[jira] [Commented] (MNEMONIC-343) Add a switch option to select specific example to run
[ https://issues.apache.org/jira/browse/MNEMONIC-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16165780#comment-16165780 ] Ganhua Zhang commented on MNEMONIC-343: --- Created a new image and built successfully. > Add a switch option to select specific example to run > - > > Key: MNEMONIC-343 > URL: https://issues.apache.org/jira/browse/MNEMONIC-343 > Project: Mnemonic > Issue Type: Improvement > Components: Example >Affects Versions: 0.9.0-incubating >Reporter: Wang, Gang >Assignee: Ganhua Zhang > > The switch option is used for the user to run the different example in one > example application. > {code:none} > $ mvn exec:exec -Pexample -pl mnemonic-examples parameters> > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Comment Edited] (MNEMONIC-343) Add a switch option to select specific example to run
[ https://issues.apache.org/jira/browse/MNEMONIC-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16165732#comment-16165732 ] Ganhua Zhang edited comment on MNEMONIC-343 at 9/14/17 4:48 AM: Thanks [~valsee] & [~johnugeorge] for checking the docker image! I'll check the settings of docker and docker image on my machine. was (Author: ganhua.zhang): Thanks [~valsee] & [~johnugeorge] for checking the docker image! I'll check the docker and the image settings on my machine. > Add a switch option to select specific example to run > - > > Key: MNEMONIC-343 > URL: https://issues.apache.org/jira/browse/MNEMONIC-343 > Project: Mnemonic > Issue Type: Improvement > Components: Example >Affects Versions: 0.9.0-incubating >Reporter: Wang, Gang >Assignee: Ganhua Zhang > > The switch option is used for the user to run the different example in one > example application. > {code:none} > $ mvn exec:exec -Pexample -pl mnemonic-examples parameters> > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (MNEMONIC-343) Add a switch option to select specific example to run
[ https://issues.apache.org/jira/browse/MNEMONIC-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16165732#comment-16165732 ] Ganhua Zhang commented on MNEMONIC-343: --- Thanks [~valsee] & [~johnugeorge] for checking the docker image! I'll check the docker and the image settings on my machine. > Add a switch option to select specific example to run > - > > Key: MNEMONIC-343 > URL: https://issues.apache.org/jira/browse/MNEMONIC-343 > Project: Mnemonic > Issue Type: Improvement > Components: Example >Affects Versions: 0.9.0-incubating >Reporter: Wang, Gang >Assignee: Ganhua Zhang > > The switch option is used for the user to run the different example in one > example application. > {code:none} > $ mvn exec:exec -Pexample -pl mnemonic-examples parameters> > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Assigned] (MNEMONIC-368) Update Mnemonic website to reflect latest 0.9.0 release
[ https://issues.apache.org/jira/browse/MNEMONIC-368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] wen tong reassigned MNEMONIC-368: - Assignee: wen tong > Update Mnemonic website to reflect latest 0.9.0 release > --- > > Key: MNEMONIC-368 > URL: https://issues.apache.org/jira/browse/MNEMONIC-368 > Project: Mnemonic > Issue Type: Task > Components: Release >Reporter: Johnu George >Assignee: wen tong > > Update https://mnemonic.incubator.apache.org/downloads/ to download latest > 0.9.0 incubating release -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (MNEMONIC-304) Add support for Pair to ParameterHolder class to handle optional parameters
[ https://issues.apache.org/jira/browse/MNEMONIC-304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yanhui Zhao resolved MNEMONIC-304. -- Resolution: Fixed Fix Version/s: 0.9.0-incubating Resolved > Add support for Pair to ParameterHolder class to handle optional parameters > --- > > Key: MNEMONIC-304 > URL: https://issues.apache.org/jira/browse/MNEMONIC-304 > Project: Mnemonic > Issue Type: Improvement > Components: Core >Affects Versions: 0.8.0-incubating >Reporter: Yanhui Zhao >Assignee: Yanhui Zhao >Priority: Minor > Labels: features > Fix For: 0.9.0-incubating > > > Some test cases need to pass Pair as parameters when creating durable class. > Current ParameterHolder class doesn't have the support for this feature. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (MNEMONIC-304) Add support for Pair to ParameterHolder class to handle optional parameters
[ https://issues.apache.org/jira/browse/MNEMONIC-304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yanhui Zhao closed MNEMONIC-304. Issue resolved. Closing ticket > Add support for Pair to ParameterHolder class to handle optional parameters > --- > > Key: MNEMONIC-304 > URL: https://issues.apache.org/jira/browse/MNEMONIC-304 > Project: Mnemonic > Issue Type: Improvement > Components: Core >Affects Versions: 0.8.0-incubating >Reporter: Yanhui Zhao >Assignee: Yanhui Zhao >Priority: Minor > Labels: features > Fix For: 0.9.0-incubating > > > Some test cases need to pass Pair as parameters when creating durable class. > Current ParameterHolder class doesn't have the support for this feature. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Closed] (MNEMONIC-364) Add GPG failure handling in release script
[ https://issues.apache.org/jira/browse/MNEMONIC-364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Johnu George closed MNEMONIC-364. - Resolution: Fixed > Add GPG failure handling in release script > -- > > Key: MNEMONIC-364 > URL: https://issues.apache.org/jira/browse/MNEMONIC-364 > Project: Mnemonic > Issue Type: Bug > Components: Release >Affects Versions: 0.9.0-incubating >Reporter: Johnu George >Assignee: Wang, Gang > Fix For: 0.9.0-incubating > > > Handle GPG failure conditions in release script. The release script should > exit without proceeding if GPG fails -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Resolved] (MNEMONIC-366) Add new committer info into develop page of website
[ https://issues.apache.org/jira/browse/MNEMONIC-366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wang, Gang resolved MNEMONIC-366. - Resolution: Fixed Fix Version/s: 0.10.0-incubating > Add new committer info into develop page of website > --- > > Key: MNEMONIC-366 > URL: https://issues.apache.org/jira/browse/MNEMONIC-366 > Project: Mnemonic > Issue Type: Task > Components: Website >Affects Versions: 0.9.0-incubating >Reporter: Wang, Gang >Assignee: Wang, Gang > Fix For: 0.10.0-incubating > > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (MNEMONIC-368) Update Mnemonic website to reflect latest 0.9.0 release
Johnu George created MNEMONIC-368: - Summary: Update Mnemonic website to reflect latest 0.9.0 release Key: MNEMONIC-368 URL: https://issues.apache.org/jira/browse/MNEMONIC-368 Project: Mnemonic Issue Type: Task Components: Release Reporter: Johnu George Update https://mnemonic.incubator.apache.org/downloads/ to download latest 0.9.0 incubating release -- This message was sent by Atlassian JIRA (v6.4.14#64029)
Re: [ANNOUNCE] Apache Mnemonic-0.9.0-incubating released
Thank you for releasing the mnemonic-0.9.0-incubating. On Wed, Sep 13, 2017 at 12:18 PM, Johnu Georgewrote: > The Apache Mnemonic community is pleased to announce the release of Apache > Mnemonic-0.9.0-incubating. > > Apache Mnemonic is an advanced hybrid memory storage oriented library, it's > proposed a non-volatile/durable Java object model and > durable computing model that bring several advantages to significantly > improve the performance of massive real-time data processing/analytic. > developers are able to use this library to design their cache-less and > SerDe-less high performance applications. > > The release is available for download at: > > > https://dist.apache.org/repos/dist/release/incubator/ > mnemonic/0.9.0-incubating > > The full changelog is available at: > https://dist.apache.org/repos/dist/release/incubator/ > mnemonic/0.9.0-incubating/CHANGES.txt > > We would like to thank all contributors who made this release possible! >
[ANNOUNCE] Apache Mnemonic-0.9.0-incubating released
The Apache Mnemonic community is pleased to announce the release of Apache Mnemonic-0.9.0-incubating. Apache Mnemonic is an advanced hybrid memory storage oriented library, it's proposed a non-volatile/durable Java object model and durable computing model that bring several advantages to significantly improve the performance of massive real-time data processing/analytic. developers are able to use this library to design their cache-less and SerDe-less high performance applications. The release is available for download at: https://dist.apache.org/repos/dist/release/incubator/mnemonic/0.9.0-incubating The full changelog is available at: https://dist.apache.org/repos/dist/release/incubator/mnemonic/0.9.0-incubating/CHANGES.txt We would like to thank all contributors who made this release possible!
Re: Learn from Equifax breach
Ok will create a Jira and take it up. Sent from my iPhone > On Sep 13, 2017, at 11:00 AM, Gang(Gary) Wangwrote: > > Sure and please also point out which need to be fixed if possible, Thanks! > >> On Wed, Sep 13, 2017 at 10:52 AM, Debojyoti Dutta wrote: >> >> Thanks Gary for the insightful thread. Maybe run our code base against a >> threat ID tool? >> >> Debo >> >> Sent from my iPhone >> >>> On Sep 13, 2017, at 10:14 AM, Gang(Gary) Wang wrote: >>> >>> One of our contributors told me that this breach is related to a >>> serialized object that Mnemonic has tried to avoid as below >>> >>> "However, “for either vulnerability, the process is basically the same. >> The >>> attacker sends a specific HTTP request containing some special syntax. >> In >>> one case, an OGNL expression. In the other, a serialized object,” he >> said >>> in comments emailed to SC Media. “The Equifax Struts application would >>> receive this request, and get tricked into executing operating system >>> commands.” >>> >>> The attacker can then “use these to take over the entire box – do >> anything >>> the application can do,” Williams said. “So, they probably stole the >>> database credentials out of the application, ran some queries, and then >>> exfiltrated the data to some server they control on the internet.”" >>> >>> https://www.scmagazine.com/apache-struts-vulnerability- >> likely-behind-equifax-breach-congress-launches-probes/article/687955/ >>> >>> IMHO, from the technical view point, Mnemonic has nothing about how to >>> interact with UI layer. Theoretically, Mnemonic's linked durable objects >>> could be transferred between different layers to avoid SerDe, user code >>> makes use of those durable object for their own business logics. >>> >>> Regarding the Durable Query Model (DQM), it has not yet been fully >>> implemented, we need to consider any possible injection and provide the >>> proper measure to prevent potential breaches. >>> >>> Thanks! >>
Re: Learn from Equifax breach
Sure and please also point out which need to be fixed if possible, Thanks! On Wed, Sep 13, 2017 at 10:52 AM, Debojyoti Duttawrote: > Thanks Gary for the insightful thread. Maybe run our code base against a > threat ID tool? > > Debo > > Sent from my iPhone > > > On Sep 13, 2017, at 10:14 AM, Gang(Gary) Wang wrote: > > > > One of our contributors told me that this breach is related to a > > serialized object that Mnemonic has tried to avoid as below > > > > "However, “for either vulnerability, the process is basically the same. > The > > attacker sends a specific HTTP request containing some special syntax. > In > > one case, an OGNL expression. In the other, a serialized object,” he > said > > in comments emailed to SC Media. “The Equifax Struts application would > > receive this request, and get tricked into executing operating system > > commands.” > > > > The attacker can then “use these to take over the entire box – do > anything > > the application can do,” Williams said. “So, they probably stole the > > database credentials out of the application, ran some queries, and then > > exfiltrated the data to some server they control on the internet.”" > > > > https://www.scmagazine.com/apache-struts-vulnerability- > likely-behind-equifax-breach-congress-launches-probes/article/687955/ > > > > IMHO, from the technical view point, Mnemonic has nothing about how to > > interact with UI layer. Theoretically, Mnemonic's linked durable objects > > could be transferred between different layers to avoid SerDe, user code > > makes use of those durable object for their own business logics. > > > > Regarding the Durable Query Model (DQM), it has not yet been fully > > implemented, we need to consider any possible injection and provide the > > proper measure to prevent potential breaches. > > > > Thanks! >
Re: Learn from Equifax breach
