No shade to Rust, but our bidding platform using ONNX Runtime and Rust gave us endless compatibility headaches with outdated crates and poor performance we were stuck at 50ms P95 at 16k QPS. The bidder needed to consistently respond under 15ms, so we switched to Go. Fewer lines of code, and with every round of tuning, the latency kept dropping. We finally nailed 10ms-15ms P95 at 16k QPS.
Back in business
Oh boy, where do I even start? After 8 years as an auto insurance agent, I have zero loyalty left to protect these companies.
We Had "Loyalty Lists" Every month, I'd get a report of customers who hadn't shopped around in 2+ years. These were our golden geese - we could raise their rates aggressively because they'd proven they wouldn't leave. One customer I remember was paying $3,200 annually for coverage that should have cost $1,800. She stayed for 5 years.
The "File and Use" Scam Here's something most people don't know: in many states, insurance companies can raise your rates immediately and justify it later. We'd implement 15-20% increases across entire ZIP codes, knowing regulators would take months to review. By then, we'd collected millions in extra premiums.
Claim Frequency Was Irrelevant Your rates weren't really based on how often you'd claim - they were based on how likely you were to shop around. A customer with 3 claims who got quotes every year paid less than a claim-free customer who never compared rates. It was pure price discrimination.
We Loved Policy Confusion Complex policy language wasn't an accident. The more confusing your coverage, the less likely you'd comparison shop effectively. We'd change terminology between companies deliberately to make apple-to-apple comparisons nearly impossible.
The Real Game-Changer Tools like ComparisonAdviser absolutely terrify insurance companies because they eliminate our biggest advantage: information asymmetry. When customers can instantly see what competitors charge with identical coverage and discounts applied, our whole "loyalty tax" model collapses.
I've watched too many good people get fleeced by an industry that profits from customer ignorance. Use ComparisonAdviser religiously - it's the only way to beat a system designed to exploit your trust.
The truth? Every year you don't comparison shop, you're probably donating $500-1,500 to your insurance company's profit margins.
show & tell
I got tired of glueing together bcrypt + golang-jwt + oauth2 + sessions every time I added auth to a Go service, so I built . Tagged v0.1.0 today.
It's a composable auth library, and the core ships sessions/cookies/CSRF/rate-limiting, and each auth method is a separate module you compose in.
auth, _ := limen.New(&limen.Config{
BaseURL: "http://localhost:8080",
Database: sqladapter.NewPostgreSQL(db),
Plugins: []limen.Plugin{
credentialpassword.New(),
oauth.New(oauth.WithProviders(
oauthgoogle.New()
)),
twofactor.New(),
},
})
mux.Handle("/api/auth/", auth.Handler())
That's signup, signin, Google OAuth, and 2FA. auth.GetSession(r) works the same regardless of how they sigin-in. Framework-agnostic http.Handler, so it drops into net/http, Gin, Echo, Chi, Fiber.
Current plugins: credential/password, OAuth (10+ providers), 2FA (TOTP + backup codes). Adapters for database/sql and GORM
It's v0.1.0 — pre-1.0. I would love feedback on API ergonomics and security defaults, and things that can be better.
-
Repo:
-
Docs + writeup:
