Pavel Machek
Posts
1295Following
84Followers
125
Pavel Machek
pavel
@Di4na @camdoncady @dangoodin @joshbressers @kurtseifried @gregkh "he can knows" -- that's not english. Yes, sometimes it may be hard to decide if something is vulnerability or not. But sometimes it is very easy to see that it is not vulnerability, and we get it in CVE anyway. Look at the CVE below. It is clear that's a random bug, not anything attacker can exploit. It would be clear to Greg, too, if he spent 30 seconds analyzing it. But he did not. Plus, those copy/pasted descriptions make no sense. CVE-2023-52882 "Description
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability." Is it considered ok to generate CVE descriptions that are not even close to valid english?
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability." Is it considered ok to generate CVE descriptions that are not even close to valid english?
1
0
1
@kurtseifried @Di4na @camdoncady @dangoodin @joshbressers @gregkh "Linux kernel" did the work? Take a look at the CVEs. Its clearly copy/paste from changelog, not "work" being done.
0
0
1
Pavel Machek
pavel
@Di4na @camdoncady @dangoodin @joshbressers @kurtseifried @gregkh Is copy/pasting stable git commits into CVE database "the way it should be used"?
0
0
0
@kurtseifried @joshbressers @camdoncady @dangoodin @gregkh @Di4na Greg publicly says that he creates CVEs for any bug, not just for vulnerabilities. Rejecting such CVEs one-by-one is not going to fix that.
1
0
1
@kurtseifried @Di4na @camdoncady @dangoodin @joshbressers @gregkh If you want to assign me work, you have to do some research. Are you saying that turning git commits into CVEs without analysis is okay, and rest of the world now has obligation to do analysis and follow whatever process "auhority" demands?
0
0
1
@kurtseifried @joshbressers @camdoncady @dangoodin @gregkh @Di4na Yes, I'm saying there's a lot of CVEs that should be rejected, and I gave some examples. If you believe Greg is acting in good faith, you can try to reject a few and cc me.
0
0
1
Pavel Machek
pavel
@joshbressers @camdoncady @dangoodin @gregkh @kurtseifried @Di4na "CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change". "CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning". "CVE-2024-36022: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload".
0
0
0
Pavel Machek
pavel
@joshbressers @camdoncady @dangoodin @gregkh @kurtseifried @Di4na We don't know if vulnerabilities are "out of control", because Greg KH decided to prove his "CVE != vulnerability" point by simply spamming the database :-(.
1
0
1
Pavel Machek
pavel
@mkyral @sesivany @sesivanyblog Ta cela konstrukce s "trasa s.r.o" a KCT je jen... no, rekneme neeticka nepeknost mirena na stat a verejnost :-(. Berou dotace, a nedavaj data.
1
0
2
Pavel Machek
pavel
@martijnbraam Well, at least protection in the light can be reset by reinserting the cell. But if you trip the cell protection, its dark. It is same mistake as adding over-g protection to fighter plane: you protect the hardware, but endanger the human.
0
0
0
Pavel Machek
pavel
@martijnbraam So actually Zebralight seems to like unprotected cells. It has protection, and two protections tend to interfere with each other in bad ways. When I'm in the middle of woods somewhere, I _need_ light, and unprotected cell can power 0.1lm output pretty much forever. OTOH in subzero temperatures you can easily trigger protection on nearly full cell with 700lm attempt, and you are in dark, with no way to recover.
1
0
1
Pavel Machek
pavel
@oleksandr Hey, at least it is unique, and can be white/black listed easily :-).
0
0
1
Pavel Machek
pavel
@martijnbraam Zebralight has a bit more tolerance -- even some protected cells fit -- but newer cells tend to be protected and too big. And sellers don't advertise size :-(
1
0
0
Pavel Machek
pavel
@martijnbraam I have even seen them advertised as "18650, 19mm wide, 7cm long". My headlight (Zebralight) expects right size and I have trouble getting cells that fit :-(.
1
0
0
Pavel Machek
pavel
>Jsme kousek od staje, a uvazuju, ze bych zlutaka mohl chvili past. Zlutak si to taky misty, protoze sporadane zastavil, a pak si, malicko min sporadane, kousnul travy, nez se zase postavil do pozoru. No nic, tak ja tu mrkev necham na pozdejc, no. Ale co od nej bylo pekne ze zastavil vedle koberce lesnich jahod, a jo, uz jsou i zraly. V tydnu uz jsme byli i na boruvkach (ale tam pry neni dobra trava, takze zlutak nedoporucuje) a ano, rostou i houby.
A teda trochu bojuju... kun zastavi, terminating bridge (aka pochvala), ale predtim nez stacim dorucit odmenu se vrhne po trave. Dat pamlsek stejne? Nedat? Je to uplne jedno?
A teda trochu bojuju... kun zastavi, terminating bridge (aka pochvala), ale predtim nez stacim dorucit odmenu se vrhne po trave. Dat pamlsek stejne? Nedat? Je to uplne jedno?
1
0
1
Pavel Machek
pavel
@nicolas17 @mjg59 I'd expect it ... really be non dangerous, unless you disassemble it and eat the pieces :-). Scary stuff looks like this: https://www.reddit.com/r/ScarySigns/comments/g1c7uv/drop_run/
0
0
0
Pavel Machek
pavel
@Shrigglepuss Are you really? I have 386sx here, needs replacing power supply, and it eats <5W without HDD. Repairable, modifiable, long lasting... but hard to run modern software on it. We had era where computers met your requirements, but most of the world decided we want powerful, and ... you know the rest.
0
0
1