VessOnSecurityThis is a bit dated by now but, yeah, Firefox really did this. The equivalent of Google removing the "Don't be evil" slogan.
carylt
- 8 Followers
- 44 Following
- 196 Posts
petersuberA new study in The Lancet shows that the rate of fake citations increased more than 12x between Jan 2023 and Feb 2026.
https://www.thelancet.com/journals/lancet/article/PIIS0140-6736(26)00603-3/fulltext
Jan Wildeboer 😷
Ah, the #copyfail clickbait posts are coming. Here’s my serious contribution. On your Linux machine add
initcall_blacklist=algif_aead_init
to your kernel boot commandline (typically in grub). Reboot. You are now safe until the updated kernel packages become available. For distributions with the `grubby` command this is done as root with
# grubby --update-kernel=ALL --args="initcall_blacklist=algif_aead_init"
This mitigation comes courtesy of Red Hat. Our engineers keep you safe :)
1/4
Board.Game.BreakdownBusted out #Vantage again for a few plays last night. I didnt do so well though, only completing a single mission between the 2 games!
alexanderkjallToday I have spent way too much time handling the https://copy.fail situation #copyfail
The persons who discovered it didn't notify the distribution security list, so no patched kernels was available for people to install when they released it.
But they did have time to write an exploit, and thought it was a good idea to distribute that on day one, before vendors had time to provide patches.
I'm not very impressed with xint.io, I guess it's the marketing department that runs the show.
Joel Tak.
Will DormannWhat went wrong with this case?
Theori appear to have only contacted the linux kernel devs with the vulnerability, as opposed to going the usual CVD route that includes all of the major Linux distros.
Why is this a problem? Since the linux kernel became a CNA, there has been a flood of CVEs for the Linux kernel. The Linux kernel devs' arguments is that any given kernel flaw could presumably be leveraged to behave as a vulnerability, and it's not worth their time to determine "vulnerability" or "not a vulnerability". Everything gets a CVE.
Now the case with copy.fail? It was indeed reported to the kernel devs. And it got a CVE. A single CVE buried in flood of all of the Linux kernel CVEs.
And it appears that every distro on the planet was blindsided by this proven-exploitable vulnerability because they were not given any warning. Or even any suggestion to pick this single CVE out of the sea of Linux kernel CVEs as worth cherry picking.
Much to the chagrin of the Linux devs, RHEL doesn't use up-to-date Linux kernels. They cherry pick CVEs to backport to their chosen kernel version. (e.g. the latest and greates RHEL 10.1 uses 6.12.0, which was released November 17 2024). And in this world where bad actors like Theori don't involve vendors in vulnerability coordination, and just about every Linux kernel bug gets a CVE, this workflow fails. Hard.
Good times...
ELA4bOMG!!!! Ein RPG von #dungeoncrawlercarl
Ich liebe alles daran!
#dungeon #RPG #dungeoncrawler #Carl #renegadegamestudios #games
Romeu MouraPeople are using « tokens used » as productivity metric ?! « Tokens used »?!?!? That’s like, the first time « lines of code created » gets beaten for the « worst metric of software engineering » 🫠
Neil BrownNice app you've got there.
But no, I'll just visit your website in my browser, thanks.