RichiH | 3 years ago | on: Grafana Labs launches free incident management tool in Grafana Cloud
For anyone reading this, there's a reply and relevant context at https://news.ycombinator.com/item?id=32837295
RichiH's comments
RichiH | 3 years ago | on: Grafana Labs launches free incident management tool in Grafana Cloud
NB: I work for Grafana Labs as Directory of Community.
As this is not how we (try to) operate, I also had a look.
From what I could find, it seems the account you are referring to is a very early Cloud account. For reasons I don't know and which might be lost to history, your account had an old and non-standard license attached to. From the viewpoint of today, the license itself seems broken.
To be clear, that is neither your fault nor do I believe you could have caught it even if you looked. While there was no change in the licensing requirements on the plugin, an upgrade to a significant rewrite of the plugin "fixed" the problem of accepting a broken license. That "fix" meant the plugin stopped working.
Again, this is not your fault. But it was not a deliberate action by Grafana Labs nor caught by our testing, either.
I believe your company is in contact with David Dorman, our Head of Self-Service, about this. If you'd like me to ask him to follow up with you directly as well, please let me know how to best contact you.
RichiH | 4 years ago | on: An update on 0day CVE-2021-43798: Grafana directory traversal
Agreed. We will certainly improve processes on our end as a direct result of this, as well.
RichiH | 4 years ago | on: An update on 0day CVE-2021-43798: Grafana directory traversal
I talked to Jordy about it. It was his first CVSS HIGH vulnerability and he was super happy & excited about it. While we would have preferred if things went differently, it was an honest mistake.
On balance, I still prefer if someone approaches us with good intentions and messes up a bit over someone simply dumping a 0day into the wild or into private circles. And this way, we at least had a tested patch in hand already and knew that Grafana Cloud was not affected.
And as per https://news.ycombinator.com/item?id=29495431 ... we all make mistakes.
RichiH | 4 years ago | on: An update on 0day CVE-2021-43798: Grafana directory traversal
Important note: I mixed up CVE-2021-41090 and CVE-2021-43798 in the initial version of the blog post. While that has been corrected and a note added to the blog post, it still lead to some confusion.
The 0day is only for Grafana-the-software, not for the Grafana Agent.
Also important to note: While the overall course of events is clearly less than ideal, we still strongly believe that Jordy did us good. Mistakes happen, and the intention was good. Overall, Grafana is now more secure than it was last week.
RichiH | 6 years ago | on: CNCF's Cortex v1.0: scalable, fast Prometheus implementation
And I have Prometheus data from 2015, so I would argue that's long-term.
RichiH | 6 years ago | on: CNCF's Cortex v1.0: scalable, fast Prometheus implementation
This will also depend on SIG o11y, the creation of which is currently being voted on by CNCF TOC. TOC vote is looking good and projects which have been in sandbox for some time are obvious candidates for early review.
RichiH | 6 years ago | on: How SNES emulators got a few pixels from complete perfection
The savegame support of ZSNES and the easy way to hex edit memory are still fond memories of mine.
page 1