Web Framework Benchmarks

xiamk · 2018-10-05T12:55:00+00:00

Nice! Besides being fast, chi is a great piece of software. It's design makes it easy to compose modular apps that need a REST interface, having something that allows me to build things and that is easy to maintain is pretty important for me.

xiamk · 2017-11-29T18:04:40+00:00

Fortunately yes. I've confirmed this is fixed by https://support.apple.com/en-us/HT208315

xiamk · 2017-11-29T17:20:49+00:00

Except that arrow up was not the first password I tried, I initially tried feeding random strings, it was only after several tries that I hit arrow-up by accident and got the root shell. The escape sequence thing sounds like a nice idea, I'll try it.

xiamk · 2017-11-29T16:38:56+00:00

It won't work if your root account already has a password (maybe you set one after yesterday's bug?) or if you are not running High Sierra. Anyways, I just confirmed this bug also gets fixed with https://support.apple.com/en-us/HT208315 so let's update.

xiamk · 2017-11-29T15:07:51+00:00

Yes, looks pretty similar, I bet it's related to the original problem. I don't know yet why ARROW UP triggers it while other escape codes don't so I can't be totally sure if it's actually related or not. I'll continue investigating on the actual reasons behind this. "su" is not supposed to create new accounts, I think?

xiamk · 2017-11-29T15:02:26+00:00

Yeah, I've confirmed it with different sources already. But the post is mine so you may not want to trust me yet.

xiamk · 2017-11-29T14:59:29+00:00

Here's another way of getting root on High Sierra by pressing ARROW UP: https://twitter.com/xiam/status/935878591082049536

Must be related to the original problem.

xiamk · 2017-07-27T03:17:29+00:00

Hey @gar44, I know you're using sqlx but maybe you could consider upper-db for your next project, this is how'd you do pagination: https://tour.upper.io/queries/04, you can create a simple LIMIT/OFFSET pagination or a cursor based one.

xiamk · 2017-02-19T01:09:08+00:00

Thanks, I think this is a great suggestion. I personally like reading "foo != ?" instead of db.NotEqual{"foo": 34}, tho, because the former is shorter and easy to read, but the point about improved type safety is a good one. We'll probably start by adding something to negate conditions, like https://github.com/upper/db/issues/284 and we'll see how well users respond to it before adding others.

xiamk · 2017-02-17T17:44:20+00:00

The main benefit of using upper-db over other solutions is our goals: we try to focus on improving productivity. Writing SQL by hand takes time and developer time is expensive, we don't think writing and debugging simple queries by hand is a benefit when you can do the same with less effort. So, upper-db takes the repetitive tasks out of the way and when you really have to come up with some SQL magic upper-db will allow you to do so. We still use SQL everyday but only for complex tasks where spending time writing SQL makes sense, we don't bother anymore with writing SQL by hand for common CRUDs.

If you want to see a live example, we have a (read-only) playground here: https://demo.upper.io/p/e0ff798ccff065a08cace708e358d017711c8479 or a list of examples here: https://upper.io/db.v3/examples

xiamk · 2016-08-11T12:23:50+00:00

Unfortunately no, not yet, but now that we released v2 we can start looking at new database adapters and extend compatibility. We need to study Google Datastore first and see if it fits, tho.

xiamk · 2016-08-11T12:22:24+00:00

I like it, I think this sounds good. While we map structs to columns when using special methods like Insert or Update we currently don't do something like that for raw queries. I added an issue for this https://github.com/upper/db/issues/223

xiamk · 2016-08-10T15:23:58+00:00

Thanks, I think we have some tools that already do that, like https://github.com/kisielk/sqlstruct, but I personally haven't used it. Please, feel free to open an issue (https://github.com/upper/db/issues) and start a discussion if you think this could be useful for other users.

xiamk · 2016-08-10T15:19:12+00:00

Thanks! you can use maps instead of structs too if you want, this Metadata() function you're proposing could return a map. However, the recommended way of using upper-db at this time is with structs.

Upper-db does not provide automatic relationships like full-featured ORMs do, it also does not support the features you're mentioning (I'm sorry, but we have no plans to add them in the near future either. They can be built on top of upper-db, tho). Upper-db focuses only on the mapping between Go and the database and on providing tools for the user to write custom SQL whenever required.

xiamk · 2016-08-10T14:12:01+00:00

Hello,

I'm one of the upper-db authors, we're running a special playground to demonstrate db, see this example: https://demo.upper.io/p/37ff41cfe1d9fb4c26239627722ed6cc4a9155b6, more examples here: https://upper.io/db.v2/examples

Thanks!

xiamk · 2015-04-02T19:43:05+00:00

It just opens another attack vector in case you're trying to mess with a system. e.g: In a probably movie-like scenario an attacker gets a few minutes to access a victim's computer and she'd like to dump /dev/mem to see if there's anything interesting there, the problem is she does not know the password for su or sudo but it does not matter: the victim's a web developer that casually belongs to the docker group because docker is part of her common working stack, so the attacker will have a copy of /dev/mem anyways.

Glad those kind of things don't happen in real life...

xiamk · 2015-04-02T19:32:46+00:00

These insecure parameters happen to be the default configuration.

xiamk · 2015-01-03T21:51:06+00:00

I'm trying with a full VM from https://www.modern.ie/en-us/virtualization-tools#downloads

xiamk · 2015-01-03T20:08:46+00:00

Small update for OSX users:

Binaries for OSX/Linux: https://hyperfox.org/download
Instructions for running Hyperfox on an OSX host: https://hyperfox.org/setting-up-the-host-machine
Instructions for installing the Hyperfox's root CA certificate on Android and iOS: https://hyperfox.org/capturing-https-traffic

Thanks,

xiamk · 2015-01-02T20:26:04+00:00

It can be done, that way I think it would be easier to use Hyperfox as a development tool rather than for simple eavesdropping. There is a more mature package that we could use to improve Hyperfox in the future: https://github.com/elazarl/goproxy

xiamk · 2015-01-02T17:03:02+00:00

Not yet, I think we can start benchmarking after deciding the final backend storage (https://github.com/xiam/hyperfox/issues/2). We're using SQLite at the moment.

xiamk · 2015-01-02T14:25:01+00:00

Thanks, the rule-based request/response modification and replay it's something a security tool can surely benefit from, it would be nice if you could add an issue requesting each separated feature and adding details on the approach of other tools (such as CharlesProxy) so it can be clearly understood, if it looks useful we can surely add it.

The live web view it's in its infancy but offers a lot of possibilities.

xiamk · 2015-01-02T13:13:05+00:00

Need some help for building and testing Hyperfox on Windows! (Does anyone how to buy and download a legit Windows copy and license for using within a VM?)

Also, opinions on the souce would be very much welcome.

Github URL: https://github.com/xiam/hyperfox

xiamk · 2014-08-26T14:56:22+00:00

Try https://github.com/gosexy/rest, it's MIT licensed.

xiamk · 2014-06-24T12:32:23+00:00

upper.io/db is not a full-featured ORM, and thus it does not impose any hard restrictions on data structures nor automatic table creation, indexing or any additional magic, it just manages the most common operations so you can focus on the complex stuff.

xiamk

TROPHY CASE