anonymous@RULINUX.NET~# Last login: 2024-12-22 18:08:00
Регистрация Вход Новости | Разметка | Пользователи | Галерея | Форум | Статьи | Неподтвержденное | Трекер | Правила форума | F.A.Q. | Ссылки | Поиск

Новости1 2 3 4 5   
Добавить новость

О ресурсе

subsection
Скрыть

По вопросам о работе ресурса обращайтесь по ссылке ниже.

[путь к изображению некорректен]

Также доступен XMPP-чат: [email protected]

>>> Подробнее

SystemV (*) (2016-02-10 14:19:54)

[39 сообщений] [Добавить комментарий]


LLM генерируют огромное количество неверных багрепортов в Python.

subsection
Скрыть

https://sethmlarson.dev/slop-security-reports

Представления об уязвимостях программного обеспечения, созданные моделями ИИ, открыли «новую эру некачественных отчетов по безопасности для проектов с открытым исходным кодом» — и разработчики, поддерживающие эти проекты, хотели бы, чтобы охотники за ошибками меньше полагались на результаты, полученные помощниками по машинному обучению.

Сет Ларсон, разработчик безопасности в Python Software Foundation, поднял этот вопрос в сообщении блога на прошлой неделе, призвав тех, кто сообщает об ошибках, не использовать системы ИИ для поиска ошибок.

«Недавно я заметил всплеск крайне низкокачественных, спамовых и галлюцинаторных отчетов по безопасности для проектов с открытым исходным кодом», — написал он, указав на аналогичные выводы из проекта Curl в январе. «Эти отчеты на первый взгляд кажутся потенциально законными, поэтому для их опровержения требуется время».

Ларсон утверждал, что к отчетам низкого качества следует относиться так, как будто они вредоносные.

Как будто для того, чтобы подчеркнуть постоянство этих опасений, отчет об ошибке проекта Curl, опубликованный 8 декабря, показывает, что почти через год после того, как сопровождающий Дэниел Стенберг поднял эту проблему, он все еще сталкивается с «недоделками ИИ» — и тратит свое время на споры с отправителем сообщения об ошибке, который может быть частично или полностью автоматизирован.

В ответ на отчет об ошибке Стенберг написал:

Мы регулярно и в больших объемах получаем подобный ИИ-недоделок. Вы вносите [ненужную] нагрузку на сопровождающих Curl, и я отказываюсь воспринимать это легкомысленно, и я полон решимости быстро с этим бороться. Сейчас и впредь.

Вы отправили то, что кажется очевидным «отчетом» об ИИ-недоделке, в котором вы говорите, что существует проблема безопасности, вероятно, потому, что ИИ обманом заставил вас поверить в это. Затем вы тратите наше время, не сообщая нам, что ИИ сделал это за вас, а затем продолжаете обсуждение с еще более дерьмовыми ответами — по-видимому, также сгенерированными ИИ.

Software vulnerability submissions generated by AI models have ushered in a "new era of slop security reports for open source" – and the devs maintaining these projects wish bug hunters would rely less on results produced by machine learning assistants.

Seth Larson, security developer-in-residence at the Python Software Foundation, raised the issue in a blog post last week, urging those reporting bugs not to use AI systems for bug hunting.

"Recently I've noticed an uptick in extremely low-quality, spammy, and LLM-hallucinated security reports to open source projects," he wrote, pointing to similar findings from the Curl project in January. "These reports appear at first glance to be potentially legitimate and thus require time to refute."

Larson argued that low-quality reports should be treated as if they're malicious.

As if to underscore the persistence of these concerns, a Curl project bug report posted on December 8 shows that nearly a year after maintainer Daniel Stenberg raised the issue, he's still confronted by "AI slop" – and wasting his time arguing with a bug submitter who may be partially or entirely automated.

In response to the bug report, Stenberg wrote:

We receive AI slop like this regularly and at volume. You contribute to [the] unnecessary load of Curl maintainers and I refuse to take that lightly and I am determined to act swiftly against it. Now and going forward.

You submitted what seems to be an obvious AI slop 'report' where you say there is a security problem, probably because an AI tricked you into believing this. You then waste our time by not telling us that an AI did this for you and you then continue the discussion with even more crap responses – seemingly also generated by AI.

Новость переведена с помощью LLM.

>>> Подробнее

anonymous (*) (2024-12-10 14:12:58)

[0 сообщений] [Добавить комментарий]


Конференция ССС номер 38

subsection
Скрыть

The 38th Chaos Communication Congress (38C3) takes place in Hamburg on 27–30 Dec 2024, and is the 2024 edition of the annual four-day conference on technology, society and utopia organized by the Chaos Computer Club (CCC) and volunteers.

Congress offers lectures and workshops and various events on a multitude of topics including (but not limited to) information technology and generally a critical-creative attitude towards technology and the discussion about the effects of technological advances on society.

Starting in 1984, Congress has been organized by the community and appreciates all kinds of participation. You are encouraged to contribute by volunteering, setting up and hosting hands-on and self-organized events with the other components of your assembly or presenting your own projects to fellow hackers.

Ежегодная (на этот раз тридцать восьмая) конференция Chaos Communication Congress состоится в Гамбурге 27-30 декабря 2024.

Будут лекции и дискуссии на разные темы,включая информационные технологи,креативные технологии,и обсуждение того, как технологии влияют на общество.

https://events.ccc.de/congress/2024/infos/index.html

>>> Подробнее

anonymous (*) (2024-12-07 05:33:23)

[0 сообщений] [Добавить комментарий]


Вышла OpenBSD 7.6

subsection

anonymous (*) (2024-10-08 03:18:29)

[3 сообщения] [Добавить комментарий]


Нестабильный Ubuntu

subsection
Скрыть

Разрабы дистрибутива будут выпускать его со свежим ядром пожертвовав стабильностью.

>>> Подробнее

anonymous (*) (2024-08-14 03:52:22)

[0 сообщений] [Добавить комментарий]


Вышел POSIX 2024

subsection
Скрыть

Subj

Смотрите, читайте, наслаждайтесь. У кого есть деньги купить, конечно.

>>> Подробнее

anonymous (*) (2024-06-15 12:24:31)

[2 сообщения] [Добавить комментарий]


Вышла openbsd 7.5

subsection
Скрыть

April 5, 2024

------------------------------------------------------------------------ - OpenBSD 7.5 RELEASED -------------------------------------------------

April 5, 2024.

We are pleased to announce the official release of OpenBSD 7.5. This is our 56th release. We remain proud of OpenBSD's record of more than twenty years with only two remote holes in the default install.

As in our previous releases, 7.5 provides significant improvements, including new features, in nearly all areas of the system:

- Various kernel improvements: o Added bt(5) and btrace(8) support for binary modulo operator ('%'). o Added a TIMEOUT_MPSAFE flag to timeout(9). o Added IBM encoded version of the "Spleen 8x16" font, usable as console font. o Cleanup and machine-independent refactoring of three context switch paths outside of mi_switch(): when a process forks and the new proc needs to be scheduled by proc_trampoline, cpu_hatch: when booting APs, and sched_exit: when a proc exits. o Made vscsi(4) 'vscsi_filtops' mpsafe and extended the 'sc_state_mtx' mutex(9) to protect 'sc_klist' knotes list. o Made out-of-swap checking more robust, preventing potential deadlocks. o Eliminated the ioctl whitelist that bio(4) will tunnel for other devices, allowing bio to be used with other (non-raid) related devices. o On msdos filesystems, ensure that a complete struct fsinfo is read even if the filesystem sectors are smaller. o Implemented per-CPU caching for the page table page (vp) pool and the PTE descriptor (pted) pool in the arm64 pmap implementation. This significantly reduces the side-effects of lock contention on the kernel map lock and leads to significant speedups on machines with many CPU cores. o Implemented acpi(4) RootPathString support in the LoadTable() AML function, fixing OpenBSD boot on an older version of Hyper-V. o Fixed Linux NFS clients freezing after five minutes of inactivity. o Fixed core file writing when a file map into memory has later been truncated to be smaller than the mapping. o Disallow madvise(2) and msync(2) memory/mapping destructive operations on immutable memory regions. Instead return EPERM. o Added new amd64-only sysctl machdep.retpoline which says whether the cpu requires the retpoline branch target injection mitigation. o Added new accounting flag ABTCFI to acct(5) to indicate SIGILL + code ILL_BTCFI has occurred in the process.

- SMP Improvements o Some network timers run without kernel lock. o TCP syn cache timer runs with shared net lock. o bind(2) and connect(2) system calls can run in parallel. o Packet counter for lo(4) loopback interface are MP safe. o Split protocol control block table for UDP into IPv4 and IPv6 tables to allow concurrent access. o UDP packets can be sent in parallel by multiple threads.

- Direct Rendering Manager and graphics drivers o Updated drm(4) to Linux 6.6.19. o New apldcp(4) and apldrm(4) drivers for Apple display coprocessor.

- VMM/VMD improvements o Fixed IRQ storm caused by edge-triggered devices such as the UART. o Fixed block size calculation for vioscsi devices. o Added io instruction length to vm exit information, allowing vmd(8) to perform validation in userspace. o Adopted new imsg_get_*(3) api. o Rewrote vionet devices to allow zero-copy data transfers between host and guest. o Improved error messages related to getgrnam(3) usage and out of tap(4) device conditions. o Fixed various things found by smatch static analyzer. o Fixed various file descriptor lifecycle issues and leaks across fork(2)/ execve(2) usage. o Added multi-threading support to vionet device emulation, improving latency. o Fixed vmm(4) instability on Intel VMX hosts by updating GDTR & TR if vcpu moves host cpus. o Added EPT flushing upon vmm(4) enabling VMX mode. o Added branch predictor flushing if IBPB is supported. o Corrected restoring GDTR and IDTR limits upon VMX guest exit. o Corrected handling of CPUID 0xd subleaves o Added additional use of VERW and register clobbering to mitigate RFDS vulnerabilities on Intel Atom cores.

- Various new userland features: o Made malloc(3) save backtraces to show in leak dump with depth of backtrace set via malloc option D (aka 1), 2, 3 or 4. o Added support for cksum(1) -c checking base64 digests in reverse mode. o Added kdump(1) [-p program] to filter dumps by basename. o Made ps(1) accept numerical user IDs. o Built and provide the tzdata.zi and leap-seconds.list files from zoneinfo. Some third-party software now expects these files to be installed. Provide the zonenow.tab file, a table where each row stands for a timezone where civil timestamps are predicted to agree from now on. o Added basic write support for pax(1) format archives. o Added 'pax' format support for files over 8GB to tar(1). o Added 'pax' format support for mtime and atime to tar(1). o Extended imsg and the ibuf buffer manipulation API with useful getter methods. Unified file descriptor passing in all imsg using programs with the use of the imsg_get_fd() function. o Added mkdtemps(3), identical to mkdtemp(3) except that it permits a suffix to exist in the template. o Added mktemp(1) suffix support for compatibility with the GNU version. It is now possible to use templates where the Xs are not at the end.

- Various bugfixes and tweaks in userland: o Silenced list of specific firmware not needing update in pkg_add(1). o Improved ls(1) horizontal alignment in long format. o Added bioctl(8) retry on empty passphrase. o Fixed unveil(2) in patch(1) with explicit patchfile. o Made gnu99 the default for gcc 3.3.6 and 4.2.1 rather than defaulting to gnu89. o Enhanced fdisk(8) 'flag' to accept hex values. o Prevented fdisk(8) 'flag' from altering other GPT partition attributes when flagging a partition as the only bootable partition. o Allow fdisk(8) to add GPT partitions of protected types, making it possible to provision virtual machine images that need a "BIOS Boot" partition. o Added group handling matching fbtab(5) to xenodm. o Made grep(1) -m behavior match GNU grep. o Tweaked the default memory limits in /etc/login.conf on several architectures to account for increased memory requirements, for example when compiling or linking under user pbuild. o Initialize all terminals with "tset -I", thereby avoiding extra newlines to be printed. o Added mkhybrid(8) '-e' (-eltorito-boot-efi) option for writing an EFI eltorito boot image, in addition to or instead of the x86 boot image, to the output file. o Added openrsync(1) --omit-dir-times (-O) to omit directories from --times, as well as --no-O and --no-omit-dir-times options for compatibility. o Implemented openrsync(1) --omit-link-times (-J) option to omit symlinks from --times. o Added accounting flag and lastcomm(1) report for syscall pinning violations. o Added ktrace(1) and kdump(1) support to observe pinsyscall(2) violations. o Changed ftp(1) to avoid use of the interactive shell if -o is given. o Moved non-daemon services to run in a different rc(8) process group to avoid SIGHUP at boot. o Changed ld.so(1) to only load the first libc version encountered requested and substituting it for all further loads, ensuring that the libc version requested by an executable itself is the one loaded. o Significantly (for small programs) reduce the size of statically linked binaries by splitting several libc internal functions into separate compilation and thus linkage units. Specifically getpwnam(3) does not need the full YP socket setup and does not use all possible dbopen(3) database backends. o Added vi(1) showfilename set option to display the file name in the lower left corner. o Added backup of disklabel for softraid(4) chunks to security(8).

