Free, Libre, and Open Source Software Leftovers
-
Cyble Inc ☛ Major Cloud Services Vulnerable To "Linguistic Lumberjack"
However, due to a lack of proper validation of input types, sending non-string values (such as integers) in the “inputs” array of a request can lead to memory corruption. The code incorrectly assumes these values to be valid MSGPACK_OBJECT_STRs.
-
Sourcehut ☛ #T☮CT☮U||GTF☮: State of Sandboxing in Linux
Both Gentoo's sandbox and Exherbo's sydbox aim to provide user-space sandboxing on Linux, but they differ significantly in their approach and effectiveness. Gentoo's sandbox is primarily designed to detect package build mishaps and offers limited defense against sophisticated attacks. On the other hand, sydbox, with sydbox-3, attempts to function as a security boundary with more advanced features and mitigations against TOCTOU (Time-of-Check to Time-of-Use) attacks. Despite these efforts, both sandboxes are still vulnerable to certain TOCTOU exploits due to inherent limitations in the ptrace(2) and seccomp(2) frameworks, which requires some system calls to be resumed within the sandbox process. To enhance the security of these sandboxing tools, there is a pressing need for the Linux kernel to provide safer APIs for handling critical system calls with the seccomp(2) framework. Additionally, best practices such as using the "write xor execute" (W^X) approach, mount namespaces, and Landlock should be employed to create a more secure sandboxing environment.
-
Education
-
RIPE ☛ RIPE 88 Daily Meeting Blog
The meeting came to an end with a BoF with Hanna Kreitem from the Internet Society which explored Pulse, a platform that aggregates various measurements related to the Internet's health.
-
FreeBSD ☛ Why FreeBSD Events are Important to Furthering the Development of FreeBSD
People of all ages and levels of experience come together at these conferences to share their knowledge and to support each other. It’s inspiring to see long-time contributors eagerly helping newer members and embracing fresh ideas. The exchange of perspectives between seasoned and young attendees creates an open and collaborative atmosphere that benefits everyone involved.
-
-
Mozilla
-
Mozilla ☛ Releasing a new paper on openness and artificial intelligence [Ed: Mozilla joins the orgy of meaningless buzzwords and hype]
For the past six months, the Columbia Institute of Global Politics and Mozilla have been working with leading AI scholars and practitioners to create a framework on openness and AI. Today, we are publishing a paper that lays out this new framework.
-
-
Web Browsers/Web Servers
-
Futurism ☛ How to Block Google's Annoying AI Answers With This Cool Browser Plugin
Do you find Google's new AI Overviews to be obtrusive, bad for the struggling media industry, or even wildly inaccurate?
Well, we have good news. There are several browser extensions that can block AI Overviews, which are basically AI-generated summaries drawn from Internet search results — and hence are plagued with the same hallucinations that other AI platforms have experienced.
-