Weekly Community News - 2022-09-09
California Passes Law Requiring Companies to Post Salary Ranges on Job Listings
Submitted by: jonafato on 2022-09-06T23:06:52Z
California has passed a law requiring companies to post salary ranges with job postings. The law also requires companies with more than 100 employees to publish data about their racial and gender pay gaps. It now goes to the Governor to sign or veto by the end of September. Colorado, Washington, and New York City have similar salary posting laws in place, and the New York State legislature has passed one that is now awaiting the Governor's signature.
India Tech Hub hit with massive flood and outages
Submitted by: kjaymiller on 2022-09-06T12:01:12Z
Many parts of the city, dubbed India’s tech capital, were under water for a second day on Tuesday as more rain fell in an unusually wet monsoon season. The southern Indian city of Bengaluru after dealt with two days of torrential rains, setting off long traffic snarls, widespread power outages and heavy floods. This weather compounds with the complaints from companies that infrastructure development has not kept up with the massive boom to population in the area post-COVID.
fast-math compiler options result in incorrect math results
Submitted by: crazy4pi314 on 2022-09-07T16:33:01Z
Fast math compilation options lead to incorrect floating point math results. When you use gcc to compile, you can use an option to ask it to drop precision to speed up the compilation, but when the shared library is loaded it also sets a CPU flag to use less numerically precise methods for speed. This flag should only be set during compilation, and not carry to the produced code. The linked blog post investigates packages on pip and found 2500 packages that exhibit the degraded numerical precision if complied fast.
Python 3.10.7 Released
Submitted by: kjaymiller on 2022-09-07T19:24:55Z
Python releases 3.10.7, 3.9.14, 3.8.14, and 3.7.14 are now available This bugfix version of Python was released out-of-schedule to address CVE-2020-10735. The update changes how converting between integers and strings in bases other than binary, octal, hexadecimal, and base 32. If the number of digits in string form is above a limit a ValueError is now raised to avoid potential denial of service attacks due to the algorithmic complexity. This setting limit can be configured or disabled by environment variable, command line flag, or sys APIs. See the integer string conversion length limitation documentation.
Lightbend ditches Apache 2 license – Chooses BSL
Submitted by: kjaymiller on 2022-09-07T23:19:22Z
Lightened the company behind the micro services platform Akka has changed the license to BSL-1, moving away from the Apache2 License. The 13 year old product will remain free for testing and other-non-production uses but require a commercial license for use in production. Businesses making less that $25 million in annual revenue will be able to receive the license free of charge.
OSS-Fuzz finds a command injection bug in TinyGLTF
Submitted by: jonafato on 2022-09-09T02:28:46Z
OSS-Fuzz, Google's service for fuzz-testing open source software, has identified a command injection vulnerability in TinyGLTF, which has since been patched. OSS-Fuzz has been operating since 2016 and began adding new "sanitizers" in December, 2021, one of which detected the bug in question. The project is accepting new sanitizers and offering rewards of $11,337 for integrations that identify two or more vulnerabilities in existing OSS-Fuzz projects. OSS-Fuzz supports projects written in several programming languages, including Python