I found this project because it was awarded a prize as "best security research artifact" by the CNRS (French national research institute). It is the based on multiple peer-reviewed research paper published in international conferences. The paper introducing it is here: https://hal.science/hal-04278090. I don't think it is AI slop, at least I really hope not.
I shared it here because I thought it would be interesting to see a discussion of the underlying concept and of its implementation, but it seems nowadays most people stop at how the README looks.
Well, to be fair, after a quick glance at a couple of source files, it doesn't look like slop. But the readme does it a disservice IMO.
The broader issue is that nowadays there's so much slop it would take too long to check the source code (especially since you need to look quite deep into it to see if it makes sense). So obviously people (including me) have to cut corners. Sucks for legit projects, yeah. On the other hand, I don't understand why they just didn't write a decent readme without the emojis. Compared to writing the thing, it doesn't look like that much effort
Agreed, as I'm not a fan of emoji-filled readme either. But we have to admit it existed largely before LLMs (if only because LLMs had to learn that's how READMEs have to look-like from somewhere).
Anyway, making people overreact like this on first sight, based only on superficial aspects of a project, is certainly another reason to dislike generative AIs.
Yes, the graph shows that RaR is much faster than sudo for large rule sets.
However...just below the graph in the readme it mentions an issue where it could crash when more than 100 rules are added -- that issue was closed as "Not planned" (which is code for will not fix).
Since you've mentioned that, I wonder if there is a single person who cares about the performance of sudo. Like, is there a single case where it's not fast enough?
A better alternative to Audi(-rs)Su
This project includes sudo-rs code licensed under the Apache-2 and MIT licenses: We have included cutils.rs, securemem.rs to make work the rpassword.rs file. Indeed, We thought that the password was well managed in this file and we have reused it. As sudo-rs does, rpassword.rs is from the rpassword project (License: Apache-2.0). We use it as a replacement of the rpassword project usage.
Could you elaborate? It is a research project by a PhD student. Why do you think it's bad the author put their efforts into the concept they're working on (giving users the least privilege they need rather than all root powers ; that's why they say it's "better" from a security stand point) by taking advantage of existing code under open source licence (with attribution) rather than reinventing the wheel?
SomeRedTeapot@reddit
I have no idea about the project as a whole, but the readme screams slop and makes me want to vomit
p4bl0@reddit (OP)
I found this project because it was awarded a prize as "best security research artifact" by the CNRS (French national research institute). It is the based on multiple peer-reviewed research paper published in international conferences. The paper introducing it is here: https://hal.science/hal-04278090. I don't think it is AI slop, at least I really hope not.
I shared it here because I thought it would be interesting to see a discussion of the underlying concept and of its implementation, but it seems nowadays most people stop at how the README looks.
SomeRedTeapot@reddit
Well, to be fair, after a quick glance at a couple of source files, it doesn't look like slop. But the readme does it a disservice IMO.
The broader issue is that nowadays there's so much slop it would take too long to check the source code (especially since you need to look quite deep into it to see if it makes sense). So obviously people (including me) have to cut corners. Sucks for legit projects, yeah. On the other hand, I don't understand why they just didn't write a decent readme without the emojis. Compared to writing the thing, it doesn't look like that much effort
p4bl0@reddit (OP)
Agreed, as I'm not a fan of emoji-filled readme either. But we have to admit it existed largely before LLMs (if only because LLMs had to learn that's how READMEs have to look-like from somewhere).
Anyway, making people overreact like this on first sight, based only on superficial aspects of a project, is certainly another reason to dislike generative AIs.
MelioraXI@reddit
But but...
77% faster than sudo when using a single rule
Scales 40% better than sudo as more rules are added
/s
On a serious note, yes it kinda of reeks of ai sloop.
neoh4x0r@reddit
Yes, the graph shows that RaR is much faster than sudo for large rule sets.
However...just below the graph in the readme it mentions an issue where it could crash when more than 100 rules are added -- that issue was closed as "Not planned" (which is code for will not fix).
SomeRedTeapot@reddit
Since you've mentioned that, I wonder if there is a single person who cares about the performance of sudo. Like, is there a single case where it's not fast enough?
spyingwind@reddit
Me?!
Setting aside credential prompts, less than 100ms seams reasonable to me. Maybe 200ms if doing some network auth stuff.
ABotelho23@reddit
😐
p4bl0@reddit (OP)
Could you elaborate? It is a research project by a PhD student. Why do you think it's bad the author put their efforts into the concept they're working on (giving users the least privilege they need rather than all root powers ; that's why they say it's "better" from a security stand point) by taking advantage of existing code under open source licence (with attribution) rather than reinventing the wheel?
Junior_Common_9644@reddit
How 'bout, "NO!"