- Improved hardware support and driver bugfixes, including: o New ampchwm(4) driver for Ampere Altra power telemetry. o New rkspi(4) driver for Rockchip SPI controller. o Support for RK806 PMIC in rkpmic(4). o Support for Allwinner H616 in sxisyscon(4), sxiccmu(4), sxipio(4), sximmc(4) and ehci(4). o Support for Allwinner D1 in sxidog(4), sxiccmu(4), sxipio(4), sximmc(4) and ehci(4). o Support for Aero and Sea SAS HBAs in mpii(4). o Support for SAS3816 and SAS3916 in mfii(4). o In xbf(4), allowed Xen to use backing store devices with 4K-byte sectors. o Added fanpwr(4) support for the Rockchip RK8602 and RK8603 voltage regulators. o Support keyboard backlights on Apple Powerbooks. o Added operating performance point info about each arm64 cpu and expose the states of thermal zones as kstats(1). o Overhauled ugold(4) temperature sensor identification logic and added support for additional devices. o Made uthum(4) TEMPer{1,2} devices display negative degC. o Improve support for audio devices that via attach multiple uaudio(4) drivers. o In nvme(4) don't create sd(4) devices larger than the namespace. o Fix nvme(4) decoding of status fields.

- New or improved network hardware support: o Utilize full checksum offload capabilities of vio(4) and vmx(4). o TCP Segmentation Offload (TSO) is also used in bnxt(4) and em(4). o Enabled TCP Segmentation Offload (TSO) in ixl(4). o The Synopsys Ethernet Quality-of-Service Controller (dwqe(4)) is enabled for amd64. o Added initial support for Elkhart Lake Ethernet to dwqe(4). o Support for AX88179A in axen(4). o Intel I225 and I226 Ethernet Controller igc(4) enabled for sparc64. o Allwinner EMAC Ethernet Controller dwxe(4) enabled for riscv64. o Corrected wrong register offset macros for dwqe(4) DMA burst length. o Fixed Tx watchdog trigger and freeze in dwqe(4). o Updated rge(4) microcode, initialization and reset behavior. o Prevented a potential bnxt(4) crash after failure to bring up a queue.

- Added or improved wireless network drivers: o Introduce qwx(4), a port of the Linux ath11k driver for QCNFA765 devices. Available on the amd64 and arm64 platforms. o Fix Tx rate selection for management frames in iwx(4). o Fix iwx(4) loading the wrong firmware image on some devices. o Make bwfm(4) work with MAC addresses set via ifconfig lladdr. o Ensure that iwm(4) uses the 80MHz primary channel index announced in beacons. o Avoid using MCS-9 in iwm(4) Tx rate selection if 40 MHz is disabled to prevent firmware errors. o Ensure that iwm(4) and iwx(4) devices announce VHT capabilities in probe requests. o Fix bug in iwm(4), iwx(4), and iwn(4) which could result in some channels missing from scan results. o Enable iwm(4) on the arm64 platform.

- IEEE 802.11 wireless stack improvements and bugfixes: o Ignore 40/80 MHz wide channel configurations which do not appear in the 802.11ac spec. This prevents device firmware errors which occurred when an access point announced an invalid channel configuration.

- Installer, upgrade and bootloader improvements: o Add support for disk encryption in unattended installations with autoinstall(8), both with a plaintext passphrase or a keydisk. o Removed default sets answer in autoinstall(8) response file such that it now populates only with non-defaults. o Made fw_update(8) verify but not overwrite SHA256.sig. o Improved fw_update(8) output on errors and improved ftp error handling. o Added support in the installer to encrypt the root disk with a key disk. o Prevent re-starting the automatic upgrade on octeon and powerpc64, as is already done on other platforms. o Added CD install images to arm64. o Make the amd64 cdXX.iso and installXX.iso CD images bootable in EFI mode (by creating an EFI system partition containing the EFI boot loaders to be installed as an El Torito boot image).

- Security improvements: o Introduce pinsyscalls(2): The kernel and ld.so(1) register the precise entry location of every system call used by a program, as described in the new ELF section .openbsd.syscalls inside ld.so and libc.so. ld.so uses the new syscall pinsyscalls(2) to tell the kernel the precise entry location of system calls in libc.so. Attempting to use a different system call entry instruction to perform a non-corresponding system call operation will fail and the process will be terminated with signal SIGABRT. o Removed support for syscall(2), the "indirection system call," a dangerous alternative entry point for all system calls. Together with pinsyscalls(2) this change makes it impossible to perform system call through any other way than the libc system call wrapper functions. Users of syscall(2), such as Perl and the Go programming language were converted to use the libc functions. o Added pledge(2) stdio before parsing pfkey messages to ipsecctl(8) -m and -s. o Tightened the pledge(2) in pax(1) in List and Append modes. o Created __OpenBSD versions of llvm cxa guard implementation using futex(2) with the correct number of arguments and without using syscall(2). o Improvements in Pointer Authentication (PAC) and Branch Target Identification (BTI) on arm64.

- Changes in the network stack: o Enable IPv6 support in ppp(4) o Socket with sequenced packet type and control messages handle end of record correctly. o The routing table has a generation number. That means cached routes at sockets will be invalidated when the routing table changes. Especially with dynamic routing daemons local connections use the up to date route. o Route cache hits an misses are printed in netstat(1) statistics. o Prevented wg(4) getting stuck on peer destruction. o Made umb(4) delete any existing v4 address before setting a new one, allowing keeping of a working default route when the address changes. o Forwarded TCP LRO disabling to parent devices and disabled TCP LR0 on bridged vlan(4) and default for bpe(4), nvgre(4) and vxlan(4). o Fixed race between ifconfig(8) destroy of an interface and the ARP timer. o Added statistics counters for the route cache, reporting cache hits and misses. This is shown in netstat(1) with netstat -s.

- The following changes were made to the pf(4) firewall: o tcpdump on pflog(4) interface shows packets dropped by the default rule with the "block" action. Although the default rules is a "pass" rule, it blocks malformed packets. Now this is correctly logged. o Adjustments to keep up firewall aware of MP related changes in the network stack. o Fix handling of multiple -K(-k) options in pfctl(8), so behavior matches what's described in manual. o Make pfctl(8) show all tables in all anchors with pfctl -a "*" -sT. o Added check to ensure pfctl(8) -f won't accept a directory and install an empty ruleset. o Added validation for IPv4 packet options in divert(4).

