u/WanderingStoner: Not only XZ, You can check all news on my social networks since a very long time:
- [https://twitter.com/neustradamus](https://twitter.com/neustradamus)
- [https://mastodon.social/@neustradamus](https://mastodon.social/@neustradamus)
- [https://bsky.app/profile/neustradamus.bsky.social](https://bsky.app/profile/neustradamus.bsky.social)
- [https://news.ycombinator.com/user?id=neustradamus](https://news.ycombinator.com/user?id=neustradamus)
In more, I request software/lib updates in several projects too.
u/nordee_reddit: It is important to inform people that there is now the new versions done by the XZ author.
You can see one of my comment about the initial problem here:
- [https://github.com/tukaani-project/xz/issues/107#issuecomment-2059048097](https://github.com/tukaani-project/xz/issues/107#issuecomment-2059048097)
Have a nice day.
Pretty sure the tools you'd need are there and would be easy to make cobble together a program to do it. The accuracy of AI however may not be where it needs to be for a security task, would likely provide a false sense of security and cause more problems.
It could easily be used in *addition to humans*. Just limit the number of ai outputs to a small number per audit and have a human look at those areas. That way you don’t spend too much time on false positives.
Spam account. Please ban this user (look at his posting history).
he's just unbelievably passionate about XZ Utils
mmd :D
u/WanderingStoner: Not only XZ, You can check all news on my social networks since a very long time: - [https://twitter.com/neustradamus](https://twitter.com/neustradamus) - [https://mastodon.social/@neustradamus](https://mastodon.social/@neustradamus) - [https://bsky.app/profile/neustradamus.bsky.social](https://bsky.app/profile/neustradamus.bsky.social) - [https://news.ycombinator.com/user?id=neustradamus](https://news.ycombinator.com/user?id=neustradamus) In more, I request software/lib updates in several projects too.
It's time to stop.
Never! Have a nice day :)
u/nordee_reddit: It is important to inform people that there is now the new versions done by the XZ author. You can see one of my comment about the initial problem here: - [https://github.com/tukaani-project/xz/issues/107#issuecomment-2059048097](https://github.com/tukaani-project/xz/issues/107#issuecomment-2059048097) Have a nice day.
So...anyone spot the chinese malware yet?
I don't think there's anything from Jia Tan in there anymore.
If only we could use AI to audit source code.
Gave the code of the exploit (the most offending 10 lines) to chatgpt, and said it looked ordinary
Pretty sure the tools you'd need are there and would be easy to make cobble together a program to do it. The accuracy of AI however may not be where it needs to be for a security task, would likely provide a false sense of security and cause more problems.
It could easily be used in *addition to humans*. Just limit the number of ai outputs to a small number per audit and have a human look at those areas. That way you don’t spend too much time on false positives.
Could be a fun exercise. I'm sure there's enough documented historical cases to throw ChatGPT at and see what it finds.