syzkaller
hn-search
syzkaller | hn-search | |
---|---|---|
7 | 1,654 | |
5,156 | 526 | |
1.5% | 0.6% | |
9.8 | 2.9 | |
2 days ago | 7 months ago | |
Go | TypeScript | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
syzkaller
-
Automated Unit Test Improvement Using Large Language Models at Meta
https://arxiv.org/abs/2402.09171 :
> This paper describes Meta's TestGen-LLM tool, which uses LLMs to automatically improve existing human-written tests. TestGen-LLM verifies that its generated test classes successfully clear a set of filters that assure measurable improvement over the original test suite, thereby eliminating problems due to LLM hallucination. [...] We believe this is the first report on industrial scale deployment of LLM-generated code backed by such assurances of code improvement.
Coverage-guided unit test improvement might [with LLMs] be efficient too.
https://github.com/topics/coverage-guided-fuzzing :
- e.g. Google/syzkaller is a coverage-guided syscall fuzzer: https://github.com/google/syzkaller
- Gitlab CI supports coverage-guided fuzzing: https://docs.gitlab.com/ee/user/application_security/coverag...
- oss-fuzz, osv
Additional ways to improve tests:
Hypothesis and pynguin generate tests from type annotations.
There are various tools to generate type annotations for Python code;
> pytype (Google) [1], PyAnnotate (Dropbox) [2], and MonkeyType (Instagram) [3] all do dynamic / runtime PEP-484 type annotation type inference [4] to generate type annotations. https://news.ycombinator.com/item?id=39139198
icontract-hypothesis generates tests from icontract DbC Design by Contract type, value, and invariance constraints specified as precondition and postcondition @decorators:
-
Differ: Tool for testing and validating transformed programs
https://google.github.io/clusterfuzz/setting-up-fuzzing/libf...
> OSS-Fuzz runs CloudFuzz[Lite?] for many open source repos and feeds OSV OpenSSF Vulnerability Format: https://github.com/google/osv#current-data-sources
.
Google/syzkaller https://github.com/google/syzkaller :
>> syzkaller is an unsupervised coverage-guided kernel fuzzer. Supported OSes: Akaros, FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, Windows
.
ghidra-patchdiff-correlator:
-
Fuzz Testing Is the Best Thing to Happen to Our Application Tests
The key to modern fuzzing is feedback, usually some kind of coverage testing of the program under test. This allows the fuzzer to be much smarter about how it finds new code paths, and makes fuzzing find bugs a lot quicker.
Google have a project to do fuzzing on Linux system calls using coverage feedback: https://github.com/google/syzkaller
-
Is there a Linux user-space program that causes execution through every kernel function path and context?
Utilities that try to exercise ("fuzz") an interface with the intent of discovering bugs are called "fuzzers". The tool that comes to mind is syzkaller.
-
Those scary warnings of juice jacking in airports and hotels? They’re nonsense
It's true that USB is probably a less desirable attack surface than modems, because it actually requires the user to physically connect their device to a malicious device, but I wouldn't discount it as impractical and unlikely to happen in the wild. There's a reason some of the more famous malware and spyware used to spread/attack over USB. Google actually does USB driver fuzzing and the amount of potentially devastating vulnerabilities is staggering.
- Linux System Call Table – Chromiumos
- Audit of Linux kernel code
hn-search
-
Rule of Thumb: Anything that looks fancy is not worth you time
- Ads with Psychological tricks
Truly good websites have around 2 facts per 10 word sentence, and get instantly to the chase. Also: good websites give you the names of all their competitors/alternative websites before showing their own stuff, and give you further reading.
Right now the world of technology is supposedly more innovative than ever, but somehow Wikipedia (https://www.wikipedia.org/) and Search Hackernews (https://hn.algolia.com/) beat billion dollar search engines.
