Umbhali weCurl ugxeka iingxelo zokhuseleko ezenziwe yi-AI

Darkcrizt

Imizuzu ye4

ai-ukhuseleko

I-AI yayidla ngokubhaqa imiba yokhuseleko

Zimbalwa iintsuku ezidlulileyo, UDaniel Stenberg (umbhali we Curl) yazise kwibhlog yakho, isithuba apho ayivakali nje kuphela njenge-a iyakugxeka ukusetyenziswa kwezixhobo zobuntlola ezenziweyo, kodwa ngendlela yesikhalazo, ukuphazamiseka oku kuvelisa yena kunye neqela lakhe, iingxelo zokhuseleko eziveliswa zizixhobo zobuntlola ezenziweyo.

Kwaye kupapasho lwakhe, uDaniel Stenberg ikhankanya ukuba iminyaka emininzi inkqubo yokuqinisekisa zonke iingxelo kunye nokulahla phakathi kweengxaki “zenkunkuma” kunye “nenyani” zokhuseleko, Yayingeyonto ifuna umgudu othe chatha., njengoko ikhankanya ukuba "iingxelo ze-junk nazo ngokuqhelekileyo zilula kakhulu kwaye zikhawuleza ukuzibona nokulahla."

Ngokunyuka kwamva nje kobukrelekrele bokwenziwa, imisebenzi emininzi ebikade ifuna iiyure ezininzi zokungenelela kwabantu iye yatshintshwa. Phakathi kweemeko ezikhankanywe kakhulu kule bhulogi, siye sajongana nezihloko ze-AI ezinikezelwe kwiprogram, ukuveliswa kwemifanekiso, kunye nokuhlelwa kwevidiyo, njenge-ChatGPT, i-Copilot, i-Bard, phakathi kwabanye.

Kwindawo ethile yenkqubo, uCopilot uvelise izigxeko ezininzi, eyona nto ixhalabisayo kukukwazi ukujongana nezimangalo ezisemthethweni. Nangona kunjalo, kwelinye icala lesikali, ukungenelela kobukrelekrele bokwenziwa kuye kwaguqula kakhulu iindawo ezahlukeneyo. Umzekelo, ekufumaneni iimpazamo kunye nemiba yokhuseleko kwikhowudi, ii-AI zidlale indima ebalulekileyo. Abantu abaninzi baye bamkela ezi zixhobo ukuchonga ii-bugs kunye nobuthathaka kwikhowudi, bahlala bethatha inxaxheba kwiinkqubo ze-bounty zokufumana imiba yokhuseleko.

UCurl akazange asinde kulo mkhwa, kwaye uDaniel Stenberg wavakalisa kwiblogi yakhe, Emva kweenyanga eziliqela ebambelele kuluvo lwakhe, ekugqibeleni wagqabhuka bangavumelani nokusetyenziswa kwezixhobo zobuntlola ezenziweyo. Isizathu sokukhathazeka kwakho ibiyi inani elikhulayo leengxelo "zenkunkuma" eziveliswa kukusetyenziswa kwezi zixhobo.

Kupapasho, kubalaseliswe oko Ezi ngxelo zinenkangeleko eneenkcukacha, zibhalwe ngolwimi oluqhelekileyo kwaye zibonakala zikumgangatho ophakamileyo. Nangona kunjalo, ngaphandle kohlalutyo olucokisekileyo, zijika zibe zilahlekisayo, kuba zithatha indawo yeengxaki zokwenyani ngomxholo okumgangatho ophantsi obonakala uxabisekile.

Le projekthi Curl, ebonelela ngembuyekezo ngokuchongwa kobuthathaka obutsha, ifumene iingxelo ezingama-415 zeengxaki ezinokubakho. Ukusuka kule seti, ngama-64 kuphela aqinisekisiweyo njengobuthathaka bokwenyani, I-77 ichaze iimpazamo ezingahambelani nokhuseleko kwaye, ngokumangalisayo, i-274 (66%) yayingenalo ulwazi oluluncedo, ukutya ixesha labaphuhlisi ebelinokuchithwa kwinto eluncedo.

Abaphuhlisi baphoqeleka ukuba bachithe ixesha elininzi lokuhlalutya iingxelo ezingenamsebenzi kwaye bahlolisise ngokuphindaphindiweyo ulwazi oluqulethwe kuyo, ekubeni umgangatho wangaphandle woyilo udala ukuthembela okongeziweyo kulwazi kwaye kukho imvakalelo yokuba umphuhlisi akazange aqonde into ethile.

Kwelinye icala, ukuvelisa ingxelo enjalo kufuna umgudu omncinci kwicala lomceli, ongazihluphiyo ngokujonga ukuba kukho ingxaki yokwenyani, kodwa ukhuphela ngokulula idatha efunyenwe kubancedisi be-AI, ngethemba lokufumana ithamsanqa. kumzabalazo wokufumana umvuzo.

UDaniel Stenberg, Yabelana ngemizekelo emibini yolu hlobo lwengxelo yenkunkuma:

  1. Kwimeko yokuqala, ngaphambi nje kokukhutshwa kolwazi olucwangcisiweyo malunga nobungozi obunzima ngo-Okthobha, ingxelo yafunyanwa ngeHackerOne ebonisa ukuba i-patch yoluntu sele ikhona ukusombulula lo mba. Nangona kunjalo, le ngxelo yajika yaba "yinkohliso," njengoko iqulethe idatha kwiingxaki ezifanayo kunye neziqwengana zolwazi oluneenkcukacha malunga nobuthathaka obudlulileyo, obuhlanganiswe ngumncedisi wobukrelekrele beGoogle, uBard. Nangona ulwazi lwalubonakala luyinoveli kwaye lufanelekile, lwalungenalo unxibelelwano nenyani.
  2. Kwimeko yesibini, kuye kwafunyanwa ingxelo malunga nokuphuphuma kwebuffer kwi-WebSocket handling. Le ngxelo ivele kumsebenzisi osele exele ubuthathaka kwiiprojekthi ezininzi ngeHackerOne. Ukuphinda kuveliswe umba, ingxelo inike imiyalelo ngokubanzi malunga nendlela yokufaka isicelo esilungisiweyo kunye nomzekelo wokulungisa.

Ngaphandle kokujonga ngokucokisekileyo kathathu ikhowudi, umphuhlisi akafumananga miba. Noko ke, ekubeni le ngxelo yabhalwa ngendlela yokuba ivelise ukuzithemba “abanye” kwaza kwanika nesisombululo esicetywayo, imvakalelo yokuba akukho nto idibanisayo yaqhubeka.

Ngomzamo wokucacisa indlela umsebenzisi aphumelele ngayo ukudlula ukujonga ubungakanani, kukhankanyiwe ukuba iinkcazo zingenalwazi olongezelelweyo kwaye zixubushe kuphela izizathu eziqhelekileyo eziqhelekileyo zokuphuphuma kwe-buffer ezingahambelani nekhowudi ye-Curl. Iimpendulo zazisikhumbuza ukunxibelelana nomncedisi we-AI, kwaye emva kwemizamo elilize yokufumanisa indlela ingxaki ezibonakalisa ngayo, uDaniel Stenberg ekugqibeleni waqiniseka ukuba akukho buthathaka bukhoyo kwaye wasivala isihloko "njengesisebenzayo."

Okokugqibela, ukuba unomdla wokwazi ngakumbi ngayo, ungajongana neenkcukacha kwi ukulandela ikhonkco.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.