knusbaum

knusbaum

Member Since 9 years ago

Experience Points
33
follower
Lessons Completed
13
follow
Lessons Completed
53
stars
Best Reply Awards
51
repos

275 contributions in the last year

Pinned
⚡ Loading Classes dynamically from shared objects at runtime
⚡ An x86 kernel
⚡ 9P2000 implementation in Go
⚡ Compile ASN.1 with Rebar3
⚡ A gopher browser written in Common Lisp, using the McCLIM UI library.
⚡ A Common Lisp style restart library for Clojure
Activity
Jan
18
1 day ago
Activity icon
issue

knusbaum issue comment void-linux/void-packages

knusbaum
knusbaum

log4j fallout

These packages contain old, vulnerable versions of log4j.

  • apache-jmeter-5.3_1 /usr/libexec/apache-jmeter/lib/log4j-core-2.13.1.jar
  • apache-storm-2.2.0_3 /usr/lib/apache-storm/external/storm-autocreds/log4j-core-2.11.2.jar
  • arduino-1.8.13_1 /usr/lib/arduino/lib/log4j-core-2.12.0.jar
  • elasticsearch-5.1.2_2 /usr/share/elasticsearch/lib/log4j-core-2.7.jar
  • sbt-1.3.10_2 /usr/share/sbt/lib/local-preloaded/org/apache/logging/log4j/log4j-core/2.11.2/log4j-core-2.11.2.jar

cc @knusbaum @bougyman @Gottox @igorsantana @Trojan295

pull request

knusbaum pull request void-linux/void-packages

knusbaum
knusbaum

apache-jmeter: update to 5.4.3.

This update includes a fix for the log4j vulnerability.

Testing the changes

  • I tested the changes in this PR: briefly

Apache Jmeter starts successfully after package installation.

Activity icon
created branch

knusbaum in knusbaum/void-packages create branch UPDATE-apache-jmeter

createdAt 14 hours ago
Activity icon
created tag

knusbaum in knusbaum/go9p create tag v0.19.3

createdAt 15 hours ago
push

knusbaum push knusbaum/go9p

knusbaum
knusbaum

commit sha: 638fd4c0fefbc8d92155151ccff94b664f0ff9b1

push time in 15 hours ago
push

knusbaum push knusbaum/void-packages

knusbaum
knusbaum

python3-ultrajson: update to 5.1.0.

knusbaum
knusbaum
knusbaum
knusbaum
knusbaum
knusbaum

python-Cython: update to 0.29.26.

knusbaum
knusbaum

python3-aioredis: update to 2.0.1.

knusbaum
knusbaum

python3-hypercorn: update to 0.13.1.

knusbaum
knusbaum

python3-imageio: update to 2.13.4.

knusbaum
knusbaum

python3-numpy: update to 1.21.5.

knusbaum
knusbaum
knusbaum
knusbaum

warzone2100: update to 4.2.4.

knusbaum
knusbaum

python3-mypy: update to 0.930.

knusbaum
knusbaum

synapse: install example config files into examples dir

Installing them suddenly in target path triggered xbps bug destroying previous configurations.

knusbaum
knusbaum

pcre2: update to 10.39.

Releases are on Github now.

knusbaum
knusbaum

mariadb: rebuild for pcre2-10.39_1, fix build on cmake.

knusbaum
knusbaum

etc/conf: implement XBPS_MIRROR for remote repos

Setting this variable will make xbps-src use an alternative mirror for remote repositories.

Using this variable one can change the remote repository for all architectures in a single setting and without the need to modify etc/xbps.d/repos-remote*.conf. This is much more convenient as it allows changing remote repos without a dirty worktree.

To use just add a line like the following to etc/conf:

XBPS_MIRROR=https://repo-us.voidlinux.org/current

We also disable 00-repository-main.conf for cross so we don't use the remote repo from the xbps package.

knusbaum
knusbaum

sublime-text4: update to version 4126

knusbaum
knusbaum
knusbaum
knusbaum

toxcore: update to 0.2.13.

Fixes CVE-2021-44847.

knusbaum
knusbaum
knusbaum
knusbaum

commit sha: 7d2e23839697dfc13df64c7fb4cdd296ce7ae29f

push time in 16 hours ago
Activity icon
issue

knusbaum issue comment void-linux/void-packages

knusbaum
knusbaum

log4j fallout

These packages contain old, vulnerable versions of log4j.