Articles written decades ago are still unsurpassed in terms of quality and ease of understanding, but the best modern websites can do is textbook explanations. It is time society graduates from boilerplate buzzword textbook culture.
Now the gems of the internet are slowly being buried beneath mountains of trash.
If something sounds boilerplate it isn't good enough.
Don't bother saying something that has been said before, and better.
-
What makes a translation great
>for more detail: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
Oh, I see. We actually discussed Pound about four years ago - just a little back and forth about the ABC of Reading: https://news.ycombinator.com/item?id=24196681
>What's your explanation of why Pound went Fascist?
I'm not sure I particularly have one; I haven't read any of his longer political or cultural (i.e. non-literary) works. I just think it's silly to correlate an approach to translation that you dislike with fascism. Especially as I'm not sure it even makes sense on its own terms: I can only read your comment as 'lazy translator? Figures that he would be a fascist', but if I imagine the type of translation a fascist would approve of, the approach I picture is fastidious, fussy, concerned with fidelity to the point of stickler-ishness. (Isn't that from where we get 'grammar nazi'?)
And oh, well, since you ask I'll take a shy at it: my vague sense is that he became fascist because saw a society in decline due to it becoming more and more a sham society: opulence without virtue, power without vigour, money no longer tied to actually existing goods. (Of course, all of this shades easily into antisemitism.) He saw fascism as the answer; It's easier to see in retrospect that it wasn't.
-
Zed Decoded: Linux When? – Zed Blog
"multiplayer notepad" goes back 15 years at least - https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu... notepad&sort=byDate&type=comment
it was used back with a popular website which opened a text document and anyone viewing could type, but I can't remember the name. That became a thing in Google Docs, Microsoft Office, Floobits, and lots of self-hosted and cloned sites.
-
Louis Rossmann: YouTube's Legal Team sent me a letter [video]
If you see a post that ought to have been moderated but hasn't been, the likeliest explanation is that we didn't see it. You can help by flagging it or emailing us at [email protected].
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
-
An Oil Price-Fixing Conspiracy Caused 27% of All Inflation in 2021
Ok, but please don't post unsubstantive comments to Hacker News.
I understand the reason for repeating these sentiments—it's the same reason why they get upvoted to the top of threads*—but repetition of this kind is what we're most trying to avoid here.
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
https://news.ycombinator.com/newsguidelines.html
* I've marked this one off topic now.
-
Validating app for manufacturers enhancing process reliability and efficiency
I was looking for it in the guidelines. There are a couple of conventions for postings. Consider a bit of prior examples: [https://hn.algolia.com/?q=show+hn]
-
Show HN: Hacker Search – A semantic search engine for Hacker News
yeah there are only three stories coming up from the site search
https://hn.algolia.com/?q=postgres+clustering
only one is semanthically correct, the other pick up the wrong version of clustering (i.e. k-means instead of multi master writes)
but yeah if one doesn't test the hard cases, how does one know it preserves semantics :D
- Longevity of Recordable CDs, DVDs and Blu-Rays
-
The Scientific Method Part 5: Illusions, Delusions, and Dreams
Like dismissing the work of Feyerabend or Wittgenstein without seemingly having read either:
https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=tr...
-
Any Google Analytics Alternatives?
https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
What are some alternatives?
AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
duckduckgo-locales - Translation files for <a href="https://duckduckgo.com"> </a>
vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
v - Simple, fast, safe, compiled language for developing maintainable software. Compiles itself in <1s with zero library dependencies. Supports automatic C => V translation. https://vlang.io
wtf - wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).
parser - 📜 Extract meaningful content from the chaos of a web page
ipa-medit - Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
readability - A standalone version of the readability lib
gvisor - Application Kernel for Containers
yq - Command-line YAML, XML, TOML processor - jq wrapper for YAML/XML/TOML documents
xpid - Linux Process Discovery. C Library, Go bindings, Runtime.
milkdown - 🍼 Plugin driven WYSIWYG markdown editor framework.