[jira] [Commented] (MNEMONIC-343) Add a switch option to select specific example to run

[Ganhua Zhang (JIRA)]

[ 
https://issues.apache.org/jira/browse/MNEMONIC-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16165780#comment-16165780
 ] 

Ganhua Zhang commented on MNEMONIC-343:
---

Created a new image and built successfully.

> Add a switch option to select specific example to run
> -
>
> Key: MNEMONIC-343
> URL: https://issues.apache.org/jira/browse/MNEMONIC-343
> Project: Mnemonic
>  Issue Type: Improvement
>  Components: Example
>Affects Versions: 0.9.0-incubating
>Reporter: Wang, Gang
>Assignee: Ganhua Zhang
>
> The switch option is used for the user to run the different example in one 
> example application. 
> {code:none}
> $ mvn exec:exec -Pexample -pl mnemonic-examples   parameters>
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (MNEMONIC-343) Add a switch option to select specific example to run

[Ganhua Zhang (JIRA)]

[ 
https://issues.apache.org/jira/browse/MNEMONIC-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16165732#comment-16165732
 ] 

Ganhua Zhang edited comment on MNEMONIC-343 at 9/14/17 4:48 AM:


Thanks [~valsee] & [~johnugeorge] for checking the docker image!

I'll check the settings of docker and docker image on my machine.


was (Author: ganhua.zhang):
Thanks [~valsee] & [~johnugeorge] for checking the docker image!

I'll check the docker and the image settings on my machine.

> Add a switch option to select specific example to run
> -
>
> Key: MNEMONIC-343
> URL: https://issues.apache.org/jira/browse/MNEMONIC-343
> Project: Mnemonic
>  Issue Type: Improvement
>  Components: Example
>Affects Versions: 0.9.0-incubating
>Reporter: Wang, Gang
>Assignee: Ganhua Zhang
>
> The switch option is used for the user to run the different example in one 
> example application. 
> {code:none}
> $ mvn exec:exec -Pexample -pl mnemonic-examples   parameters>
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (MNEMONIC-343) Add a switch option to select specific example to run

[Ganhua Zhang (JIRA)]

[ 
https://issues.apache.org/jira/browse/MNEMONIC-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16165732#comment-16165732
 ] 

Ganhua Zhang commented on MNEMONIC-343:
---

Thanks [~valsee] & [~johnugeorge] for checking the docker image!

I'll check the docker and the image settings on my machine.

> Add a switch option to select specific example to run
> -
>
> Key: MNEMONIC-343
> URL: https://issues.apache.org/jira/browse/MNEMONIC-343
> Project: Mnemonic
>  Issue Type: Improvement
>  Components: Example
>Affects Versions: 0.9.0-incubating
>Reporter: Wang, Gang
>Assignee: Ganhua Zhang
>
> The switch option is used for the user to run the different example in one 
> example application. 
> {code:none}
> $ mvn exec:exec -Pexample -pl mnemonic-examples   parameters>
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (MNEMONIC-368) Update Mnemonic website to reflect latest 0.9.0 release

[wen tong (JIRA)]

 [ 
https://issues.apache.org/jira/browse/MNEMONIC-368?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

wen tong reassigned MNEMONIC-368:
-

Assignee: wen tong

> Update Mnemonic website to reflect latest 0.9.0 release
> ---
>
> Key: MNEMONIC-368
> URL: https://issues.apache.org/jira/browse/MNEMONIC-368
> Project: Mnemonic
>  Issue Type: Task
>  Components: Release
>Reporter: Johnu George
>Assignee: wen tong
>
> Update https://mnemonic.incubator.apache.org/downloads/ to download latest 
> 0.9.0 incubating release



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (MNEMONIC-304) Add support for Pair to ParameterHolder class to handle optional parameters

[Yanhui Zhao (JIRA)]

 [ 
https://issues.apache.org/jira/browse/MNEMONIC-304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yanhui Zhao resolved MNEMONIC-304.
--
   Resolution: Fixed
Fix Version/s: 0.9.0-incubating

Resolved

> Add support for Pair to ParameterHolder class to handle optional parameters
> ---
>
> Key: MNEMONIC-304
> URL: https://issues.apache.org/jira/browse/MNEMONIC-304
> Project: Mnemonic
>  Issue Type: Improvement
>  Components: Core
>Affects Versions: 0.8.0-incubating
>Reporter: Yanhui Zhao
>Assignee: Yanhui Zhao
>Priority: Minor
>  Labels: features
> Fix For: 0.9.0-incubating
>
>
> Some test cases need to pass Pair as parameters when creating durable class. 
> Current ParameterHolder class doesn't have the support for this feature.  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (MNEMONIC-304) Add support for Pair to ParameterHolder class to handle optional parameters

[Yanhui Zhao (JIRA)]

 [ 
https://issues.apache.org/jira/browse/MNEMONIC-304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yanhui Zhao closed MNEMONIC-304.


