Darrell

‼️🚨 BREAKING: An AI found a Linux kernel zero-day that roots every distribution since 2017. The exploit fits in 732 bytes of Python. Patch your kernel ASAP. The vulnerability is CVE-2026-31431, nicknamed "Copy Fail," disclosed today by Theori. It has been sitting quietly in the Linux kernel for nine years. Most Linux privilege-escalation bugs are picky. They need a precise timing window (a "race"), or specific kernel addresses leaked from somewhere, or careful tuning per distribution. Copy Fail needs none of that. It is a straight-line logic mistake that works on the first try, every time, on every mainstream Linux box. The attacker just needs a normal user account on the machine. From there, the script asks the kernel to do some encryption work, abuses how that work is wired up, and ends up writing 4 bytes into a memory area called the "page cache" (Linux's high-speed copy of files in RAM). Those 4 bytes can be aimed at any program the system trusts, like /usr/bin/su, the shortcut to becoming root. Result: the next time anyone runs that program, it lets the attacker in as root. What should worry most: the corruption never touches the file on disk. It only exists in Linux's in-memory copy of that file. If you imaged the hard drive afterwards, the on-disk file would match the official package hash exactly. Reboot the machine, or just put it under memory pressure (any normal system load that needs the RAM), and the cached copy reloads fresh from disk. Containers do not help either. The page cache is shared across the whole host, so a process inside a container can use this bug to compromise the underlying server and reach into other tenants. The original sin was a 2017 "in-place optimization" in a kernel crypto module called algif_aead. It was meant to make encryption slightly faster. The change broke a critical safety assumption, and nobody noticed for nine years. That bug then rode every kernel update from 2017 to today. This vulnerability affects the following: 🔴 Shared servers (dev boxes, jump hosts, build servers): any user becomes root 🔴 Kubernetes and container clusters: one compromised pod escapes to the host 🔴 CI runners (GitHub Actions, GitLab, Jenkins): a malicious pull request becomes root on the runner 🔴 Cloud platforms running user code (notebooks, agent sandboxes, serverless functions): a tenant becomes host root Timeline: 🔴 March 23, 2026: reported to the Linux kernel security team 🔴 April 1: patch committed to mainline (commit a664bf3d603d) 🔴 April 22: CVE assigned 🔴 April 29: public disclosure Mitigation: update your kernel to a build that includes mainline commit a664bf3d603d. If you cannot patch immediately, turn off the vulnerable module: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true For environments that run untrusted code (containers, sandboxes, CI runners), block access to the kernel's AF_ALG crypto interface entirely, even after patching. Almost nothing legitimate needs it, and blocking it shuts the door on this whole class of bug...

@kittytreats LoLz 😆 I’m facing the same dilemma! Reading the fine print, I think the ugly one is only available at a specific location (?)

Passport update. I hope I don’t get the ugly one…

Federal authorities have finally located Antifa’s highly sophisticated secret messaging center:

A photo of seashells, really? #snowflake

I feel insane. We had the chance to STOP this law but no one cared. Now everyone cares after it went through. It’s terrible, but it’s also a lesson in why we need to actually stop and kill surveillance laws and government overreach on certain tech BEFORE it passes. Call ur reps!

If you were horrified last night watching our elected leaders run and scramble because of gun violence, just imagine how my daughter Jaime felt in school running from an active shooter before she was killed. Now, becomes a part of the solution and only vote for people determined to address gun violence in America.

My tribute to Virginia: open.substack.com/pub/tarapalmer…

How you wash your hair in space: demonstrated by astronaut Karen Nyberg on the International Space Station.

@kmcnam1 OMG all the time! Yikes 😱

100% my brain...

@SamKuffelWx Cheers! 🍻 And Happy Birthday 🎁

Sunny and 75° calls a beer garden birthday beer after a round of disc golf. Cheers to 33 🍻

A final piece of advice from Holly Butcher - written the day before she passed away from cancer at just 27: “It’s a strange thing knowing you’re going to die young. At 26, I thought I had time… To fall in love. Start a family. Grow old. But cancer doesn’t care about plans. Now, I understand how fragile life really is. Every single day is a gift, not a guarantee. I’m not writing this to scare you. I’m writing to remind you: really live. Stop stressing over little things. Be kind to your body- move it, nourish it, stop criticizing it. One day you’ll wish you had appreciated it. Go outside. Look at the sky. Feel the sun. Just be. Spend less time chasing “stuff” - more time making memories. Don’t skip moments with people you love. Laugh more. Write a note. Tell someone you love them. Complain less. Give more. Helping others brings more joy than anything you can buy. Be present. Put your phone down. Show up - really show up. You don’t need to have it all figured out. You don’t need a perfect body, or a perfect life. Just follow what makes your heart light up. Say no to what drains you. Make changes when you need to. And please - donate blood. I wouldn’t have had that extra year without it. And that year gave me memories I’ll hold close… forever. Thank you for reading this. Live your life well. And maybe… we’ll meet again someday.” Holly 🩷 Repost & share Holly’s important advice. ❤️

@FrameworkPuter Awesome 😎

Our biggest breakthrough in efficiency yet, the Framework Laptop 13 Pro with 20 hours of battery life. In Graphite. Linux-first with options for Ubuntu pre-installed. Featuring Intel® Core™ Ultra Series 3 processors, LPCAMM2 Memory, a new haptic touchpad, and a touchscreen display. Pre-orders for the Framework Laptop 13 Pro open now: frame.work

TACO Tuesday 🌮 #taco

@tommithetechie Have a good nap 😴

I could not get to sleep until 3 AM and then had to get up at 6 AM. The coffee is NOT strong enough today. I cannot wait to take a mega nap later this afternoon. I know, this isn't a fun retro photo post but I just wanted to complain to someone 😭

@jyn_urso Congratulations!

Hello. Dr. Paez is in the house.

@tommithetechie Awesome 😎

Destroying the @InternetArchive's @WayBackMachine would be the equivalent of the burning of the Library of Alexandria - one of the worst losses of knowledge in history. Media giants are now threatening to do this. We can't let this happen. Pass it on.

😂