November 25, 2022
I spent some time yesterday running #sudo through Facebook's Infer static analyzer. It seems much more strict about dead stores than other analyzers and there were a _lot_ of uninitialized value false positives
Most of those false positives fall into two categories: the value was set inside a for() loop which was guaranteed to run for at least one iteration, or the value being set was dependent on another variable. This last case used to cause problems for gcc but they improved their checker to deal with that years ago.
I quieted the dead store warnings (hopefully introducing no new bugs in the process) but at this stage, I can't really recommend using Infer for C code if you have Coverity or even the clang analyzer available.
Todd C. Miller: "I spent some time yesterday running #sudo through…" - BSD Network
I spent some time yesterday running #sudo through Facebook's Infer static analyzer. It seems much more strict about dead stores than other analyzers and there were a lot of uninitialized value false positives Most of those false positives fall into two categories: the value was set inside a for() loop which was guaranteed to run for at least one iteration, or the value being set was dependent on another variable. This last case used to cause problems for gcc but they improved their checker to deal with that years ago. I quieted the dead store warnings (hopefully introducing no new bugs in the process) but at this stage, I can't really recommend using Infer for C code if you have Coverity or even the clang analyzer available.
-
-
-
-
The pledges will be "concrete and "actually deployable today," he said. "It's not just, 'Oh, we're gonna stand with you.'"
-
-
-
BBC documentary used face-swapping AI to hide protesters' identities
BBC documentary used face-swapping AI to hide protesters' identities | New Scientist
Filmmakers used an AI to swap the faces of anti-government protesters in Hong Kong for those of actors to protect the protestors' identities while maintaining their facial movements and emotional expressions
-
-
-
-
This is what happens when Katie joins us on Glasshouse. Europe backs down.
The final version of the preliminary draft report concerning spyware/Pegasus/etc is completely cut out of details, previous details about curbs on vulnerability research/trade are purged.
It now says that "the discovery, sharing and exploitation of vulnerabilities have to be regulated".
Unclear how - would they suggest an "EU-approved" seal for zero-day vulns or such products? Obligatory on the box - not made of plastic of course! We have to protect the environment. https://www.europarl.europa.eu/doceo/document/PEGA-PR-738492_EN.pdf
Lukasz Olejnik: "The final version of the preliminary draft report…" - Mastodon
Attached: 1 image The final version of the preliminary draft report concerning spyware/Pegasus/etc is completely cut out of details, previous details about curbs on vulnerability research/trade are purged. It now says that "the discovery, sharing and exploitation of vulnerabilities have to be regulated". Unclear how - would they suggest an "EU-approved" seal for zero-day vulns or such products? Obligatory on the box - not made of plastic of course! We have to protect the environment. https://www.europarl.europa.eu/doceo/document/PEGA-PR-738492_EN.pdf
-
Russian spies have been the theme of the week, been commenting to the media about activity targeting Finland. Overall, there are tens of foreign intelligence officers posted in Finland, and espionage attempts targeting Finland are constant. (Correct English name for our service is Finnish Security and Intelligence Service, bit wrong in the article.) https://yle.fi/a/3-12680851
https://infosec.exchange/@vpk/109403188484005378
-