Issue resolved. Closing ticket

> Add support for Pair to ParameterHolder class to handle optional parameters
> ---
>
> Key: MNEMONIC-304
> URL: https://issues.apache.org/jira/browse/MNEMONIC-304
> Project: Mnemonic
>  Issue Type: Improvement
>  Components: Core
>Affects Versions: 0.8.0-incubating
>Reporter: Yanhui Zhao
>Assignee: Yanhui Zhao
>Priority: Minor
>  Labels: features
> Fix For: 0.9.0-incubating
>
>
> Some test cases need to pass Pair as parameters when creating durable class. 
> Current ParameterHolder class doesn't have the support for this feature.  



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (MNEMONIC-364) Add GPG failure handling in release script

[Johnu George (JIRA)]

 [ 
https://issues.apache.org/jira/browse/MNEMONIC-364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Johnu George closed MNEMONIC-364.
-
Resolution: Fixed

> Add GPG failure handling in release script
> --
>
> Key: MNEMONIC-364
> URL: https://issues.apache.org/jira/browse/MNEMONIC-364
> Project: Mnemonic
>  Issue Type: Bug
>  Components: Release
>Affects Versions: 0.9.0-incubating
>Reporter: Johnu George
>Assignee: Wang, Gang
> Fix For: 0.9.0-incubating
>
>
> Handle GPG failure conditions  in release script.  The release script should 
> exit without proceeding if GPG fails



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (MNEMONIC-366) Add new committer info into develop page of website

[Wang, Gang (JIRA)]

 [ 
https://issues.apache.org/jira/browse/MNEMONIC-366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Wang, Gang resolved MNEMONIC-366.
-
   Resolution: Fixed
Fix Version/s: 0.10.0-incubating

> Add new committer info into develop page of website
> ---
>
> Key: MNEMONIC-366
> URL: https://issues.apache.org/jira/browse/MNEMONIC-366
> Project: Mnemonic
>  Issue Type: Task
>  Components: Website
>Affects Versions: 0.9.0-incubating
>Reporter: Wang, Gang
>Assignee: Wang, Gang
> Fix For: 0.10.0-incubating
>
>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (MNEMONIC-368) Update Mnemonic website to reflect latest 0.9.0 release

[Johnu George (JIRA)]

Johnu George created MNEMONIC-368:
-

 Summary: Update Mnemonic website to reflect latest 0.9.0 release
 Key: MNEMONIC-368
 URL: https://issues.apache.org/jira/browse/MNEMONIC-368
 Project: Mnemonic
  Issue Type: Task
  Components: Release
Reporter: Johnu George


Update https://mnemonic.incubator.apache.org/downloads/ to download latest 
0.9.0 incubating release



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: [ANNOUNCE] Apache Mnemonic-0.9.0-incubating released

[Gang(Gary) Wang]

Thank you for releasing the mnemonic-0.9.0-incubating.


On Wed, Sep 13, 2017 at 12:18 PM, Johnu George  wrote:

> The Apache Mnemonic community is pleased to announce the release of Apache
> Mnemonic-0.9.0-incubating.
>
> Apache Mnemonic is an advanced hybrid memory storage oriented library, it's
> proposed a non-volatile/durable Java object model and
> durable computing model that bring several advantages to significantly
> improve the performance of massive real-time data processing/analytic.
> developers are able to use this library to design their cache-less and
> SerDe-less high performance applications.
>
> The release is available for download at:
>
>
> https://dist.apache.org/repos/dist/release/incubator/
> mnemonic/0.9.0-incubating
>
> The full changelog is available at:
> https://dist.apache.org/repos/dist/release/incubator/
> mnemonic/0.9.0-incubating/CHANGES.txt
>
> We would like to thank all contributors who made this release possible!
>

[ANNOUNCE] Apache Mnemonic-0.9.0-incubating released

[Johnu George]

The Apache Mnemonic community is pleased to announce the release of Apache
Mnemonic-0.9.0-incubating.

Apache Mnemonic is an advanced hybrid memory storage oriented library, it's
proposed a non-volatile/durable Java object model and
durable computing model that bring several advantages to significantly
improve the performance of massive real-time data processing/analytic.
developers are able to use this library to design their cache-less and
SerDe-less high performance applications.

The release is available for download at:


https://dist.apache.org/repos/dist/release/incubator/mnemonic/0.9.0-incubating

The full changelog is available at:
https://dist.apache.org/repos/dist/release/incubator/mnemonic/0.9.0-incubating/CHANGES.txt

We would like to thank all contributors who made this release possible!

Re: Learn from Equifax breach

[Debojyoti Dutta]

Ok will create a Jira and take it up. 

Sent from my iPhone

> On Sep 13, 2017, at 11:00 AM, Gang(Gary) Wang  wrote:
> 
> Sure and please also point out which need to be fixed if possible, Thanks!
> 
>> On Wed, Sep 13, 2017 at 10:52 AM, Debojyoti Dutta  wrote:
>> 
>> Thanks Gary for the insightful thread. Maybe run our code base against a
>> threat ID tool?
>> 
>> Debo
>> 
>> Sent from my iPhone
>> 
>>> On Sep 13, 2017, at 10:14 AM, Gang(Gary) Wang  wrote:
>>> 
>>> One of our contributors told me that this breach is related to a
>>> serialized object that Mnemonic has tried to avoid as below
>>> 
>>> "However, “for either vulnerability, the process is basically the same.
>> The
>>> attacker sends a specific HTTP request containing some special syntax.
>> In
>>> one case, an OGNL expression.  In the other, a serialized object,” he
>> said
>>> in comments emailed to SC Media. “The Equifax Struts application would
>>> receive this request, and get tricked into executing operating system
>>> commands.”
>>> 
>>> The attacker can then “use these to take over the entire box – do
>> anything
>>> the application can do,” Williams said. “So, they probably stole the
>>> database credentials out of the application, ran some queries, and then
>>> exfiltrated the data to some server they control on the internet.”"
>>> 
>>> https://www.scmagazine.com/apache-struts-vulnerability-
>> likely-behind-equifax-breach-congress-launches-probes/article/687955/
>>> 
>>> IMHO, from the technical view point, Mnemonic has nothing about how to
>>> interact with UI layer. Theoretically, Mnemonic's linked durable objects
>>> could be transferred between different layers to avoid SerDe, user code
>>> makes use of those durable object for their own business logics.
>>> 
>>> Regarding the Durable Query Model (DQM), it has not yet been fully
>>> implemented, we need to consider any possible injection and provide the
>>> proper measure to prevent potential breaches.
>>> 
>>> Thanks!
>> 

Re: Learn from Equifax breach

[Gang(Gary) Wang]

Sure and please also point out which need to be fixed if possible, Thanks!

On Wed, Sep 13, 2017 at 10:52 AM, Debojyoti Dutta  wrote:

> Thanks Gary for the insightful thread. Maybe run our code base against a
> threat ID tool?
>
> Debo
>
> Sent from my iPhone
>
> > On Sep 13, 2017, at 10:14 AM, Gang(Gary) Wang  wrote:
> >
> > One of our contributors told me that this breach is related to a
> > serialized object that Mnemonic has tried to avoid as below
> >
> > "However, “for either vulnerability, the process is basically the same.
> The
> > attacker sends a specific HTTP request containing some special syntax.
> In
> > one case, an OGNL expression.  In the other, a serialized object,” he
> said
> > in comments emailed to SC Media. “The Equifax Struts application would
> > receive this request, and get tricked into executing operating system
> > commands.”
> >
> > The attacker can then “use these to take over the entire box – do
> anything
> > the application can do,” Williams said. “So, they probably stole the
> > database credentials out of the application, ran some queries, and then
> > exfiltrated the data to some server they control on the internet.”"
> >
> > https://www.scmagazine.com/apache-struts-vulnerability-
> likely-behind-equifax-breach-congress-launches-probes/article/687955/
> >
> > IMHO, from the technical view point, Mnemonic has nothing about how to
> > interact with UI layer. Theoretically, Mnemonic's linked durable objects
> > could be transferred between different layers to avoid SerDe, user code
> > makes use of those durable object for their own business logics.
> >
> > Regarding the Durable Query Model (DQM), it has not yet been fully
> > implemented, we need to consider any possible injection and provide the
> > proper measure to prevent potential breaches.
> >
> > Thanks!
>

Re: Learn from Equifax breach

[Debojyoti Dutta]

Thanks Gary for the insightful thread. Maybe run our code base against a threat 
ID tool?

Debo

Sent from my iPhone

> On Sep 13, 2017, at 10:14 AM, Gang(Gary) Wang  wrote:
> 
> One of our contributors told me that this breach is related to a
> serialized object that Mnemonic has tried to avoid as below
> 
> "However, “for either vulnerability, the process is basically the same. The
> attacker sends a specific HTTP request containing some special syntax.  In
> one case, an OGNL expression.  In the other, a serialized object,” he said
> in comments emailed to SC Media. “The Equifax Struts application would
> receive this request, and get tricked into executing operating system
> commands.”
> 
> The attacker can then “use these to take over the entire box – do anything
> the application can do,” Williams said. “So, they probably stole the
> database credentials out of the application, ran some queries, and then
> exfiltrated the data to some server they control on the internet.”"
> 
> https://www.scmagazine.com/apache-struts-vulnerability-likely-behind-equifax-breach-congress-launches-probes/article/687955/
> 
> IMHO, from the technical view point, Mnemonic has nothing about how to
> interact with UI layer. Theoretically, Mnemonic's linked durable objects
> could be transferred between different layers to avoid SerDe, user code
> makes use of those durable object for their own business logics.
> 
> Regarding the Durable Query Model (DQM), it has not yet been fully
> implemented, we need to consider any possible injection and provide the
> proper measure to prevent potential breaches.
> 
> Thanks!

Learn from Equifax breach

[Gang(Gary) Wang]

One of our contributors told me that this breach is related to a
serialized object that Mnemonic has tried to avoid as below

"However, “for either vulnerability, the process is basically the same. The
attacker sends a specific HTTP request containing some special syntax.  In
one case, an OGNL expression.  In the other, a serialized object,” he said
in comments emailed to SC Media. “The Equifax Struts application would
receive this request, and get tricked into executing operating system
commands.”

The attacker can then “use these to take over the entire box – do anything
the application can do,” Williams said. “So, they probably stole the
database credentials out of the application, ran some queries, and then
exfiltrated the data to some server they control on the internet.”"

https://www.scmagazine.com/apache-struts-vulnerability-likely-behind-equifax-breach-congress-launches-probes/article/687955/

IMHO, from the technical view point, Mnemonic has nothing about how to
interact with UI layer. Theoretically, Mnemonic's linked durable objects
could be transferred between different layers to avoid SerDe, user code
makes use of those durable object for their own business logics.

Regarding the Durable Query Model (DQM), it has not yet been fully
implemented, we need to consider any possible injection and provide the
proper measure to prevent potential breaches.

Thanks!

[jira] [Closed] (MNEMONIC-333) Create Dockerfile for Mnemonic website

[wen tong (JIRA)]

 [ 
https://issues.apache.org/jira/browse/MNEMONIC-333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

wen tong closed MNEMONIC-333.
-
Resolution: Fixed

Fixed! 

> Create Dockerfile for Mnemonic website 
> ---
>
> Key: MNEMONIC-333
> URL: https://issues.apache.org/jira/browse/MNEMONIC-333
> Project: Mnemonic
>  Issue Type: Improvement
>  Components: Website
>Affects Versions: 0.9.0-incubating
>Reporter: wen tong
>Assignee: wen tong
>Priority: Minor
> Fix For: 0.10.0-incubating
>
> Attachments: 
> 0001-MNEMONIC-333-Create-Dockerfile-for-Mnemonic-website.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (MNEMONIC-333) Create Dockerfile for Mnemonic website

[wen tong (JIRA)]

 [ 
https://issues.apache.org/jira/browse/MNEMONIC-333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

wen tong updated MNEMONIC-333:
--
Affects Version/s: 0.9.0-incubating
Fix Version/s: 0.10.0-incubating
  Component/s: Website

> Create Dockerfile for Mnemonic website 
> ---
>
> Key: MNEMONIC-333
> URL: https://issues.apache.org/jira/browse/MNEMONIC-333
> Project: Mnemonic
>  Issue Type: Improvement
>  Components: Website
>Affects Versions: 0.9.0-incubating
>Reporter: wen tong
>Assignee: wen tong
>Priority: Minor
> Fix For: 0.10.0-incubating
>
> Attachments: 
> 0001-MNEMONIC-333-Create-Dockerfile-for-Mnemonic-website.patch
>
>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)