Ingqalasizinda ye-PyTorch ibe sengozini

Darkcrizt

Imizuzu ye-3

I-PyTorch

Ilogo ye-PyTorch

Muva nje u-simininingwane ngokuhlaselwa ikhishwe ukuthi ingqalasizinda esetshenziswe ekuthuthukisweni kohlaka lokufunda lomshini yalimala I-PyTorch. Phakathi kwemininingwane yobuchwepheshe eveziwe, kuyashiwo lokho Umhlaseli ukwazile ukukhipha okhiye bokufinyelela okukuvumela ukuthi ufake idatha engafanele endaweni ye-GitHub ne-AWS, ushintshe ikhodi egatsheni eliyinhloko lekhosombe, futhi wengeze i-backdoor ngokuncika.

Lesi sehlakalo kubangela izingozi ezinkulu, njengoba ukukhwabanisa kwezinguqulo ze-PyTorch kungase kusetshenziselwe ukuhlasela izinkampani ezinkulu ezifana ne-Google, i-Meta, i-Boeing ne-Lockheed Martin, ezisebenzisa i-PyTorch kumaphrojekthi azo.

Ezinyangeni ezine ezedlule, mina no-Adnan Khan saxhaphaza ukuba sengozini okubucayi kwe-CI/CD ku-PyTorch, enye yezinkundla ezihamba phambili emhlabeni zokufunda umshini. Isetshenziswa ama-titans afana ne-Google, i-Meta, i-Boeing, ne-Lockheed Martin, i-PyTorch iyithagethi enkulu yabaduni kanye nezifunda zezwe ngokufanayo.

Ngenhlanhla, sisebenzise lobu bungozi ngaphambi kokuthi abantu ababi benze kanjalo.

Sikwenze kanjena.

Mayelana nokuhlasela, kuyashiwo ukuthi lokhu Kwehlela emandleni okusebenzisa ikhodi kumaseva wokuhlanganisa aqhubekayo enza ukwakha kabusha futhi asebenzise imisebenzi ukuze ahlole izinguquko ezintsha eziphushelwe endaweni yokugcina. Inkinga ithinta amaphrojekthi asebenzisa abashayeli be-“Self-Hosted Runner” bangaphandle nge-GitHub Actions. Ngokungafani nezenzo ze-GitHub ezivamile, izilawuli ezizibambele zona azisebenzi kungqalasizinda ye-GitHub, kodwa kumaseva azo noma emishinini ebonakalayo enakekelwa onjiniyela.

Ukwenza imisebenzi yokwakha kumaseva akho kukuvumela ukuthi uhlele ukukhishwa kwekhodi engaskena inethiwekhi yangaphakathi yenkampani, useshe i-FS yendawo ukuze uthole okhiye bokubethela namathokheni okufinyelela, futhi uhlaziye okuguquguqukayo kwemvelo ngamapharamitha ukuze ufinyelele isitoreji sangaphandle noma izinsiza zamafu futhi ngalokhu, ngalaba bashayeli, umhlaseli ukwazile ukwenza imisebenzi yokuhlanganisa kumaseva abo, okubavumela ukuthi bahlole inethiwekhi yangaphakathi yenkampani ukuze bafune okhiye bokubethela namathokheni okufinyelela.

Ku-PyTorch nakwamanye amaphrojekthi asebenzisa i-Self-Hosted Runner, Los Onjiniyela bangaqhuba imisebenzi yokwakhan kuphela ngemva kokuba izinguquko zakho sezibuyekeziwe. Nokho, umhlaseli ukwazile ukudlula lesi simiso ngokuthumela kuqala ushintsho oluncane bese-ke, uma sekwamukelwe, uthole ngokuzenzakalelayo isimo "somhleli" okuvumele ukuthi usebenzise ikhodi kunoma iyiphi indawo ye-GitHub Actions Runner ehlotshaniswa nenqolobane noma inhlangano eqondisayo. Ngesikhathi sokuhlasela, okhiye bokufinyelela be-GitHub kanye nokhiye be-AWS babanjwa, okuvumela umhlaseli ukuthi afake engcupheni ingqalasizinda.

Isixhumanisi sesimo "somnikeli" sibe lula ukusidlula: kwanele ukuthi uqale uthumele ushintsho oluncane bese ulinda ukuthi lwamukelwe kusisekelo sekhodi, ngemuva kwalokho umthuthukisi athole ngokuzenzakalelayo isimo sombambiqhaza osebenzayo. izicelo zayo zokudonsa zingahlolwa kungqalasizinda ye-CI ngaphandle kokuqinisekisa okuhlukile. Ukuze kuzuzwe isimo sikanjiniyela osebenzayo, ukuhlola kufake izinguquko ezincane zezimonyo ukuze kulungiswe ama-typos kumadokhumenti. Ukuze uthole ukufinyelela endaweni yokugcina nokugcinwa kwezinguqulo ze-PyTorch, ngesikhathi sokuhlasela lapho kusetshenziswa ikhodi ku-"Self-Hosted Runner", ithokheni ye-GitHub esetshenziselwa ukufinyelela inqolobane kusukela ezinqubweni zokwakha yavinjelwa (GITHUB_TOKEN ivunyelwe ukufinyelela kokubhala ), kanye njengokhiye be-AWS ababandakanyekayo ekulondolozeni imiphumela yokwakha.

Ngenxa yalokho, kushiwo lokho lolu daba aluqondile ku-PyTorch futhi luthinta amanye amaphrojekthi amakhulu ezisebenzisa ukucushwa okuzenzakalelayo “koMgijimi Ozisingathile” ku-GitHub Actions.

Ngaphezu kwalokho, amathuba okuhlaselwa okufanayo kwe-cryptocurrency, i-blockchain, i-Microsoft Deepspeed, i-TensorFlow namanye amaphrojekthi kuye kwashiwo, okunemiphumela engaba yingozi. Abacwaningi bathumele izicelo ezingaphezu kuka-20 ezinhlelweni ze-bug bounty, befuna imivuzo ebiza amakhulu ezinkulungwane zamaRandi.

ekugcineni uma ukhona unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.