Skip to content

2024

Company IPS Plays MITM for the openai.com

Recently, one of my friends told my company alerts you when you open the openai to suggest you use the company's internal gpt tool. However, the browser still treats this connection as secure because it satisfies the HTTPs requirement.

img.png

This is indeed the man-in-the-middle attack, which hijacks your connections as the middle man and then establish another connection to communicate. The root cause is that in your company device, the certificates of company's ISP are forcibly trusted. As a result, technically they could monitor and modify your requests when necessary.

Errcheck Linter Implementation

Recently, I'm going to develop a static tool to analyze our self-defined framework syntax inside our company. Hence, I investigated a lot around the open source linters to find some ideas. This blogs talks about the implementation of errcheck. It's based on AST and relies on the node types to handle the different cases.

Memory Consuming Issue of Logging Lib

One of users reported he found the RPC logging interceptor consumes a lot of memory, so we checked the profiler first and then found the image below and the blabla is the underlying log library.

img.png

This blog records how to do troubleshooting this issue. However, as lacking more details, I handed over the issue to the log team for further checking.