shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

269
active users

#memorysafety

3 posts3 participants0 posts today
CHERI Alliance<p>The CHERI Alliance is all about bringing the computing world together to adopt CHERI security technology.</p><p>We’re a mix of industry partners, open-source contributors, researchers, and governments, all working to make CHERI more accessible and widely used.</p><p>Check out who’s already on board: <a href="https://cheri-alliance.org/member/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cheri-alliance.org/member/</span><span class="invisible"></span></a></p><p>We’ve got active working groups tackling everything from software porting to system integration and standards - all helping the community adopt and build with CHERI more effectively. Take a look: <a href="https://cheri-alliance.org/who-we-are/working-groups/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cheri-alliance.org/who-we-are/</span><span class="invisible">working-groups/</span></a></p><p>Curious? Keen to get involved? Here’s how to join us: <a href="https://cheri-alliance.org/memberships/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">cheri-alliance.org/memberships/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/CHERI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CHERI</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p>
David Chisnall (*Now with 50% more sarcasm!*)<p>The <span class="h-card" translate="no"><a href="https://infosec.exchange/@cheri_alliance" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cheri_alliance</span></a></span> has around a thousand followers on LinkedIn and just joined the Fediverse today. Let’s see how quickly we can get them to more than that here!</p><p><a href="https://infosec.exchange/tags/CHERI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CHERI</span></a> <a href="https://infosec.exchange/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://infosec.exchange/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareSecurity</span></a> <a href="https://infosec.exchange/tags/FollowFriday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FollowFriday</span></a></p>
CHERI Alliance<p>👋 Hey infosec.exchange! We’re the CHERI Alliance — excited to join the community!</p><p>🔐 We’re all about CHERI (Capability Hardware Enhanced RISC Instructions) — a powerful hardware-based approach to making memory safety and software security actually enforceable, by design.</p><p>💡 CHERI helps stop things like buffer overflows and use-after-free bugs before they cause trouble — with hardware-enforced protections built right into the architecture.</p><p>We’re here to:<br>- Share news about the CHERI community in general<br>- Talk about what our members are building with CHERI<br>- Connect with folks who care about deep, meaningful security improvements<br>Check us out 👉 cherialliance.org</p><p>Give us a follow if this sounds like your kind of thing!</p><p><a href="https://infosec.exchange/tags/CHERI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CHERI</span></a> <a href="https://infosec.exchange/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://infosec.exchange/tags/SecureByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureByDesign</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/HardwareSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HardwareSecurity</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://java.duke.social/users/naomi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>naomi</span></a></span> <a href="https://infosec.space/tags/JVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JVM</span></a> in <a href="https://infosec.space/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a>, <em>when</em>?</p><p><a href="https://infosec.space/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Java</span></a> <a href="https://infosec.space/tags/MemirySafe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemirySafe</span></a> <a href="https://infosec.space/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://infosec.space/tags/ProgrammingLanguages" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProgrammingLanguages</span></a> <a href="https://infosec.space/tags/Meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meme</span></a> <a href="https://infosec.space/tags/Memes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Memes</span></a></p>
Anisse<p>"Unsafe is the stupidest language feature (on a technical level)", Nadri says. It's just an arbitrary constraint to call code with the unsafe keyword, with only the unsafe keyword. Therefore, it's mostly a social that "works super well".</p><p><a href="https://social.treehouse.systems/tags/RustLang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RustLang</span></a> <a href="https://social.treehouse.systems/tags/Unsafe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Unsafe</span></a> <a href="https://social.treehouse.systems/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://social.treehouse.systems/tags/RustInParis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RustInParis</span></a></p>
