Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Burning Man Hit By 50 MPH Dust Storm. Possible Monsoon Thunderstorms Forecast
    by EditorDavid on 25/08/2025 at 12:29 am

    "A fierce dust storm hit the Black Rock Desert on the eve of its annual Burning Man festival," reports the San Francisco Chronicle, "causing at least four minor injuries and damaging campsites that had been set up early." [Alternate URL] "Winds of up to 50 mph stirred up the lake bed's alkaline dust so ferociously that participants in the annual art and culture festival reported not being able to see beyond a foot... " The dust storm arrived Saturday evening after strong thunderstorms in the Sierra Nevada drifted off the mountains and whipped up strong winds in the Nevada desert... At 5:14 p.m. Saturday, the weather service issued a dust storm advisory for Black Rock City and warned of "a wall of blowing dust coming off the Smoke Creek and Black Rock Desert playa areas is tracking northward at around 30 mph." The agency warned of visibility less than 1 mile and wind gusts exceeding 45 mph. A weather station at Black Rock City Airport measured gusts up to 52 mph at 5:50 p.m... ["We saw structures being ripped and torn down by the wind speeds even though we buttoned everything down as best as we could..." one Burner told the Chronicle.] Camp residents posted a slew of videos to social media featuring dust tornadoes, destroyed campsites, and fellow campers struggling to hold onto bucking canvases as the wind threatened to rip them away. "Every popup canopy I've seen has been destroyed," one Burner wrote on Reddit... ["Make sure you carry your particle/dust mask and goggles with you when you venture out on playa!" warns Burning Man's official weather page.] Even after Saturday's storm, Burners won't be out of the woods from hazardous weather. The weather service warned of possible monsoon thunderstorms and heavy rain Sunday through Wednesday, raising concerns that this year's festival could echo disastrous 2023 conditions, when heavy storms stranded tens of thousands of attendees amid thick mud. "It's becoming increasingly likely that we could see an even greater flash flood threat," the weather service wrote in an online forecast. "If you're on the playa at the Black Rock Desert, you may very well be in for a muddy mess Monday through Wednesday." Slow-moving storms could drop an inch of rain or more in a short period. "Still, gates to the festival had opened by Sunday morning," the article adds, "with organizers cautioning new arrivals to 'drive safely!'" Burning Man's official weather page currently links to a National Weather Service page with a "Flood Watch" warning through 9 p.m. Sunday, and also predicting a chance of thunderstorms on Sunday and Monday. Read more of this story at Slashdot.

  • After Tea Leak, 33,000 Women's Addresses Were Purportedly Mapped on Google Maps
    by EditorDavid on 24/08/2025 at 10:30 pm

    After the Tea dating-advice app leaked information on its users, the BBC found two online maps "purporting to represent the locations of women who had signed up for Tea... showing 33,000 pins spread across the United States." The maps were hosted on Google Maps. (Notified by the BBC, Google deleted the maps, saying they violated their harassment policies.) "Since the breach, more than 10 women have filed class actions against the company which owns Tea," the article points out, noting that leaked content is also spreading around social media: Since the breach, the BBC has found websites, apps and even a "game" featuring the leaked data... The "game" puts the selfies submitted by women head-to-head, instructing users to click on the one they prefer, with leaderboards of the "top 50" and "bottom 50"... [And one researcher calculates more than 12,000 posts on 4Chan referenced the Tea app over the three weeks after the leak.] It is unsurprising that the leak was exploited. The app had drawn criticism ever since it had grown in popularity. Defamation, with the spread of unproven allegations, and doxxing, when someone's identifying information is published without their consent, were real possibilities. Men's groups had wanted to take the app down — and when they found the data breach, they saw it as a chance for retribution. They weren't the only ones with a gripe against Tea. Back in 2023 the fiance of Tea's CEO founder approached the administrator of a collection of Facebook groups called "Are We Dating the Same Guy?" to see if she'd be the "face" of the Tea app, reports 404 Media. But they add that after Tea failed to recruit her, Tea "shifted tactics" to raid her Facebook groups instead: Tea paid influencers to undermine Are We Dating the Same Guy and created competing Facebook groups with nearly identical names. 404 Media also identified a number of seemingly hijacked Facebook accounts that spammed the real Are We Dating The Same Guy groups with links to Tea app. Reviews for the Tea app show several women later thought the app was affiliated with their trusted Facebook groups, the reporter said this week on a 404 Media podcast. And they add that founder Sean Cook took over the "Tara" personna that his fiance has used for technical support. "So he's on the app pretend to be a woman, talking to other women who are on the app in order to weed out men who are being deceptive..." Thanks to Slashdot reader samleecole for sharing the article. Read more of this story at Slashdot.

  • A Universal Rhythm Guides How We Speak: Global Analysis Reveals 1.6-Second Units
    by EditorDavid on 24/08/2025 at 8:34 pm

    "The truly universal properties of languages are not independent of our physiology and cognition," argues the co-author of a new study. Instead he says their research "strengthens the idea that intonation units are a universal feature of language." Phys.org explains: Have you ever noticed that a natural conversation flows like a dance — pauses, emphases, and turns arriving just in time? A new study has discovered that this isn't just intuition; there is a biological rhythm embedded in our speech... According to the study, led by Dr. Maya Inbar, alongside Professors Eitan Grossman and Ayelet N. Landau, human speech across the world pulses to the beat of what are called intonation units, short prosodic phrases that occur at a consistent rate of one every 1.6 seconds. The research analyzed over 650 recordings in 48 languages spanning every continent and 27 language families. Using a novel algorithm, the team was able to automatically identify intonation units in spontaneous speech, revealing that regardless of the language spoken, from English and Russian to endangered languages in remote regions, people naturally break their speech into these rhythmic chunks. "These findings suggest that the way we pace our speech isn't just a cultural artifact, it's deeply rooted in human cognition and biology," says Dr. Inbar. "We also show that the rhythm of intonation units is unrelated to faster rhythms in speech, such as the rhythm of syllables, and thus likely serves a different cognitive role...." Most intriguingly, the low-frequency rhythm they follow mirrors patterns in brain activity linked to memory, attention, and volitional action, illuminating the profound connection between how we speak and how we think. The work is published in the journal Proceedings of the National Academy of Sciences. Read more of this story at Slashdot.

  • 30 Years of Satellite Data Confirm Predictions from Early Models of Sea Level Rise
    by EditorDavid on 24/08/2025 at 7:34 pm

    "The ultimate test of climate projections is to compare them with what has played out..." says earth sciences professor Torbjörn Törnqvist, lead author on a new study published in the open-access journal Earth's Future (published by the American Geophysical Union). But after "decades of observations," he says his researchers "were quite amazed how good those early projections were, especially when you think about how crude the models were back then, compared to what is available now." "For anyone who questions the role of humans in changing our climate, here is some of the best proof that we have understood for decades what is really happening, and that we can make credible projections...." A new era of monitoring global sea-level change took off when satellites were launched in the early 1990s to measure the height of the ocean surface. This showed that the rate of global sea-level rise since that time has averaged about one eighth of an inch per year. Only more recently, it became possible to detect that the rate of global sea-level rise is accelerating. When NASA researchers demonstrated in October 2024 that the rate has doubled during this 30-year period, the time was right to compare this finding with projections that were made during the mid-1990s, independent of the satellite measurements. In 1996, the Intergovernmental Panel on Climate Change published an assessment report soon after the satellite-based sea-level measurements had started. It projected that the most likely amount of global sea-level rise over the next 30 years would be almost 8 centimeters (3 inches), remarkably close to the 9 centimeters that has occurred. But it also underestimated the role of melting ice sheets by more than 2 centimeters (about 1 inch). At the time, little was known about the role of warming ocean waters and how that could destabilize marine sectors of the Antarctic Ice Sheet from below. Ice flow from the Greenland Ice Sheet into the ocean has also been faster than foreseen. "The findings provide confidence in model-based climate projections," according to the paper. Again, its two key points: The largest disparities between projections and observations were due to underestimated dynamic mass loss of ice sheets Comparison of past projections with subsequent observations gives confidence in future climate projections Thanks to Slashdot reader Mr. Dollar Ton for sharing the news. Read more of this story at Slashdot.

