@hypn.bsky.social

But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not: seclists.org/oss-sec/2026/q…

Boomers easily oneshotted by AI psychosis

🤤

crazy how many kicked off whole careers just from this one little app

related fun fact: using claude code to develop opencode is against anthropic ToS you are in fact not allowed to use it to develop ANY competing product or service

So an AI just broke Linux and the story is actually insane: • theori is a 9-time DEF CON CTF champion security firm, the kind of people who hack competitions for fun and win every time • they point their AI system, Xint Code, at the linux kernel's crypto subsystem like it's a saturday puzzle • one operator prompt. one hour. no custom tooling. no harnessing. nothing. • the AI finds a bug that has been sitting quietly in every linux distribution since 2017 • ubuntu, amazon linux, rhel, suse, debian, arch, fedora. all of them. nine years of kernel security review. missed. • the exploit is a 732-byte python script. no race window to win, no per-kernel offset to calculate, no luck required • same script. every distro. root shell. every single time. • crypto reviewers missed it for nine years because they were looking for cryptography failures. this wasn't one. it was a memory question. different discipline entirely. the AI didn't care. • oh and it's also a container escape. one pod in a kubernetes cluster runs this script and owns the entire host and every tenant on it • zerodium used to pay up to $500,000 for exactly this class of vulnerability

OPUS 4.7 JUST MASS EMAILED AN ENTIRE DATABASE 20 TIMES PER CONTACT. WITHOUT PERMISSION a developer had a safety rule explicitly written in CLAUDE. md: 'send the tester an email before any new email templates are used in the production environment' opus 4.7 on max effort ignored it completely! claude decided to create a brand new email template by itself (dev didn't ask for this), then it mass mailed the whole database and some contacts got the same email 20 times this isn't a hallucination this isn't a coding mistake model actively violated written safety rules and took production actions that it was explicitly instructed not to take. - do you still believe that AI will replace us? the developer's take: 'opus 4.7 is somewhere between seriously clueless and stupidly dangerous. the worst frontier model I have used in the past 2 years' at the same time, opus 4.6 perfectly followed all the rules, and in 4.7 something changed what makes this scary: - the model didn't ask for confirmation - it didn't flag the safety rule - it didn't email the tester first - it just acted this is exactly the kind of failure mode that scares autonomous agents with Ai, because they are confident enough to circumvent your rules and smart enough to perform the action perfectly we just went from 'claude thinks less' to 'claude ignores your safety rules and spams your users' the scariest thing is not that it happened. the fact is that without production monitoring, you would never know until your users started responding: 'why did you email me 20 times?' I've been saying for a long time, if you use AI, then pay attention to security and read a lot of code

Half the joy of collecting retro gaming is the box art, the cartridges, the artifacts. We've lost something important giving up on those physical manifestations of software. Comeback?

You probably already heard about Copy Fail - the Linux LPE that affects basically every current distro and shared-kernel/container environment I’ll post a few updates here soon copy.fail

CVE-2026-31431 a/k/a CopyFail > Linux LPE > Description sounds like AI slop > Exploit is legit > Impacts every Linux kernel from 2017 - Now > Proof-of-concept released > It's Wednesday? copy.fail

Microsoft finally opened the vault: the original DOS 1.00 source code is on GitHub, offering a raw, unfiltered look at computing history. hackster.io/news/dos-1-00-…

Time to talk about this one. CopyFail (CVE-2026-31431) — a 732-byte Python script that roots every Linux distro shipped since 2017. 🧵

this is a real npm package btw

For the SA tech community go do this training please it’s free and you will learn a lot.

32 years ago today I registered the @L0phtHeavyInd class C. I got the email from ARIN, sent the class C address to our ISP, then got the first packets routed over our 56K modem to our 486 linux box. When those first packets come through the whole room exploded with chants of, "We on da backbone!" Then came one of the first hacking resources on the web, shell accounts, a bbs, webcams, and lots of shenanigans. You can see an archive of the website here: gbppr.net/l0pht/l0pht.ht…

South Africa’s draft AI policy was just withdrawn because the references were hallucinated by AI. The department regulating "AI Ethics" couldn't even be bothered to check if their own footnotes existed. It’s a masterclass in irony: using AI to write the… cdn.bsky.app/img/avatar_thu…

do you understand what just happened to Robinhood.. Someone sent a perfect phishing email - real domain, DKIM pass, SPF pass, DMARC pass and Robinhood's own servers delivered it. Here's the chain: → Gmail treats john.doe@ and johndoe@ as the same inbox → Attacker registers a NEW Robinhood account using the dot trick of YOUR email → Sets the device name to raw HTML code → Robinhood's "unrecognized activity" email renders it unsanitized The "Review Activity Now" button? Attacker's phishing site. The email? 100% real.. Sent by Robinhood.. Signed by Robinhood.. Just because it passed every security check doesn't mean it's safe.

South Africa has withdrawn its first draft national AI policy after revelations that it contained fictitious sources in its reference list which appeared to have been AI-generated. reuters.com/world/africa/s…