MongoBleed Explained Simply

dwheeler 7 hours ago|

This has many similarities to the Heartbleed vulnerability: it involves trusting lengths from an attacker, leading to unauthorized revelation of data.

reassess_blind 9 hours ago||

Have all Atlas clusters been auto-updated with a fix?

enether 1 minute ago|

yes. apparently before Dec 19 too

ChrisArchitect 9 hours ago||

https://news.ycombinator.com/item?id=46394620

petesergeant 8 hours ago||

> In C/C++, this doesn’t happen. When you allocate memory via `malloc()`, you get whatever was previously there.

What would break if the compiler zero'd it first? Do programs rely on malloc() giving them the data that was there before?

pelorat 1 hour ago||

That's what calloc() is for

mdavid626 4 hours ago||

It takes time to zero out memory.

fwip 8 hours ago|

"MongoBleed Explained by an LLM"

tuetuopay 22 minutes ago|

If it is, it's less fluffy and empty than most of LLM prose we're usually fed. It's well explained and has enough details to not be overwhelming.

Honestly, aside from the "<emoji> impact" section that really has an LLM smell (but remember that some people legit do this since it's in the llm training corpus), this more feels like LLM assisted (translated? reworded? grammar-checked?) that pure "explain this" prompt.