most software, but Rust exists for situations where they aren't fine.
> C was designed to move from asm to something highlevel. C made possible to write larger projects than in ASM. That's all. There is no absulute measurement of project size, only relative: larger->smaller. Go goes to "smaller" direction compared to C++.
By your definition, everyone should be writing Haskell, because a single line of Haskell can take tens of lines of C++ to express the same code. Haskell is immensely powerful in this way.
> In modern C++ you write with no controlling memory allocation at all and you dont write your own arrays with can be overflown.
The simplest and most straightforward way to access an std::vector item allows OOB read. Literally every smart pointer an be empty and will UB with no warning if deref'd in that state (that includes the brand new std::optional). The rules of X remain a tarpit lined with shit-smeared stakes, Chrome got bit by a GDI leak just a pair of years back because of that (a refactoring in an RAII object removed an operator= overload and started leaking GDI handles by the hundred when using chrome remote desktop).
> As I remember, Go was "invented" to allow writing SMALL projects
You remember wrong. Go was designed to allow quickly onboarding grads onto large projects.
> Like all these small command-line utilities and scripts to solve Site-Reliability-Engineer-tasks or DevOps-tasks.
I don't know what you're thinking about but it's certainly not Go: half the language is centered around concurrency, which is not very useful for this, especially going through the pain and costs "green" threads otherwise impose.
Go was designed to build network services and servers.
> As I remember, Go was "invented" to allow writing SMALL projects
On the contrary, one of the motivators for building Go was for large (millions of LOC) codebases; build speed and how fast a developer is comfortable in the codebase were big motivators for its build pipeline and code style.
The boring, memory safe, option seems to be Java, but I haven't touched java for web stuff in a number of years. Is the performance much worse than Go? Go seems to be really nice for web stuff, afaik it's one of the things it was designed for.
I'm sure performance can be comparable (in terms of requests / second) with enough tweaking and sane design choices, but Java has much longer startup times (especially if you use a framework like Spring) and much higher memory usage, so those are things to keep in mind.
Go is / feels a lot more minimalistic, much less drama and more direct code. Less opportunities to be clever.
Java makes you think about its GC. "What i must do to prevent GC wake up". Always re-use allocated objects and so on. Or you turn off GC. So, you got C++. But with C++ you write smaller code (considering C++11...C++20 standards) compared to Java, so why you need "bloated C++-like language (Java is) if you can use C++".
