Free, Libre, and Open Source Software Leftovers
-
Daniel Miller ☛ To Find an Alternative to Wordpress, Just Go Back to the Beginning
This part of the nature of open-source software is one of its most interesting. A French developer can create a CMS, abandon it, and move on to a humble career in software, and a college student in Houston can fork that CMS, convince another software developer to help him continue the project, turn that into a rather profitable business, and become a wealthy and (until very recently) well-regarded internet person. In the meantime, another French developer can also fork the original CMS, maintain it for almost two decades in a (relative to WordPress) quiet corner of the internet, and eventually move on to other things.
-
Trail of Bits ☛ How we applied advanced fuzzing techniques to cURL
Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line utility and its library, libcurl. The scope of our engagement included a code review, a threat model, and the subject of this blog post: an engineering effort to analyze and improve cURL’s fuzzing code.
We’ll discuss several elements of this process, including how we identified important areas of the codebase lacking coverage, and then modified the fuzzing code to hit these missed areas. For example, by setting certain libcurl options during fuzzer initialization and introducing new seed files, we doubled the line coverage of the HTTP Strict Transport Security (HSTS) handling code and quintupled it for the Alt-Svc header. We also expanded the set of fuzzed protocols to include WebSocket and enabled the fuzzing of many new libcurl options. We’ll conclude this post by explaining some more sophisticated fuzzing techniques the cURL team could adopt to increase coverage even further, bring fuzzing to the cURL command line, and reduce inefficiencies intrinsic to the current test case format.
-
TechTea ☛ Tech Tea - Arc Search and Generative AI - Running from the Problem
If we are to believe the headlines, AI is the future that will save us all from every ailment in existence. While there is value in things like computer vision and generative AI for summarizing information, it is not a silver bullet for our problems.
Im my January Favorite Things post I mentioned Jim Nielsen’s post about Arc Search and how he mentioned it was like treating the symptoms. Turns out Manuel Moreale also wrote a post as well about the subject.
Basically it is an AI that searches the web for you, summarizes the content of those websites, and spits that info back at you. There are many problems with this, but Jim and Manuel go over the specifics far better than I could articulate.
While I have an issue with Arc Search specifically, I have even more issues with the idea that AI can solve human problems.