HackerTrans
TopNewTrendsCommentsPastAskShowJobs

delamon

87 karmajoined 2 jaar geleden

Submissions

Claude bug report: Cross-session credential leakage

github.com
4 points·by delamon·3 dagen geleden·0 comments

Tanenbaum: Can We Make Operating Systems Reliable and Secure? (2006) [pdf]

cs.vu.nl
2 points·by delamon·2 maanden geleden·0 comments

You Don't Review Your Compiler Output

scottrfrancis.wordpress.com
3 points·by delamon·2 maanden geleden·0 comments

Rust-coreutils – Program Security Assesment [pdf]

github.com
4 points·by delamon·3 maanden geleden·1 comments

comments

delamon
·15 dagen geleden·discuss
He only gets 4-5Gbps in the other direction.
delamon
·vorige maand·discuss
Inderect call cost is a few cycles, if predicted. Now, you can argue, that it may be mispredicted and misprediction would cost about 20-30 cycles. But if it is mispredicted, then you are not calling into allocator often enough. And if you don't hammer it hard, then why do you care about preformance?
delamon
·2 maanden geleden·discuss
can't help myself: how common to see code like https://github.com/oven-sh/bun/blob/main/src/bun_core/string... instead of simple ilog2()? I guess, ut somewhat explains how they got 700k+ lines of code
delamon
·2 maanden geleden·discuss
yes
delamon
·2 maanden geleden·discuss
I assume you mean container, not VM. But yes, container makes it harder.
delamon
·2 maanden geleden·discuss
The attack gives you ability to overwrite any cached page. So you don't need to be root to "edit" /etc/passwd.
delamon
·2 maanden geleden·discuss
setuid binaries are not the only way to get root. E.g. one can change /etc/crontab or /etc/passwd. Or add trojan to /bin/ls and wait until admin type 'ls'
delamon
·2 maanden geleden·discuss
Apparently it is both...
delamon
·2 maanden geleden·discuss
If you "forget" to mark COW memory pointer as no-write, the net effect would be same, would it not? If I'm reading the diff correctly, the problem was that code missed to mark some pages as shared (aka no-write).
delamon
·2 maanden geleden·discuss
How would've memory safety helped here?
delamon
·2 maanden geleden·discuss
Another data point: AMD T14 G4 with s2idle draws about 0.4% per hour of sleep.
delamon
·2 maanden geleden·discuss
Lenovo sells ThinkPad T-series laptops as “Linux-supported.” However, if you happen to buy an AMD version of one of these laptops, you may be surprised by how poorly the Wi‑Fi works. It’s been several years since the T14 Gen4 was released, and yet the Wi‑Fi is still not stable.
delamon
·2 maanden geleden·discuss
Right, I misread the spec.
delamon
·2 maanden geleden·discuss
What kind of usage do you envision for 245TB drive with read speed of 3GB/sec?
delamon
·2 maanden geleden·discuss
QLC retention reported to be around 1 year in unpowered state. I would assume, that drive does background refresh, though. No idea what effect it has on total drive lifetime. It is still mean that if you use it for cold storage it has to be powered.
delamon
·3 maanden geleden·discuss
Zelic discovered 73 security problems with uutils, 7 critical, 11 of high impact, 29 of medium and rest is low.
delamon
·3 maanden geleden·discuss
Not really. PgUp, PgDown are missing. It is possible to configure software combination that would emulate them. But emulation is emulation.
delamon
·3 maanden geleden·discuss
This blog post is also worth noting: https://ciechanow.ski/gps/
delamon
·3 maanden geleden·discuss
What is wrong with peeking at process.env? It is a global map, after all. I assume, of course, that they don't mutate it.
delamon
·4 maanden geleden·discuss
Rust cannot help you if race condition crosses API boundary. No matter what language you use, you have to think about system as a whole. Failure to do that results in bugs like this