Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Duplication
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • China's AI 'War of a Hundred Models' Heads For a Shakeout
    by msmash on 23/09/2023 at 2:01 am

    An anonymous reader shares a report: China's craze over generative artificial intelligence has triggered a flurry of product announcements from startups and tech giants on an almost daily basis, but investors are warning a shakeout is imminent as cost and profit pressures grow. The buzz in China, first ignited by the success of OpenAI's ChatGPT almost a year ago, has given rise to what a senior Tencent executive described this month as "war of a hundred models", as it and rivals from Baidu to Alibaba to Huawei promote their offerings. China now has at least 130 large language models, accounting for 40% of the global total and just behind the United States' 50% share, according to brokerage CLSA. Additionally, companies have also announced dozens of "industry-specific LLMs" that link to their core model. However, investors and analysts say that most were yet to find viable business models, were too similar to each other and were now grappling with surging costs. Tensions between Beijing and Washington have also weighed on the sector, as U.S. dollar funds invest less in early-stage projects and difficulties obtaining AI chips made by the likes of Nvidia start to bite. "Only those with the strongest capabilities will survive," said Esme Pau, head of China internet and digital asset research at Macquarie Group, who expects consolidation and a price war as players compete for users. Read more of this story at Slashdot.

  • European Commission Hits Intel With New Fine Over Antitrust Findings
    by msmash on 22/09/2023 at 11:30 pm

    The European Commission has re-imposed a fine of about $400 million on chipmaker Intel for abusing its dominant position in the x86 processor market. The move is the latest twist in an antitrust saga that has been now running for more than two decades. The Register: According to the Commission, the fine is in response to previously established anticompetitive practices by the silicon giant, aimed at excluding competitors from the market in breach of EU competition rules. The original fine handed to Intel in 2009 was for $1.2 billion, based on findings that the company had given incentives to PC makers to use its CPUs instead of those from rivals, or else delay the launch of specific products containing rival chips. These incentives consisted of wholly or partially hidden rebates for using Intel chips, or payments in order to delay launching products with rival chips, amounting to so-called "naked restrictions." It ultimately goes back to complaints from rival CPU maker AMD in 2000 and again in 2003 that Intel was engaging in anticompetitive conduct by offering rebates to vendors to favor Intel components. Intel fought the decision, but an appeal by the Silicon Valley outfit to have it overturned was initially denied in 2014. Then in 2022, the EU General Court partially annulled the 2009 ruling by the Commission, in particular the findings related to Intel's conditional rebates, and went on to nix the fine imposed on the company in its entirety. Read more of this story at Slashdot.

  • NASA's Webb Finds Carbon Source on Surface of Jupiter's Moon Europa
    by msmash on 22/09/2023 at 10:00 pm

    NASA, in a press release: Jupiter's moon Europa is one of a handful of worlds in our solar system that could potentially harbor conditions suitable for life. Previous research has shown that beneath its water-ice crust lies a salty ocean of liquid water with a rocky seafloor. However, planetary scientists had not confirmed if that ocean contained the chemicals needed for life, particularly carbon. Astronomers using data from NASA's James Webb Space Telescope have identified carbon dioxide in a specific region on the icy surface of Europa. Analysis indicates that this carbon likely originated in the subsurface ocean and was not delivered by meteorites or other external sources. Moreover, it was deposited on a geologically recent timescale. This discovery has important implications for the potential habitability of Europa's ocean. "On Earth, life likes chemical diversity -- the more diversity, the better. We're carbon-based life. Understanding the chemistry of Europa's ocean will help us determine whether it's hostile to life as we know it, or if it might be a good place for life," said Geronimo Villanueva of NASA's Goddard Space Flight Center in Greenbelt, Maryland, lead author of one of two independent papers describing the findings. "We now think that we have observational evidence that the carbon we see on Europa's surface came from the ocean. That's not a trivial thing. Carbon is a biologically essential element," added Samantha Trumbo of Cornell University in Ithaca, New York, lead author of the second paper analyzing these data. NASA plans to launch its Europa Clipper spacecraft, which will perform dozens of close flybys of Europa to further investigate whether it could have conditions suitable for life, in October 2024. Read more of this story at Slashdot.

  • White House Could Force Cloud Companies To Disclose AI Customers
    by msmash on 22/09/2023 at 9:00 pm

    The White House is considering requiring cloud computing firms to report some information about their customers to the U.S. government, Semafor reported Friday, citing people familiar with an upcoming executive order on AI. From the report: The provision would direct the Commerce Department to write rules forcing cloud companies like Microsoft, Google, and Amazon to disclose when a customer purchases computing resources beyond a certain threshold. The order hasn't been finalized and specifics of it could still change. Similar "know-your-customer" policies already exist in the banking sector to prevent money laundering and other illegal activities, such as the law mandating firms to report cash transactions exceeding $10,000. In this case, the rules are intended to create a system that would allow the U.S. government to identify potential AI threats ahead of time, particularly those coming from entities in foreign countries. If a company in the Middle East began building a powerful large language model using Amazon Web Services, for example, the reporting requirement would theoretically give American authorities an early warning about it. The policy proposal represents a potential step toward treating computing power -- or the technical capacity AI systems need to perform tasks -- like a national resource. Mining Bitcoin, developing video games, and running AI models like ChatGPT all require large amounts of compute. Read more of this story at Slashdot.

  • FCC Closing Loophole That Gave Robocallers Easy Access To US Phone Numbers
    by msmash on 22/09/2023 at 8:00 pm

    The Federal Communications Commission is taking steps to restrict Voice over Internet Protocol (VoIP) providers from easily accessing US telephone numbers. Over the past several years, robocallers have exploited VoIP providers to inundate US citizens with unwanted calls, many of which come from falsified numbers. Previously, the regulations allowed VoIP services relatively uncomplicated access to US phone numbers. ArsTechnica: But under rules adopted by the FCC yesterday, VoIP providers will face some extra hurdles. They will have to "make robocall-related certifications to help ensure compliance with the Commission's rules targeting illegal robocalls," and "disclose and keep current information about their ownership, including foreign ownership, to mitigate the risk of providing bad actors abroad with access to US numbering resources," the FCC said. The FCC order will take effect 30 days after it's published in the Federal Register. A public draft of the order was released ahead of the FCC meeting. Read more of this story at Slashdot.

  • Unity To Roll Back Some Key Aspects of Runtime Fee Policy
    by msmash on 22/09/2023 at 7:00 pm

    Unity has announced some key changes to its widely panned Runtime Fee policy, which spawned both derision and confusion from developers and the gaming community at large when it was unveiled earlier this month. From a report: It's easing up on some big aspects of the previously announced charges, removing the fee from the Unity Personal tier entirely, although it still remains in a revised form on the Unity Pro and Unity Enterprise tiers. In short, as originally announced, starting on Jan. 1, 2024, Unity would start charging developers a small fee every time someone downloads a game built on Unity's game engine after a certain threshold for minimum revenue and install count. The different tiers of Unity plans - Unity Personal/Unity Plus, Unity Pro, and Unity Enterprise - had different thresholds and, per the original announcement, smaller developers using Unity Personal/Unity Plus would have to pay Unity $0.20 per install once their game passes $200,000 in revenue over the last 12 months and 200,000 life-to-date installs. Unity announced today, however, that there will be no Runtime Fee on games built on Unity Personal, which will remain free. They will also be increasing financial theshold of Unity Personal from $100,000 to $200,000 and will remove the requirement to use the Made with Unity splash screen. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress