Hacker Newsnew | past | comments | ask | show | jobs | submit | botplaysdice's commentslogin

I believe many people hate that power cable... Why not leveraging the low power consumption of eink? I hope you guys plannign one with battery.


Is this new Turing test? Who can verify the classifier itself?


Offtopic - I really love the concept of this product. I hope they provide 4k screen options and keyboard with happy-hacking keyboard layout by licensing the design from Fujitsu (with fully modifiable keymapping by open firmware.)


quick question, I didn't look into the detail of the issue and novice on Rust as well - question is to whom already checked detail of the vulnerability, is this bug kind of ones we can prevent if we're using Rust instead of C?


Bog standard buffer overflow caused by incorrect bounds checking. Yes.


Indeed. For illustration, the Ubuntu commits that fix the two CVEs:

https://git.launchpad.net/ubuntu/+source/openssl/commit/?h=a...

  -        if (written_out > max_out)
  +        if (written_out >= max_out)

  [...]
https://git.launchpad.net/ubuntu/+source/openssl/commit/?id=...

  -            if (tmpptr != NULL)
  -                PUSHC('.');
  +            PUSHC(tmpptr != NULL ? '.' : '\0');

  -    char a_ulabel[LABEL_BUF_SIZE];
  +    char a_ulabel[LABEL_BUF_SIZE + 1];
https://git.launchpad.net/ubuntu/+source/openssl/commit/?id=...

  -            || type->origin == EVP_ORIG_METH) {
  +            || (type != NULL && type->origin == EVP_ORIG_METH)
  +            || (type == NULL && ctx->digest != NULL
  +                             && ctx->digest->origin == EVP_ORIG_METH)) {

  -            || impl != NULL) {
  +            || impl != NULL
  +            || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
  +            || (cipher == NULL && ctx->cipher != NULL
  +                               && ctx->cipher->origin == EVP_ORIG_METH)) {


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: