HackerTrans
TopNewTrendsCommentsPastAskShowJobs

delamon

87 karmajoined 2 tahun yang lalu

Submissions

Claude bug report: Cross-session credential leakage

github.com
4 points·by delamon·3 hari yang lalu·0 comments

Tanenbaum: Can We Make Operating Systems Reliable and Secure? (2006) [pdf]

cs.vu.nl
2 points·by delamon·2 bulan yang lalu·0 comments

You Don't Review Your Compiler Output

scottrfrancis.wordpress.com
3 points·by delamon·2 bulan yang lalu·0 comments

Rust-coreutils – Program Security Assesment [pdf]

github.com
4 points·by delamon·3 bulan yang lalu·1 comments

comments

delamon
·15 hari yang lalu·discuss
He only gets 4-5Gbps in the other direction.
delamon
·bulan lalu·discuss
Inderect call cost is a few cycles, if predicted. Now, you can argue, that it may be mispredicted and misprediction would cost about 20-30 cycles. But if it is mispredicted, then you are not calling into allocator often enough. And if you don't hammer it hard, then why do you care about preformance?
delamon
·2 bulan yang lalu·discuss
can't help myself: how common to see code like https://github.com/oven-sh/bun/blob/main/src/bun_core/string... instead of simple ilog2()? I guess, ut somewhat explains how they got 700k+ lines of code
delamon
·2 bulan yang lalu·discuss
yes
delamon
·2 bulan yang lalu·discuss
I assume you mean container, not VM. But yes, container makes it harder.
delamon
·2 bulan yang lalu·discuss
The attack gives you ability to overwrite any cached page. So you don't need to be root to "edit" /etc/passwd.
delamon
·2 bulan yang lalu·discuss
setuid binaries are not the only way to get root. E.g. one can change /etc/crontab or /etc/passwd. Or add trojan to /bin/ls and wait until admin type 'ls'
delamon
·2 bulan yang lalu·discuss
Apparently it is both...
delamon
·2 bulan yang lalu·discuss
If you "forget" to mark COW memory pointer as no-write, the net effect would be same, would it not? If I'm reading the diff correctly, the problem was that code missed to mark some pages as shared (aka no-write).
delamon
·2 bulan yang lalu·discuss
How would've memory safety helped here?
delamon
·2 bulan yang lalu·discuss
Another data point: AMD T14 G4 with s2idle draws about 0.4% per hour of sleep.
delamon
·2 bulan yang lalu·discuss
Lenovo sells ThinkPad T-series laptops as “Linux-supported.” However, if you happen to buy an AMD version of one of these laptops, you may be surprised by how poorly the Wi‑Fi works. It’s been several years since the T14 Gen4 was released, and yet the Wi‑Fi is still not stable.
delamon
·2 bulan yang lalu·discuss
Right, I misread the spec.
delamon
·2 bulan yang lalu·discuss
What kind of usage do you envision for 245TB drive with read speed of 3GB/sec?
delamon
·2 bulan yang lalu·discuss
QLC retention reported to be around 1 year in unpowered state. I would assume, that drive does background refresh, though. No idea what effect it has on total drive lifetime. It is still mean that if you use it for cold storage it has to be powered.
delamon
·3 bulan yang lalu·discuss
Zelic discovered 73 security problems with uutils, 7 critical, 11 of high impact, 29 of medium and rest is low.
delamon
·3 bulan yang lalu·discuss
Not really. PgUp, PgDown are missing. It is possible to configure software combination that would emulate them. But emulation is emulation.
delamon
·3 bulan yang lalu·discuss
This blog post is also worth noting: https://ciechanow.ski/gps/
delamon
·3 bulan yang lalu·discuss
What is wrong with peeking at process.env? It is a global map, after all. I assume, of course, that they don't mutate it.
delamon
·4 bulan yang lalu·discuss
Rust cannot help you if race condition crosses API boundary. No matter what language you use, you have to think about system as a whole. Failure to do that results in bugs like this