GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    ThePhD (thephd@pony.social)'s status on Wednesday, 07-Aug-2024 03:46:42 JST ThePhD ThePhD

    Crowdstrike party time... it looks like the data was uninitialized, but not intentionally. The mismatch in the code run at ring0 was them fucking up validation, and they failed to account in their C++-built interpreter. It accessed data that was "supposed" to be there but wasn't. It is thankfully not as simple as "we forgot to initialize our full table", it's that their tooling didn't catch that they asked for 21 slots in the update while the actual program/interpreter only knew about 20.

    Given this was an interpreter built on top of C++ (if we keep reading this thing correctly), it's hard to say whether or not this would have happened in a safer language since this isn't just your typical "forgot to initialize a table on the stack". Unsurprising this never happened to them because they were so utterly garbage and sloppy with their DevOps practices.

    But it seems like there's very little direct action I could do in C to make this problem go away.

    In conversation about 6 months ago from pony.social permalink
    • Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      ThePhD (thephd@pony.social)'s status on Wednesday, 07-Aug-2024 03:46:40 JST ThePhD ThePhD
      in reply to

      Play "lay off 100s of engineers" games, win "huge lawsuit" prizes.

      In conversation about 6 months ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      ThePhD (thephd@pony.social)'s status on Wednesday, 07-Aug-2024 13:54:56 JST ThePhD ThePhD
      in reply to

      I can't believe I'm the one who's scared of taking jobs working in the kernel/ring0 and writing drivers but these 80billion USD-valuation companies can just no-protection rawdog the kernel with the sloppiest practices I've ever seen and it's totally okay.

      We're all sitting here scared and afraid and these people are just doing the equivalent of chugging everclear and driving backwards on the highway.

      I clearly need more fucking hubris.

      In conversation about 6 months ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 07-Aug-2024 14:00:01 JST Haelwenn /элвэн/ :triskell: Haelwenn /элвэн/ :triskell:
      in reply to
      @thephd Interestingly I feel like I'd be more scared of breaking the compiler than the kernel, although maybe compilers have more extensive tests? (And definitely easier to debug, which for me is why hacking the kernel seems like such a pain)
      In conversation about 6 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.