David Chisnall (*Now with 50% more sarcasm!*)<p>I have lost count of the number of people at Embedded World who have asked me ’what is memory safety?'</p><p>If anyone is wondering how embedded security is going...</p><p><a href="https://infosec.exchange/tags/EmbeddedWorld" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EmbeddedWorld</span></a> <a href="https://infosec.exchange/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://infosec.exchange/tags/CHERI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CHERI</span></a></p>
Gary Wong<p>My <a href="https://mastodon.nz/tags/computing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>computing</span></a> is far too important for me to be pacified by mere <a href="https://mastodon.nz/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a>. I demand actual <a href="https://mastodon.nz/tags/correctness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>correctness</span></a>.</p>
Chandler Carruth<p>Had a bunch of thoughts about the recent safety stuff, way more than fit in social media post... Blog post story time! (It's a bit of a ramble, sorry about that...)</p><p><a href="https://chandlerc.blog/posts/2024/11/story-time-bounds-checking/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chandlerc.blog/posts/2024/11/s</span><span class="invisible">tory-time-bounds-checking/</span></a></p><p><a href="https://hachyderm.io/tags/LLVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLVM</span></a> <a href="https://hachyderm.io/tags/Clang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clang</span></a> <a href="https://hachyderm.io/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://pony.social/@cult" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cult</span></a></span> if <em>"<a href="https://infosec.space/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a>"</em> was the prime concern they'd demand <a href="https://infosec.space/tags/Ada" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ada</span></a> and <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> for <em>everything</em> and not allow <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> like <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> to begin with!</p>
Jamie Magee :unverified:<p><a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rust</span></a> <a href="https://infosec.exchange/tags/memorysafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>memorysafety</span></a></p><p><a href="https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">whitehouse.gov/oncd/briefing-r</span><span class="invisible">oom/2024/02/26/press-release-technical-report/</span></a></p>
Jeff Moss<p>[2/2] It is essentially two documents, a discussion of memory safety technologies and then specific CISA recommendations. Also included is a new chart providing the granular root-cause-analysis (RCA) for memory safety issues reported to Microsoft and a great appendix for those wanting more.</p><p>I would like to thank everyone who put work in on this. Of the many people who briefed us please reveal yourselves if you wish to be identified.</p><p>The TAC: Jeff Moss <span class="h-card" translate="no"><a href="https://defcon.social/@thedarktangent" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thedarktangent</span></a></span> Subcommittee Chair, DEF CON Communications. Dino Dai Zovi, CashApp. Luiz Eduardo <span class="h-card" translate="no"><a href="https://defcon.social/@effffn" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>effffn</span></a></span>, Aruba Threat Labs. Royal Hansen, Google. Isiah Jones, Applied Integrated Technologies. Kurt Opsahl <span class="h-card" translate="no"><a href="https://mstdn.social/@Kurt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Kurt</span></a></span>, Electronic Frontier Foundation. Stephen Schmidt, Amazon. Yan Shoshitaishvili, Arizona State University. Kevin Tierney, General Motors. Rachel Tobac <span class="h-card" translate="no"><a href="https://infosec.exchange/@racheltobac" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>racheltobac</span></a></span>, SocialProof Security. David Weston <span class="h-card" translate="no"><a href="https://infosec.exchange/@dwizzzle" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dwizzzle</span></a></span>, Microsoft.</p><p>From CISA: Eric Goldstein and Bob Lord <span class="h-card" translate="no"><a href="https://infosec.exchange/@boblord" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>boblord</span></a></span></p><p><a href="https://defcon.social/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> <a href="https://defcon.social/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://defcon.social/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> <a href="https://defcon.social/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golang</span></a> <a href="https://defcon.social/tags/swift" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swift</span></a></p>
Jeff Moss<p>[1/2] Almost six months ago the Director of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, directed the Technical Advisory Council (TAC) of the Cybersecurity Advisory Council (CSAC) to answer six questions around Memory Safety to help the department understand the challenges and opportunities of Memory Safe Systems Languages such as Rust, Go, and Swift.</p><p>DL/DR: Memory Safe Systems Languages are becoming mature, hyper-scale companies are doing incremental rewrites, there are additional protections that should be used in non-memory safe languages such as c++, and you should start to develop your roadmap. Please read the report. 😎</p><p>Since the TAC started working, Memory Safety has become a hot topic, with the NSA joining CISA to release "The Case for Memory Safe Roadmaps"</p><p>Last week the TAC submitted our final report at the quarterly public meeting and I'm pleased to link it here: <br><a href="https://www.cisa.gov/sites/default/files/2023-12/CSAC_TAC_Recommendations-Memory-Safety_Final_20231205_508.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cisa.gov/sites/default/files/2</span><span class="invisible">023-12/CSAC_TAC_Recommendations-Memory-Safety_Final_20231205_508.pdf</span></a></p><p><a href="https://defcon.social/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> <a href="https://defcon.social/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a> <a href="https://defcon.social/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> <a href="https://defcon.social/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golang</span></a> <a href="https://defcon.social/tags/swift" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swift</span></a></p>
Kelly Shortridge<p>🎶 I checked her out, it was a Friday night<br>I used dark mode to get the feelin’ right<br>We started coding C, and shared some memory<br>But then I tried concurrent reads</p><p>And that’s about the time she threw a fault at me<br>Nobody likes you when your memory’s free<br>and are still pointing to that address space<br>What the hell is SIGSEGV?<br>My friends say I should memory safe<br>What’s my page again?<br>What’s my page again? 🎶</p><p><a href="https://hachyderm.io/tags/memorysafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>memorysafety</span></a></p>
Yellow Flag<p>Came across a gemini link, looked for a Linux client out of curiosity.</p><p>Three graphical clients are listed for Linux: one written in Rust, one in C++ and one in C.</p><p>Which one does my Linux distribution offer? Only the one written in C of course. 🤦‍♂️</p><p><a href="https://infosec.exchange/tags/MemorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MemorySafety</span></a></p>
Kelly Shortridge<p>new post: the SUX Rule for safer code <a href="https://kellyshortridge.com/blog/posts/the-sux-rule-for-safer-code/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kellyshortridge.com/blog/posts</span><span class="invisible">/the-sux-rule-for-safer-code/</span></a></p><p>it’s short for Sandbox-free - Unsafe - eXogenous. If your code does all three of:<br>- running without a sandbox<br>- written in an unsafe language<br>- processing exogenous inputs</p><p>it’s certain your code SUX. </p><p>it’s basically me tweaking Chromium’s excellent Rule of Two because it conflicts with Star Wars lore (among other reasons I describe)</p><p><a href="https://hachyderm.io/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://hachyderm.io/tags/memorysafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>memorysafety</span></a></p>
Bob Lord 🔐 :donor:<p>Aleph One's article "Smashing The Stack For Fun And Profit" appeared in Phrack on 1996-11-08. The 30th anniversary of that paper will be in 1142 days. </p><p>What can we do between now and then to show him that we're finally taking the matter seriously? <a href="https://infosec.exchange/tags/memorySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>memorySafety</span></a> <a href="https://infosec.exchange/tags/secureByDesign" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureByDesign</span></a></p>
IT News<p>Two core Unix-like utilities, sudo and su, are getting rewrites in Rust - Invoking another user's privileges to execute a command. (credit: Cavan Ima... - <a href="https://arstechnica.com/?p=1935564" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=1935564</span><span class="invisible"></span></a> <a href="https://schleuss.online/tags/rustprogramminglanguage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rustprogramminglanguage</span></a> <a href="https://schleuss.online/tags/memorysafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>memorysafety</span></a> <a href="https://schleuss.online/tags/commandline" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>commandline</span></a> <a href="https://schleuss.online/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biz</span></a>⁢ <a href="https://schleuss.online/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://schleuss.online/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://schleuss.online/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rust</span></a> <a href="https://schleuss.online/tags/sudo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sudo</span></a> <a href="https://schleuss.online/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix</span></a> <a href="https://schleuss.online/tags/su" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>su</span></a></p>