@schrotthaufen @aurynn I dug a bit about this last week and also found that ppl associate speed with large outputs, thanks for confirming! IMHO if you dump as much data that this acceleration matters, you won't be able to properly interpret that output anyway, so instead of messing with a GPU I'll just stick with redirects and grep.

@schrotthaufen @aurynn What do you need speed for in a terminal? No offense but your fingers/eyes are pbbly much slower than most things a computer does.

@aurynn I still don't get why terminal emulators require OpenGL

it is a very strange world when my terminal emulator program is taking up 1.2GB of memory.

@aurynn can you imagine devoting an entire 26 bytes to the date turnover routine?

@bagder I'm amazed by the patience you handle these reports with...

Here's the latest #curl hackerone issue I mentioned the other day: https://hackerone.com/reports/2871792 another one of those "we found a function call so therefore your program must be vulnerable".

Disclosed for educational purposes. Don't do this.

Fast conditional breakpoints via eBPF!?! Let's go! https://pernos.co/blog/linux-kernel-additions/

"With the new feature we contributed to 6.10 it's instead possible to filter the breakpoint hits in the kernel without ever trapping to rr or using ptrace. We can install a hardware breakpoint via the perf events subsystem and attach a BPF program to it that checks for matching register values and suppresses signals for those iterations that are not of interest."

[RSS] The fascinating security model of dark web marketplaces

https://boehs.org/node/dark-web-security

[RSS] Dependency Walker Rewrite

https://github.com/hfiref0x/WinDepends

ICP-Brasil issued cert for googgle[.]com

https://bugzilla.mozilla.org/show_bug.cgi?id=1934361

Got some negative or unrealistic threat model results that still bring interesting insights? A side channel that requires root to leak something from the kernel? Reproducing prior work? Somewhat related to microarchitecture? Here's your venue: uasc.cc

First edition is happening on February 19 in Bochum, the day before RuhrSec.
We accept submissions (papers, posters, talks) starting today and try to provide reviews within a 2 week time frame of submission.
Last Submission Deadline: January 27, 2025

@mcc I think this is relevant: https://devblogs.microsoft.com/oldnewthing/20240923-00/?p=110297

stalld: unpatched fixed temporary file use and other issues

https://security.opensuse.org/2024/11/29/stalld-fixed-tmp-file.html

@hajovonta @amszmidt I can mess up the same thing multiple times a day...

Linux: Race can lead to UAF in net/bluetooth/sco.c: sco_sock_connect()

https://seclists.org/oss-sec/2024/q4/130

What a mess:

“the reporter also did not reply to any of linux-distros’ members questions, most notably ‘have you contacted either security () kernel org or the bluetooth maintainers about this issue?’”

“the issue may be the same as CVE-2024-27398”

tuned: local root exploit in D-Bus method instance_create and other issues in tuned >= 2.23 (CVE-2024-52336, CVE-2024-52337)

https://seclists.org/oss-sec/2024/q4/127

@timb_machine Glad to hear that :) On my side that rendered as a very sad little blob.

@timb_machine What's wrong?