I wonder how can someone think that running it as root was a good idea. They could have use root to restart the process with the environment variable as the original user. Or did I misunderstood the issue? sudo su - "original-user" python --environment-path "path-to-custom-libraries" path/to/program Obviously not a real way to run python but you get the idea. If its using libraries that are user accessible it should never need to elevate to read the libraries.

Thanks ..My whole career depends on your videos

The vulnerability is bad... So is DLINK's response... That said, a NAS is probably the last device I'd expose online? There are so many simple ways of securely accessing network storage without actually exposing it to the internet, it's baffling to me that people do it.

For the same reason a knife is legal. It's not the tool itself, its how you use it that determines if its legal or illegal

Customers might indeed buy another NAS, but I'll bet that it won't say D-Link on the box.

Not a Linux (kernel) vulnerability. Not in any server. So it's a Ubuntu/Debian desktop problem. So what distros are affected?

Ed talked about this in depth

Apple auditing?

Rust seems promising but I absolutely despise its syntax

Well, how did they fix it??

While it might be true that most linux hacks are due to fun and games with memory, it is NOT true and CANNOT be true because most hacks happen with insecure applications, stupid configurations, not using MFA, sharing passwords, and people doing dumb things such as leaving a laptop on the subway.

Open source is kind of doomed in the near future because the younger generation is becoming incompetent in c/c++ or low level programming they prefer javascript and python.

Isn’t the design of rusts unsafe designed the way it is so that you write small unsafe functions that you use throughout your program.

Font please, btw what program are you using cuz it didnt look like vscofe

Portable assembly!

Is a rust course coming - In LLA?

I got 10 days to create a StackAllocator in C++ and ive barely coded it before 🗿

7:25 You could use `apt-mark hold needrestart` to prevent it from updating.

Placing the cap on the back of the pen is called "posting".

I already know a handful of languages with a very small amount of c++ in my earlier years. What would you guys recommend to learn first now that I understand programming and reading docs, c or c++?

we found another cia backdoor good job boys

Just dont hire dumb programmers. Regardless of language.

Java was my first language. It taught me a ton about OOP and design principles that carry over (but aren’t enforced) to languages without types. It’s still my favorite language and made it super easy to learn JS, TS and Python

can you please give me your vim config

the patched version 3.8 is indeed not available in the ubuntu repo's. still needrestart/noble-updates,noble-security,now 3.6-7ubuntu4.3 all

Zig for games, and game engiens... let's see if I manage to commit to learning this time.

Your title is dangerous and deceptive. Disliked.

@Low Level Thx, bro... I absolutely agree with you, no more questions about pointers after your video... I used that knowledge in my humble C++ project and simply worked right away. 😎😎😎😎

How to learn c or cpp language?!

dlink is hot garbage. my favorite was wifi routers "forgetting" admin pw. they denied it. then 4 years after they update firmware, one of the notes on update was pw fix.

I like Turtles 🐢 🧟

This could be a class of bugs from any system tool using what it trusts is Python (via PYTHONPATH) or another interpreter to fetch process info about privileged python processes? Glances, for example.

Why not just loop people? And isn't "&people" redundant, considering arrays are pointers?

This is 10000% illegal and a violation of your privacy and MS will automatically activate this and there is nothing you can do about it!! And, you KNOW that MS will 1000% lie about what they are doing!!! Anyone that doesn't know/realize that MS will always spy on you and there is NO OPT OUT function, as they will automatically activate it, which is also why you can NO LONGER deny auto updates of Windows!! MS needs to be SHUT DOWN!!

Maybe a backdoor maybe not. What it is true is that there are many developers that suck

Reliable like a Toyota 😂

Actualllly `int x = 0` most certainly translates into something like `xor eax, eax`. The instruction is shorter than `mov`. And the stack is not necessary when it can fit on to the register.

Does this mean that it's never a good idea to store paths in environment variables, or is it okay if these variables are validated in some way first?

I think, if they would have used safe Rust, this error could not happen via the Command struct. Sure, if they would have used unsafe libc::system(), than this is not the case... but then whats the point of using Rust? so no, using Rust here again would saved the world :)

LLMs will be writing/checking all the code in the future so what does the language matter? I'm seriously asking. Will the AI even use code in future or is everything going to be generative? And if there is code, wouldn't an AI just write in whatever the lowest level code is in context?

This is actually making it harder than it needs to be - you don't need to make syscalls directly to the linux kernel. The C standard library functions are avaliable using the SYS-V ABI, meaning that you can pass the arguments into the correct registers, call a libc function such as printf, and the return value will be in rax. You just need to link the program to the libc.

Good old Perl pearls in Debian... there is probably tons more of such issues. So Linux, the kernel, is not affected.

Apart from memory safety I don't like Rust's syntax, I'd much rather a version of C that implements safety features over a completely different language with different concepts.

No different to QNAP

Just because it's open source doesn't mean it's secure.

Better make bloody sure there's not a XuanTie RISC-V in there, otherwise... well, do your homework. (the "bug" is probably a feature.)

Got it

C is almost obsolete just like any other programming language except plain english. AI will replace all programmers soon and make them completely obsolete. Why spend so much time on learning useless stuff?

Isn't it the same for all languages?