frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Copy-fail-destroyer: K8s remediation for CVE-2026-31431

https://github.com/NorskHelsenett/copy-fail-destroyer
9•evenh•3h ago

Comments

cassianoleal•1h ago
Yeah run a highly privileged, node-level workload by an Internet stranger to mitigate against a kernel vulnerability. No thanks.

In any case, this unloads the module which does nothing if it's compiled into the kernel as in GKE.

antiloper•38m ago
Blacklisting a kernel module only prevents modprobe from loading it automatically. modprobe by name still works, even if the module is blacklisted, and so does insmod and the syscalls they use.

The author is way above their head and thinks that because they can write Copilot prompts they can write security critical software.

bombcar•26m ago
Why does it check every five minutes? Do they think the kernel is changing in a running instance faster?
glacier9147•24m ago
Wouldn't manually loading a module require elevated privileges? Isn't the issue they are trying to solve that completely unprivileged users can exploit the module to elevate their privileges?
ButlerianJihad•18m ago
Let's consider a sysadmin who says "I blacklisted this module, so we shall never see it on this system."

And then, some random service or cronjob goes down a list and "modprobes" things. Such as a vulnerability scanner.

So the kernel module got loaded by name, until the next reboot.

Yeah, it's another coincidence and another narrowing of the conditions by which this can be exploited. But it's correct to say that blacklisting modules is not the panacea or a 100% airtight solution.

antiloper•11m ago
I just tried it on Ubuntu 24.04. Blacklisting algif_aead does not prevent the module from getting loaded by `nobody` using the unprivileged AF_ALG API.

So this project literally does nothing except spew some vibe coded slop across your cluster. Please just upgrade your kernel packages, it's way safer.

Belgium stops decommissioning nuclear power plants

https://dpa-international.com/general-news/urn:newsml:dpa.com:20090101:260430-930-14717/
71•mpweiher•48m ago•22 comments

Granite 4.1: IBM's 8B Model Matching 32B MoE

https://firethering.com/granite-4-1-ibm-open-source-model-family/
138•steveharing1•2h ago•76 comments

I aggregated 28 US Government auction sites into one search

https://bidprowl.com
19•scarsam•40m ago•5 comments

Mozilla's Opposition to Chrome's Prompt API

https://github.com/mozilla/standards-positions/issues/1213
237•jaffathecake•5h ago•97 comments

Where the goblins came from

https://openai.com/index/where-the-goblins-came-from/
781•ilreb•9h ago•464 comments

Noctua releases official 3D CAD models for its cooling fans

https://www.noctua.at/en/3d-cad-models
337•embedding-shape•2d ago•79 comments

Zed 1.0

https://zed.dev/blog/zed-1-0
1947•salkahfi•22h ago•617 comments

The Zig project's rationale for their anti-AI contribution policy

https://simonwillison.net/2026/Apr/30/zig-anti-ai/
398•lumpa•10h ago•202 comments

Copy Fail

https://copy.fail/
1125•unsnap_biceps•18h ago•405 comments

How to Disable Firefox's New Emoji Picker

https://emsh.cat/en/how-to-disable-firefoxs-emoji-picker/
16•embedding-shape•2h ago•30 comments

GCC 16 has been released

https://gcc.gnu.org/gcc-16/changes.html
68•HeliumHydride•1h ago•5 comments

A Primer on Bézier Curves – So What Makes a Bézier Curve?

https://pomax.github.io/bezierinfo/
27•mostlyk•2d ago•10 comments

Craig Venter has died

https://www.jcvi.org/media-center/j-craig-venter-genomics-pioneer-and-founder-jcvi-and-diploid-ge...
261•rdl•11h ago•55 comments

"Parse, don't validate" through the years with C++

https://derekrodriguez.dev/parse-dont-validate-through-the-years-with-c-/
44•dwrodri•2d ago•15 comments

Cursor Camp

https://neal.fun/cursor-camp/
1031•bpierre•21h ago•166 comments

Alignment whack-a-mole: Finetuning activates recall of copyrighted books in LLMs

https://github.com/cauchy221/Alignment-Whack-a-Mole-Code
164•reconnecting•9h ago•127 comments

DataCenter.FM – background noise app featuring the sound of the AI bubble

https://datacenter.fm/
48•louisbarclay•5h ago•9 comments

Biology is a Burrito: A text- and visual-based journey through a living cell

https://burrito.bio/essays/biology-is-a-burrito
137•the-mitr•9h ago•20 comments

For the first time in history, more Americans are moving to EU than vice versa

https://twitter.com/benbawan/status/2049303326999609846
26•akyuu•1h ago•25 comments

London to Calcutta by Bus (2022)

https://www.amusingplanet.com/2022/08/london-to-calcutta-by-bus.html
84•CGMthrowaway•1d ago•26 comments

FastCGI: 30 years old and still the better protocol for reverse proxies

https://www.agwa.name/blog/post/fastcgi_is_the_better_protocol_for_reverse_proxies
365•agwa•20h ago•87 comments

OpenTrafficMap

https://opentrafficmap.org/
301•moooo99•17h ago•81 comments

Monad Tutorials Timeline

https://wiki.haskell.org/Monad_tutorials_timeline
53•brudgers•8h ago•21 comments

Mike: open-source legal AI

https://mikeoss.com/
131•noleary•12h ago•53 comments

An open-source stethoscope that costs between $2.5 and $5 to produce

https://github.com/GliaX/Stethoscope
274•0x54MUR41•22h ago•118 comments

Laws of UX

https://lawsofux.com/
299•bobbiechen•20h ago•49 comments

HERMES.md in commit messages causes requests to route to extra usage billing

https://github.com/anthropics/claude-code/issues/53262
1173•homebrewer•18h ago•497 comments

Why I still reach for Lisp and Scheme instead of Haskell

https://jointhefreeworld.org/blog/articles/lisps/why-i-still-reach-for-scheme-instead-of-haskell/...
245•jjba23•1d ago•135 comments

Joby kicks off NYC electric air taxi demos with historic JFK flight

https://www.flyingmag.com/joby-nyc-electric-air-taxi-jfk-airport/
67•Jblx2•12h ago•167 comments

1.4 GW: battery storage at former Grohnde nuclear power plant

https://www.heise.de/en/news/1-4-GW-Huge-battery-storage-at-former-Grohnde-nuclear-power-plant-11...
20•pantalaimon•1h ago•13 comments