HackerLangs
TopNewTrendsCommentsPastAskShowJobs

delamon

87 karmajoined 2 years ago

Submissions

Claude bug report: Cross-session credential leakage

github.com
4 points·by delamon·3 days ago·0 comments

Tanenbaum: Can We Make Operating Systems Reliable and Secure? (2006) [pdf]

cs.vu.nl
2 points·by delamon·2 months ago·0 comments

You Don't Review Your Compiler Output

scottrfrancis.wordpress.com
3 points·by delamon·2 months ago·0 comments

Rust-coreutils – Program Security Assesment [pdf]

github.com
4 points·by delamon·3 months ago·1 comments

comments

delamon
·15 days ago·discuss
He only gets 4-5Gbps in the other direction.
delamon
·last month·discuss
Inderect call cost is a few cycles, if predicted. Now, you can argue, that it may be mispredicted and misprediction would cost about 20-30 cycles. But if it is mispredicted, then you are not calling into allocator often enough. And if you don't hammer it hard, then why do you care about preformance?
delamon
·2 months ago·discuss
can't help myself: how common to see code like https://github.com/oven-sh/bun/blob/main/src/bun_core/string... instead of simple ilog2()? I guess, ut somewhat explains how they got 700k+ lines of code
delamon
·2 months ago·discuss
yes
delamon
·2 months ago·discuss
I assume you mean container, not VM. But yes, container makes it harder.
delamon
·2 months ago·discuss
The attack gives you ability to overwrite any cached page. So you don't need to be root to "edit" /etc/passwd.
delamon
·2 months ago·discuss
setuid binaries are not the only way to get root. E.g. one can change /etc/crontab or /etc/passwd. Or add trojan to /bin/ls and wait until admin type 'ls'
delamon
·2 months ago·discuss
Apparently it is both...
delamon
·2 months ago·discuss
If you "forget" to mark COW memory pointer as no-write, the net effect would be same, would it not? If I'm reading the diff correctly, the problem was that code missed to mark some pages as shared (aka no-write).
delamon
·2 months ago·discuss
How would've memory safety helped here?
delamon
·2 months ago·discuss
Another data point: AMD T14 G4 with s2idle draws about 0.4% per hour of sleep.
delamon
·2 months ago·discuss
Lenovo sells ThinkPad T-series laptops as “Linux-supported.” However, if you happen to buy an AMD version of one of these laptops, you may be surprised by how poorly the Wi‑Fi works. It’s been several years since the T14 Gen4 was released, and yet the Wi‑Fi is still not stable.
delamon
·2 months ago·discuss
Right, I misread the spec.
delamon
·2 months ago·discuss
What kind of usage do you envision for 245TB drive with read speed of 3GB/sec?
delamon
·2 months ago·discuss
QLC retention reported to be around 1 year in unpowered state. I would assume, that drive does background refresh, though. No idea what effect it has on total drive lifetime. It is still mean that if you use it for cold storage it has to be powered.
delamon
·3 months ago·discuss
Zelic discovered 73 security problems with uutils, 7 critical, 11 of high impact, 29 of medium and rest is low.
delamon
·3 months ago·discuss
Not really. PgUp, PgDown are missing. It is possible to configure software combination that would emulate them. But emulation is emulation.
delamon
·3 months ago·discuss
This blog post is also worth noting: https://ciechanow.ski/gps/
delamon
·3 months ago·discuss
What is wrong with peeking at process.env? It is a global map, after all. I assume, of course, that they don't mutate it.
delamon
·4 months ago·discuss
Rust cannot help you if race condition crosses API boundary. No matter what language you use, you have to think about system as a whole. Failure to do that results in bugs like this