  • apache-jmeter-5.3_1 /usr/libexec/apache-jmeter/lib/log4j-core-2.13.1.jar
  • apache-storm-2.2.0_3 /usr/lib/apache-storm/external/storm-autocreds/log4j-core-2.11.2.jar
  • arduino-1.8.13_1 /usr/lib/arduino/lib/log4j-core-2.12.0.jar
  • elasticsearch-5.1.2_2 /usr/share/elasticsearch/lib/log4j-core-2.7.jar
  • sbt-1.3.10_2 /usr/share/sbt/lib/local-preloaded/org/apache/logging/log4j/log4j-core/2.11.2/log4j-core-2.11.2.jar

cc @knusbaum @bougyman @Gottox @igorsantana @Trojan295

knusbaum
knusbaum

apache-storm hasn't published new packages and replacing log4j and building it is non-trivial. apache-jmeter I will look at.

open pull request

knusbaum wants to merge DataDog/dd-trace-go

knusbaum
knusbaum

ddtrace/tracer: propagate _dd.p.upstream_services tags

Changes

  • Introduced a notion of trace level tags.
  • Introduced a notion of propagated trace level tags.
  • Introduced a new trace level tag _dd.p.upstream_services that holds the services changed sampling decisions.
knusbaum
knusbaum

👍 I suggested the same thing. If others agree, let's go ahead and move all of these.

pull request

knusbaum merge to DataDog/dd-trace-go

knusbaum
knusbaum

ddtrace/tracer: propagate _dd.p.upstream_services tags

Changes

  • Introduced a notion of trace level tags.
  • Introduced a notion of propagated trace level tags.
  • Introduced a new trace level tag _dd.p.upstream_services that holds the services changed sampling decisions.
Jan
17
2 days ago
pull request

knusbaum merge to DataDog/dd-trace-go

knusbaum
knusbaum

contrib/net/http: Add TraceAndServe and TraceConfig from contrib/internal/httputil

TraceAndServe of contrib/internal/httputil is useful to integrate with not contributed framework. And now it is satable, so mvoe to contrib/net/http from contrib/internal/httputil

refs #1047

knusbaum
knusbaum

@soh335 If you're able to upmerge this we can get it into 1.36.0. Otherwise we can take over the remaining work (just the upmerge) and get it in when we're able.

Jan
15
4 days ago
pull request

knusbaum pull request rjkroege/edwood

knusbaum
knusbaum

wind.go: check for nil file while locking/unlocking.

It seems that (*Window).body.file can be nil when a writing to an error window. I get the following panic when Deleting an error window while a program is writing to it:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0xb8 pc=0x1401cc2]

goroutine 50 [running]:
main.(*File).AllText(0x0, 0xc000095d18)
	/go/src/github.com/rjkroege/edwood/file.go:309 +0x22
main.(*Window).Lock(0xc000325800, 0x58)
	/go/src/github.com/rjkroege/edwood/wind.go:323 +0x8b
main.errorwin(0xc0000e4100, 0x58, 0x0)
	/go/src/github.com/rjkroege/edwood/util.go:154 +0x84
main.xfidwrite(0xc0000d8160)
	/go/src/github.com/rjkroege/edwood/xfid.go:438 +0x399
main.xfidctl(0xc0000d8160, 0x15cffe0, 0xc0001880e0)
	/go/src/github.com/rjkroege/edwood/xfid.go:39 +0x9c
created by main.xfidallocthread
	/go/src/github.com/rjkroege/edwood/acme.go:625 +0x221

It seems to be dependent on how fast the program is writing. If I run the program below with Button 2 in a directory window (so output goes to +Errors), and then close the +Errors window, The panic above happens.

package main

import (
	"fmt"
	"time"
)

func main() {
	var i int
	for {
		fmt.Printf("%d, ", i)
		i += 1
		time.Sleep(200 * time.Millisecond)
	}
}

Making sure thatw.body.file is not nil prevents the panic.

Activity icon
issue

knusbaum issue comment rjkroege/edwood

knusbaum
knusbaum

wind.go: check for nil file while locking/unlocking.

