Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

A Nice Little Cryptography Primer

By itss | 28/06/2021
0 Comment

Pun Intended.

Category: Technology
Post navigation
← pfSense / Wireguard / Bad Code / Close Call Why Quake3 was so fast : Fast Inverse Square Root →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Free Software Foundation's Call for 'LibreLocals' Answered on Six Continents - With More Coming
    by EditorDavid on 23/05/2026 at 6:34 pm

    The Free Software Foundation announced this week that "its global call for free software supporters to organize LibreLocals this May resulted in free software supporters organizing forty-six LibreLocal events on six continents thus far." (And new dates and locations are being added daily.) The FSF invited free software supporters to organize in-person community meetups in their area during May 2026, or LibreLocal month, to bring people together to swap ideas, learn from each other, and celebrate free software. People were encouraged to organize events grounded in freedom to help spread the free software philosophy.... "The success of these LibreLocals speaks to how many people globally are interested in free software and ready to build community, and it demonstrates the strength of our movement" [said FSF executive director Zoë Kooyman]. "People getting together like this also proves how computer freedom and digital rights are on people's minds. When we reject freedom-restricting software and promote software that respects user rights, it helps further so many other basic rights...." The FSF has financially supported some of the events, but notes organizers are going above and beyond to create noteworthy events by any measure, and is impressed with the global network taking shape. "The energy we feel from all organizers is extremely motivating and we look forward to seeing LibreLocal events spread even wider over the next years! We want to support these initiatives even more, so we'll be looking to build a network of sponsors for future iterations as we work towards May 2027," says Heshan de Silva-Weeramuni, FSF program manager... William Goodspeed, the organizer behind the Beijing LibreLocal, reported that their meetup was double the size of last year's, and a number of very rich collaborative projects have emerged among the attendees. Discussing the value of connecting people, de Silva-Weeramuni notes: "Free software supporters know that connecting with each other leads them to learn, experiment, and create great things that protect our individual and shared rights. The extraordinary contributions that free software has made to the world were born through such collaborations between like-minded people towards a freer society. This same global spirit of collectively building a better future is one of the inspiring things that we have once again seen unfold through this year's many LibreLocals." Read more of this story at Slashdot.

  • Friday Google's AI-Powered Search Results Glitched on the Word 'Disregard'
    by EditorDavid on 23/05/2026 at 5:34 pm

    On Friday TechCrunch reported they could no longer Google the word "disregard". Google's AI Overview responded "Understood. Let me know whenever you have a new prompt or question!" below an icon for hearing the word "disregard" pronounced — then displayed several inches of blank whitespace. "The Merriam-Webster link is still in there, but you have to scroll..." Earlier this week, Google rolled out a completely new Search experience, foregrounding AI summaries and kicking the traditional "10 blue links" far down the page. But the sheer scale of Google Search means there are lots of edge cases that the company doesn't seem to have considered... Google has been catching some flack on social media for this, and it's easy to see why... For most users, that single reply is the only thing you'll see. And crucially, the AI response serves no conceivable value to a user searching the word "disregard." It's just a broken tool. Google appears to have fixed the issue — sort of. Now Googling the word "disregard" brings up a list of news stories about how Google's AI Overviews misinterpreted the word disregard in search queries. Read more of this story at Slashdot.

  • Researchers Say the Worst Climate Future is Less Likely. But the Best One is Also Slipping Away
    by EditorDavid on 23/05/2026 at 4:34 pm

    Citing new research, the Associated Press reports that "modest gains in the fight to curb climate change have dialed back the most catastrophic of future heating." That's the good news. But the same research "also confirmed that there's no chance to limit warming to the international goal set in 2015." Researchers' new list of seven plausible carbon pollution scenarios for the future are pushing aside two staples of climate policy: the extremes on either end. The extremes have become less probable in the past several years because of how we power our world. Carbon dioxide, released from the burning of gas, oil and coal, is chiefly responsible for warming. Increasing use of green energies, like solar, wind and geothermal, which don't emit carbon dioxide, have lowered top end carbon pollution projections. However, because those changes haven't been fast enough, the bottom end projections have risen. The Paris climate agreement in 2015 set a goal of limiting warming to 1.5 degrees Celsius (2.7 degrees Fahrenheit) since pre-industrial times, or the mid-1800s, giving rise to the mantra "1.5 to stay alive," but now scientists say that even their best case scenario still shoots past that signature temperature mark. On the other end, those same new scenarios no longer include the coal-heavy future that would lead to 4.5 degrees Celsius (8.1 degrees Fahrenheit) of warming by 2100, a scary scenario that many scientific studies used in their future projections. The new proposed worst case scenario has an end-of-the-century warming of about 3.5 degrees Celsius (6.3 degrees Fahrenheit), a full degree (1.8 degrees Fahrenheit) less than the old scenario, while the updated best case future is a couple tenths of a degree Celsius (0.36 degrees Fahrenheit) warmer than previously theorized, squeezing past the Paris goal, said climate scientist Detlef Van Vuuren of Utrecht University, lead author of a recent study laying out future scenarios. "There is kind of a narrowing of the futures. It cannot be as bad as we thought, but it cannot be as good as we hoped," said Johan Rockström, director of the Potsdam Institute for Climate Impact Research in Germany. The scenarios include a "middle" one where by the end of the century the world warms 3 degrees Celsius (5.4 degrees Fahrenheit) above pre-industrial times, which is roughly the path society is currently on, scientists said... Because carbon pollution keeps rising globally and stays in the atmosphere for about century, the best case scenario is for warming to shoot past the 1.5 degree mark, peak at 1.7 degrees Celsius (3.1 degrees Fahrenheit) for maybe as long as 70 years, and eventually somehow come back down below 1.5 degrees if a technology can be designed to remove massive amounts of carbon from the air, said nine of the 10 scientists interviewed for this article. The world is warming at a pace of a tenth of a degree Celsius (nearly 0.2 degrees Fahrenheit) every five years, they said. Read more of this story at Slashdot.

  • Linux Kernel Flaw Lets Unprivileged Users Access Root-Only Files, Execute Arbitrary Commands as Root
    by EditorDavid on 23/05/2026 at 3:34 pm

    Qualys's Threat Research Unit (TRU) has discovered and published a logic flaw in Linux kernel "that permits an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major distributions." Friday their blog pointed out "The bug has resided in mainline Linux since November 2016 (v4.10-rc1)." "Upstream patches and distribution updates are already available." Working exploits are circulating publicly, and administrators should apply vendor kernel updates without delay. During ongoing research into Linux kernel privilege boundaries, TRU identified a narrow window in which a privileged process that is dropping its credentials remains reachable through ptrace-family operations even though its dumpable flag should have closed that path. By pairing this window with the pidfd_getfd() syscall (added in v5.6-rc1, January 2020), an attacker can capture open file descriptors and authenticated inter-process channels from a dying privileged process and re-use them under their own uid. The primitive is reliable and turns any local shell into a path to root or to sensitive credential material [including host private keys under /etc/ssh ] CVE-2026-46333 is local-only, but the impact is severe... Any unprivileged shell on a vulnerable host is enough to read /etc/shadow, exfiltrate SSH host private keys, or execute arbitrary commands as root through hijacked dbus connections to systemd. In practice, the distinction between an unprivileged foothold and full host compromise collapses: a phished developer account, a constrained CI runner, a low-privilege service account, or a shared multi-tenant host all become direct paths to root. With the vulnerable code shipping in mainline kernels since v4.10-rc1 (November 2016), the historical exposure spans nine years of enterprise fleets, cloud images, and container hosts. Qualys followed responsible disclosure throughout. Qualys reported the vulnerability privately to the upstream Linux kernel security contact on 2026-05-11. Over the following three days the kernel security team developed and reviewed the fix, CVE-2026-46333 was assigned, and the patch was committed publicly on 2026-05-14. We then engaged the linux-distros mailing list, the standard pre-disclosure channel for downstream coordination. A short time later, an independent exploit derived from the public kernel commit appeared.... Qualys is releasing the complete advisory today because the underlying technique is novel, the public picture is now incomplete and uneven, and independent researchers have already achieved local root and published exploit material. Doing so gives defenders, detection engineers, and downstream maintainers a single authoritative reference for the flaw, the race against do_exit(), the role of pidfd_getfd(), and the four exploitation case studies. Read more of this story at Slashdot.

  • Tech CEOs Call for a Universal Basic Income. But What are the Alternatives?
    by EditorDavid on 23/05/2026 at 2:34 pm

    The Washington Post looks at arguments that "AI's coming upheaval may demand massive infusions of cash to everyday Americans". But they also look at some of the alternatives: Anthropic CEO Dario Amodei has called for similar public-relief measures, including, potentially, universal basic income, or UBI. Eventually "our current economic setup will no longer make sense," he wrote in a blog post, adding that "there will be a need for a broader societal conversation about how the economy should be organized." Though OpenAI CEO Sam Altman once championed universal basic income, he has since embraced a new structure where the public has "collective ownership" of aspects of AI, according to Business Insider. "I think any version of the future that I can get really excited about means that everybody's got to participate in the upside," he said in a recent podcast interview. In April, OpenAI laid out a set of policy proposals aiming to address the coming upheaval, referencing the transition to the industrial age and the New Deal as points of comparison for what's on the horizon... But some experts question whether tech billionaires, who spent decades resisting regulation, unions and higher taxes, would support the kind of massive redistribution such programs would require. "The only way to pay for UBI is to massively tax those enormously rich people who own the UBI machines," said Jesse Rothstein, a professor of public policy and economics at the University of California at Berkeley who served as chief economist at the U.S. Department of Labor. "It's a nice surprise to hear Elon Musk advocating for that...." Rothstein co-authored a study in 2019 that estimated granting a small income to the entire country would cost a massive amount — nearly double the total spending of Social Security, Medicare and Medicaid. To issue payments of $12,000 a year to U.S. adults, for example, "would require nearly doubling federal tax revenues," according to the paper... Economists appear to broadly support other solutions beyond redistribution, such as job retraining. A working paper published this spring by the Federal Reserve Bank of Chicago showed economists support more narrowly tailored solutions to the economic disruption. In late April, Meta appeared to embrace that path, announcing "a multi-year initiative that provides free, rapid training to turn thousands of Americans with no prior experience into high-paid fiber technicians" for projects including data centers. Key quotes from the article: Elon Musk said in an X post that "Universal HIGH INCOME via checks issued by the Federal government is the best way to deal with unemployment caused by AI." "I think it's a marketing tactic" responded Scott Santens, a universal basic income advocate and is CEO of the nonprofit Income to Support All Foundation. He argued to the Washington Post that Musk's comment is "trying to thread this needle of, 'I want to solve this stuff that will potentially put a lot of people out of work.' And how do you avoid people getting really [angry] at that? Okay, well, you're still going to get money, everything will be great it's just you won't have to work anymore...." The article also cites a recent commentary from Jay W. Richards, a senior research fellow and VP of social and domestic policy at the Heritage Foundation. "The new AI prophets of doom suffer from a failure of imagination. They simply cannot envision what work the future will bring, so they conclude it will bring none," Read more of this story at Slashdot.

  • Caltech Could Lose Control of JPL For First Time In Decades
    by BeauHD on 23/05/2026 at 7:00 am

    NASA plans to open competition for the contract to operate JPL for the first time in nearly a century, meaning Caltech's historic role managing the iconic deep-space lab could come to an end when its current agreement expires in 2028. According to JPL, Caltech has managed the lab since the its inception in the 1930s, and has done so for NASA since the agency was established in 1958. Space.com reports: According to the JPL statement, Caltech has been preparing for this possible transition since last summer, so the news "comes as no surprise." But the potential change is part of a larger shakeup for the agency. Earlier this morning, NASA announced a major reorganization, which is separate from the JPL news. "To support the agency's ambitious short- and long-term goals, NASA is taking action to increase specialization at centers and integrate mission directorates, elevating delivery of technically excellent work," the agency said in a statement today. JPL is NASA's lead center for the robotic exploration of Mars and other deep-space locales. The agency has worked with JPL through Caltech as a manager for nearly 70 years. Though JPL still counts as one of NASA's field centers, it's run as a contracted FFRDC (federally funded research and development center). This status has allowed the lab to function slightly differently than other NASA centers; it has a unique sort of independence, though NASA has always had significant oversight of the lab. "As an FFRDC, JPL operates under a special contractual and governance framework designed to ensure that its work is performed in the public interest and aligned with national priorities," NASA has stated. "The FFRDC model enables NASA to retain access to this depth of capability while maintaining a clear separation between government decision-making authority and contractor execution responsibilities." Opening up the competition for institutions beyond Caltech to operate JPL could mean significant changes for everything from day-to-day mission management to big NASA science programs. Until now, JPL and Caltech have been heavily intertwined, with mission personnel, scientists, leadership, and others working closely "across the pond" between JPL and Caltech. JPL mission and program meetings often include Caltech employees and sometimes even take place on its Pasadena campus. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress