HabrSep 30, 2024

Чем отличается изобретатель вечного двигателя от просто изобретателя?

Если десятью словами: неумением ставить корректные эксперименты и экстремально гипертрофированным ощущением собственной важности. Я не буду описывать конкретный случай, с которым я столкнулся, а опишу выдуманный случай с такими же чертами. Предположим к вам обратился товарищ, который хочет чтобы вы дали ему контакты принимающих решения менеджеров и топ-алгоритмистов в условном Микрософте. Зачем? После обмена репликами, где он сначала сопротивляется, выясняется что он изобрел новый алгоритм сортировки. В качестве доказательства он показывает программу на питоне, которая, по его словам, сортирует 10 чисел быстрее чем сортировка по умолчанию на питоне.

https://habr.com/ru/articles/828652/

#вечный_двигатель #венчурные_капиталисты #изобретатели #qsort #sorting #школа_синтеза #Verilog #FPGA #asic #systemverilog

Чем отличается изобретатель вечного двигателя от просто изобретателя?

Если десятью словами: неумением ставить корректные эксперименты и экстремально гипертрофированным ощущением собственной важности. Я не буду описывать конкретный случай, с которым я столкнулся, а опишу...

Хабр
Andreas HeppMay 10, 2024
At the "Mediatization vs. #Datafication" conference in Lublin, we are discussing the use of #QSort in #mediatization research on the basis of a presentation by Szymon Zylinski. The possibilities here go far beyond #mediarepertoires and also concern the changing "structures of feeling" and #visualcommunication. We ourselves have developed MeSort, which is also #opensource: https://mesoftware.org/index.php/mesort/ This website is new to me: https://qmethod.org/resources/software/
MeSort | MeSoftware

Matt "msw" WilsonMar 11, 2024

I made a comment on the proposed #CVE program rules changes given the #glibc #qsort advisory from Qualys in January.

I want to make it clear that CVEs to identify defects of that sort should be allocated for each application defect, not the library side defect.

Am I in left field?

cc @codonell

#InfoSec #VulnCon
https://docs.google.com/document/d/12jf-CYn9fH2044YyF1fVf0pRaW4o48JVEKVCArEN5zU/edit?disco=AAABJExoyEA

CNA Rules draft2-working

Google Docs
Alec MuffettFeb 4, 2024
oss-security – Out-of-bounds read & write in the glibc’s qsort()
https://alecmuffett.com/article/109109
#qsort #vulnerabilities
oss-security – Out-of-bounds read & write in the glibc’s qsort()

“HUGE SECURITY VULNERABILITY” “we have…” “MILLIONS OF PLATFORMS” “we…” “QMAGEDDON!!!1! DECADES OF CYBER RISK!” “we have not tried t…

Dropsafe
alecmFeb 4, 2024

oss-security – Out-of-bounds read & write in the glibc’s qsort()

“HUGE SECURITY VULNERABILITY”

“we have…”

“MILLIONS OF PLATFORMS”

“we…”

“QMAGEDDON!!!1! DECADES OF CYBER RISK!”

“we have not tried to find such a vulnerable program in the real world”

“CHINA… OH, BUGGER”

https://www.openwall.com/lists/oss-security/2024/01/30/7

https://alecmuffett.com/article/109109

#qsort #vulnerabilities

oss-security - Out-of-bounds read & write in the glibc's qsort()

MalwareLabFeb 1, 2024

Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.

CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().

Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.

Reference: https://blog.qualys.com/vulnerabilities-threat-research/2024/01/30/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog

This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl

Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog() | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has recently unearthed four significant vulnerabilities in the GNU C Library, a cornerstone for countless applications in the Linux environment.

Qualys Security Blog
Andreas HeppAug 18, 2023
Published #OpenAccess: Our paper "Let's build our tools together! Possibilities and limits of #CoCreation of research software for communication and media studies". In the paper we reflect on our experiences developing #MeSort and #MeTag, #mediarepertoire, #networkanalysis, #QSort with @hohse, @[email protected], @[email protected], @zemki, in German: https://link.springer.com/article/10.1007/s11616-023-00803-w
Lasst uns unsere Tools gemeinsam bauen! - Publizistik

This article introduces the user-centered approach of co-creation for the self-reflexive development of research software in media and communication studies. In essence, three advantages of co-creation will be made apparent: First, co-creation enables research software to be developed densely with reference to existing research practices. Second, co-creation helps to develop research software close to the practices of people in everyday life and to take them seriously as research subjects. And third, co-creation supports the development of a community of researchers around the respective research software, thus securing its sustainability. To illustrate this the process of co-creation is discussed as a certain way of dealing with infrastructures, which reveals their internal mechanics, allowing researchers to adequately reflect on them. This then affords a discussion of the iterative process of co-creation in more detail, making people’s practices, the practices of researchers and the methods of implementation with their respective specific methods apparent, which are close to a qualitative research design in media and communication studies. The article concludes with a reflection on the potential of co-creation far beyond the development of research software.

SpringerLink
Andreas HeppAug 18, 2023
#OpenAccess erschienen: Unser Aufsatz "Lasst uns unsere Tools gemeinsam bauen! Möglichkeiten und Grenzen der #CoCreation von Forschungssoftware für die Kommunikations- und Medienwissenschaft". In dem Aufsatz reflektieren wir unsere Erfahrungen bei der Entwicklung von #MeSort und #MeTag, #Medienrepertoire, #Netzwerkanalyse, #QSort mit @hohse, https://twitter.com/AleBelli90, https://twitter.com/mesoftware_org, @zemki: https://link.springer.com/article/10.1007/s11616-023-00803-w
Alessandro Belli 🧑🏻‍💻 (@alebelli90) / X

https://t.co/h9ImUTOYe2 power user, programmer & associate researcher. Building a better way to work and learn to use the best of today's tools & technologies.

Twitter