Author: Jonathan Bennett

544 Articles

This Week In Security: Hornet, Gogs, And Blinkenlights

December 12, 2025 by 12 Comments

Microsoft has published a patch-set for the Linux kernel, proposing the Hornet Linux Security Module (LSM). If you haven’t been keeping up with the kernel contributor scoreboard, Microsoft is #11 at time of writing and that might surprise you. The reality is that Microsoft’s biggest source of revenue is their cloud offering, and Azure is over half Linux, so Microsoft really is incentivized to make Linux better.

The Hornet LSM is all about more secure eBPF programs, which requires another aside: What is eBPF? First implemented in the Berkeley Packet Filter, it’s a virtual machine in the kernel, that allows executing programs in kernel space. It was quickly realized that this ability to run a script in kernel space was useful for far more than just filtering packets, and the extended Berkeley Packet Filter was born. eBPF is now used for load balancing, system auditing, security and intrusion detection, and lots more.

This unique ability to load scripts from user space into kernel space has made eBPF useful for malware and spyware applications, too. There is already a signature scheme to restrict eBPF programs, but Hornet allows for stricter checks and auditing. The patch is considered a Request For Comments (RFC), and points out that this existing protection may be subject to Time Of Check / Time Of Use (TOCTOU) attacks. It remains to be seen whether Hornet passes muster and lands in the upstream kernel. Continue reading “This Week In Security: Hornet, Gogs, And Blinkenlights”

FLOSS Weekly Episode 858: YottaDB: Sometimes The Solution Is Bigger Servers

December 10, 2025 by 2 Comments

This week Jonathan chats with K. S. Bhaskar about YottaDB. This very high performance database has some unique tricks! How does YottaDB run across multiple processes without a daemon? Why is it licensed AGPL, and how does that work with commercial deployments? Watch to find out!

Continue reading “FLOSS Weekly Episode 858: YottaDB: Sometimes The Solution Is Bigger Servers”

This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud

December 5, 2025 by 3 Comments

After a week away recovering from too much turkey and sweet potato casserole, we’re back for more security news! And if you need something to shake you out of that turkey-induced coma, React Server has a single request Remote Code Execution flaw in versions 19.0.1, 19.1.2, and 19.2.1.

The issue is insecure deserialization in the Flight protocol, as implemented right in React Server, and notably also used in Next.js. Those two organizations have both issued Security Advisories for CVSS 10.0 CVEs.

There are reports of a public Proof of Concept (PoC), but the repository that has been linked explicitly calls out that it is not a true PoC, but merely research into how the vulnerability might work. As far as I can tell, there is not yet a public PoC, but reputable researchers have been able to reverse engineer the problem. This implies that mass exploitation attempts are not far off, if they haven’t already started. Continue reading “This Week In Security: React, JSON Formatting, And The Return Of Shai Hulud”

FLOSS Weekly Episode 857: SOCification

December 3, 2025 by No comments

This week Jonathan chats with Konstantinos Margaritis about SIMD programming. Why do these wide data instructions matter? What’s the state of Hyperscan, the project from Intel to power regex with SIMD? And what is Konstantinos’ connection to ARM’s SIMD approach? Watch to find out!

Continue reading “FLOSS Weekly Episode 857: SOCification”

FLOSS Weekly Episode 856: QT: Fix It Please, My Mom Is Calling

November 26, 2025 by 4 Comments

This week Jonathan chats with Maurice Kalinowski about QT! That’s the framework that runs just about anywhere, making it easy to write cross-platform applications. What’s the connection with KDE? And how has this turned into a successful company? Watch to find out!

Continue reading “FLOSS Weekly Episode 856: QT: Fix It Please, My Mom Is Calling”

This Week In Security: Cloudflare Wasn’t DNS, BADAUDIO, And Not A Vuln

November 21, 2025 by 8 Comments

You may have noticed that large pieces of the Internet were down on Tuesday. It was a problem at Cloudflare, and for once, it wasn’t DNS. This time it was database management, combined with a safety limit that failed unsafe when exceeded.

Cloudflare’s blog post on the matter has the gritty details. It started with an update to how Cloudflare’s ClickHouse distributed database was responding to queries. A query of system columns was previously only returning data from the default database. As a part of related work, that system was changed so that this query now returned all the databases the given user had access to. In retrospect it seems obvious that this could cause problems, but it wasn’t predicted to cause problems. The result was that a database query to look up bot-management features returned the same features multiple times.

That featurelist is used to feed the Cloudflare bot classification system. That system uses some AI smarts, and runs in the core proxy system. There are actually two versions of the core proxy, and they behaved a bit differently when the featurelist exceeded the 200 item limit. When the older version failed, it classified all traffic as a bot. The real trouble was the newer Rust code. That version of the core proxy threw an error in response, leading to 5XX HTTP errors, and the Internet-wide fallout. Continue reading “This Week In Security: Cloudflare Wasn’t DNS, BADAUDIO, And Not A Vuln”

FLOSS Weekly Episode 855: Get In The Minecart, Loser!

November 19, 2025 by 2 Comments

This week Jonathan chats with Kevin, Colin, and Curtis about Cataclysm: Dark Days Ahead! It’s a rogue-like post-apocalyptic survival game that you can play in the terminal, over SSH if you really want to! Part of the story is a Kickstarter that resulted in a graphics tile-set. And then there’s the mods!

Continue reading “FLOSS Weekly Episode 855: Get In The Minecart, Loser!”