Thanks Gary for the insightful thread. Maybe run our code base against a threat ID tool? Debo Sent from my iPhone > On Sep 13, 2017, at 10:14 AM, Gang(Gary) Wangwrote: > > One of our contributors told me that this breach is related to a > serialized object that Mnemonic has tried to avoid as below > > "However, “for either vulnerability, the process is basically the same. The > attacker sends a specific HTTP request containing some special syntax. In > one case, an OGNL expression. In the other, a serialized object,” he said > in comments emailed to SC Media. “The Equifax Struts application would > receive this request, and get tricked into executing operating system > commands.” > > The attacker can then “use these to take over the entire box – do anything > the application can do,” Williams said. “So, they probably stole the > database credentials out of the application, ran some queries, and then > exfiltrated the data to some server they control on the internet.”" > > https://www.scmagazine.com/apache-struts-vulnerability-likely-behind-equifax-breach-congress-launches-probes/article/687955/ > > IMHO, from the technical view point, Mnemonic has nothing about how to > interact with UI layer. Theoretically, Mnemonic's linked durable objects > could be transferred between different layers to avoid SerDe, user code > makes use of those durable object for their own business logics. > > Regarding the Durable Query Model (DQM), it has not yet been fully > implemented, we need to consider any possible injection and provide the > proper measure to prevent potential breaches. > > Thanks!
Learn from Equifax breach
One of our contributors told me that this breach is related to a serialized object that Mnemonic has tried to avoid as below "However, “for either vulnerability, the process is basically the same. The attacker sends a specific HTTP request containing some special syntax. In one case, an OGNL expression. In the other, a serialized object,” he said in comments emailed to SC Media. “The Equifax Struts application would receive this request, and get tricked into executing operating system commands.” The attacker can then “use these to take over the entire box – do anything the application can do,” Williams said. “So, they probably stole the database credentials out of the application, ran some queries, and then exfiltrated the data to some server they control on the internet.”" https://www.scmagazine.com/apache-struts-vulnerability-likely-behind-equifax-breach-congress-launches-probes/article/687955/ IMHO, from the technical view point, Mnemonic has nothing about how to interact with UI layer. Theoretically, Mnemonic's linked durable objects could be transferred between different layers to avoid SerDe, user code makes use of those durable object for their own business logics. Regarding the Durable Query Model (DQM), it has not yet been fully implemented, we need to consider any possible injection and provide the proper measure to prevent potential breaches. Thanks!
[jira] [Closed] (MNEMONIC-333) Create Dockerfile for Mnemonic website
[ https://issues.apache.org/jira/browse/MNEMONIC-333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] wen tong closed MNEMONIC-333. - Resolution: Fixed Fixed! > Create Dockerfile for Mnemonic website > --- > > Key: MNEMONIC-333 > URL: https://issues.apache.org/jira/browse/MNEMONIC-333 > Project: Mnemonic > Issue Type: Improvement > Components: Website >Affects Versions: 0.9.0-incubating >Reporter: wen tong >Assignee: wen tong >Priority: Minor > Fix For: 0.10.0-incubating > > Attachments: > 0001-MNEMONIC-333-Create-Dockerfile-for-Mnemonic-website.patch > > -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (MNEMONIC-333) Create Dockerfile for Mnemonic website
[ https://issues.apache.org/jira/browse/MNEMONIC-333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] wen tong updated MNEMONIC-333: -- Affects Version/s: 0.9.0-incubating Fix Version/s: 0.10.0-incubating Component/s: Website > Create Dockerfile for Mnemonic website > --- > > Key: MNEMONIC-333 > URL: https://issues.apache.org/jira/browse/MNEMONIC-333 > Project: Mnemonic > Issue Type: Improvement > Components: Website >Affects Versions: 0.9.0-incubating >Reporter: wen tong >Assignee: wen tong >Priority: Minor > Fix For: 0.10.0-incubating > > Attachments: > 0001-MNEMONIC-333-Create-Dockerfile-for-Mnemonic-website.patch > > -- This message was sent by Atlassian JIRA (v6.4.14#64029)