- Routing daemons and other userland network improvements: o IPsec support was improved: - Made iked(8) always prefer group from the initial KE payload as responder if supported. - Corrected renewal of expired certificates in iked(8). - Added an iked(8) debug message when no policy is found. - Implemented a per connection peerid for iked(8) control replies. - Made iked(8) trigger retransmission only for fragment 1/x to prevent each received fragment triggering retransmission of the full fragment queue. - Prevent routing loops by dropping already encrypted packets that are going through sec(4) again. o In bgpd(8), - Rewrite the internal message passing mechanism to use a new memory-safe API. - Rewrite most protocol parsers to use the new memory-safe API. Convert the UPDATE parser, all of RTR, as well as both the MRT dump code in bgpd and the parser in bgpctl. - Improve RTR logging, error handling and version negotiation. o rpki-client(8) saw these and more changes: - Add ability to constrain an RPKI Trust Anchor's effective signing authority to a limited set of Internet numbers. This allows Relying Parties to enjoy the potential benefits of assuming trust, but within a bounded scope. - Following a 'failed fetch' (described in RFC 9286), emit a warning and continue with a previously cached Manifest file. - Emit a warning when the remote repository presents a Manifest with an unexpected manifestNumber. - Improved CRL extension checking. - Experimental support for the P-256 signature algorithm. - A failed manifest fetch could result in a NULL pointer dereference or a use after free. - Reject non-conforming RRDP delta elements that contain neither publish nor a withdraw element and fall back to the RRDP snapshot. - Refactoring and minor bug fixes in the warning display functions. - The handling of manifests fetched via rsync or RRDP was reworked to fully conform to RFC 9286. - Fix a race condition between closing an idle connection and scheduling a new request on it. - The evaluation time specified with -P now also applies to trust anchor certificates. - Check that the entire CMS eContent was consumed. Previously, trailing data would be silently discarded on deserialization of products. - In file mode do not consider overclaiming intermediate CA certificates as invalid. OAA warning is still issued. - Print the revocation time of certificates in file mode. - Be more careful when converting OpenSSL numeric identifiers (NIDs) to strings. - Added support for RPKI Signed Prefix Lists. - Added an -x flag to opt into parsing and evaluation of file types that are still considered experimental. - Added a metric to track the number of new files that were moved to the validated cache. - Ensure that the FileAndHashes list in a Manifest contains no duplicate file names and no duplicate hashes. o In smtpd(8), - Add Message-Id as needed for messages received on the submission port. - Added support for RFC 7505 "Null MX" handling and treat an MX of "localhost" as it were a "Null MX". - Allow inline tables and filter listings in smtpd.conf(5) to span over multiple lines. - Enabled DSN for the implicit socket too. - Added the no-dsn option for listen on socket too. - Reject headers that start with a space or a tab. - Fixed parsing of the ORCPT parameter. - Fixed table lookups of IPv6 addresses. - Fixed handling of escape characters in To, From and Cc headers. - Run LMTP deliveries as the recipient user again. - Disallow custom commands and file reading in root's .forward file. - Do not process other users .forward files when an alternate delivery user is provided in a dispatcher. - Unify the table(5) parser used in smtpd(8) and makemap(8).

anonymous (*) (2024-04-05 07:07:55)

[1 сообщение] [Добавить комментарий]


В администрации президента призывают использовать Rust.

subsection
Скрыть

26 февраля на сайте Администрации Президента США (Белого Дома), был опубликован пресс-релиз, в котором призывается пользоваться языками, безопасно работающими с памятью, такими, как Rust.

>According to experts, both memory safe and memory unsafe programming languages meet these
requirements. At this time, the most widely used languages that meet all three properties are C and C++, which are not memory safe programming languages. Rust, one example of a memory safe programming language, has the three requisite properties above, but has not yet been proven in space systems. Further progress on development toolchains, workforce education, and fielded case studies are needed to demonstrate the viability of memory safe languages in these use cases. In the interim, there are other ways to achieve memory safe outcomes at scale by using secure building blocks. Therefore, to reduce memory safety vulnerabilities in space or other embedded systems that face similar constraints, a comple

Также в пресс-релизе упоминается любопытная деталь:

In line with two major themes of the President’s National Cybersecurity Strategy released nearly one year ago, the report released today takes an important step toward shifting the responsibility of cybersecurity away from individuals and small businesses and onto large organizations like technology companies and the Federal Government that are more capable of managing the ever-evolving threat. This work also aligns with and builds upon secure by design programs and research and development efforts from across the Federal Government, including those led by CISA, NSA, FBI, and NIST.

Ссылка на отчёт:

https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf

>>> Подробнее

anonymous (*) (2024-03-02 04:50:54)

[0 сообщений] [Добавить комментарий]


Умер Никлаус Вирт

subsection
Скрыть

Ему было всего 89 лет.

>>> Подробнее

anonymous (*) (2024-01-04 02:07:01)

[2 сообщения] [Добавить комментарий]


Вышла OpenBSD 7.4

subsection
Скрыть

OpenBSD 7.4 вышла, можно обновляться.

>>> Подробнее

anonymous (*) (2023-10-16 17:29:35)

[2 сообщения] [Добавить комментарий]


Авторизация
Ссылки
Галерея

[Добавить]

opera умеет и такое

gallery

Опубликована: 2019-03-11 00:10:13
Автор: vilfred


Я здесь, у меня гента с флуксбоксом

gallery

Опубликована: 2017-07-26 21:48:40
Автор: Ada



Трекер
F.A.Q.



(c) 2010-2020 LOR-NG Developers Group
Powered by TimeMachine

Valid HTML 4.01 Transitional Правильный CSS!