  • Flames, Smoke, Toxic Gas: The Danger of Battery Fires on Planes
    by EditorDavid on 24/08/2025 at 6:34 pm

    "Delta Air Lines Flight 1334 was flying from Atlanta to Fort Lauderdale last month when smoke and flames started pouring out of a backpack," reports CNN. "The pilots declared an emergency and diverted to Fort Meyers where the 191 people onboard safely evacuated." The culprit was a passenger's personal lithium-ion battery pack, which had been tucked away in the carry-on bag. At the FAA's William J. Hughes Technical Center for Advanced Aerospace in Atlantic City, New Jersey, fire safety engineers research and demonstrate just how bad it can be. "Lithium batteries can go into what's called thermal runaway," Fire Safety Branch Manager Robert Ochs, explained. "All of a sudden, it'll start to short circuit ... It will get warmer and warmer and warmer until the structure of the battery itself fails. At that point, it can eject molten electrolyte and flames and smoke and toxic gas...." These thermal runaways are difficult to fight. The FAA recommends flight attendants first use a halon fire extinguisher, which is standard equipment on planes, but that alone may not be enough. In the test performed for CNN, the flames sprung back up in just moments... "Adding the water, as much water from the galley cart, non-alcoholic liquids, everything that they can get to just start pouring on that device." The problems are not new, but more batteries are being carried onto planes than ever before. Safety organization UL Standards and Engagement says today an average passenger flies with four devices powered by lithium-ion batteries. "The incidents of fire are rare, but they are increasing. We're seeing as many as two per week, either on planes or within airports," Jeff Marootian, the president and CEO of the organization, told CNN... [T]he latest federal data shows external battery packs are the top cause of incidents, and as a result the FAA has banned them from checked baggage where they are harder to extinguish. But despite all of the warnings, UL Standards and Engagement says two in five passengers still say they check them. Read more of this story at Slashdot.

  • America's Secretive X-37B Space Plane Will Test a Quantum Alternative to GPS for the US Space Force
    by EditorDavid on 24/08/2025 at 5:34 pm

    The mysterious X-37B space-plane — the U.S. military's orbital test vehicle — "serves partly as a platform for cutting-edge experiments," writes Space.com And "one of these experiments is a potential alternative to GPS that makes use of quantum science as a tool for navigation: a quantum inertial sensor." This technology could revolutionize how spacecraft, airplanes, ships and submarines navigate in environments where GPS is unavailable or compromised. In space, especially beyond Earth's orbit, GPS signals become unreliable or simply vanish. The same applies underwater, where submarines cannot access GPS at all. And even on Earth, GPS signals can be jammed (blocked), spoofed (making a GPS receiver think it is in a different location) or disabled — for instance, during a conflict... Traditional inertial navigation systems, which use accelerometers and gyroscopes to measure a vehicle's acceleration and rotation, do provide independent navigation, as they can estimate position by tracking how the vehicle moves over time... Eventually though, without visual cues, small errors will accumulate and you will entirely lose your positioning... At very low temperatures, atoms obey the rules of quantum mechanics: they behave like waves and can exist in multiple states simultaneously — two properties that lie at the heart of quantum inertial sensors. The quantum inertial sensor aboard the X-37B uses a technique called atom interferometry, where atoms are cooled to the temperature of near absolute zero, so they behave like waves. Using fine-tuned lasers, each atom is split into what's called a superposition state, similar to Schrödinger's cat, so that it simultaneously travels along two paths, which are then recombined. Since the atom behaves like a wave in quantum mechanics, these two paths interfere with each other, creating a pattern similar to overlapping ripples on water. Encoded in this pattern is detailed information about how the atom's environment has affected its journey. In particular, the tiniest shifts in motion, like sensor rotations or accelerations, leave detectable marks on these atomic "waves". Compared to classical inertial navigation systems, quantum sensors offer orders of magnitude greater sensitivity. Because atoms are identical and do not change, unlike mechanical components or electronics, they are far less prone to drift or bias. The result is long duration and high accuracy navigation without the need for external references. The upcoming X-37B mission will be the first time this level of quantum inertial navigation is tested in space. The article points out that a quantum navigation system could be crucial "for future space exploration, such as to the Moon, Mars or even deep space," where autonomy is key and when signals from Earth are unavailable. "While quantum computing and quantum communication often steal headlines, systems like quantum clocks and quantum sensors are likely to be the first to see widespread use." Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress