14 September 2025
Secure your Go builds with AppArmor
If you have a Linux system with AppArmor, you can use it to secure your Go builds.
First install Go in /usr/local/go as in the the instructions.
Then add this file to /etc/apparmor.d, replace ${HOME} with your home directory.
#include <tunables/global> profile go /usr/local/go/bin/go { #include <abstractions/base> #include <abstractions/consoles> /tmp/ r, /tmp/** rwkix, @{PROC}/** r, /sys/** r, /dev/** r, /etc/** r, /usr/** r, /bin/** ix, /usr/bin/** ix, /usr/libexec/** ix, /usr/lib/** ix, /usr/local/go/** rix, owner @{HOME}/.
14 September 2025
Secure your Rust builds with AppArmor
If you have a Linux system with AppArmor, you can use it to secure your Rust builds.
First install Rust with rustup in ~/.cargo/bin.
Then add this file to /etc/apparmor.d, replace ${HOME} with your home directory.
#include <tunables/global> profile cargo-bin ${HOME}/{.cargo/bin/*,.local/share/JetBrains/IntelliJIdea*/intellij-rust/bin/linux/x64/*} { #include <abstractions/base> #include <abstractions/consoles> @{PROC}** r, /sys/** r, /usr/bin/** ix, /usr/include/** r, /usr/libexec/** rix, /usr/share/** r, /tmp/ r, /tmp/** rwkix, owner @{HOME}/.gitconfig r, owner @{HOME}/.gitignore r, owner @{HOME}/.rustup/** r, owner @{HOME}/.
14 September 2025
Secure your Gradle builds with AppArmor
If you have a Linux system with AppArmor, you can use it to secure your Gradle builds.
Here is how I installed it on Ubuntu Linux:
Make sure you have a Java Development Kit installed.
Set the JAVA_HOME environment variable to point to your JDK by creating a file /etc/profile.d/java.sh with this content:
#!/bin/sh export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64 Make a manual installation of Gradle in /opt/gradle.
Make it available in PATH:
$ cd /usr/bin $ sudo ln -s .
13 September 2025
Speed-up and secure your Maven builds with Maven Daemon
You can speed-up Maven builds considerably by using Maven Daemon.
Here is how I installed it on Ubuntu Linux:
Make sure you have a Java Development Kit installed.
Set the JAVA_HOME environment variable to point to your JDK by creating a file /etc/profile.d/java.sh with this content:
#!/bin/sh export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64 Download Maven Daemon.
Unpack it into /opt
Make it available in PATH:
$ cd /usr/bin $ sudo ln -s ../../opt/maven-mvnd-1.0.2-linux-amd64/bin/mvnd . $ sudo ln -s mvnd mvn You can configure IntelliJ IDEA to use it by setting Maven home path to /opt/maven-mvnd-1.
14 July 2025
SQLite backup
As I mentioned earlier, it’s straightforward to use SQLite as the relational database in Go applications. Your data is stored in one single file with a well-defined format and there is no hassle with installing and configuring a separate database.
However, for any serious application you most likely want backup of your data. If your dataset is not very large, and it is OK to lose updates since the last backup, there is a very simple option.
12 July 2025
Simple web app with Go
I have been learning the Go programming language lately, and it’s remarkably easy to build simple web apps with it. In particular, with just a few simple tricks, you can make the deployment of such web apps super simple: just one single standalone statically linked binary which stores its data in one single file.
The Go standard library contains everything needed to build a basic web app:
A production-ready HTTP server An URL router Interface for SQL databases Parsing command line options Simple logging HTML templating HTTP client If you use the embed feature, you can embed templates and static resources (CSS, JavaScript, images) and produce one single self-contained binary.
2 January 2025
Simple HTML DSL for Kotlin
As I wrote a while ago, I have been trying different approaches for server-side HTML generation in Kotlin, with focus on good support for generating partials without a single root element (which is important for htmx).
Given Kotlin’s good support for internal DSLs, I decided to explore that route, and try kotlinx.html and HtmlFlow. They both make great promises of encoding the entire HTML standard and enforce valid HTML at compile time.
29 September 2024
Server-side HTML generation
I have been trying out htmx with Kotlin and http4k.
To use htmx, you need some way of generating HTML on the server. In Kotlin, you have plenty of options, both Kotlin specific ones and everything from the broader Java/JVM ecosystem. There are two main categories here, template languages and internal DSLs.
Given Kotlin’s good support for internal DSLs, I decided to explore that route, and try kotlinx.html and HtmlFlow. They both make great promises of encoding the entire HTML standard and enforce valid HTML at compile time.
14 September 2024
No streaming with pgJDBC
I am using PostgreSQL from a Kotlin (JVM) application with the pgJDBC driver.
According to the documentation, you can get results from a query based on a cursor to avoid loading the whole result set into the application’s memory at once by calling the setFetchSize() method with a positive value on the Statement before issuing the query.
I had a non-trivial query which generated a lot of rows (several thousands), and I only needed the first hundred or so.
2 September 2024
Linux in Linux with KVM
You can do quite a lot with Docker, but sometimes you want greater capabilities or increased security, then a proper virtual machine with KVM is a good alternative. An example is when you want to run Docker containers in the VM, it’s not easy to nest Docker without forgoing all security.
Just like Alpine Linux is suitable as a base for Docker images, it is also a good option as a guest in a virtual machine.