[go-nuts] Re: [security] Vulnerability in golang.org/x/net/html
thanks for the update. In future announcements it may be useful to include the command to perform the upgrade as in $ go get -u -v golang.org/x/net On Thursday, May 20, 2021 at 1:21:20 PM UTC-4 Filippo Valsorda wrote: > Hello gophers, > > Version v0.0.0-20210520170846-37e1c6afe023 of golang.org/x/net fixes a > vulnerability in the golang.org/x/net/html package which could cause a > denial of service. > > An attacker can craft an input to ParseFragment that would cause it to > enter an infinite loop and never return. > > This issue was discovered by OSS-Fuzz and reported to us by Andrew > Thornton , and is tracked as CVE-2021-33194. > > Cheers, > Filippo on behalf of the Go team > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/0d7ec42c-e4b0-4faf-8e1d-e0792cb6dce1n%40googlegroups.com.
Re: [go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
VT detected issues. As mentioned these are false positives: https://www.virustotal.com/gui/file/77cbc92defdabf7e308849f0dd5e784010d9b4548b99b50df52533b949a14d85/detection On Tuesday, February 11, 2020 at 11:50:37 PM UTC-5, ajstarks wrote: > > A bit more info: building natively on Windows 10, the detection is NOT > triggered. > I will submit the offending file. > > On Tuesday, February 11, 2020 at 11:30:48 PM UTC-5, andrey mirtchovski > wrote: >> >> you can find similar detections on virustotal. unfortunately it looks >> like a false positive: >> >> >> https://www.virustotal.com/gui/file/93eb448cedd4b4355065a4f9193d8548b02bc56ed5ba9e774095f9ab3da46227/detection >> >> >> there are members of this community working for microsoft, perhaps >> they'll have an avenue that will allow their engine to avoid a false >> positive on go code. not sure if they have an open channel to address >> this. >> >> On Tue, Feb 11, 2020 at 9:15 PM ajstarks wrote: >> > >> > When building Windows binaries for pdfdeck [1] ( >> https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that >> the binary generated with on linux with: >> > >> > GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o >> windows-386-pdfdeck.exe github.com/ajstarks/deck/cmd/pdfdeck >> > >> > will cause the Windows 10 Defender virus detection to think the binary >> is infected with Trojan:Win32/Wacatac.C!ml >> > >> > simply removing the -ldflags builds a binary that runs with no issues. >> Has anyone else seen this? >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "golang-nuts" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to golan...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com. >> >> >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/4b7c752b-6b82-4ec9-8d66-3ad9d663368a%40googlegroups.com.
Re: [go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
A bit more info: building natively on Windows 10, the detection is NOT triggered. I will submit the offending file. On Tuesday, February 11, 2020 at 11:30:48 PM UTC-5, andrey mirtchovski wrote: > > you can find similar detections on virustotal. unfortunately it looks > like a false positive: > > > https://www.virustotal.com/gui/file/93eb448cedd4b4355065a4f9193d8548b02bc56ed5ba9e774095f9ab3da46227/detection > > > there are members of this community working for microsoft, perhaps > they'll have an avenue that will allow their engine to avoid a false > positive on go code. not sure if they have an open channel to address > this. > > On Tue, Feb 11, 2020 at 9:15 PM ajstarks > > wrote: > > > > When building Windows binaries for pdfdeck [1] ( > https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that > the binary generated with on linux with: > > > > GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o > windows-386-pdfdeck.exe github.com/ajstarks/deck/cmd/pdfdeck > > > > will cause the Windows 10 Defender virus detection to think the binary > is infected with Trojan:Win32/Wacatac.C!ml > > > > simply removing the -ldflags builds a binary that runs with no issues. > Has anyone else seen this? > > > > -- > > You received this message because you are subscribed to the Google > Groups "golang-nuts" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to golan...@googlegroups.com . > > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com. > > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/32f09016-bce7-4951-a98e-ce8009a2683c%40googlegroups.com.
