1932 stories
·
9 followers

Saturday Morning Breakfast Cereal - AI

4 Shares


Click here to go see the bonus panel!

Hovertext:
Discussion: I am no longer certain kitties are a type of cat.


Today's News:
Read the whole story
llucax
6 hours ago
reply
Berlin
Share this story
Delete

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug (GitHub blog)

1 Comment
On the GitHub blog, Kevin Backhouse writes about a privilege escalation vulnerability in polkit, which "enables an unprivileged local user to get a root shell on the system" CVE-2021-3560 "is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request. [...] Why does killing the dbus-send command cause an authentication bypass? The vulnerability is in step four of the sequence of events listed above. What happens if polkit asks dbus-daemon for the UID of connection :1.96, but connection :1.96 no longer exists? dbus-daemon handles that situation correctly and returns an error. But it turns out that polkit does not handle that error correctly. In fact, polkit mishandles the error in a particularly unfortunate way: rather than rejecting the request, it treats the request as though it came from a process with UID 0. In other words, it immediately authorizes the request because it thinks the request has come from a root process."
Read the whole story
llucax
6 days ago
reply
😬
Berlin
Share this story
Delete

Saturday Morning Breakfast Cereal - Addictive

2 Shares


Click here to go see the bonus panel!

Hovertext:
Try this heroine! It's tooootally addictive!


Today's News:
Read the whole story
llucax
9 days ago
reply
Berlin
Share this story
Delete

Saturday Morning Breakfast Cereal - Weird

1 Comment and 6 Shares


Click here to go see the bonus panel!

Hovertext:
I wonder how many times people have gotten a divorce that could've been avoided with a timely granola bar.


Today's News:
Read the whole story
llucax
25 days ago
reply
Berlin
Share this story
Delete
1 public comment
gangsterofboats
27 days ago
reply
You're not you when you're hungry.

How to prevent crypto mining abuse on GitLab.com SaaS

1 Share

Recently, there has been a massive uptick in abuse of free pipeline minutes available on GitLab.com and on other CI/CD providers to mine cryptocurrencies. In addition to the cost increases, the abuse creates intermittent performance issues for GitLab.com users and requires our teams to work 24/7 to maintain optimal services for our customers and users. To discourage and reduce abuse, starting May 17, 2021, GitLab will require new free users to provide a valid credit or debit card number in order to use shared runners on GitLab.com. A user will be able to run pipelines without providing a credit or debit card if they use their own runner and disable shared runners. Although imperfect, we believe this solution will reduce the abuse.

We plan to rollout this change gradually and increase the scope if needed as follows:

  • Start with adding the new requirement for new free users created on or after May 17, 2021.
  • If we continue to see abuse through existing free accounts, we plan to extend the requirement to additional users.

This change does not currently impact any of the following users:

  • GitLab self-managed customers and users (free or otherwise)
  • Paid or program users (e.g., education, open source) on GitLab.com
  • Users created before May 17, 2021

When you provide the card, it will not be charged but instead will be verified with a one-dollar authorization transaction. No charge will be made and no money will transfer.

A credit or debit card is one (of many) controls we have put in place to reduce abuse of our platform. We will never fully solve platform abuse, but the more barriers we put up, the more difficult and expensive it becomes to engage in abuse.

The GitLab team members have already activated and shipped many improvements. These were helpful in deterring abuse, although are not sufficient. A sampling of the fixes we have delivered to mitigate pipeline abuse include:

  1. Fail creation of jobs when pipeline minutes quota is exceeded.
  2. Fail pipelines after user exceeds pipeline minutes quota.
  3. Adding restrictions to the creation of namespaces via the API.
  4. Enabling the termination of pipelines when blocking a user.
  5. Ensuring pipelines do not run when pipelines are owned by a blocked user.
  6. Closing gaps in jobs running by user accounts deleted by users.
  7. Utilizing and enhancing the External Pipeline Validation Service specifically around authentication, payload, and access restriction.
  8. Ensuring scheduled pipelines don't run by blocked users.

We expect to make enhancements to harden our pipeline system against abuse. We believe using pipeline minute quotas as the foundation for free minute usage will be the best mechanism for failing jobs and pipelines to stop abuse. Including this effort, our other pipeline abuse improvements are below:

  1. Include public projects in pipeline minutes quota for free users.
  2. Expand application limits for preventing abuse of webhooks.

A user impacted by this change has the following options:

  • Provide a credit or debit card and use the 400 free minutes with shared runners.
  • A user can also run pipelines without providing a credit or debit card if they use their own runner and disable shared runners for their project.
  • Decline to provide the card and continue to use many of the GitLab capabilities for free. In this case, any feature within GitLab that relies on our pipelines won't work, such as: A pipeline (CI/CD generally), scheduled pipelines including on-demand DAST scans, defining your own pipelines, utilizing Auto DevOps.
  • Switch to GitLab self-managed

Validating an account

Continue the conversation

Please share your questions and feedback with us on the community forum.

Read the whole story
llucax
31 days ago
reply
Berlin
Share this story
Delete

Saturday Morning Breakfast Cereal - Fads

4 Comments and 12 Shares


Click here to go see the bonus panel!

Hovertext:
Google images assures me that the font style at top is 90s style, though it seems to me more late 80s? Anyway, I await your complaints.


Today's News:
Read the whole story
llucax
38 days ago
reply
"Parker Lewis can't lose" font
Berlin
popular
39 days ago
reply
Share this story
Delete
3 public comments
coursemenu
28 days ago
reply
oh
Noida, India
brennen
38 days ago
reply
This one hurts.
Boulder, CO
fxer
39 days ago
reply
Definitely Vedder singing, that’s exactly what’s printed in the liner notes for Yellow Ledbetter
Bend, Oregon
Next Page of Stories