Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Major Streamers Must Pay 15% of Revenues To Canadian Content, CRTC Says
    by BeauHD on 22/05/2026 at 10:00 pm

    Canada's broadcast regulator says major streaming services such as Netflix must contribute 15% of their Canadian revenues to Canadian and Indigenous content. "That's three times the five-per-cent initial contribution requirement the CRTC set out in 2024, which is being challenged in court by major streamers, including Apple and Amazon," reports Global News. "Contribution requirements for traditional broadcasters, which currently pay between 30 and 45 percent, will be lowered to 25 percent." From the report: "The total contributions are expected to stabilize the funding at more than $2 billion in support of Canadian and Indigenous content, such as French-language content and news," the regulator said in a press release. The CRTC made the decisions as part of its implementation of the Online Streaming Act, which the U.S. has identified as a trade irritant ahead of trade negotiations with Canada. The CRTC also set out rules on how the money must be spent for both streamers and broadcasters, including contributions toward production funds and direct spending on Canadian content. Most of the streamers' financial contributions can go toward content, though the CRTC is imposing rules on how that money must be spent for the largest streamers. For instance, streamers with Canadian revenues of more than $100 million annually must direct 30 percent of spending toward partnerships with Canadian broadcasters and independent producers. Large Canadian broadcasters will have to direct at least 15 percent of their contributions toward news. The new financial contribution rules apply to streamers and broadcasters with at least $25 million in annual Canadian broadcasting revenues. The decision covers audiovisual programming, meaning it affects traditional TV broadcasters and online services that stream television content. The regulator also said Thursday online streamers will have to take steps to ensure Canadian and Indigenous content is available and visible to audiences. "This will make it easier for people to find this content on the platforms they use, while giving broadcasters flexibility in how they meet the new expectations," the CRTC said in the release. Details of those requirements will be determined at a later time. Read more of this story at Slashdot.

  • NTSB Wants PDF Removed After It Exposed Final Cockpit Audio From UPS Crash
    by BeauHD on 22/05/2026 at 9:00 pm

    The NTSB temporarily closed public access to nearly all investigation dockets after people used a spectrogram image from a PDF in the UPS flight 2976 crash file to reconstruct approximate cockpit voice recorder audio and post it online. "We show our work and we've been doing this type of thing for years. Nobody was aware that you can recreate audio from a picture," a spokesperson for the board said. "NTSB is looking to make sure there's nothing else in the docket that could compromise anybody's privacy... now that we understand the possibility of a digital recreation." CNN reports: Cockpit voice recordings, often referred to as the CVR, capture everything commercial pilots say and are valuable during NTSB investigations, but are almost never released out of respect for the victims and their families. UPS flight 2976 crashed on November 4, when an engine separated from the wing while it was taking off from Louisville, Kentucky. The three crew members onboard were killed along with 12 people on the ground. During a two-day investigative hearing this week, the board released a docket full of details about the crash. Besides thousands of pages of reports and video showing the engine separating, it included a transcript of the CVR and a PDF file showing an analysis of the spectrogram of the audio it recorded. A spectrogram is a still image that is a visual representation of the audio, showing the ups and downs of the frequencies. Using that still image, members of the public were able to recreate the voices of the pilots in the moments before the plane crashed and post the results online. The clip, which included background noise and echoes, covered the last 30 seconds of the flight as the pilots struggled with the disabled aircraft as well as recordings of testing the NTSB did on another aircraft. In a statement on Thursday, the board made clear it "does not release cockpit voice recordings" due to federal law and because of the highly sensitive nature of what they include, but it was "aware that advances in image recognition and computational methods have enabled individuals to reconstruct approximations of cockpit voice recorder audio from sound spectrum imagery." Investigation dockets are made public for transparency, but this week, the board took the rare step of closing public access to all dockets, including the one for the UPS crash. [...] The NTSB is urging platforms like X and Reddit to remove posts with the audio. Read more of this story at Slashdot.

  • Trump Mobile Exposed Customers' Personal Data, Including Phone Numbers and Home Addresses
    by BeauHD on 22/05/2026 at 8:00 pm

    Trump Mobile confirmed that a third-party platform exposed customers' personal data to the open internet. The data included names, email addresses, mailing addresses, phone numbers, and order IDs. TechCrunch reports: Chris Walker, a spokesperson for the Trump-branded phone maker, told TechCrunch that the company is investigating the exposure and has not found evidence that content or financial information spilled online. The company said there was no breach of Trump Mobile's network, systems, or infrastructure. Walker said that the exposure was linked to a third-party platform provider that supports "certain Trump Mobile operations." He did not name the provider. [...] On Wednesday, two YouTubers who ordered Trump Mobile's phone said a researcher alerted them that their personal information was exposed online. The YouTubers Coffeezilla and penguinz0 said they tried to alert Trump Mobile of the exposure after the researcher also tried but to no avail. Walker said Trump Mobile is evaluating whether it needs to notify customers of the exposure of their personal data. Further reading: Trump Phones Start Shipping - But Were There Really 600,000 Preorders? Read more of this story at Slashdot.

  • Spotify, UMG To Let Fans Make Their Own Music With AI
    by BeauHD on 22/05/2026 at 7:00 pm

    An anonymous reader quotes a report from Billboard: Spotify and Universal Music Group (UMG) announced a licensing deal for recorded music and publishing rights, enabling Spotify to launch generative AI music models in the future. With this deal, Spotify's models will allow fans to create covers and remixes of their favorite songs from participating artists and songwriters signed to UMG. The new deal was announced on Thursday (May 21) as part of Spotify's Investor Day presentation, and the company touts that it will open up additional revenue streams on top of what artists already earn on Spotify and will provide new discovery opportunities for participating UMG talent. These AI products will eventually become available to premium users as a paid add-on. It is unclear when they are set to launch. "We recognize there's a wide range of views on use of generative music tools within the artistic community," the announcement read. "Therefore, artists and rightsholders will choose if and how to participate to ensure the use of AI tools aligns with the values of the people behind the music." Spotify also announced a feature called "Reserved" that will set aside concert tickets for Premium subscribers it identifies as an artist's most dedicated fans. "Getting concert tickets today can feel like a race you're set up to lose," Spotify wrote in a post on Thursday. "You show up at the right time, refresh endlessly, and still miss out. Too often, the experience is stressful, unpredictable, and disconnected from what should matter most: whether real fans actually get tickets. We think there's a better way." Read more of this story at Slashdot.

  • This Cannes Film Cost $500,000 to Make. $400,000 Was AI Compute Costs.
    by BeauHD on 22/05/2026 at 6:00 pm

    Higgsfield AI is debuting a 95-minute fully AI-generated film at Cannes called "Hell Grind" that reportedly cost $500,000 to make, $400,000 of which was spent on compute alone. The project took just two weeks to produce and is intended to showcase the startup's AI production tools. But it also underscores the current limits of AI filmmaking: thousands of detailed prompts, endless iteration, high costs, and plenty of traditional filmmaking judgment were still required. The Wall Street Journal reports: What might surprise viewers is how much technical film know-how was needed to create the movie, said Adil Alimzhanov, a content lead at Higgsfield who also worked on it. "You have to understand camera composition, which shots are changed. Like you can't have two close-ups back to back, you have to start with an establishing shot," he said. "You still need those filmmaking skills." Higgsfield, which was valued at $1.3 billion in its latest funding round earlier this year, crossed $400 million in annual revenue run rate in May. It doesn't make the actual video-generation models, relying instead on existing tools like Google's Veo 3. But it does provide the tooling on top to make sure that the visuals are consistent across all the incoming generations. The core of the movie-making process here was prompting the AI models and getting clips back, Alimzhanov said. Each prompt would generate about 15 seconds of footage. Those 15 seconds needed to be generated a number of times, with tweaks to the prompt to get the best possible version. The first 25 minutes of the movie required 16,181 initial video generations, which ended up as 253 final shots. One of the biggest difficulties in making longer-form films with AI is maintaining consistency across the outputs. AI models can be unpredictable, and a feature-length film can't have scenes that look completely different from one moment to the next. Because of that, every prompt had to be extremely long and detailed. Each one would typically start with a prefix that defined requirements like style (8k IMAX, photorealistic), lighting (natural light only, "contre-jour" backlight, camera on shadow side) and the type of camera it should look like it was being shot on ("cine lens," 180-degree shutter motion blur). The lighting was key to avoiding the AI sheen that typically gets branded as "slop," said Alimzhanov. AI-generated video tends to over-light scenes in an unnatural way. That prefix would also have to remind the AI to obey the laws of physics with wording like: "gravity and inertia respected -- mass has real weight, correct contact shadows, no floating props." The individual prompts were, on average, 3,000 words each. One aspect of what Higgsfield has built, and sells to clients, is an AI tool that generates these complex, detailed prompts. Users can enter a page from the original script, and the Higgsfield tool will return with a prompt that could be thousands of words long, designed to create production-quality outputs. And all that prompting is how the company racked up a $400,000 AI compute bill on the project. Co-founder and CEO Alex Mashrabov, however, noted that working with "cloud" providers, like Nebius and CoreWeave, rather than big hyperscalers, helped it keep costs from going even higher. You can watch the trailer for Hell Grind on YouTube and judge the results for yourself. Read more of this story at Slashdot.

  • Venmo Redesign Makes New Users' Posts Friends-Only by Default
    by BeauHD on 22/05/2026 at 5:00 pm

    Venmo is testing a major redesign that will make new users' payment posts viewable by their friends by default instead of being public. The Verge reports: It's a notable update for a platform that has struggled with privacy in the past. In 2021, BuzzFeed News tracked down President Joe Biden's Venmo account and the accounts of people in his inner circle because Venmo, at the time, had no way to keep your Venmo contacts private. It fixed that soon after. As part of the redesign, if you're a new user and you do want your posts to be public (or private just to you), you'll be able to set that as part of the new onboarding flow. You can also change your preference in settings after the fact; an updated screen for sending money will also show if that post is private, visible just to friends, or is visible publicly before you make the transaction. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress