Skip to content
I T S S
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • Hardware Exploits?
  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)

Slashdot

News for nerds

  • Bluesky Blocks Mississippi Over Age Verification Law
    by EditorDavid on 25/08/2025 at 7:44 am

    People in Mississippi no longer have access to Bluesky. "If you access Bluesky from a Mississippi IP address, you'll see a message explaining why the app isn't available," announced a Bluesky blog post Friday. The reason is a new Mississippi law that "requires all users to verify their ages before using common social media sites ranging from Facebook to Nextdoor," noted NPR. Bluesky wrote that their block "will remain in place while the courts decide whether the law will stand." [U]nder the law, we would need to verify every user's age and obtain parental consent for anyone under 18. The potential penalties for non-compliance are substantial — up to $10,000 per user. Building the required verification systems, parental consent workflows, and compliance infrastructure would require significant resources that our small team is currently unable to spare. Bluesky also notes that the law "requires collecting and storing sensitive personal information from all users...not just those accessing age-restricted content" — and that this information would include "detailed tracking of minors." TechCrunch notes that even blocking Mississippi has created some problems: Some Bluesky users outside Mississippi subsequently reported issues accessing the service due to their cell providers routing traffic through servers in the state, with CTO Paul Frazee responding Saturday that the company was "working deploy an update to our location detection that we hope will solve some inaccuracies." The company's blog post notes that its decision only applies to the Bluesky app built on the AT Protocol. Other apps may approach the decision differently. Interestingly, the law had been immediately challenged by NetChoice (a trade association of major tech companies). But while a District Court agreed, blocking the law from going into effect (until court challenges finished), an Appeals Court then lifted that block. A final appeal to America's Supreme Court was unsuccessful — although the ruling by Justice Kavanaugh suggests the law could be overturned later: "To be clear, NetChoice has, in my view, demonstrated that it is likely to succeed on the merits — namely, that enforcement of the Mississippi law would likely violate its members' First Amendment rights under this Court's precedents... [U]nder this Court's case law as it currently stands, the Mississippi law is likely unconstitutional. Nonetheless, because NetChoice has not sufficiently demonstrated that the balance of harms and equities favors it at this time, I concur in the Court's denial of the application for interim relief." Read more of this story at Slashdot.

  • Survey Finds More Python Developers Like PostgreSQL, AI Coding Agents - and Rust for Packages
    by EditorDavid on 25/08/2025 at 5:34 am

    More than 30,000 Python developers from around the world answered questions for the Python Software Foundation's annual survey — and PSF Fellow Michael Kennedy tells the Python community what they've learned in a new blog post. Some highlights: Most still use older Python versions despite benefits of newer releases... Many of us (15%) are running on the very latest released version of Python, but more likely than not, we're using a version a year old or older (83%). [Although less than 1% are using "Python 3.5 or lower".] The survey also indicates that many of us are using Docker and containers to execute our code, which makes this 83% or higher number even more surprising... You simply choose a newer runtime, and your code runs faster. CPython has been extremely good at backward compatibility. There's rarely significant effort involved in upgrading... [He calculates some cloud users are paying up to $420,000 and $5.6M more in compute costs.] If your company realizes you are burning an extra $0.4M-$5M a year because you haven't gotten around to spending the day it takes to upgrade, that'll be a tough conversation... Rust is how we speed up Python now... The Python Language Summit of 2025 revealed that "Somewhere between one-quarter and one-third of all native code being uploaded to PyPI for new projects uses Rust", indicating that "people are choosing to start new projects using Rust". Looking into the survey results, we see that Rust usage grew from 27% to 33% for binary extensions to Python packages... [The blog post later advises Python developers to learn to read basic Rust, "not to replace Python, but to complement it," since Rust "is becoming increasingly important in the most significant portions of the Python ecosystem."] PostgreSQL is the king of Python databases, and only it's growing, going from 43% to 49%. That's +14% year over year, which is remarkable for a 28-year-old open-source project... [E]very single database in the top six grew in usage year over year. This is likely another indicator that web development itself is growing again, as discussed above... [N]early half of the respondents (49%) plan to try AI coding agents in the coming year. Program managers at major tech companies have stated that they almost cannot hire developers who don't embrace agentic AI. The productive delta between those using it and those who avoid it is simply too great (estimated at about 30% greater productivity with AI). It's their eighth annual survey (conducted in collaboration with JetBrains last October and November). But even though Python is 34 years old, it's still evolving. "In just the past few months, we have seen two new high-performance typing tools released," notes the blog post. (The ty and Pyrefly typecheckers — both written in Rust.) And Python 3.14 will be the first version of Python to completely support free-threaded Python... Just last week, the steering council and core developers officially accepted this as a permanent part of the language and runtime... Developers and data scientists will have to think more carefully about threaded code with locks, race conditions, and the performance benefits that come with it. Package maintainers, especially those with native code extensions, may have to rewrite some of their code to support free-threaded Python so they themselves do not enter race conditions and deadlocks. There is a massive upside to this as well. I'm currently writing this on the cheapest Apple Mac Mini M4. This computer comes with 10 CPU cores. That means until this change manifests in Python, the maximum performance I can get out of a single Python process is 10% of what my machine is actually capable of. Once free-threaded Python is fully part of the ecosystem, I should get much closer to maximum capacity with a standard Python program using threading and the async and await keywords. Some other notable findings from the survey: Data science is now over half of all Python. This year, 51% of all surveyed Python developers are involved in data exploration and processing, with pandas and NumPy being the tools most commonly used for this. Exactly 50% of respondents have less than two years of professional coding experience! And 39% have less than two years of experience with Python (even in hobbyist or educational settings)... "The survey tells us that one-third of devs contributed to open source. This manifests primarily as code and documentation/tutorial additions." Read more of this story at Slashdot.

  • Could Recreating a Rare Mutation Grant Almost Universal Virus Immunity For Days?
    by EditorDavid on 25/08/2025 at 2:50 am

    "For a few dozen people in the world, the downside of living with a rare immune condition comes with a surprising superpower — the ability to fight off all viruses..." notes an announcement from Columbia University. "At first, the condition only seemed to increase vulnerability to some bacterial infections. But as more patients were identified, its unexpected antiviral benefits became apparent." Columbia immunologist Dusan Bogunovic discovered the individuals' antiviral powers about 15 years ago, soon after he identified the genetic mutation that causes the condition... Bogunovic, a professor of pediatric immunology at Columbia University's Vagelos College of Physicians and Surgeons, soon learned that everyone with the mutation, which causes a deficiency in an immune regulator called ISG15, has mild, but persistent systemic inflammation... "In the back of my mind, I kept thinking that if we could produce this type of light immune activation in other people, we could protect them from just about any virus," Bogunovic says. Today, Bogunovic is closing in on a therapeutic strategy that could provide that broad-spectrum protection against viruses and become an important weapon in next pandemic. In his latest study, published August 13 in Science Translational Medicine, Bogunovic and his team report that an experimental therapy they've developed temporarily gives recipients (hamsters and mice, so far) the same antiviral superpower as people with ISG15 deficiency. When administered prophylactically into the animals' lungs via a nasal drip, the therapy prevented viral replication of influenza and SARS-CoV-2 viruses and lessened disease severity. In cell culture, "we have yet to find a virus that can break through the therapy's defenses," Bogunovic says... Bogunovic's therapeutic turns on production of 10 proteins that are primarily responsible for the broad antiviral protection. The current design resembles COVID mRNA vaccines but with a twist: Ten mRNAs encoding the 10 proteins are packaged inside a lipid nanoparticle. Once the nanoparticles are absorbed by the recipient's cells, the cells generate the ten host proteins to produce the antiviral protection. "We only generate a small amount of these ten proteins, for a very short time, and that leads to much less inflammation than what we see in ISG15-deficient individuals," Bogunovic says. "But that inflammation is enough to prevent antiviral diseases...." "We believe the technology will work even if we don't know the identity of the virus," Bogunovic says. Importantly, the antiviral protection provided by the technology will not prevent people from developing their own immunological memory to the virus for longer-term protection. "Our findings reinforce the power of research driven by curiosity without preconceived notions," Bogunovic says in the announcement. "We were not looking for an antiviral when we began studying our rare patients, but the studies have inspired the potential development of a universal antiviral for everyone." More coverage from ScienceAlert. Read more of this story at Slashdot.

  • Burning Man Hit By 50 MPH Dust Storm. Possible Monsoon Thunderstorms Forecast
    by EditorDavid on 25/08/2025 at 12:29 am

    "A fierce dust storm hit the Black Rock Desert on the eve of its annual Burning Man festival," reports the San Francisco Chronicle, "causing at least four minor injuries and damaging campsites that had been set up early." [Alternate URL] "Winds of up to 50 mph stirred up the lake bed's alkaline dust so ferociously that participants in the annual art and culture festival reported not being able to see beyond a foot... " The dust storm arrived Saturday evening after strong thunderstorms in the Sierra Nevada drifted off the mountains and whipped up strong winds in the Nevada desert... At 5:14 p.m. Saturday, the weather service issued a dust storm advisory for Black Rock City and warned of "a wall of blowing dust coming off the Smoke Creek and Black Rock Desert playa areas is tracking northward at around 30 mph." The agency warned of visibility less than 1 mile and wind gusts exceeding 45 mph. A weather station at Black Rock City Airport measured gusts up to 52 mph at 5:50 p.m... ["We saw structures being ripped and torn down by the wind speeds even though we buttoned everything down as best as we could..." one Burner told the Chronicle.] Camp residents posted a slew of videos to social media featuring dust tornadoes, destroyed campsites, and fellow campers struggling to hold onto bucking canvases as the wind threatened to rip them away. "Every popup canopy I've seen has been destroyed," one Burner wrote on Reddit... ["Make sure you carry your particle/dust mask and goggles with you when you venture out on playa!" warns Burning Man's official weather page.] Even after Saturday's storm, Burners won't be out of the woods from hazardous weather. The weather service warned of possible monsoon thunderstorms and heavy rain Sunday through Wednesday, raising concerns that this year's festival could echo disastrous 2023 conditions, when heavy storms stranded tens of thousands of attendees amid thick mud. "It's becoming increasingly likely that we could see an even greater flash flood threat," the weather service wrote in an online forecast. "If you're on the playa at the Black Rock Desert, you may very well be in for a muddy mess Monday through Wednesday." Slow-moving storms could drop an inch of rain or more in a short period. "Still, gates to the festival had opened by Sunday morning," the article adds, "with organizers cautioning new arrivals to 'drive safely!'" Burning Man's official weather page currently links to a National Weather Service page with a "Flood Watch" warning through 9 p.m. Sunday, and also predicting a chance of thunderstorms on Sunday and Monday. Read more of this story at Slashdot.

  • After Tea Leak, 33,000 Women's Addresses Were Purportedly Mapped on Google Maps
    by EditorDavid on 24/08/2025 at 10:30 pm

    After the Tea dating-advice app leaked information on its users, the BBC found two online maps "purporting to represent the locations of women who had signed up for Tea... showing 33,000 pins spread across the United States." The maps were hosted on Google Maps. (Notified by the BBC, Google deleted the maps, saying they violated their harassment policies.) "Since the breach, more than 10 women have filed class actions against the company which owns Tea," the article points out, noting that leaked content is also spreading around social media: Since the breach, the BBC has found websites, apps and even a "game" featuring the leaked data... The "game" puts the selfies submitted by women head-to-head, instructing users to click on the one they prefer, with leaderboards of the "top 50" and "bottom 50"... [And one researcher calculates more than 12,000 posts on 4Chan referenced the Tea app over the three weeks after the leak.] It is unsurprising that the leak was exploited. The app had drawn criticism ever since it had grown in popularity. Defamation, with the spread of unproven allegations, and doxxing, when someone's identifying information is published without their consent, were real possibilities. Men's groups had wanted to take the app down — and when they found the data breach, they saw it as a chance for retribution. They weren't the only ones with a gripe against Tea. Back in 2023 the fiance of Tea's CEO founder approached the administrator of a collection of Facebook groups called "Are We Dating the Same Guy?" to see if she'd be the "face" of the Tea app, reports 404 Media. But they add that after Tea failed to recruit her, Tea "shifted tactics" to raid her Facebook groups instead: Tea paid influencers to undermine Are We Dating the Same Guy and created competing Facebook groups with nearly identical names. 404 Media also identified a number of seemingly hijacked Facebook accounts that spammed the real Are We Dating The Same Guy groups with links to Tea app. Reviews for the Tea app show several women later thought the app was affiliated with their trusted Facebook groups, the reporter said this week on a 404 Media podcast. And they add that founder Sean Cook took over the "Tara" personna that his fiance has used for technical support. "So he's on the app pretend to be a woman, talking to other women who are on the app in order to weed out men who are being deceptive..." Thanks to Slashdot reader samleecole for sharing the article. Read more of this story at Slashdot.

  • A Universal Rhythm Guides How We Speak: Global Analysis Reveals 1.6-Second Units
    by EditorDavid on 24/08/2025 at 8:34 pm

    "The truly universal properties of languages are not independent of our physiology and cognition," argues the co-author of a new study. Instead he says their research "strengthens the idea that intonation units are a universal feature of language." Phys.org explains: Have you ever noticed that a natural conversation flows like a dance — pauses, emphases, and turns arriving just in time? A new study has discovered that this isn't just intuition; there is a biological rhythm embedded in our speech... According to the study, led by Dr. Maya Inbar, alongside Professors Eitan Grossman and Ayelet N. Landau, human speech across the world pulses to the beat of what are called intonation units, short prosodic phrases that occur at a consistent rate of one every 1.6 seconds. The research analyzed over 650 recordings in 48 languages spanning every continent and 27 language families. Using a novel algorithm, the team was able to automatically identify intonation units in spontaneous speech, revealing that regardless of the language spoken, from English and Russian to endangered languages in remote regions, people naturally break their speech into these rhythmic chunks. "These findings suggest that the way we pace our speech isn't just a cultural artifact, it's deeply rooted in human cognition and biology," says Dr. Inbar. "We also show that the rhythm of intonation units is unrelated to faster rhythms in speech, such as the rhythm of syllables, and thus likely serves a different cognitive role...." Most intriguingly, the low-frequency rhythm they follow mirrors patterns in brain activity linked to memory, attention, and volitional action, illuminating the profound connection between how we speak and how we think. The work is published in the journal Proceedings of the National Academy of Sciences. Read more of this story at Slashdot.

Archives

  • September 2022
  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress