2024-04-05 08:32:53
This https://arxiv.org/abs/2403.16301 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csNI_…
This https://arxiv.org/abs/2403.16301 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csNI_…
This https://arxiv.org/abs/2404.01001 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.04242 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2208.13044 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2106.13372 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2104.08864 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2106.10362 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2304.12046 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2403.08179 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2011.01718 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2404.15297 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2006.04681 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2312.10797 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2401.08019 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2306.02194 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.05866 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2403.08678 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2307.04440 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2103.05161 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2202.05340 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2205.05100 has been replaced.
link: https://scholar.google.com/scholar?q=a
My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
6. Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
7. Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner *and* automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
8. Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian #OpenPGP #web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
9. What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
H/T @… @… @… @… @…
This https://arxiv.org/abs/2403.13311 has been replaced.
link: https://scholar.google.com/scholar?q=a
The Complexity of Geodesic Spanners using Steiner Points
Sarita de Berg, Tim Ophelders, Irene Parada, Frank Staals, Jules Wulms
https://arxiv.org/abs/2402.12110
This https://arxiv.org/abs/2010.10751 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/1409.4319 has been replaced.
link: https://scholar.google.com/scholar?q=a<…
This https://arxiv.org/abs/2311.17978 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.16659 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2306.10707 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2306.06449 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2203.08168 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2209.01426 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2310.04532 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2210.00838 has been replaced.
link: https://scholar.google.com/scholar?q=a
Q-adaptive: A Multi-Agent Reinforcement Learning Based Routing on Dragonfly Network
Yao Kang, Xin Wang, Zhiling Lan
https://arxiv.org/abs/2403.16301 https:…
This https://arxiv.org/abs/2208.13276 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2107.09774 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2309.07359 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_ees…
This https://arxiv.org/abs/2403.08678 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2310.15106 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2211.14361 has been replaced.
link: https://scholar.google.com/scholar?q=a
My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
6. Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
7. Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner *and* automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
8. Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian #OpenPGP #web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
9. What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
H/T @… @… @… @… @…
This https://arxiv.org/abs/2310.14821 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2401.08158 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.03041 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2207.04507 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.04791 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2309.09882 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/1907.00092 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2210.05325 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.04791 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2210.12127 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2309.01604 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2208.13276 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/1611.09327 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2304.08146 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2203.14127 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.05414 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2011.11816 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2401.03630 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2211.11422 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2403.02153 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2310.14941 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2210.12127 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.03499 has been replaced.
link: https://scholar.google.com/scholar?q=a
Broadened-beam Uniform Rectangular Array Coefficient Design in LEO SatComs Under Quality of Service and Constant Modulus Constraints
Weiting Lin, Yuchieh Wu, Borching Su
https://arxiv.org/abs/2403.07435
This https://arxiv.org/abs/2207.04251 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2102.07894 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2205.06011 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2304.00742 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2309.13882 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2206.08810 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2102.07894 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2210.07748 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2311.11793 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2207.04251 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2312.10914 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2309.09101 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2205.06011 has been replaced.
link: https://scholar.google.com/scholar?q=a
Unlocking Electro-optic Resonant Phase Shifting for Multi-dimensional, Ultra-dynamic Photonic Switches
Lingzhi Luo, Rui Ma, Richard V. Penty, Qixiang Cheng
https://arxiv.org/abs/2403.02866
This https://arxiv.org/abs/2309.09101 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2402.04913 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2001.04447 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2207.12128 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2309.13720 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2304.08356 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2310.07621 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/1906.04781 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2310.00685 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2310.00684 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2205.15096 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2210.07592 has been replaced.
link: https://scholar.google.com/scholar?q=a
This https://arxiv.org/abs/2312.11180 has been replaced.
link: https://scholar.google.com/scholar?q=a