Aggregator

烟灰行星可能比水世界更常见

Solidot
3 months 2 weeks ago
根据天文学研究,水世界被认为是太阳系中最常见的行星类型之一。水世界并非指像地球一样拥有海洋,而是指质量主要由水冰组成的行星。但一项新研究认为,烟灰行星(Soot Planet)可能比水世界更常见。在天文学中,烟灰是指耐高温有机碳,一种含有碳、氢、氧与氮的有机碳化合物,常用缩写 CHON 表示。在太阳系中,烟灰其实相当普遍,一些估计甚至认为它占据了彗星总质量的 40%。这类行星的特异化学成分对其适居性有着重要的意涵。它们可能拥有钻石核心,导致更难产生强大的磁场来保护生命免受宇宙射线伤害。另一方面,它们也可能富含甲烷与其他挥发性有机物,这些物质被认为是生命起源前化学反应的重要前提。

资深程序员比初级程序员更可能使用 AI 生成代码

Solidot
3 months 2 weeks ago
Fastly 对 791 名程序员的调查发现,资深程序员和初级程序员在使用 AI 生成代码上存在显著差异。三分之一有 10 年以上开发经验的资深程序员表示他们交付的代码逾半数由 AI 生成,相比下开发经验不到两年的初级程序员中这一比例只有 13%,前者是后者的两倍半。一名资深程序员称,AI 比人类更快对代码进行组件测试并发现错误,然后无缝修复。但一位初级程序员表示对 AI 生成的代码并不那么信任,称自己需要经常重写代码。近三成的资深程序员表示编辑 AI 生成代码的时间足以抵消大部分节省的时间,而初级程序员中这一比例仅为 17%。尽管如此,59% 的资深开程序员表示 AI 工具帮助他们加快交付速度,而初级程序员中这一比例为 49%。略超过半数的初级程序员表示,AI 略微提升了开发速度。相比之下资深程序员中这一比例仅为 39%。但资深程序员更可能报告开发速度显著提升:26% 的资深程序员表示 AI 让开发速度大幅提升,是初级程序员(13%)的两倍。

GNOME 基金会执行董事上任 4 个月后卸任

Solidot
3 months 2 weeks ago
支持 GNOME 桌面环境项目的非盈利基金会似乎难以找到一位能长期担任执行董事的人。去年执行董事 Holly Million 在任职仅仅 10 个月之后卸任,今年的执行董事 Steven Deobald 在上任 4 个月后卸任。GNOME 基金会对此没有给出详细解释,只是很官方的表态 Steven 取得了很多成绩,但董事会认为他并不适合担任执行董事。

神秘人族头骨被发现有至少 28.6 万年历史

Solidot
3 months 2 weeks ago
1960 年在希腊北部 Petralona 洞穴发现的神秘人族头骨鉴定至少有 28.6 万年历史。这块头骨是由一名当地村民发现的,它既不像尼安德特人,也不像现代人类。几十年来,所有鉴定和精确测年的尝试都未能成功,它的年龄推测范围从 17 万年到 70 万年前不等。法国古生物学家采用了铀系测年法,这种方法可测量铀同位素衰变为钍的速率。由于铀是由环境不断供应的,因此该方法在露天土壤沉积物中不太可靠。但洞穴是一个封闭的系统:随着水渗透岩石和蒸发,会留下含铀但不含钍的方解石沉积物。方解石层中的铀会随着时间衰变为钍,可用于计算初始形成时间。研究结果表明,覆盖头骨的方解石层至少在 28.6 万年前形成,误差为 9000 年。

HashiCorp Vault Vulnerability Let Attackers to Crash Servers

Cyber Security News
3 months 2 weeks ago

A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instances unresponsive.  Tracked as CVE-2025-6203 and published on August 28, 2025, the flaw affects both Vault Community and Enterprise editions from version 1.15.0 up to several patched releases.  […]

The post HashiCorp Vault Vulnerability Let Attackers to Crash Servers appeared first on Cyber Security News.

Florence Nightingale

MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files

Cyber Security News
3 months 2 weeks ago

A critical flaw in the Mobile Security Framework (MobSF) has been discovered, allowing authenticated attackers to upload and execute malicious files by exploiting improper path validation.  The vulnerability, present in version 4.4.0 and patched in 4.4.1, underscores the importance of rigorous sanitization when handling user‐supplied file paths and archives. Key Takeaways1. MobSF v4.4.0 allowed attackers […]

The post MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files appeared first on Cyber Security News.

Florence Nightingale

CVE-2025-41031 | T-INNOVA Deporsite prior 02.14.1115 POST Request uploadImage IdPersona/Foto authorization

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability marked as problematic has been reported in T-INNOVA Deporsite. Impacted is an unknown function of the file /ajax/TInnova_c/FotoUsuario/llamadaAjax/uploadImage of the component POST Request Handler. The manipulation of the argument IdPersona/Foto leads to incorrect authorization. This vulnerability is documented as CVE-2025-41031. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-41030 | T-INNOVA Deporsite prior 02.14.1115 buscarPersona dni authorization

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability labeled as problematic has been found in T-INNOVA Deporsite. This issue affects some unknown processing of the file /ajax/TInnova_v2/Integrantes_Recurso_v2_1/llamadaAjax/buscarPersona. Executing manipulation of the argument dni can lead to incorrect authorization. This vulnerability is registered as CVE-2025-41030. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-41690 | Endress+Hauser Promag 10 with HART Bluetooth log file (VDE-2025-068)

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability identified as problematic has been detected in Endress+Hauser Promag 10 with HART, Promag 10 with IO-Link, Promag 10 with Modbus, Promass 10 with HART, Promass 10 with IO-Link and Promass 10 with Modbus. This vulnerability affects unknown code of the component Bluetooth. Performing manipulation results in sensitive information in log files. This vulnerability is cataloged as CVE-2025-41690. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.
vuldb.com

Managed ad