Kernel prepatch 6.11-rc7

Post Syndicated from corbet original https://lwn.net/Articles/989426/

Linus has released 6.11-rc7 for testing.

And I wish I could say that things have calmed down, but I can’t
really say that. In fact, rc7 is slightly bigger than both rc6 and
rc5 were, both in number of commits, and in actual diff
size. That’s not really how it should work out.

That said, there’s nothing *scary* in here.

He is apparently “still waffling” about whether to release 6.11 next
weekend, which would cause the 6.12 merge window to land on top of the
Maintainers Summit, Linux Plumbers Conference, and Open Source Summit.

[$] Testing AI-enhanced reviews for Linux patches

Post Syndicated from jzb original https://lwn.net/Articles/987319/

Code review is in high demand, and short supply, for most open-source projects.
Reviewer time is precious, so any tool that can lighten the load is worth exploring.
That is why Jesse Brandeburg and Kamel Ayari decided to test whether
tools like ChatGPT could review patches to provide quick feedback to
contributors about common problems. In a
talk at the Netdev 0x18 conference this July, Brandeburg provided an overview of an
experiment using machine learning to review emails containing patches
sent to the netdev
mailing list. Large-language models (LLMs) will not be replacing human reviewers anytime
soon, but they may be a useful addition to help humans focus on deeper
reviews instead of simple rule violations.

Metasploit Weekly Wrap-Up 09/06/2024

Post Syndicated from Jack Heysel original https://blog.rapid7.com/2024/09/06/metasploit-weekly-wrap-up-42/

Honey, I shrunk the PHP payloads

Metasploit Weekly Wrap-Up 09/06/2024

This release contains more PHP payload improvements from Julien Voisen. Last week we landed a PR from Julien that added a datastore option to the php/base64 encoder that when enabled, will use zlib to compress the payload which significantly reduced the size, bringing a payload of 4040 bytes down to a mere 1617 bytes. This week’s release includes a php/minify encoder which removes all unnecessary characters from the payload including comments, empty lines, leading spaces, trailing spaces, spaces after keywords and spaces before block openings. Using the php/minify encoder can take a payload of size 4052 bytes down to 2839 bytes. We’d like to thank Julien for their continued commitment to improving PHP payloads!

New module content (1)

PHP Minify Encoder

Author: Julien Voisin
Type: Encoder
Pull request: #19435 contributed by jvoisin
Path: php/minify

Description: This encoder minifies PHP payloads by removing spaces after keywords and before block openings. It removes comments, empty lines, new lines and leading and trailing spaces.

Enhancements and features (2)

  • #19368 from h00die-gr3y – This adjusts the exploit/multi/http/geoserver_unauth_rce_cve_2024_36401 to dynamically pull and test the feature_type list to establish an RCE. This will make the module more robust towards installations with different feature_type configurations.
  • #19401 from jvoisin – Add a mixin to get SPIP version and make use of it.

Bugs fixed (2)

  • #19381 from Takahiro-Yoko – This fixes the gitlab_login scanner so that it uses the proper datastore options Username and Password which are the standard for login scanners. Before this fix the scanner was using HttpUsername and HttpPassword and ignoring the datastore options Username and Password.
  • #19438 from cgranleese-r7 – Fixes a nil error if login is successful with ldap_login module.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro

Metasploit Weekly Wrap-Up 09/06/2024

A Quick Introduction to the NVIDIA GH200 aka Grace Hopper

Post Syndicated from Patrick Kennedy original https://www.servethehome.com/a-quick-introduction-to-the-nvidia-gh200-aka-grace-hopper-arm/

The NVIDIA GH200 or “Grace Hopper” is far from a single product. We have a quick guide so when someone says “GH200” you know what to look for

The post A Quick Introduction to the NVIDIA GH200 aka Grace Hopper appeared first on ServeTheHome.

NGINX has moved to Github

Post Syndicated from jzb original https://lwn.net/Articles/989229/

The NGINX team has announced
that official NGINX open-source development has moved away from
Mercurial to GitHub, and
the project will now be taking contributions
in the form of pull requests:

Additionally, starting today, we will begin accepting bugs reports,
feature requests and enhancements directly through GitHub, under the
“Issues” tab. Moreover, we’ve moved our community forums to the GitHub
“Discussions” area, where you will now be able
to engage in conversation, ask, and answer questions.

[…] We understand that changes like these may require adjustment,
so to give you more time, we will continue accepting patches and
provide community support via mailing lists until December 31st, 2024.

The collective thoughts of the interwebz