Interesting paper (go to the full one for all the details) which shows that with the current architecture it's really hard if not impossible to make safe systems with LLMs. This gives interesting insights in the weird form of proto-cognition those models exhibit.
What happens when targeted scams become cheap to run? This covers it fairly well, and we need to change our heuristics and trust model.
Indeed, skipping the centralized package manager might be better in the long run.
Interesting take on why CVEs are reported differently for C/C++ and Rust libraries. The responsibility for API misuse is treated differently because the abilities to express contracts is treated differently.
There's really something nasty at play. Those coding agents are clearly not insulated from the system enough and to easy to manipulate to exfiltrate sensitive information.
Microsoft has been deploying new CA certificates late... Now distros have to wake up and prepare new signatures for their shims quickly.
With Bitwarden sinking, it's maybe time to look at alternatives? This AliasVault option looks like an interesting contender even though a not young.
Sounds like a good solution to self host things at home while having some protection.
This is a good point. I feel unease at the current trend pushing toward cooldowns. The proposed rollout scheme is much better and fairer.
We've seen a stream of those security issues lately. It says something about the security practice in the industry right now. Things need to be improved.
Worthwhile exploration on the impact of CopyFail in the context of Podman. The baseline security posture seems better and you can even improve things using older techniques. Definitely worth switching.
Straight from the uutils rewrite. This is interesting both for the class of bugs which made it (very system integration oriented, unsurprisingly) and the ones which didn't appear at all (anything to do with memory).
Want a primer on email routing? This is pretty much it.
C++ too can have its own supply chain disasters with enough effort!
More in depth look at the launch white paper and the issues covered in the PR. Not much survives scrutiny... there's nothing special with this model.
A reminder that path based APIs and security don't go well together to manage files.
It's first a great marketing stunt. The model is likely not the secret sauce though.
Can crates.io make things easier to secure? I do think so. But this post is right that we shouldn't forget the social aspect of the whole supply chain security conversation.
Indeed, the current supply chain model of Rust could be better. While we wait for improvements (with no sign of them coming), there are ways to try to avoid some of the common pitfalls.
Comprehensive guide to have SSH keys stored in the TPM chip. Clearly it's still a very manual process.