It seems that (*Window).body.file can be nil when a writing to an error window. I get the following panic when Deleting an error window while a program is writing to it:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0xb8 pc=0x1401cc2]

goroutine 50 [running]:
main.(*File).AllText(0x0, 0xc000095d18)
	/go/src/github.com/rjkroege/edwood/file.go:309 +0x22
main.(*Window).Lock(0xc000325800, 0x58)
	/go/src/github.com/rjkroege/edwood/wind.go:323 +0x8b
main.errorwin(0xc0000e4100, 0x58, 0x0)
	/go/src/github.com/rjkroege/edwood/util.go:154 +0x84
main.xfidwrite(0xc0000d8160)
	/go/src/github.com/rjkroege/edwood/xfid.go:438 +0x399
main.xfidctl(0xc0000d8160, 0x15cffe0, 0xc0001880e0)
	/go/src/github.com/rjkroege/edwood/xfid.go:39 +0x9c
created by main.xfidallocthread
	/go/src/github.com/rjkroege/edwood/acme.go:625 +0x221

It seems to be dependent on how fast the program is writing. If I run the program below with Button 2 in a directory window (so output goes to +Errors), and then close the +Errors window, The panic above happens.

package main

import (
	"fmt"
	"time"
)

func main() {
	var i int
	for {
		fmt.Printf("%d, ", i)
		i += 1
		time.Sleep(200 * time.Millisecond)
	}
}

Making sure thatw.body.file is not nil prevents the panic.

knusbaum
knusbaum

Hi @rjkroege .

I'm sorry, I forgot I had this PR open based on my fork's master branch.

I've been doing some experimenting, which is what you're seeing here. It is broken right now, haha. Sorry to waste your time. I'll close this.

If I ever revisit the original issue I'll open a new PR.

Jan
14
5 days ago
open pull request

knusbaum wants to merge DataDog/dd-trace-go

knusbaum
knusbaum

ddtrace/tracer: propagate _dd.p.upstream_services tags

Changes

  • Introduced a notion of trace level tags.
  • Introduced a notion of propagated trace level tags.
  • Introduced a new trace level tag _dd.p.upstream_services that holds the services changed sampling decisions.
knusbaum
knusbaum

👍 Thanks, this is great.

pull request

knusbaum merge to DataDog/dd-trace-go

knusbaum
knusbaum

ddtrace/tracer: propagate _dd.p.upstream_services tags

Changes

  • Introduced a notion of trace level tags.
  • Introduced a notion of propagated trace level tags.
  • Introduced a new trace level tag _dd.p.upstream_services that holds the services changed sampling decisions.
pull request

knusbaum merge to DataDog/dd-trace-go

knusbaum
knusbaum

ddtrace/tracer: propagate _dd.p.upstream_services tags

Changes

  • Introduced a notion of trace level tags.
  • Introduced a notion of propagated trace level tags.
  • Introduced a new trace level tag _dd.p.upstream_services that holds the services changed sampling decisions.
push

knusbaum push DataDog/dd-trace-go

knusbaum
knusbaum

tracer: profiler endpoints for spans without type (#1115)

tracer: profiler endpoints for span's without type

knusbaum
knusbaum

contrib/gocql/gocql: support Scanner and Batch (#1117)

  • Support for calling Iter.Scanner() in such a way that the Iter's trace actually closes
  • Support for Batch queries including calling WithContext and adding Query's to the batch after it has been wrapped batch.ExecuteBatch(session) error function which inverts the session.ExecuteBatch(batch) error signature to execute the batch with tracing

Additionally, WrapQuery was incorrectly using context.Background() instead of the passed query's Context method that could already have a parent trace attached to it.

Closes #1099

knusbaum
knusbaum
knusbaum
knusbaum

internal/version: bump to v1.36.0

knusbaum
knusbaum

circleci: enforce gorm contrib version to v1.22.4 (#1123)

knusbaum
knusbaum

appsec: security events over span tags (#1068)

Implement the new AppSec/APM integration by using the APM service entry spans to report AppSec events. It results in an important simplification as AppSec no longer needs its own intake client, writer goroutine, event payloads, etc.

The resulting main difference with the previous implementation is that the security event context is now created in the request hot path while it was formerly done in the AppSec writer goroutine. But since this is how the span tag API works right now, I thought it would be better to optimize this in a separate PR when necessary.

knusbaum
knusbaum

internal/appsec/dyngo/instrumentation/httpsec: monitor http response status codes (#1096)

Monitor the http response status code by passing the status code to httpsec, wire this new address into the WAF - by still calling the WAF only once -, and update libddwaf to >= v1.0.16 which fixes a bug we found. Note that the security rule introducing the new HTTP response status code rules was updated in #1092

Co-authored-by: François Mazeau [email protected]

knusbaum
knusbaum

internal/appsec/dyngo/instrumentation/httpsec: better and simpler monitoring of cookies (#1108)

The system-tests show that the raw value of the Cookie header gives better results by catching more attacks. The resulting implementation is even simpler and more efficient.

knusbaum
knusbaum

internal/appsec: add support for response headers in the tags (#1107)

Retrieve the response headers through http.ResponseWritter public API and add a parameter to SetSecurityEventTags for the function to also send response headers. Also make sure header normalization uses lower case to catch all headers.

Co-authored-by: Julio Guerra [email protected]

knusbaum
knusbaum

profiler: log configuration at profiling start (#1114)

To match what the tracer package currently does, and make debugging a little easier, log user-supplied configuration when starting a profiler. This is configurable with WithLogStartup (like tracer) and is on by default.

Tests had to be patched as well since the new, on-by-default logging drowned out all the test results. Updated tests to discard logs by default for testing the profiler package.

This also moves osName and osVersion into their own package and exports them to re-use the code in logging profiler configuration.

knusbaum
knusbaum

contrib/google.golang.org/grpc: add appsec monitoring of received rpc messages (#1105)

First version of the appsec integration into gRPC by monitoring the messages an RPC handler receives. To do so, the security rule address grpc.server.request.message is introduced in the WAF, and a new set of instrumentation gateway operations are now available in grpcsec.

knusbaum
knusbaum

contrib/go-chi: add option to ignore requests. (#1124)

Adds an option allowing a user-provided function to disable tracing for certain requests.

Fixes: #1121

knusbaum
knusbaum

contrib/net/http: use ignoreRequest in WrapHandler (#1049)

This commit corrects an oversight made when adding the WithIgnoreRequest option. The ignoreRequest function was only being called when using the ServeMux and not when using the WrapHandler function. Now WrapHandler works as expected and honors the function configured with WithIgnoreRequest.

Fixes #1018

knusbaum
knusbaum

contrib/labstack/{echo, echo.v4}: add support for noDebugStack (#1097)

This commit add's support for noDebugstack for both contrib/labstack/echo and contrib/labstack/echo.v4, which will prevent the tracer from attaching stack traces to errors originating in the echo integration.

Fixes: #999

knusbaum
knusbaum

Fallback to GlobalConfig serviceName if missing (#1027)

Rely on the defaulting logic in cfg.serverServiceName for the service name, since that falls back to globalconfig.ServiceName().

knusbaum
knusbaum

Merge branch 'v1' into knusbaum/faq-update

commit sha: ec38235b7d110903503f891fc3eb634b13a68f19

push time in 4 days ago
pull request

knusbaum merge to DataDog/dd-trace-go

knusbaum
knusbaum

contrib/net/http: Add TraceAndServe and TraceConfig from contrib/internal/httputil

TraceAndServe of contrib/internal/httputil is useful to integrate with not contributed framework. And now it is satable, so mvoe to contrib/net/http from contrib/internal/httputil

refs #1047

knusbaum
knusbaum

@soh335 If you're able to upmerge this we can get it into 1.36.0. Otherwise we can take over the remaining work (just the upmerge) and get it in when we're able.

push

knusbaum push DataDog/dd-trace-go

knusbaum
knusbaum

Fallback to GlobalConfig serviceName if missing (#1027)

Rely on the defaulting logic in cfg.serverServiceName for the service name, since that falls back to globalconfig.ServiceName().

commit sha: d688b28a1fb84f89b447437147193ad18bffb83c

push time in 4 days ago
pull request

knusbaum pull request DataDog/dd-trace-go

knusbaum
knusbaum

contrib/google.golang.org/grpc: Fallback to GlobalConfig serviceName if missing

Rely on the defaulting logic in cfg.serverServiceName for the service name, since that falls back to globalconfig.ServiceName().

push

knusbaum push DataDog/dd-trace-go

knusbaum
knusbaum

contrib/labstack/{echo, echo.v4}: add support for noDebugStack (#1097)

This commit add's support for noDebugstack for both contrib/labstack/echo and contrib/labstack/echo.v4, which will prevent the tracer from attaching stack traces to errors originating in the echo integration.

Fixes: #999

commit sha: 18b12924ae7edf6c3dafcc5a4ce1c0e217f6b3dc

push time in 4 days ago
Activity icon
delete

knusbaum in DataDog/dd-trace-go delete branch mackjmr/echo-no-debug-stack

deleted time in 4 days ago
pull request

knusbaum pull request DataDog/dd-trace-go

knusbaum
knusbaum

contrib/labstack/{echo, echo.v4}: add support for noDebugStack

This PR add's support for noDebugstack for both contrib/labstack/echo and contrib/labstack/echo.v4

Fixes: #999

Activity icon
issue

knusbaum issue DataDog/dd-trace-go

knusbaum
knusbaum

proposal: contrib/labstack/echo.v4: add NoDebugStack option

It would be useful to add an Option to the echo integration similar to NoDebugStack from goji or grpc and several others.

See: #987

started
started time in 4 days ago
push

knusbaum push DataDog/dd-trace-go

knusbaum
knusbaum

profiler: log configuration at profiling start (#1114)

To match what the tracer package currently does, and make debugging a little easier, log user-supplied configuration when starting a profiler. This is configurable with WithLogStartup (like tracer) and is on by default.

Tests had to be patched as well since the new, on-by-default logging drowned out all the test results. Updated tests to discard logs by default for testing the profiler package.

This also moves osName and osVersion into their own package and exports them to re-use the code in logging profiler configuration.

knusbaum
knusbaum

contrib/google.golang.org/grpc: add appsec monitoring of received rpc messages (#1105)

First version of the appsec integration into gRPC by monitoring the messages an RPC handler receives. To do so, the security rule address grpc.server.request.message is introduced in the WAF, and a new set of instrumentation gateway operations are now available in grpcsec.

knusbaum
knusbaum

contrib/go-chi: add option to ignore requests. (#1124)

Adds an option allowing a user-provided function to disable tracing for certain requests.

Fixes: #1121

knusbaum
knusbaum

contrib/net/http: use ignoreRequest in WrapHandler (#1049)

This commit corrects an oversight made when adding the WithIgnoreRequest option. The ignoreRequest function was only being called when using the ServeMux and not when using the WrapHandler function. Now WrapHandler works as expected and honors the function configured with WithIgnoreRequest.

Fixes #1018

knusbaum
knusbaum

Merge branch 'v1' into mackjmr/echo-no-debug-stack

commit sha: 50dadd2c1d2b3666617d47e958e8912fe5e081a5

push time in 4 days ago
push

knusbaum push DataDog/dd-trace-go

knusbaum
knusbaum

contrib/net/http: use ignoreRequest in WrapHandler (#1049)

This commit corrects an oversight made when adding the WithIgnoreRequest option. The ignoreRequest function was only being called when using the ServeMux and not when using the WrapHandler function. Now WrapHandler works as expected and honors the function configured with WithIgnoreRequest.

Fixes #1018

commit sha: a4018e034958b0933f31c86e320bb6e8f0d117ee

push time in 4 days ago
Activity icon
delete

knusbaum in DataDog/dd-trace-go delete branch knusbaum/fix-http-ignore

deleted time in 4 days ago
pull request

knusbaum pull request DataDog/dd-trace-go

knusbaum
knusbaum

contrib/net/http: use ignoreRequest in WrapHandler

This commit corrects an oversight made when adding the WithIgnoreRequest option. The ignoreRequest function was only being called when using the ServeMux and not when using the WrapHandler function. Now WrapHandler works as expected and honors the function configured with WithIgnoreRequest.

Fixes #1018

Activity icon
issue

knusbaum issue DataDog/dd-trace-go

knusbaum
knusbaum

WithIgnoreRequest not respected with WrapHandler

When passing WithIgnoreRequest to WrapHandler the ignore function is not called at all. This is due the fact that it is only called in func (mux *ServeMux) ServeHTTP and WrapHandler directly goes to TraceAndServe.

Is there a specific reason for this?

Previous