[go-nuts] Virus detection issues on Windows/386 binaries built with -ldflags -s -w
When building Windows binaries for pdfdeck [1] ( https://github.com/ajstarks/deck/tree/master/cmd/pdfdeck) I noticed that the binary generated with on linux with: GOOS=windows GOARCH=386 go build -ldflags="-s -w" -o windows-386-pdfdeck.exe github.com/ajstarks/deck/cmd/pdfdeck will cause the Windows 10 Defender virus detection to think the binary is infected with Trojan:Win32/Wacatac.C!ml simply removing the -ldflags builds a binary that runs with no issues. Has anyone else seen this? -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/67837c19-9d19-4976-8b12-44a7b8fedf6d%40googlegroups.com.
[go-nuts] Re: Helping to fixing Windows virus scanner false positives
FYI, the Go 1.12 toolchain is now blessed by Symantec. > I reported these false positives for the go command, compiler, assembler > and linker at > https://submit.symantec.com/false_positive/ and the good news is that the > go command (1.12 version) is now whitelisted. I'm waiting for the others > tools to be so blessed. My guess is I'll have to report again when Go is > updated. > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] Helping to fixing Windows virus scanner false positives
One annoyance for gophers on Windows is the false positives from virus scanners when running the Go toolchain. This is mentioned in the FAQ: * This is a common occurrence, especially on Windows machines, and is almost* * always a false positive. Commercial virus scanning programs are often* * confused by the structure of Go binaries, which they don't see as often as* * those compiled from other languages.* On my Windows 10 machine running the Symmantec scanner the situation is not the structure of the binary but the "reputation". I get separate messages running the go command or go build (one for the compiler, assembler and linker) like this: Event: Security Risk Found Security risk detected: WS.Reputation.1 File: c:\Users\xx\Desktop\go\bin\go.exe Location: Deleted or access blocked Computer: xx User: x Action taken: Leave Alone succeeded Looking up WS.Reputation.1 means: (https://www.symantec.com/security-center/writeup/2010-051308-1854-99) * WS.Reputation.1 is a detection for files that have a low reputation score* * based on analyzing data from Symantec’s community of users and therefore* * are likely to be security risks. Detections of this type are based on* * Symantec’s reputation-based security technology. Because this detection is* * based on a reputation score, it does not represent a specific class of* * threat like adware or spyware, but instead applies to all threat* * categories.* * The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of* * millions of end users) connected to cloud-based intelligence to compute a* * reputation score for an application, and in the process identify malicious* * software in an entirely new way beyond traditional signatures and* * behavior-based detection techniques.* I reported these false positives for the go command, compiler, assembler and linker at https://submit.symantec.com/false_positive/ and the good news is that the go command (1.12 version) is now whitelisted. I'm waiting for the others tools to be so blessed. My guess is I'll have to report again when Go is updated. I'm wondering if others in the Go community can help by reporting as well, raising Go's "reputation". -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [go-nuts] [ANN] oksvg and rasterx; SVG 2.0 path compliant renderer and rasterizer
I've tested the latest version of oksvg, which has support for more elements, and thus I can test with more SVG files in the codepicdeck collection [1] The tests compare four rendering methods, on my MacBook Pro, MacOS 10.13.4, 2.3 GHz Intel Core i7, 16GB. 1) oksvg using GV (svgpng.go) [2] 2) oksvg using FT (svgpngft.go) [3] 3) inkscape command line dir=`pwd` /Applications/Inkscape.app/Contents/Resources/bin/inkscape --export-png=$dir/$1.png $dir/$1 4) batik rasterizer java -jar $HOME/batik-1.7/batik-rasterizer.jar -m image/png $* The difference between the GV and FT versions is this diff: 7d6 < "image/color" 11a11 > "github.com/srwiley/scanft" 23,25c23,25 < source := image.NewUniform(color.NRGBA{0, 0, 0, 255}) < scannerGV := rasterx.NewScannerGV(w, h, img, img.Bounds(), source, image.Point{0, 0}) < raster := rasterx.NewDasher(w, h, scannerGV) --- > painter := scanFT.NewRGBAPainter(img) > scannerFT := scanFT.NewScannerFT(w, h, painter) > raster := rasterx.NewDasher(w, h, scannerFT) Here are the results: (times in seconds of real time as measured by the time command) file GV FT Ink Batik cgrid0.673 0.021 0.725 2.226 clock0.038 0.023 0.738 3.075 cloud0.049 0.034 0.586 2.071 color-clouds 0.582 0.059 0.772 2.225 concentric 0.038 0.029 0.689 2.221 concentric2 8.924 0.532 1.537 2.726 conception 0.025 0.017 0.681 2.051 conception2 0.471 0.029 0.749 2.295 cube 0.122 0.020 0.695 2.221 d4h 0.077 0.022 0.691 2.195 diag 2.766 0.058 0.796 2.431 eclipse 0.044 0.015 0.697 2.039 gear 0.121 0.043 0.697 2.205 go 0.043 0.032 0.694 2.239 mondrian 0.047 0.016 0.691 2.179 pacman 0.047 0.021 0.695 2.207 plotfunc 0.893 0.025 0.846 2.297 pyramid 0.119 0.031 0.691 2.098 randarc 0.140 0.088 0.713 2.150 randbox 0.253 0.037 0.710 2.213 randspot 0.275 0.068 0.738 2.340 recurse 0.319 0.045 0.707 2.027 richter 0.577 0.019 0.733 2.246 rl 2.244 0.139 1.019 3.000 schotter 0.356 0.026 0.722 1.967 star 0.063 0.040 0.695 2.248 starx0.037 0.024 0.691 2.246 sunearth 2.212 0.026 0.773 2.160 *Conclusion*: the FT methods are very fast, clearly superior to all others for these tests (see also the attached chart) Note that Steven is working on some optimizations that will address the spike in the "concentric2" case, but the speed and capability improvements are impressive. [1] https://github.com/ajstarks/deck/tree/master/cmd/codepicdeck/code [2] https://gist.github.com/ajstarks/78e55b92f9a62200ef5ab7211549589b [3] https://gist.github.com/ajstarks/9ce776afc3feed9ed957a24c567d -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout. f.pdf Description: Adobe PDF document
[go-nuts] Re: Mermaid parser
Not markdown, but here is compx a program for going "component" diagrams: basically placing items on a grid, and describing their connections. It was one of the first clients for SVGo See: https://github.com/ajstarks/svgo/tree/master/compx On Saturday, October 21, 2017 at 11:16:18 AM UTC-4, Ged Wed wrote: > > Mermaid is a markdown format for expressing workflow diagrams like > sequence diagram etc. > > You can then render it as svg. > > Is there anything similar written in golang ? > > I want to use it for documentation but also for allowing users to > visualise and edit workflows running on top of nats. > It's also a great way to visualise choreography that is happening across > your Microservices because it's often very hard to keep track of the > effects of events firing on your control plane. > > So that's the intent. > > If anyone has thoughts on the best way to achieve this use case please > tell :) > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] Re: Graphing libraries in golang
SVGo is library for SVG generation, but others (some cited in this thread), have used it as a basis for building graphics and visualizations. See: [1] for examples (including how to interface to data, there's even a barchart [2] example :) [1] https://speakerdeck.com/ajstarks/the-other-side-of-go-programming-pictures [2] https://github.com/ajstarks/svgo/blob/master/barchart/barchart.go On Friday, September 29, 2017 at 1:42:50 AM UTC-4, Vikram Rawat wrote: > > By graphing I actually meant *data visualization libraries* > > SVGO would be so hard to pass a data to and design even the basic and > simple *BARCHART* > > other ones don't have enough documentation to understand how it works. > > and The reason I am trying GO is that R is slow. There is no point in > calling R from Go. > > > *So is there any package that is implemented in base GO with the speed of > GO and worth learning.* > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[go-nuts] Re: Go on ARM 32bit and 64bit resources and groups
I built the openvg library and its clients on the Raspberry Pi. See:[ https://github.com/ajstarks/openvg Other examples are in https://twitter.com/ajstarks/status/905198211274559488 and referenced in https://speakerdeck.com/ajstarks/go-for-information-displays In general I treat the Raspberry Pi like any other Linux box, building Go from source with each release. On Saturday, September 16, 2017 at 4:21:45 PM UTC-4, Norbert Fuhs wrote: > > Hi, > > since I'm running Go on an Rapberry Pi 3 I would like to know if there are > more official resources / tutorials or even groups? > > Beside doing searching for arm on Github > https://github.com/golang/go/search?utf8=%E2%9C%93=arm= > > Is the only offical resource I found is Go s wiki page: > https://github.com/golang/go/wiki/GoArm > ? <https://github.com/golang/go/wiki/GoArm> > > I'm not sure how up to this wiki is I still doesn't mention it it > benchmarks the Raspberry Pi 3 which I use and it seems not mauch people are > using Go on an Pi. > > I know its just a pet project by me but I wonder if there is a better > place if I have specific go question I get now like > GC issuses with 32 Bit ARM ?? > > > > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [go-nuts] encoding/csv: Is this a bug?
See: https://github.com/golang/go/issues/7897 See also: https://gist.github.com/ajstarks/04a61ace4fc8e18f51fda8da6adac017 for a program I use to read CSVs on a Mac. I typically use "Windows Comma Separated" when saving from Excel. On Monday, July 17, 2017 at 11:07:43 PM UTC-4, Matt Harden wrote: > > I suspect that this has to do with the line-ending characters on a Mac. I > think Excel is writing the file with each line ending with a CR character. > The encoding/csv package expects RFC 4180 format (each line terminated with > CRLF), which is what Excel writes when you select "Windows Comma Separated". > > I don't know a super-easy way to make encoding/csv accept the first format. > > On Mon, Jul 17, 2017 at 4:42 PM Dat Huynh <audat...@gmail.com > > wrote: > >> Hi all, >> >> I have a problem with parsing a .csv file using the library >> "encoding/csv". >> >> I wonder if that is the problem of Microsoft Excel or the Go library. >> >> I am using Microsoft Excel version 14.2.2 on MacOS and go1.8.3 >> darwin/amd64 >> >> What did I do? >> >> Firstly I input the below values into an Excel sheet, and save as a .csv >> file. >> value 11 value 12 >> value 21 value 22 >> value 31 value 32 >> >> If I choose "Comma Separated Values (.csv)" in the option "Format", type >> the file name "data.csv", and run my Go app, it returns: >> >> $ go run demo.go >> value 31 value 32]12 >> >> If I choose "Window Comma Separated (.csv)" in the option "Format", type >> the file name "data.csv", and run my Go app, it works well. >> >> $ go run demo.go >> 0 [value 11 value 12] >> 1 [value 21 value 22] >> 2 [value 31 value 32] >> >> Could you please confirm if this is a bug of the library or MS Excel? >> >> Below is my code. >> >> package main >> >> import ( >> "encoding/csv" >> "fmt" >> "os" >> ) >> >> func main() { >> file, _ := os.Open("data.csv") >> defer file.Close() >> csvReader := csv.NewReader(file) >> records, _ := csvReader.ReadAll() >> for index, record := range records { >> fmt.Println(index, record) >> } >> } >> >> Thank you very much. >> >> Regards, >> Dat Huynh. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "golang-nuts" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to golang-nuts...@googlegroups.com . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.